Jefferson's Wheel

Our paper on protecting private web content from embedded scripts is now available:

Yuchen Zhou and David Evans. Protecting Private Web Content from Embedded Scripts. European Symposium on Research in Computer Security (ESORICS 2011). Lueven, Belguim. 12-14 September 2011. [PDF, 20 pages]

The paper addresses the problem of when web pages embed scripts from third parties (such as advertising networks or analytics tools) in their pages that contain user’s personal content. Since many such scripts must be embedded directly (that is, not in a separate iframe), they have access to the full page DOM and can access and manipulate this data. Our solution adopts the isolated worlds mechanism to isolate embedded scripts and provide a policy-limited access model. We also present a technique for automatically learning which nodes in a web page may contain sensitive data that should be protected from third-party scripts.

Yuchen will present the paper at ESORICS in Belgium in September.

Source Code

Modified Chromium: https://github.com/Treeeater/Chromium_on_windows

Policy Learner Proxy: https://github.com/Treeeater/GreasySpoon-proxy-script

Today, we are releasing our secure computation framework. Our Java-based framework and library enable programmers to build efficient and scalable privacy-preserving applications using Yao’s garbled circuit techniques.

This paper describes the framework in more detail:

Yan Huang, David Evans, Jonathan Katz, and Lior Malka. Faster Secure Two-Party Computation Using Garbled Circuits, 20th USENIX Security Symposium, San Francisco, CA. 8-12 August 2011. [PDF, 16 pages]

Abstract. Secure two-party computation enables two parties to evaluate a function cooperatively without revealing to either party anything beyond the function’s output. The garbled-circuit technique, a generic approach to secure two-party computation for semi-honest participants, was developed by Yao in the 1980s, but has been viewed as being of limited practical significance due to its inefficiency. We demonstrate several techniques for improving the running time and memory requirements of the garbled-circuit technique, resulting in an implementation of generic secure two-party computation that is significantly faster than any previously reported while also scaling to arbitrarily large circuits. We validate our approach by demonstrating secure computation of circuits with over 10⁹ gates at a rate of roughly 10 microseconds per garbled gate, and showing order-of-magnitude improvements over the best previous privacy-preserving protocols for computing Hamming distance, Levenshtein distance, Smith-Waterman genome alignment, and AES.

The framework and applications are available under the MIT open source license: Download Fast Garbled Circuits Framework.

Yan Huang will present the paper at USENIX Security Symposium in San Francisco this August.

The Special Issue of IEEE Security and Privacy Magazine that I co-edited with Sal Stolfo on The Science of Security is now available.

It includes:

• David Evans and Sal Stolfo. Guest Editor’s Introduction: The Sciecne of Security [PDF].
• Sal Stolfo, Steven Bellovin, and David Evans. Measuring Security [PDF]

as well as three selected special issue articles: Security Modeling and Analysis (by Jason Bau and John Mitchell), On Adversary Models and Compositional Security (by Anupam Datta, Jason Franklin, Deepak Garg, Limin Jia, and Dilsun Kaynar), and Provable Security in the Real World (by Jean Paul Degabriele, Kenneth G. Paterson, and Gaven J. Watson).

I also gave a presentation about A Research Agenda for Scientific Foundations of Security at the NITRD Federal Cyber-Security Research event organized at Oakland 2011. 25 May 2011, Berkeley CA. [PPTX, PDF]

Yan Huang and Peter Chapman presented a poster and demo at Oakland 2011 conference on Secure Computation on Smartphones.

Our paper on how to use untrusted cloud services like Google Docs to edit and manage documents, without trusting them with your content, is now available:

Yan Huang and David Evans. Private Editing Using Untrusted Cloud Services. Second International Workshop on Security and Privacy in Cloud Computing. Minneapolis, Minnesota. 24 June 2011. [PDF, 10 pages]

Yan will present the paper at the workshop on June 24.

