The Security Seminar/Discussion Group at
MIT CSAIL hosts talks and
conducts discussions on
systems security, cryptography with potential for applications, or
other areas related to security.
Members come from a variety
of groups within systems and cryptography, both from MIT and nearby
institutions.
When: 4pm on Wednesdays
Where:
MIT Stata Center
(naobk2d4s64ie5mu77bbvo67j4@group.calendar.google.com)
and iCal format
. | Date |
Topic |
Speaker(s) |
Information |
| 5/22/2013 Upcoming! |
OS security | Dr. Robert N. M. Watson, University of Cambridge | Robert will talk about A Decade of Access-Control Extensibility. Here is the abstract and more information. |
| 5/1/2013 | Bitcoin's security | Gavin Andresen, Bitcoin Foundation, Chief Scientist | Gavin will talk about the security protocol of Bitcoin. Here is the abstract and more information. |
| 4/3/2013 | Language-based security | Prof. Sanjit A. Seshia, UC Berkeley | Sanjit will talk about "Verification with Small and Short Worlds". Here is the abstract and more information. |
| 3/20/2013 | CHERI architecture | Dr. David Chisnall, University of Cambridge, UK | David will talk about "Language Interoperability without Sacrificing Safety". Here is the abstract and more information. |
| 3/19/2013 | Side-channel attacks | Prof. Simha Sethumadhavan, Columbia University | Simha will talk about Measuring Side Channel Vulnerability using SVF. Here is the abstract and more information. |
| 3/13/2013 | Applied cryptography | Justin Thaler, Harvard University | Justin will talk about Time-Optimal Interactive Proofs for Circuit Evaluation. Here is the abstract and more information. |
| 2/11/2013 | Mobile systems security | Haohui Mai, University of Illinois at Urbana-Champaign | Haohui Mai will talk about Building a Secure Foundation for Mobile Apps. Here is the abstract and more information. |
| 12/10/2012 | Binary Static Analysis | Chris Eng, Veracode - industry talk | Chris Eng will talk about their binary static analysis work at Veracode. Here is the abstract and more information. |
| 12/3/2012 | Cryptanalysis, network security | Dr. Nadia Heninger, Microsoft Research, New England | Nadia Heninger will talk about Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. Here is the abstract and more information. |
| 11/26/2012 | Systems security | Eunsuk Kang, MIT | Eunsuk will talk about Automating End User Security Task. Here is the abstract and more information. |
| 11/19/2012 | Practical verifiable computation | Prof. Mike Walfish, UT Austin | Mike Walfish will talk about Making proof-based verified computation almost practical. Here is the abstract and more information. |
| 11/5/2012 | Cloud security | Dr. Ari Juels, Chief Scientist, RSA, the Security Division of EMC | Ari will talk about Breaks in the Cloud. Here is the abstract and more information. |
| 10/22/2012 | Embedded Devices Security | Amir Rahmati, UMass Amherst | Amir Rahmati will talk about TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks. Here is the abstract and more information. |
| 10/1/2012 | Fully homomorphic encryption and hardware | Chris Fletcher, MIT | Chris Fletcher will talk about Techniques for performing secure computation on encrypted data. Here is the abstract and more information. |
| 9/24/2012 | Operating systems security | Xi Wang, MIT | Xi Wang will talk about Improving integer security for systems. Here is the abstract and more information. |
| 9/17/2012 | Software fault isolation | Prof. Greg Morrisett, Harvard University | Greg Morrisett will talk about RockSalt: Better, Faster, Stronger Software Fault Isolation for the x86. Here is the abstract and more information. |
|
Summer break no meeting.
