MIT CSAIL Security Seminar/Discussion Group



The Security Seminar/Discussion Group at MIT CSAIL hosts talks and conducts discussions on systems security, cryptography with potential for applications, or other areas related to security. Members come from a variety of groups within systems and cryptography, both from MIT and nearby institutions.

When:
4pm on Wednesdays
Where:
MIT Stata Center

To subscribe to the mailing list, attend our reading group, give a talk, or lead a discussion, please signup here or email raluca at csail dot mit dot edu.

Schedule

The schedule is also available as Google calendar (naobk2d4s64ie5mu77bbvo67j4@group.calendar.google.com) and iCal format.

Date
Topic
Speaker(s)
Information
5/15/2014 Web Security Bryan Ford, Yale Bryan will talk about Can You Hide in an Internet Panopticon? Here is the abstract and more information.
4/23/2014 Crypto Alley Stoughton, Lincoln Labs Alley will talk about Proving the Security of a Simple Private Information Retrieval Protocol using EasyCrypt Here is the abstract and more information.
4/16/2014 Systems Security William Young and Nancy Leveson, MIT William and Nancy will talk about Integrating Safety and Security using Systems Theory Here is the abstract and more information.
4/9/2014
Upcoming!
Web Security Nick Feamster, Georgia Tech Nick will talk about Bots, Bubbles, and Bottleneck: Safeguarding the User's Internet Experience. Here is the abstract and more information.
3/19/2014 Hardware Security Jim Gettys, Bell Labs Jim will talk about (In)Security in Home Embedded Devices. Here is the abstract and more information.
2/19/2014 Web security Thomas Hardjono, MIT Thomas will talk about Consent Management using User Managed Access (UMA) protocol. Here is the abstract and more information.
12/11/2013 Applied cryptography Emil Stefanov, Berkeley Emil will talk about A Practical System for Verifying Recoverability of Big Data. Here is the abstract and more information.
11/20/2013 Language-level security Prof. Stephen Chong, Harvard University Stephen will talk about Shill: A Secure Shell Scripting Language. Here is the abstract and more information.
11/14/2013 Malware Prof. Engin Kirda, Northeastern University Engin will talk about Experiences and Challenges in Automated Malware Analysis: Quo Vadis Sandboxes? Here is the abstract and more information.
10/23/2013 OS-based privacy Prof. William Robertson, Northeastern University Wil will talk about PrivExec: Private Execution as an Operating System Service. Here is the abstract and more information.
10/9/2013 Data deletion Joel Reardon, ETH Zurich Joel will talk about Secure Data Deletion from Persistent Media. Here is the abstract and more information.
10/2/2013 Software security Xi Wang, MIT Xi will talk about Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior. Here is the abstract and more information.
9/18/2013 Search over encrypted data Dr. Seny Kamara, Microsoft Research, Redmond Seny will talk about How to search over encrypted data. Here is the abstract and more information.
9/11/2013 Better random number generation Prof. Yevgeniy Dodis, New York University Yevgeniy will talk about improving /dev/(u)random: Random Number Generation, Revisited. Here is the abstract and more information.
8/28/2013 Voting security Prof. Tal Moran, Interdisciplinary Center Herzliya, Israel Tal will talk about Verifiable Anonymous Polling. Here is the abstract and more information.
6/19/2013 Web security Amit Levy and Deian Stefan, Stanford Amit and Deian will talk about Hails: Protecting Data Privacy in Untrusted Web Applications. Here is the abstract and more information.
5/22/2013 OS security Dr. Robert N. M. Watson, University of Cambridge Robert will talk about A Decade of Access-Control Extensibility. Here is the abstract and more information.
5/1/2013 Bitcoin's security Gavin Andresen, Bitcoin Foundation, Chief Scientist Gavin will talk about the security protocol of Bitcoin. Here is the abstract and more information.
4/3/2013 Language-based security Prof. Sanjit A. Seshia, UC Berkeley Sanjit will talk about "Verification with Small and Short Worlds". Here is the abstract and more information.
3/20/2013 CHERI architecture Dr. David Chisnall, University of Cambridge, UK David will talk about "Language Interoperability without Sacrificing Safety". Here is the abstract and more information.
3/19/2013 Side-channel attacks Prof. Simha Sethumadhavan, Columbia University Simha will talk about Measuring Side Channel Vulnerability using SVF. Here is the abstract and more information.
3/13/2013 Applied cryptography Justin Thaler, Harvard University Justin will talk about Time-Optimal Interactive Proofs for Circuit Evaluation. Here is the abstract and more information.
2/11/2013 Mobile systems security Haohui Mai, University of Illinois at Urbana-Champaign Haohui Mai will talk about Building a Secure Foundation for Mobile Apps. Here is the abstract and more information.
12/10/2012 Binary Static Analysis Chris Eng, Veracode - industry talk Chris Eng will talk about their binary static analysis work at Veracode. Here is the abstract and more information.
12/3/2012 Cryptanalysis, network security Dr. Nadia Heninger, Microsoft Research, New England Nadia Heninger will talk about Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. Here is the abstract and more information.
11/26/2012 Systems security Eunsuk Kang, MIT Eunsuk will talk about Automating End User Security Task. Here is the abstract and more information.