Abstract

We present a general methodology for protecting the confidentiality and integrity of user data for a class of on-line editing applications. The key insight is that many of these applications are designed to perform most of their data-dependent computation on the client side, so it is possible to maintain their functionality while only exposing an encrypted version of the document to the server. We apply our methodology to Google Documents and describe a prototype extension tool that enables users to use a cloud application to manage their documents without sacrificing confidentiality or integrity. To provide adequate performance, we employ an incremental encryption scheme and extend it to support variable-length blocks. We analyze the security of our scheme and report on experiments that show our extension preserves most of the cloud application’s functionality with less than 10% overhead for typical use.

http://www.mightbeevil.com/securedocs/

Our USENIX WebApps 2011 Paper is now available:

Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans. GuardRails: A Data-Centric Web Application Security Framework. 2nd USENIX Conference on Web Application Development (WebApps 2011). Portland, Oregon, 15-16 June 2011.

Abstract
Modern web application frameworks have made it easy to create powerful web applications. Developing a secure web application, however, still requires a developer to posses a deep understanding of security vulnerabilities and attacks. Even for experienced developers it is tedious, if not impossible, to find and eliminate all vulnerabilities. This paper presents GuardRails, a source-to-source tool for Ruby on Rails that helps developers build secure web applications. GuardRails works by attaching security policies defined using annotations to the data model itself. GuardRails produces a version of the input application that automatically enforces the specified policies. GuardRails helps developers prevent a myriad of security problems including cross-site scripting attacks and access control violations while providing a large degree of flexibility to support a range of policies and development styles.

Full paper (12 pages): [PDF]
GuardRails website

Karsten Nohl and Sylvain Munaut demonstrated their GSM hack for the BBC: Mobiles fall prey to hack attacks [follow link to see video], BBC News, 20 April 2011.

Who could possibly eavesdrop on your modern, digitally encrypted handset?

It should take the kind of technology and resources only available to the security services.

Yet two men wearing hoodie tops have managed to crack the system.

Karsten Nohl and Sylvain Munaut don’t look like secret agents, sitting behind their fold-out table next to a pile of old Motorola phones.

But these two security researchers have discovered a cheap, relatively simple way of intercepting mobile calls.

“We have been looking at GSM technology for a while and we find it to be pretty much outdated in every aspect of security and privacy,” said Mr Nohl.

The first release of the GuardRails source code is now available at https://github.com/guardrails/guardrails. GuardRails was developed by Jonathan Burket, Patrick Mutchler, Michael Weaver, and Muzzammil Zaveri.

GuardRails is a web application framework that extends Ruby on Rails to provide automatic support for data-centric security policies. Developers add annotations to their data models to describe their security policies, and GuardRails performs a source-to-source transformation to enforce those policies throughout the application. There will be a paper at USENIX WebApps 2011, GuardRails: A Data-Centric Web Application Security Framework, available soon, that provides more details.

I’ve posted the slides from my recent talk at CMU:

Secure Computation in the Real(ish) World. CyLab Seminar, Carnegie Mellon University, Pittsburgh, PA. 20 April 2011. [Abstract, PPTX, PDF]

Here’s the abstract:

Alice and Bob meet in a campus bar in 2016. Being typical CMU students, they both have their genomes stored on their mobile devices and, before expending any unnecessary effort in courtship rituals, they want to perform a genetic analysis to ensure that their potential offspring would have strong immune systems and not be at risk for any recessive diseases. But Alice doesn’t want Bob to learn about her risk for Alzheimer’s disease, and Bob is worried a future employer might misuse his propensity to alcoholism. Two-party secure computation provides a way to solve this problem. It allows two parties to compute a function that depends on inputs from both parties, but reveals nothing except the output of the function.

A general solution to this problem have been known since Yao’s pioneering work on garbled circuits in the 1980s, but only recently has it become conceivable to use this approach in real systems. Our group has developed a framework for building efficient and scalable secure computations that achieves orders of magnitude performance improvements over the best previous systems. In this talk, I’ll describe the techniques we use to design scalable and efficient secure computation applications, and report on some example applications including genomic analysis, private set intersection, and biometric matching.

Our paper,

Faster Secure Two-Party Computation Using Garbled Circuits by Yan Huang, David Evans, Jonathan Katz, Lior Malka.

was accepted to USENIX Security. Yan will present the paper at the conference in San Francisco in August. If you would like an advance copy, email me and I will let you know when it is available.