|
|||
| 5/7/2012 | Language-based Privacy | Jean Yang, MIT | Jean Yang, MIT, will talk about Jeeves, a language for enforcing privacy. Here is the abstract and more information. |
| 4/23/2012 | Storage security | Emil Stefanov, Berkeley | Emil Stefanov from Berkeley will talk about Concealing Access Patterns to Cloud Storage for Privacy. Here is the abstract and more information. |
| 4/9/2012 *3*pm |
Cloud security | Robert Griffin, RSA, Security Division of EMC | Bob Griffin, Chief Security Architect at RSA, will talk about "Keys and Clouds: Searching for the Equilibrium". This is an industry talk co-organized with RSA Labs. Here is the abstract and more information. |
| 4/2/2012 | Cloud computing security | Dr. Alina Oprea, RSA Labs | New approaches to securing cloud data: Alina will talk about some of the research RSA Labs has done on extending the trust perimeter from the enterprise data center into public clouds. Here is the abstract and more information. |
| 2/27/2012 | Cloud security | Ariel J. Feldman, Princeton | Ari will talk about Privacy and Integrity in the Untrusted Cloud. Here is the abstract and more information. |
| 2/13/2012 | Homomorphic encryption | Dr. Shai Halevi, IBM T. J. Watson Research Center | Shai will talk about Recent advances in homomorphic encryption. Here are Shai's slides. Here is the abstract and more information. |
| 1/30/2012 | Browser security | Emily Stark, MIT | Emily will talk about The Case for Prefetching and Prevalidating TLS Server Certificates. Here is the abstract and more information. |
| 1/23/2012 | Integrity for outsourced databases | Nikos Triandopoulos - RSA Labs & Boston University | Nikos will talk about Verifying Keyword and Database Search in the Cloud . Here is the abstract and more information. |
| 12/19/2011 | Cloud computing security | Dr. Dennis Moreau, EMC Corporation | Dennis will talk about Focused Threat Response and Forensic Information Sharing: Current Challenges and Limits in Cloud Computing Scenarios. This talk was jointly organized with the RSA Labs. Here is the abstract and more information. |
| 12/12/2011 | Cloud and mobile security | Prof. Roxana Geambasu, Columbia University | Roxana will talk about Regaining control over cloud and mobile data. Here is the abstract and more information. |
| 11/28/2011 | Web security | Prof. Adam Chlipala, MIT | Adam will talk about Web Security via Types and Theorem-Proving in the Ur/Web Programming Language. Here is the abstract and more information. |
| 11/21/2011 | Language-based security | Prof. Stephen Chong, Harvard University | Stephen will talk about Inference of Expressive Information Security Policies. This talk is joint with the PL seminar. Here is the abstract and more information. |
| 11/14/2011 | Routing security | Dr. Jad Naous, MIT | Jad will talk about Verifying and Enforcing Network Paths with ICING . Here is the abstract and more information. |
| 10/31/2011 | Cloud computing security | Kevin Bowers, RSA Labs | Kevin will talk about How to Tell If Your Files Are Vulnerable to Drive Crashes. Here is the abstract and more information. |
| 10/24/2011 | No meeting: many of us will be attending SOSP. |
||
| 10/17/2011 | Application and Database Confidentiality |
Raluca Ada Popa, MIT |
Raluca will talk about CryptDB: Protecting Confidentiality with Encrypted Query Processing. Here is the abstract and more info. |
| 10/3/2011 | Browser privacy |
Dr. Ben Livshits, Microsoft Research, Redmond |
Ben will talk about RePriv: Re-Imagining Content Personalization and In-Browser Privacy. Here is the abstract and more info. |
| 08/04/2011 | Cloud Computing and Software
Security |
Dr. Úlfar Erlingsson, |
Úlfar will briefly outline some
issues and potential research topics in cloud security, with examples
from Google's past and current technology efforts used to give context.