11/19/2012 Practical verifiable computation Prof. Mike Walfish, UT Austin Mike Walfish will talk about Making proof-based verified computation almost practical. Here is the abstract and more information.
11/5/2012 Cloud security Dr. Ari Juels, Chief Scientist, RSA, the Security Division of EMC Ari will talk about Breaks in the Cloud. Here is the abstract and more information.
10/22/2012 Embedded Devices Security Amir Rahmati, UMass Amherst Amir Rahmati will talk about TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks. Here is the abstract and more information.
10/1/2012 Fully homomorphic encryption and hardware Chris Fletcher, MIT Chris Fletcher will talk about Techniques for performing secure computation on encrypted data. Here is the abstract and more information.
9/24/2012 Operating systems security Xi Wang, MIT Xi Wang will talk about Improving integer security for systems. Here is the abstract and more information.
9/17/2012 Software fault isolation Prof. Greg Morrisett, Harvard University Greg Morrisett will talk about RockSalt: Better, Faster, Stronger Software Fault Isolation for the x86. Here is the abstract and more information.
 Summer break no meeting.
5/7/2012 Language-based Privacy Jean Yang, MIT Jean Yang, MIT, will talk about Jeeves, a language for enforcing privacy. Here is the abstract and more information.
4/23/2012 Storage security Emil Stefanov, Berkeley Emil Stefanov from Berkeley will talk about Concealing Access Patterns to Cloud Storage for Privacy. Here is the abstract and more information.
4/9/2012
*3*pm
Cloud security Robert Griffin, RSA, Security Division of EMC Bob Griffin, Chief Security Architect at RSA, will talk about "Keys and Clouds: Searching for the Equilibrium". This is an industry talk co-organized with RSA Labs. Here is the abstract and more information.
4/2/2012 Cloud computing security Dr. Alina Oprea, RSA Labs New approaches to securing cloud data: Alina will talk about some of the research RSA Labs has done on extending the trust perimeter from the enterprise data center into public clouds. Here is the abstract and more information.
2/27/2012 Cloud security Ariel J. Feldman, Princeton Ari will talk about Privacy and Integrity in the Untrusted Cloud. Here is the abstract and more information.
2/13/2012 Homomorphic encryption Dr. Shai Halevi, IBM T. J. Watson Research Center Shai will talk about Recent advances in homomorphic encryption. Here are Shai's slides. Here is the abstract and more information.
1/30/2012 Browser security Emily Stark, MIT Emily will talk about The Case for Prefetching and Prevalidating TLS Server Certificates. Here is the abstract and more information.
1/23/2012 Integrity for outsourced databases Nikos Triandopoulos - RSA Labs & Boston University Nikos will talk about Verifying Keyword and Database Search in the Cloud . Here is the abstract and more information.
12/19/2011 Cloud computing security Dr. Dennis Moreau, EMC Corporation Dennis will talk about Focused Threat Response and Forensic Information Sharing: Current Challenges and Limits in Cloud Computing Scenarios. This talk was jointly organized with the RSA Labs. Here is the abstract and more information.
12/12/2011 Cloud and mobile security Prof. Roxana Geambasu, Columbia University Roxana will talk about Regaining control over cloud and mobile data. Here is the abstract and more information.
11/28/2011 Web security Prof. Adam Chlipala, MIT Adam will talk about Web Security via Types and Theorem-Proving in the Ur/Web Programming Language. Here is the abstract and more information.
11/21/2011 Language-based security Prof. Stephen Chong, Harvard University Stephen will talk about Inference of Expressive Information Security Policies. This talk is joint with the PL seminar. Here is the abstract and more information.
11/14/2011 Routing security Dr. Jad Naous, MIT Jad will talk about Verifying and Enforcing Network Paths with ICING . Here is the abstract and more information.
10/31/2011 Cloud computing security Kevin Bowers, RSA Labs Kevin will talk about How to Tell If Your Files Are Vulnerable to Drive Crashes. Here is the abstract and more information.
10/24/2011 No meeting: many of us will be attending SOSP.
10/17/2011 Application and Database Confidentiality
Raluca Ada Popa,
MIT
Raluca will talk about CryptDB: Protecting Confidentiality with Encrypted Query Processing. Here is the abstract and more info.
10/3/2011 Browser privacy
Dr. Ben Livshits,
Microsoft Research, Redmond
Ben will talk about RePriv: Re-Imagining Content Personalization and In-Browser Privacy. Here is the abstract and more info.
08/04/2011 Cloud Computing and Software Security
Dr. Úlfar Erlingsson,
Google
Úlfar will briefly outline some issues and potential research topics in cloud security, with examples from Google's past and current technology efforts used to give context. Here is the abstract and more info.
04/14/2011
Cloud Security Dr. Alina Oprea
RSA Labs
Alina will talk about recent work: A Scalable Cloud File System with Efficient Integrity Checks.
Here is the abstract and more info.
04/07/2011 BGP Security
Prof. Leonid Reyzin,  Boston University Leo will talk about recent work: Sequential Aggregate Signatures with Lazy Verification for S-BGP. Here is the abstract and more info.
03/31/2011
Homomorphic Encryption
Ron Rothblum, Weizmann Institute
Ron Rothblum will give a talk for the CIS seminar: "Homomorphic Encryption: from Private-Key to Public-Key"
03/24/2011
Spring break



