Date	Presenter	Topic
4/13		Guest: Keant Seamons (BYU) - Securing Webmail for the Masses More info Abstract The need for users to encrypt their email has never been clearer. Recent revelations have shown that not only are users' online communications and data available to malicious insiders, but also to hackers and government-level surveillance. Unfortunately, prior research has shown that existing approaches to secure email are not compatible with the needs and capabilities of the masses. In this talk, we describe our work at building usable, secure email for the masses. First, we discuss user interface designs that enable users to correctly use secure email. Second, we discuss the details from the empirical user studies we completed to validate our work, including a novel methodology to recruit pairs of novice users to install and use several recent secure email systems. Finally, we discuss our plans for future work into comparing the usability of various key management schemes by every-day users. Bio Scott Ruoti is a PhD candidate in Computer Science at Brigham Young University. Scott's research interests are in usable security and protocol design. His research projects include usable, secure e-mail, user-to-user encryption for cloud services, strong password protocols, safe password entry, TLS authentication, and human-factors in security. Scott is especially interested in research that creates secure systems which can be successfully used by business and non-security experts. Scott's PhD research is currently funded through an Internship at Sandia National Laboratories. He has previously worked full time for a startup (Computer Lab Solutions) and Brigham Young University developing lab management technologies deployed to hundreds of universities. Additionally, he has successfully completed internships with Microsoft, Microsoft Research, Google, Blue Coat Systems, and is currently an Intern at Sandia National Laboratories. Scott has accepted a full-time job at MIT Lincoln Lab.
4/6		NSF WATCH: The Citizen Lab's Mixed Methods Approach to Research on Information Controls (Deibert) More info Abstract: The Citizen Lab is an interdisciplinary research laboratory based at the Munk School of Global Affairs, University of Toronto, that investigates the intersection of human rights, global security, and the digital world. For over a decade, we have used a mixed methods approach that combines techniques from network measurement, information security, law, and the social sciences to research and document information controls (e.g., Internet censorship, surveillance, targeted digital attacks; commercial spyware) that impact the openness and security of digital communications and pose threats to human rights. Director and Founder Professor Ron Deibert will provide an overview of the Citizen Lab's approach, highlight several reports and their outcomes, and discuss some of the ways rigorous, evidence-based, and peer-reviewed research can inform public policy, advocacy and human rights based on the experiences of the Citizen Lab. Bio: Ronald J. Deibert is Professor of Political Science and Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab undertakes interdisciplinary research at the intersection of global security, ICTs, and human rights. He is a former founder and principal investigator of the OpenNet Initiative (2003-2014) and a founder of Psiphon, a world leader in providing open access to the Internet. Deibert is the author of Black Code: Surveillance, Privacy, and the Dark Side of the Internet (Random House: 2013), as well as numerous books, chapters, and articles on Internet censorship, surveillance, and cyber security. He was one of the authors of the landmark Tracking Ghostnet cyber espionage (2009) and Great Cannon (2015) reports, and co-editor of three major volumes with MIT Press on information controls (the "Access" series). He is on the steering committee for the World Movement for Democracy, the board of advisors for Pen Canada, Access, and Privacy International, and on the technical advisory groups for Amnesty International and Human Rights Watch. He is co-chair of the University of Toronto's Information Security Council. In 2013, he was appointed to the Order of Ontario and awarded the Queen Elizabeth II Diamond Jubilee medal, for being "among the first to recognize and take measures to mitigate growing threats to communications rights, openness and security worldwide.
3/30		Guest: Chad Brubaker, Google (nogotofail, Android Network Security Config) More info Why should I talk to Chad / what should I talk about with Chad? A. He works in the Android Security group at Google, concentrating on hardening the OS. B. nogotofail - a tool that lets you test your network traffic for TLS/SSL vulnerabilities and misconfigurations via client and/or a VPN (http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html) C. "there is also the Android Network Security Config I made for Android N (http://developer.android.com/preview/features/security-config.html), its the tock to the tick-tock of the "find and understand issues"/"kill root cause of issues" that nogotofail started and allows for developers to do all the customization that we saw people trying to do but in a way that's hard to get wrong and safe." D. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. We design, implement, and apply the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations. Our first ingredient is "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations. Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many of them are caused by serious security vulnerabilities. For example, any server with a valid X.509 version1 certificate can act as a rogue certificate authority and issue fake certificates for any domain, enabling man-in-the-middle attacks against MatrixSSL and GnuTLS. Several implementations also accept certificate authorities created by unauthorized issuers, as well as certificates not intended for server authentication. We also found serious vulnerabilities in how users are warned about certificate validation errors. When presented with an expired, self-signed certificate, NSS, Safari, and Chrome (on Linux) report that the certificate has expired - a low-risk, often ignored error - but not that the connection is insecure against a man-in-the-middle attack. These results demonstrate that automated adversarial testing with frankencerts is a powerful methodology for discovering security flaws in SSL/TLS implementations. E. There's free lunch catered from Gourmandise
