4월 27일에 다음과 같은 주제로 외부 세미나를 개최하였습니다.
시간: 10:30am – noon
장소: Room 301-203
two talks (45min each)
(1) Mechanisms for protecting sensitive user data on smartphones
(2) Popularity is Everything: A new approach to protecting passwords from statistical-guessing attacks
The abstracts and short bios are below.
(1) Mechanisms for protecting sensitive user data on smartphones
Many popular Android and iPhone applications share users’ sensitive information (unique device IDs, location, contacts, etc.) in ways that users neither expect nor desire. To identify potentially-unwanted information disclosures, we built TaintDroid, a dynamic information tracking system for Android. We tested over a hundred popular Android applications using TaintDroid and found that transmission of device IDs and location data to third parties is pervasive. TaintDroid is optimized to keep performance impacts below user-discernable levels, with overheads peaking at 14% for CPU-intensive microbenchmarks. We then extended TaintDroid to implement, and compare, two mechanisms designed to protect users’ sensitive data. We apply these mechanisms to real applications to experimentally determine the impact of each on user experience. I will conclude the talk by outlining the remaining components for the end-to-end mobile device privacy solution we have envisioned. This is joint work with Peter Hornyack, Seungyeop Han, and David Wetherall, of the University of Washington, and Stuart Schechter of Microsoft Research.
(2) Popularity is Everything: A new approach to protecting passwords from statistical-guessing attacks
We propose allowing users of Internet-scale systems to choose any password they want…so long as it’s not already too popular with other users. This approach requires that we track which passwords are in use to determine when they become popular. Alas, storing plaintext passwords may itself be a security risk. We solve this problem using a data structure known as a count-min sketch to create a password popularity oracle. We populate the oracle with existing users’ passwords and update it every time a user chooses a new password. Unlike most applications of probabilistic data structures, which seek to achieve only a maximum acceptable rate false-positives, we set a minimum acceptable false-positive rate to confound attackers who might query the oracle or steal a copy of it. This is joint work with Cormac Herley (Microsoft Research) and Michael Mitzenmacher (Harvard).
Biographies:
Jaeyeon Jung researches networking, systems, security & privacy, and HCI. From 2007 to 2011, she led projects at Intel Labs focused on improving the privacy of consumers through improved transparency and control. Jaeyeon received her Ph.D. in Computer Science from MIT in 2006, where she developed the threshold-random walk algorithm for detecting port scans and malware-infected systems. Following her PhD, she applied these algorithms at Mazu networks and observed their impact on customers’ systems. Jaeyeon holds a Bachelor’s and Master’s degrees from the Korea Advanced Institute of Science and Technology (KAIST). She is an affiliate faculty member at the University of Washington and KAIST.
Stuart Schechter is a man of few accomplishments and so, the reluctant reader should be pleased to learn, his biography is correspondingly short. Stuart researches computer security, human behavior, and occasionally missteps in such distant topics as computer architecture. Those who have worked with Stuart rave about his “tireless dedication… to shooting down any idea that he cannot take credit for.” Institutions that may or may not be re-evaluating their admissions or hiring policies in response to past associations with Stuart include The Ohio State University College of Engineering (B.S.), Harvard’s School of Engineering and Applied Sciences (Ph.D.), MIT Lincoln Laboratory (his former employer), Microsoft Research (his current employer), and KAIST (to use a Facebookism, “It’s complicated”)