No meetings due to SOSP deadline
02/24/2011

BGP Security
Prof. Sharon Goldberg, Boston University
Sharon will talk about recent work: Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security. Joint work with Phillipa Gill and Michael Schapira. Here is the abstract.
 Winter break and IAP no meeting.
12/02/2010
Predictive Black-Box Mitigation of Timing
Channels
Dr. Aslan Askarov,
Cornell University
We investigate techniques for general black-box mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of timing mitigators that can achieve any given bound on timing channel leakage, with a tradeoff in system performance. We show these mitigators compose well with other mechanisms for information flow control, and demonstrate they are effective against some known timing attacks.
11/03/2010 Differential Privacy
Dr. Frank McSherry, Microsoft Research
Frank will present his work on Privacy Integrated Queries: A Programming Language for Differentially-Private Computation. Here are the abstract and bio.
10/28/2010
Language-based security for  distributed systems Prof. Andrew Myers, Cornell
Andrew will talk about Fabric: Using language-based security to build secure distributed systems. Here are the abstract and bio.
10/21/2010
Preventing side channel attacks exploiting memory latency for cloud computing
Taesoo Kim, MIT
Taesoo will talk about his work on preventing side channel attacks exploiting memory latency in cloud computing environments such as Amazon EC2 and Microsoft Azure. He will present his new protection mechanism (against RSA/AES cache attacks) that he developed together with Marcus Peinado from Microsoft Research.
10/15/2010
Quantification of Integrity
Dr. Michael Clarkson, Cornell University
Here is the abstract and more information for the talk.
10/08/2010