3/23	Hollenbeck	How to Use Bitcoin to Incentivize Correct Computations (Kumaresan and Bentov), CCS 2014 More info We study a model of incentivizing correct computations in a variety of cryptographic tasks. For each of these tasks we propose a formal model and design protocols satisfying our model's constraints in a hybrid model where parties have access to special ideal functionalities that enable monetary transactions. We summarize our results: * Verifiable computation. We consider a setting where a delegator outsources computation to a worker who expects to get paid in return for delivering correct outputs. We design protocols that compile both public and private verification schemes to support incentivizations described above. * Secure computation with restricted leakage. Building on the recent work of Huang et al. (Security and Privacy 2012), we show an efficient secure computation protocol that monetarily penalizes an adversary that attempts to learn one bit of information but gets detected in the process. * Fair secure computation. Inspired by recent work, we consider a model of secure computation where a party that aborts after learning the output is monetarily penalized. We then propose an ideal transaction functionality FML and show a constant-round realization on the Bitcoin network. Then, in the FML-hybrid world we design a constant round protocol for secure computation in this model. * Noninteractive bounties. We provide formal definitions and candidate realizations of noninteractive bounty mechanisms on the Bitcoin network which (1) allow a bounty maker to place a bounty for the solution of a hard problem by sending a single message, and (2) allow a bounty collector (unknown at the time of bounty creation) with the solution to claim the bounty, while (3) ensuring that the bounty maker can learn the solution whenever its bounty is collected, and (4) preventing malicious eavesdropping parties from both claiming the bounty as well as learning the solution. All our protocol realizations (except those realizing fair secure computation) rely on a special ideal functionality that is not currently supported in Bitcoin due to limitations imposed on Bitcoin scripts. Motivated by this, we propose validation complexity of a protocol, a formal complexity measure that captures the amount of computational effort required to validate Bitcoin transactions required to implement it in Bitcoin. Our protocols are also designed to take advantage of optimistic scenarios where participating parties behave honestly.
3/9	Baset	Do You See What I See: Differential Treatment of Anonymous Users (Khattak et al), NDSS 2016 More info The utility of anonymous communication is undermined by a growing number of websites treating users of such services in a degraded fashion. The second-class treatment of anonymous users ranges from outright rejection to limiting their access to a subset of the service’s functionality or imposing hurdles such as CAPTCHA-solving. To date, the observation of such practices has relied upon anecdotal reports catalogued by frustrated anonymity users. We present a study to methodically enumerate and characterize, in the context of Tor, the treatment of anonymous users as second-class Web citizens. We focus on first-line blocking: at the transport layer, through reset or dropped connections; and at the application layer, through explicit blocks served from website home pages. Our study draws upon several data sources: comparisons of Internetwide port scans from Tor exit nodes versus from control hosts; scans of the home pages of top-1,000 Alexa websites through every Tor exit; and analysis of nearly a year of historic HTTP crawls from Tor network and control hosts. We develop a methodology to distinguish censorship events from incidental failures such as those caused by packet loss or network outages, and incorporate consideration of the endemic churn in web-accessible services over both time and geographic diversity. We find clear evidence of Tor blocking on the Web, including 3.67% of the top-1,000 Alexa sites. Some blocks specifically target Tor, while others result from fate-sharing when abuse-based automated blockers trigger due to misbehaving Web sessions sharing the same exit node.
3/2	McKenna	How Polymorphic Warnings Reduce Habituation in the Brain: Insights from an fMRI Study (Anderson et al), CHI 2015 More info Research on security warnings consistently points to habituation as a key reason why users ignore security warnings. However, because habituation as a mental state is difficult to observe, previous research has examined habituation indirectly by observing its influence on security behaviors. This study addresses this gap by using functional magnetic resonance imaging (fMRI) to open the "black box" of the brain to observe habituation as it develops in response to security warnings. Our results show a dramatic drop in the visual processing centers of the brain after only the second exposure to a warning, with further decreases with subsequent exposures. To combat the problem of habituation, we designed a polymorphic warning that changes its appearance. We show in two separate experiments using fMRI and mouse cursor tracking that our polymorphic warning is substantially more resistant to habituation than conventional warnings. Together, our neurophysiological findings illustrate the considerable influence of human biology on users' habituation to security warnings.
