Fall 2008

Abstract:

Distributed proof construction protocols have been shown to be valuable for reasoning about authorization decisions in open distributed environments such as pervasive computing spaces. Unfortunately, existing distributed proof protocols offer only limited support for protecting the confidentiality of sensitive facts, which limits their utility in many practical scenarios. In this talk, we will discuss a distributed proof construction protocol in which the release of a fact's truth value can be made contingent upon facts managed by other principals in the system. We will show that our protocol can safely prove conjunctions of facts without leaking the truth values of individual facts, even in the face of colluding adversaries or fact release policies with cyclical dependencies. This facilitates the definition of context-sensitive release policies that enable the conditional use of sensitive facts in distributed proofs.

Joint work with Kazuhiro Minami and Nikita Borisov.

Biography

Dr. Adam J. Lee is currently an assistant professor of Computer Science at the University of Pittsburgh. He received the MS and PhD degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his BS in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. He is particularly interested in trust negotiation and distributed proof construction approaches to authorization, which can be used to facilitate secure interactions across multiple security domains while still preserving each individual's privacy and autonomy.

Homepage:

http://www.cs.pitt.edu/~adamlee

Abstract:

Real-world entities are not always represented by the same set of features in different data sets. Therefore matching and linking records corresponding to the same real-world entity distributed across these data sets is a challenging task. If the data sets contain private information, the problem becomes even harder due to privacy concerns. Existing solutions of this problem mostly follow two approaches: sanitization techniques and cryptographic techniques. The former achieves privacy by perturbing sensitive data at the expense of degrading matching accuracy. The later, on the other hand, attains both privacy and high accuracy under heavy communication and computation costs. In this paper, we propose a method that combines these two approaches and enables users to trade off between privacy, accuracy and cost. Experiments conducted on real data sets show that our method has significantly lower costs than cryptographic techniques and yields much more accurate matching results compared to sanitization techniques, even when the data sets are perturbed extensively. Joint work with Ali Inan, Elisa Bertino and Monica Scannapieco

Biography

Dr. Murat Kantarcioglu is currently an assistant professor of computer science at University of Texas at Dallas. He had a Ph.D. degree from Purdue University in 2005. He received his master's in Computer Science from Purdue University in 2002 and his bachelor degree in computer engineering from Middle East Technical University, Ankara, Turkey in 2000. He also received the Purdue CERIAS Diamond Award for outstanding academic achievement. During his graduate years, he worked as a summer intern at IBM Almaden Research Center and at NEC Labs.

His research interests lie at the intersection of privacy, security, data Mining and databases: Security and Privacy issues raised by data mining; Distributed Data Mining techniques; Security issues in Databases. His research is currently supported by grants from IARPA, DoD and The Air Force Office of Scientific Research.

Home Page:

http://www.utdallas.edu/~mxk055100/

Abstract:

Virtualization offers a valuable lever to decrease power usage in data centers by increasing server utilization. Utilization can be increased by sharing the server hardware among several workloads. Those workloads however, need to be able to rely on similar isolation and integrity guarantees as those they enjoy when running on dedicated hardware. In this setting, the Trusted Virtual Datacenter (TVDc) is designed to offer strong enterprise-level security guarantees in hosted data center environments. Designed to satisfy business-level security goals, TVDc simplifies security management and provides explicit infrastructure-level containment and trust guarantees for virtualized workloads. This talk examines workload isolation requirements in virtual data centers and illustrates how we address them in the Trusted Virtual Data center. Recognizing the importance of integrity as a foundation for TVDc isolation mechanisms and customer workloads, this talk will identify how virtualization can be leveraged to deploy centralized integrity services based on trusted computing and virtual machine introspection.

Biography

Reiner Sailer is a Research Staff Member and the Manager of the Security Services (GSAL) team at the IBM Thomas J. Watson Research Center where he previously led the Trusted Virtual Datacenter project. He received his Diploma in Computer Science from Karlsruhe University, Germany, in 1994 and his Ph. D. degree in Electronic Engineering from the University of Stuttgart, Germany in 1999. He subsequently joined IBM at the Thomas J. Watson Research Center, where he has worked on secure systems, trusted computing, virtualization security, and security services.