No meeting. Dertouzos talk at the same time.
09/30/2010
Cold Boot Attacks
Nadia Heninger, Princeton University
Nadia Heninger from Princeton University will present her work on "Lest We Remember: Cold Boot Attacks on Encryption Keys" (Usenix Security, 2008, Best Student Paper Award) and "Reconstructing RSA Private Keys from Random Key Bits" (Crypto 2009).
09/20/2010
Cloud Security
David Schultz, MIT
We will discuss the paper  Depot: Cloud Storage with Minimal Trust, which will be presented at the upcoming OSDI, Oct 4-6, 2010.
08/02/2010
Side-channel Leaks in Web Applications
Ethan Heilman, MIT
We will discuss the paper Side-Channel Leaks in Web Applications: a Reality Today, a Challenge
Tomorrow
, from Oakland 2010.
07/26/2010
Making Linux Protection Mechanisms Egalitarian with UserFS Taesoo Kim, MIT
Taesoo will be giving us a practice talk of his paper "Making Linux Protection Mechanisms Egalitarian with UserFS". The paper will be presented at USENIX Security 2010 (August 11).
07/19/2010
Privacy Pablo Azar, MIT
We will discuss the paper Practical Privacy: The SuLQ framework by Avrim Blum, Cynthia Dwork, Frank McSherry and Kobbi Nissim; this paper appeared in SIGMOD/PODS 2005.  
07/12/2010
TrustVisor: Efficient TCB Reduction and Attestation Victor Costan, MIT
TrustVisor is a paper from Oakland 2010 (IEEE Symposium on Security and Privacy). Also, here is a list of all the papers from Oakland and Usenix Security 2010 to consider for discussion at the reading group this summer.
June -- no meetings.
05/24/2010 Trusted Hardware
Victor Costan, MIT
Victor will talk about TPMs (Trusted Platform Modules). These are trusted hardware devices that are gaining popularity with cloud security: under the assumption that the TPM is not attacked physically, some recent papers have shown how to provide confidential execution of programs on the cloud as well as how to check that the right software ran on the cloud.
05/17/2010 Undo computing
Prof. Nickolai
Zeldovich, MIT
Nickolai will talk about how to undo attacks on a desktop or a server after an adversary compromises it. Their system, Retro, repairs a desktop or server after an adversary compromises it, by undoing the adversary's changes while preserving legitimate user actions, with minimal user involvement. Retro does so by recording a detailed dependency graph describing the system's execution. During repair, Retro uses selective re-execution, predicates, delegation, and compensating actions to minimize re-execution and user involvement. 
05/10/2010 Secure DHTs
Chris Lesniewski-Laas, MIT
Chris will give a talk on his recent NSDI paper that tries to solve the hard problem of faking identities in a DHT: Whānau: A Sybil-proof Distributed Hash Table. FYI, the abstract and paper can be found here.
05/03/2010 Identity-based encryption (IBE) instead of PKI?
Dr. Tal Moran, Harvard University
Can IBE obviate the need for PK infrastructure or facilitate key revocation? What is the tradeoff? These questions came up when discussing ICING last week.  Tal will give a short survey of IBE, concentrating on limitations for practical uses. The following papers are relevant (the introductions suffice to give you a good overview). A classical paper:  Identity based encryption from the Weil paring (Dan Boneh and Matt Franklin)  and a fairly recent survey: A tapestry of identity-based encryption: practical frameworks compared (Xavier Boyen).
04/26/2010 Securing a future Internet Prof. Sharon Goldberg, Boston University
We will discuss ICING: Defining and enforcing transit policies in a future Internet. FYI, here is ICING's website.
04/19/2010 Patriots' day   No meeting.
04/12/2010 Tutorial of recent crypto advances for systems people Emily Shen,
David Wilson,
Marten van Dijk,
Raluca Ada Popa
Some of us will give an overview of a variety of cryptographic tools/concepts that are efficient and of practical use to systems. There is no reading. We will cover the following topics at a high level: efficient homomorphic encryption schemes, proofs of retrievability/possession, attribute-based encryption, hidden vector encryption, predicate encryption, identity-based encryption, zero knowledge, proofs of knowledge, short signatures, broadcast encryption, and private information retrieval. Slides from the presentation are here [ppt] [pdf].
04/05/2010 Secure delegation of computation Dr. Craig Gentry, IBM T. J. Watson
We will discuss Craig's cryptographic breakthrough and its implications to cloud security as well as the general problem of securely delegating computation to the cloud. Paper and details are here.
03/29/2010 Program binary obfuscation Taesoo Kim, MIT
The importance of program obfuscation goes without saying. We will discuss Binary obfuscation using signals. Taesoo will present an overview of the paper and then some of his research ideas to improve binary obfuscation. However, cryptographic results show that it is impossible to obfuscate programs. Is there a way to come close to this goal by making the adversary's job harder? This is an example where crypto knowledge and systems mechanisms work together.
03/22/2010 Spring break   No meeting.
03/15/2010 Discussion of the paper Vanish: Enhancing the Privacy of the Web with Self-Destructing Data Eugene Wu, MIT
Vanish aims to ensure destruction of private data after some timeout. Is it possible to provide data destruction/deletion guarantees? (Some researchers from Princeton/UTexas/Michigan apparently found a vulnerability in Vanish and called their attack unVanish. Vanish's authors wrote a reply paper attempting to fix various DHT vulnerabilities including those exploited by unVanish.)
03/08/2010 First meeting Raluca Ada Popa, MIT
Around the table introduction and discussion of the paper Spamalytics: An Empirical Analysis of Spam Marketing Conversion


 


Maintained by Raluca Ada Popa (raluca AT csail DOT mit DOT edu)