2/24		NSA TAO Chief on Disrupting Nation State Hackers (Joyce) & Sanitize, Fuzz, and Harden Your C++ Code (Serebryany), Enigma 2016 More info N/A
2/17	Kath	'My Data Just Goes Everywhere:' User Mental Models of the Internet and Implications for Privacy and Security (Kang et al), SOUPS 2015 More info Many people use the Internet every day yet know little about how it really works. Prior literature diverges on how people’s Internet knowledge affects their privacy and security decisions. We undertook a qualitative study to understand what people do and do not know about the Internet and how that knowledge affects their responses to privacy and security risks. Lay people, as compared to those with computer science or related backgrounds, had simpler mental models that omitted Internet levels, organizations, and entities. People with more articulated technical models perceived more privacy threats, possibly driven by their more accurate understanding of where specific risks could occur in the network. Despite these differences, we did not find a direct relationship between people’s technical background and the actions they took to control their privacy or increase their security online. Consistent with other work on user knowledge and experience, our study suggests a greater emphasis on policies and systems that protect privacy and security without relying too much on users’ security practices.
2/10	Denning	Accountable Wiretapping -or- I Know They Can Hear You Now (Bates et al), NDSS 2012 More info In many democratic countries, CALEA1 wiretaps are used by law enforcement agencies to perform investigations and gather evidence for legal procedures. However, existing CALEA wiretap implementations are often engineered with the assumption that wiretap operators are trustworthy and wiretap targets do not attempt to evade the wiretap. Although it may be possible to construct more robust wiretap architectures by reengineering significant portions of the telecommunications infrastructure, such efforts are prohibitively costly. This paper instead proposes a lightweight accountable wiretapping system for enabling secure audits of existing CALEA wiretapping systems. Our proposed system maintains a tamper-evident encrypted log over wiretap events, enforces access controls over wiretap records, and enables privacy-preserving aggregate queries and compliance checks. We demonstrate using campus-wide telephone trace data from a large university that our approach provides efficient auditing functionalities while incurring only modest overhead. Based on publicly available wiretap reporting statistics, we conservatively estimate that our architecture can support tamper-evident logging for all of the United States’ ongoing CALEA wiretaps using three commodity PCs.
2/3	Hollenbeck	Estimating types in binaries using predictive modeling (Katz et al), POPL 2016 More info Reverse engineering is an important tool in mitigating vulnerabilities in binaries. As a lot of software is developed in object-oriented languages, reverse engineering of object-oriented code is of critical importance. One of the major hurdles in reverse engineering binaries compiled from object-oriented code is the use of dynamic dispatch. In the absence of debug information, any dynamic dispatch may seem to jump to many possible targets, posing a significant challenge to a reverse engineer trying to track the program flow. We present a novel technique that allows us to statically determine the likely targets of virtual function calls. Our technique uses object tracelets – statically constructed sequences of operations performed on an object – to capture potential runtime behaviors of the object. Our analysis automatically pre-labels some of the object tracelets by relying on instances where the type of an object is known. The resulting type-labeled tracelets are then used to train a statistical language model (SLM) for each type.We then use the resulting ensemble of SLMs over unlabeled tracelets to generate a ranking of their most likely types, from which we deduce the likely targets of dynamic dispatches.We have implemented our technique and evaluated it over real-world C++ binaries. Our evaluation shows that when there are multiple alternative targets, our approach can drastically reduce the number of targets that have to be considered by a reverse engineer.
1/27	Becker	Bringing Software Defined Radio to the Penetration Testing Community (Picod et al), Blackhat 2014 More info The large adoption of wireless devices goes further than WiFi networks: smartmeters, wearable devices, etc. The engineers behind these new types of devices may not have a deep security background and it can lead to security and privacy issues when a particular technology is stressed. However, to assess the security of these devices, the only current solution would be a dedicated hardware component with an appropriate radio interface for each available technology. Such components are not easy to engineer and this is why we developed Scapy-radio, a generic wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known Scapy framework. In this paper, we present this tool we developed for a wide range of wireless security assessments. The main goal of our tool is to provide effective penetration testing capabilities to security auditors with little to no knowledge of radio communication systems.