Here is the abstract and more
info. |
| 04/14/2011 |
Cloud Security | Dr. Alina Oprea RSA Labs |
Alina will talk about recent
work: A Scalable Cloud File System
with Efficient Integrity Checks. Here is the abstract and more info. |
| 04/07/2011 | BGP Security |
Prof. Leonid Reyzin, Boston University | Leo will talk about recent
work: Sequential Aggregate
Signatures with Lazy Verification for S-BGP. Here is the abstract and more info. |
| 03/31/2011 |
Homomorphic Encryption |
Ron Rothblum, Weizmann Institute |
Ron Rothblum will give a talk
for the CIS seminar: "Homomorphic Encryption: from Private-Key to
Public-Key" |
| 03/24/2011 |
Spring break |
||
| No meetings due to
SOSP deadline |
|||
| 02/24/2011 |
BGP Security |
Prof. Sharon Goldberg, Boston
University |
Sharon will talk about recent work: Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security. Joint work with Phillipa Gill and Michael Schapira. Here is the abstract. |
|
Winter break and IAP no meeting.
|
|||
| 12/02/2010 |
Predictive Black-Box Mitigation
of Timing Channels |
Dr. Aslan Askarov, Cornell University |
We investigate techniques for
general black-box mitigation of timing channels. The source of events
is wrapped by a timing mitigator that delays output events so that they
contain only a bounded amount of information. We introduce a general
class of timing mitigators that can achieve any given bound on timing
channel leakage, with a tradeoff in system performance. We show these
mitigators compose well with other mechanisms for information flow
control, and demonstrate they are effective against some known timing
attacks. |
| 11/03/2010 | Differential Privacy |
Dr. Frank McSherry, Microsoft
Research |
Frank will present his work on Privacy Integrated Queries: A Programming Language for Differentially-Private Computation. Here are the abstract and bio. |
| 10/28/2010 |
Language-based security for distributed systems | Prof. Andrew Myers, Cornell |
Andrew will talk about Fabric: Using language-based security to build secure distributed systems. Here are the abstract and bio. |
| 10/21/2010 |
Preventing side channel attacks
exploiting memory latency for cloud computing |
Taesoo Kim, MIT |
Taesoo will talk about his work on preventing side channel attacks exploiting memory latency in cloud computing environments such as Amazon EC2 and Microsoft Azure. He will present his new protection mechanism (against RSA/AES cache attacks) that he developed together with Marcus Peinado from Microsoft Research. |
| 10/15/2010 |
Quantification of Integrity |
Dr. Michael Clarkson, Cornell
University |
Here is the abstract and more information for the talk. |
| 10/08/2010 |
No meeting. Dertouzos talk at
the same time. |
||
| 09/30/2010 |
Cold Boot Attacks |
Nadia Heninger, Princeton
University |
Nadia Heninger from Princeton
University will present her work on "Lest We Remember:
Cold Boot Attacks on Encryption Keys" (Usenix Security, 2008, Best
Student Paper Award) and "Reconstructing
RSA Private Keys from Random Key Bits" (Crypto 2009). |
| 09/20/2010 |
Cloud Security |
David Schultz, MIT |
We will discuss the paper Depot: Cloud Storage with Minimal Trust,
which will be presented at the upcoming OSDI, Oct 4-6, 2010. |
| 08/02/2010 |
Side-channel Leaks in Web
Applications |
Ethan Heilman, MIT |
We will discuss the paper Side-Channel
Leaks in Web Applications: a Reality Today, a Challenge Tomorrow, from Oakland 2010. |
| 07/26/2010 |
Making Linux Protection Mechanisms Egalitarian with UserFS | Taesoo Kim, MIT |
Taesoo will be giving us a practice talk of his paper "Making Linux Protection Mechanisms Egalitarian with UserFS". The paper will be presented at USENIX Security 2010 (August 11). |
| 07/19/2010 |
Privacy | Pablo Azar, MIT |
We will discuss the paper Practical Privacy: The SuLQ framework by Avrim Blum, Cynthia Dwork, Frank McSherry and Kobbi Nissim; this paper appeared in SIGMOD/PODS 2005. |
| 07/12/2010 |
TrustVisor: Efficient TCB Reduction and Attestation | Victor Costan, MIT |
TrustVisor is a paper from Oakland 2010 (IEEE Symposium on Security and Privacy). Also, here is a list of all the papers from Oakland and Usenix Security 2010 to consider for discussion at the reading group this summer. |
| June
-- no meetings. |
|||
| 05/24/2010 | Trusted Hardware |
Victor Costan, MIT |
