- 08:30 - 09:30
Registration and Breakfast
- 09:30 - 09:35
Opening Remarks
- 09:35 - 10:45
Keynote
Talk:
Andrew W. Appel (Princeton University)
The Computer in the Voting Booth
Abstract:
Citizens of democracies vote using procedures and technologies that have
changed over the past 250 years. In response to abuse and manipulation
of one procedure or technology, a new one is introduced. In the 19th
century, the preprinted secret ballot was introduced to combat voter
intimidation; in the early 20th century, mechanical lever-action
machines combated paper-ballot fraud.
In the mid-20th century, Turing and von Neumann outlined the
general-purpose stored-program computer, capable of performing or
simulating any computation, and within a few decades computers were used
to count votes. We would like to know that the votes are counted
accurately, even though there are substantial incentives to cheat. We
can apply basic principles of computer security to see why this problem
is so difficult; we can compare with solved problems (bank ATM machines)
and unsolved problems (digital rights management).
- 10:45 - 11:00
Break
- 11:00 - 11:30
Sven Dietrich (Stevens Institute of
Technology)
Malware Evolution: From Handler/Agent to
P2P
Abstract:
We look at the evolution of Internet attack tools that use a command and
control structure. The efficiency of such tools has improved since the
first major attacks in 1999. While the public was not aware of distributed
attacks until the February 2000 attacks on major websites, nowadays a lot
of attention and research is focused on their successors, called botnets,
due to the wide range of criminal activity associated with them. The
impact of the command and control mechanisms present in these modern tools
on intrusion detection and network monitoring is examined with the help of
recent examples of bots.
- 11:30 - 12:00
Juan Garay (Bell Labs Alcatel-Lucent)
Sound and Fine-grain Specification of
Security Tasks
Abstract:
Recently there has been an interest in the design of cryptographic
protocols satisfying strong security properties, such as (preservation
of security under) concurrency and non-malleability. The Universal
Composability (UC) framework of Canetti fulfills that interest, by
guaranteeing that if a protocol is able to emulate an ideal specification
of the task (called a "functionality" in the framework -- e.g., signature,
public-key encryption, zero-knowledge, etc.), then those properties are
achieved. However, while the traditional (non-UC) security notions of many
tasks have been studied for a while and are well understood, their UC
formulation has been error-prone, leading to "unstable" definitions.
In this talk, we propose a general methodology for the translation of
the traditional security definitions to their UC counterpart, which besides
the sound specification of cryptographic tasks, allows for the easy
identification of relations between functionalities, as well as the
"debugging" of existing ones. Instrumental in our methodology is a
formal language-based description of functionalities, which might be
of independent interest.
This is joint work with Aggelos Kiayias and Hong-Sheng Zhou (UConn).
- 12:00 - 02:00
Lunch Break
- 02:00 - 02:30
Salvatore J. Stolfo (Columbia
University)
Content-based Anomaly Detection in
Instrusion Detection
Abstract:
There are many anti-virus and intrusion detection systems
in wide use that are primarily signature-based detectors. They
detect what is already known to be bad by matching a signature
pattern against input. These systems have been
effective at detecting known exploits and intrusion attempts
but they fail to recognize new attacks and carefully crafted
variants of old exploits. Anomaly Detection has been proposed as
an alternative strategy for detecting new attacks. Anomaly Detectors
model what is known to be good in order to detect deviations that
are presumed to be bad. Anomaly Detection systems that analyze
network flow level statistics have been the subject of research
for several years and some are now appearing in commercial products.
Content-based Anomaly Detection systems that utilize machine
learning algorithms are designed to model normal content for a
distinct site or host. These systems are designed to detect content
deviations of interest that may indicate the presence of malcode that
otherwise would not be detected by conventional (and soon to be obsolete)
signature-based detectors. In the continuing battle between
attacker and defender, Anomaly Detectors can also be thwarted by
a variety of obfuscation methods. In this talk we will provide
an overview of the state of the art in content-based Anomaly Detection in
intrusion detection, describe various approaches to blind these
detectors, and propose new approaches to counter these evasion
tactics based upon randomization strategies to blind the attacker.
- 02:30 - 03:00
Break
- 03:00 - 03:30
Larry Koved, Ted Habeck
(IBM Research)
Making Security Accessible to
Programmers
Abstract:
We take a look at secure application development from the perspective of
application programmers. These programmers often lack a security
background, yet are required to deliver secure applications. Programming
languages, models and tools are increasingly making it easier to create
and deploy new applications in less time, with increasing functionality.
These technologies also made it easier (and faster) to create security
holes. This talk reviews some of the significant security challenges
programmers face, and describes SWORD4J, a technology we have been
developing to lighten the secure code development burden.
- 03:30 - 04:00
Antonio Nicolosi (Stevens Institute
of Technology)
Deterring Piracy in Live Event
Transmissions
Abstract:
Traitor tracing schemes are multi-recipient public-key encryption
schemes where each user holds a personalized decryption key. In the
transmission of live events, they constitute an effective tool to
deter piracy by ``fear of exposure'': If a group of subscribers
collude to construct a pirate decoder, a specialized tracing algorithm
will uncover the source of the leakage by observing the pirate
decoder's decryption of well-crafted ciphertexts.
We present a traitor tracing scheme in which the ratio of ciphertext
and plaintext lengths is asymptotically 1, thus enabling an optimal
usage of the bandwidth allocated for the transmission. Our treatment
improves upon conventional tracing modeling by additionally accounting
for pirate strategies that attempt to escape tracing by purposedly
rendering decrypted content at lower quality (e.g., by dropping every
other frame from the video stream, or by suppressing the audio channel
from the transmission).
- 04:00 -
Concluding Remarks