Overview

The Spring 2016 offering of CS 7936 will focus on reading and discussing papers from recent security conferences on a variety of topics.

The goal is to increase participants' familiarity with recent and important results in the area of computer security & privacy research. Attendees will read and discuss papers from recent top-tier security conferences. Attendees will typically discuss one paper each week. Papers will be selected by presenters based on their interests.

Class announcements are sent out on security-privacy@cs.utah.edu. You can subscribe at http://mailman.cs.utah.edu/mailman/listinfo/security-privacy.

Credit

Students may enroll for one (1) credit. Although the University lists the course as “variable credit,” the two- and three-credit options are not currently available.

Students enrolled in the seminar are expected to read the papers prior to the seminar. Additionally, students are expected to sign up to lead the discussion on one or more seminar meeting. Leading the disucssion means:

1. Choosing the paper and sending it to tdenning@cs.utah.edu by 6PM Sunday before the seminar meeting;
2. Preparing a 7-10 minute summary of the paper and its pertinent points;
3. Familiarizing yourself enough with the paper to be able to answer questions that may come up;
4. Preparing potential discussion points if the discussion needs prompting.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

• Mainstream Security & Privacy Venues
  • USENIX Security (e.g., 2014 program)
  • IEEE Oakland (e.g., 2014 program)
  • CCS (e.g., 2013 program)
  • NDSS (e.g., 2015 program)
• Security & Privacy Papers can be found in these venues
  • SOUPS (e.g., 2014 program)
  • CHI (e.g., 2014 program)
  • Ubicomp (e.g., 2014 program)

And the following is a curated list of papers of possible interest:

• Crowdsourced Exploration of Security Configurations
  Ismail et al
  CHI 2015
• A Large-Scale Analysis of the Security of Embedded Firmwares
  Costin et al
  USENIX 2014
• Measuring the practical impact of DNSSEC deployment
  Lian et al
  USENIX 2013
• Measuring the Cost of Cybercrime
  Anderson et al
  Economics of Information Security and Privacy, 2013
• Bootstrapping Trust in Commodity Computers
  Parno et al
  Oakland/S&P 2010
• GenoGuard: Protecting Genomic Data against Brute-Force Attacks
  Huang et al
  Oakland/S&P 2015
• Cracking-Resistant Password Vaults using Natural Language Encoders
  Chatterjee et al
  Oakland/S&P 2015
• Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
  Thomas et al
  Oakland/S&P 2015
• A Messy State of the Union: Taming the Composite State Machines of TLS
  Beurdouche et al
  Oakland/S&P 2015
• BIG DATA'S DISPARATE IMPACT
  Barocas and Selbst
  California Law Review, Vol. 104, 2016
• An Epidemiological Study of Malware Encounters in a Large Enterprise
  Yen et al
  USENIX 2014
• Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation
  Das et al
  USENIX 2014
• Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging
  Almuhimedi et al
  CHI 2015
• Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS)
  Egelman and Peer
  CHI 2015
• Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights
  Portnoff et al
  CHI 2015
• Usability of Augmented Reality for Revealing Secret Messages to Users but Not Their Devices
  Andrabi et al
  SOUPS 2015
• User Perceptions of Sharing, Advertising, and Tracking
  Chanchary and Chiasson
  SOUPS 2015
• Social Media As a Resource for Understanding Security Experiences: A Qualitative Analysis of #Password Tweets
  Dunphy et al
  SOUPS 2015
• Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users
  Wash and Rader
  SOUPS 2015
• "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices
  Ion et al
  SOUPS 2015
• Anatomization and Protection of Mobile Apps' Location Privacy Threats
  Fawaz et al
  USENIX Security 2015
• PyCRA: Physical Challenge-Response Authentication for Active Sensors Under Spoofing Attacks
  Shoukry et al
  CCS 2015
• TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens
  Sun et al
  CCS 2015
• Face/Off: Preventing Privacy Leakage From Photos in Social Networks
  Ilia et al
  CCS 2015
• Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
  Neupane et al
  CCS 2015
• VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audit
  Perl et al
  CCS 2015
• Defeating IMSI Catchers
  van den Broek et al
  CCS 2015
• Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (or maybe Insecurity of Voice Solution VoLTE in LTE Mobile Networks)
  Kim et al
  CCS 2015
• Surpass: System-initiated user-replaceable passwords
  Ho Huh et al
  CCS 2015

Reading and Presenting

It can be useful to look up the video of the presentation (if it was at USENIX, the video was recorded and is available online) and/or the slides (which may be available on the presenting author's page).

The following questions (some of which are pulled from Writing for Computer Science) can be useful to keep in mind when reading a paper (although not all questions will apply to all papers):

• What phenomena or properties are being investigated? Why are they of interest? 
• Has the aim of the research been articulated? What are the specific hypotheses and research questions? Are these elements convincingly connected to each other?
• To what extent is the work innovative? How does it differ from past work?
• What are the underlying assumptions? Are they sensible?
• What forms of evidence are used?
• How is the evidence measured? Are the chosen methods of measurement objective, appropriate, and reasonable?
• What compromises or simplifications are inherent in the choice of measure?
• To what extent do the results persuasively confirm the hypothesis? 
• What are the likely weaknesses of or limitations to the approach?
• Which results are the most surprising?
• What is the main contribution of the work?
• Are appropriate conclusions drawn from the results, or are there other possible interpretations?
• Could the results be verified?
• Do the results have applicability to other problems or domains?
• Do the title, abstract, and introduction appropriately set the context for the work?
• Is there anything unusual about the organization of the write-up, and, if so, is there a reason for this organization?
• Are the Tables and Figures clear and useful?
• Are the results of practical applicability, or are they more theoretical in nature?
• What are the main strengths of the paper? What are its weaknesses?
• If you were to cite this paper, what kinds of things might you be citing it for?
• Are there interesting future directions for work that the authors have not discussed?
• Are there particular steps in the methodology or presentation that you would have done differently?
• Are there any methodological decisions that seem to have been motivated by restrictions on time or resources, rather than absolute feasibility?
• Are there any ethical issues associated with the paper, and if so, how were they (or how weren't they) dealt with?