Victor will talk about TPMs (Trusted Platform Modules). These are trusted hardware devices that are gaining popularity with cloud security: under the assumption that the TPM is not attacked physically, some recent papers have shown how to provide confidential execution of programs on the cloud as well as how to check that the right software ran on the cloud. |
| 05/17/2010 | Undo computing |
Prof. Nickolai Zeldovich, MIT |
Nickolai will talk about how to undo attacks on a desktop or a server after an adversary compromises it. Their system, Retro, repairs a desktop or server after an adversary compromises it, by undoing the adversary's changes while preserving legitimate user actions, with minimal user involvement. Retro does so by recording a detailed dependency graph describing the system's execution. During repair, Retro uses selective re-execution, predicates, delegation, and compensating actions to minimize re-execution and user involvement. |
| 05/10/2010 | Secure DHTs |
Chris Lesniewski-Laas, MIT |
Chris will give a talk on his recent NSDI paper that tries
to
solve the hard problem of faking identities in a DHT: Whānau: A
Sybil-proof Distributed Hash Table. FYI, the abstract and paper can be
found here. |
| 05/03/2010 | Identity-based encryption (IBE) instead of PKI? |
Dr. Tal Moran, Harvard University |
Can IBE obviate the need for PK infrastructure or facilitate
key revocation? What is the tradeoff? These questions came up when
discussing ICING last
week. Tal will give a short survey of IBE, concentrating on
limitations for practical uses. The following papers are relevant (the
introductions suffice to give you a good overview). A classical
paper: Identity
based encryption from the Weil paring (Dan Boneh and Matt
Franklin) and a fairly recent survey: A tapestry of
identity-based encryption: practical frameworks compared (Xavier
Boyen). |
| 04/26/2010 | Securing a future Internet | Prof. Sharon Goldberg, Boston University |
We will discuss ICING: Defining and enforcing transit policies in a future Internet. FYI, here is ICING's website. |
| 04/19/2010 | Patriots' day | No meeting. | |
| 04/12/2010 | Tutorial of recent crypto advances for systems people | Emily Shen, David Wilson, Marten van Dijk, Raluca Ada Popa |
Some of us will give an overview of a variety of cryptographic tools/concepts that are efficient and of practical use to systems. There is no reading. We will cover the following topics at a high level: efficient homomorphic encryption schemes, proofs of retrievability/possession, attribute-based encryption, hidden vector encryption, predicate encryption, identity-based encryption, zero knowledge, proofs of knowledge, short signatures, broadcast encryption, and private information retrieval. Slides from the presentation are here [ppt] [pdf]. |
| 04/05/2010 | Secure delegation of computation | Dr. Craig Gentry, IBM T. J. Watson |
We will discuss Craig's cryptographic breakthrough and its implications to cloud security as well as the general problem of securely delegating computation to the cloud. Paper and details are here. |
| 03/29/2010 | Program binary obfuscation | Taesoo Kim, MIT |
The importance of program obfuscation goes without saying. We will discuss Binary obfuscation using signals. Taesoo will present an overview of the paper and then some of his research ideas to improve binary obfuscation. However, cryptographic results show that it is impossible to obfuscate programs. Is there a way to come close to this goal by making the adversary's job harder? This is an example where crypto knowledge and systems mechanisms work together. |
| 03/22/2010 | Spring break | No meeting. | |
| 03/15/2010 | Discussion of the paper Vanish: Enhancing the Privacy of the Web with Self-Destructing Data | Eugene Wu, MIT |
Vanish aims to ensure destruction of private data after some timeout. Is it possible to provide data destruction/deletion guarantees? (Some researchers from Princeton/UTexas/Michigan apparently found a vulnerability in Vanish and called their attack unVanish. Vanish's authors wrote a reply paper attempting to fix various DHT vulnerabilities including those exploited by unVanish.) |
| 03/08/2010 | First meeting | Raluca Ada Popa, MIT |
Around the table introduction and discussion of the paper Spamalytics: An Empirical Analysis of Spam Marketing Conversion |