Home Page:

http://www.research.ibm.com/people/s/sailer/

Abstract:

Grey is an access-control system in which smartphones serve as the device by which users exercise and delegate their authority. In an ongoing deployment in a building on our campus, Grey is used daily by about 30 people to control access to office doors and log in to computers. One of Grey's distinguishing features is that it supports ad-hoc delegation: users can modify their security policy at the time and place of their choosing, including dynamically, in response to access attempts that would otherwise fail. In this talk I will will discuss several of the underlying practical challenges of building such a system and some related recent results, including leveraging observed behavior to aid in policy creation and verifying that the system meets users' needs in practice.

Biography

Lujo Bauer is a Research Scientist in CyLab and the Electrical and Computer Engineering Department at Carnegie Mellon University. He received his BS in Computer Science from Yale University and his PhD, also in Computer Science, from Princeton University. Lujo's research interests include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for specifying and enforcing security policies, and generally in narrowing the gap between a formal model and a usable system.

Home Page:

http://www.ece.cmu.edu/~lbauer/

Abstract:

In any large project requiring several collaborating organisations to work together requires:

• That they understand and can assure how shared resources are accessed and controlled, whether those resources are private to each organisation or require the use of special third party providers.
• That there is a level of confidence and trust between each of the providers in that they will not usurp resources, or release information in a manner that is unexpected to the collaborating partners.
• Mechanisms for deploying, maintaining and terminating shared infrastructure and resources within the bounds of the collaboration.

This presentation will present our work in facilitating secure, trusted collaborations in an environment where rapid deployment of resources is required through the introduction of several key pieces of technology: the Trust Extension Device (TED), enabling portability of trust; an electronic contract (eContract) that is machine interpretable and allows the partners to negotiate the use and access to shared resources; and an integrated software support infrastructure based on SOA principles that allows us to offer a Dynamic Collaboration Service to collaborating partners.

Biography

John Zic is a Research Team and Science Leader for Trusted Systems in the Networking Technologies Laboratory, ICT Centre, CSIRO and holds a Visiting Associate Professor position at the UNSW. Prior to this position, he was Acting Research Director for the laboratory for two years. He has also held research positions at Motorola's Australian Research Centre from 1999 to 2003, has taught networking, advanced networking, and concurrent computing at undergraduate and postgraduate levels from 1982 to 1999 as lecturer in charge and tutor. He has been involved in networking research, from ALOHA experiment days, through to the development of the first diffuse infrared wireless LAN and onto IPv6 and home networking research. His research interest is in the application of suitable design and modelling techniques to protocol analysis, particularly those in trust and security.

Home Page:

http://www.ict.csiro.au/staff/John.Zic/

Abstract:

Through requiring surveillance capabilities be built into Internet voice communications systems and expanding warrantless wiretapping to any communications where one end was "reasonably believed" to be located outside the U.S., the U.S. government is slowly but steadily extending wiretapping capabilities to the Internet. This effort is in the name of national security. But building architected security breaches into a communications network carries real risks. In a world that has both al-Qaeda and Hurricane Katrina, does this increased wiretapping capability make us safer? We will examine what real security needs are in a post 9/11 world.

Biography

Dr. Susan Landau is a Distinguished Engineer at Sun Microsystems Laboratories, where she works on security, cryptography, and policy, including surveillance and digital-rights management issues. Landau had previously been a faculty member at the University of Massachusetts and Wesleyan University, where she worked in algebraic algorithms. She is coauthor, with Whitfield Diffie, of "Privacy on the Line: the Politics of Wiretapping and Encryption" (MIT Press, original edition: 1998; updated and expanded edition: 2007), participant in a 2006 ITAA study on the security risks of applying the Communications Assistance for Law Enforcement Act to VoIP, lead author on the 1994 ACM study, "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy", and author of numerous computer science and public policy papers. She is currently a member of the editorial board of IEEE Security and Privacy and a section board member of the Communications of the ACM, and moderates the "researcHers" list, an international mailing list for women computer science researchers. Landau served for six years as a member of the National Institute of Standards and Technology's Information Security and Privacy Advisory Board. Landau is the recipient of the 2008 Women of Vision Social Impact Award, a AAAS Fellow, and an ACM Distinguished Engineer. She received her BA from Princeton, her MS from Cornell, and her PhD from MIT.

Home Page:

http://research.sun.com/people/slandau/