Jefferson's Wheel

Our paper on automated testing of web applications has been accepted to the 2014 USENIX Security Symposium. [Update: the final version of the paper is available here.]

It describes a black-box technique for automatically scanning web sites for vulnerabilties in how they implement Facebook Single Sign-On, and results from our experiments running it on thousands of websites.

You can try the scanner at SSOScan.org.

Yuchen Zhou will present the paper at USENIX Security in San Diego, 20-22 August 2014.

Samee Zahur passed in PhD Proposal on Abstractions for Data Oblivious Programs. The abstract is:

While many recent papers have demonstrated the feasibility of secure computation for various interesting applications, such techniques have not yet been widely adopted outside of the research community. In the thesis proposed here, we try to reduce one aspect of this entry barrier: software abstractions. We motivate the problem by showing how secure computation necessarily requires redesigning of even simple software abstractions such as language control structures and data structures. First, we propose a new language that can be easily extended by other researchers for purposes of their investigations. Then, we propose new constructions for common data structures that are efficient in this execution model. Finally, we propose to develop new optimizations for ORAM structures to enable faster computations in the RAM model. Our preliminary investigations are already showing promising results. We have implemented a prototype compiler for our new language that provides significantly higher flexibility compared to existing systems. We demonstrate this flexibility by showing that our language allows implementation of various library-based features that have, in the past, always used compiler modifications in other languages. We have also shown constructions of data structures that can provide over 10x speed improvement even on small data sizes.

Congratulations to Samee on successfully presenting his PhD Proposal. Samee will be spending the summer at Microsoft Research (Redmond).

I gave a keynote talk at the Applied Multi-Party Computation workshop at Microsoft Research Redmond on Multi-Party Computation in 2029: Boom, Bust, or Bonanza?. Despite the risk of being proved horribly wrong in 15 years, my slides are here (also available as [PPTX] and as a video):

There are well-written summaries of the talk by Mahnush Movahedi and Mahdi Zamani and the Aarhus Crypto Group.

Karsten Nohl, who complete a PhD in our group in 2009, is visiting UVa this week. UVa Today has an article: Renowned ‘White Hat Hacker’ to Speak on Real-World Security Holes:

University of Virginia graduate Karsten Nohl, one of the world’s most famous “white hat computer hackers,” will speak Friday at 3:30 p.m. in Rice Hall, room 130, about lessons learned from the security holes that he and fellow researchers have uncovered in mobile phones, wireless car keys and other technology used by billions of people everyday.

Nohl first made international headlines in 2008, while still a computer engineering doctoral student at U.Va., for research that exposed vulnerabilities in the world’s most popular smartcard, used by millions of people to pay fares on several major mass-transit systems around the world, including the London Underground and the Boston subway.

Such cards utilize miniscule wireless computer chips, about the size of a grain of rice, called RFIDs, short for “radio-frequency identification.” They send and receive information over short distances (generally 10 feet or less) via very low-power radio waves.

As an ethical security researcher, often called a “white hat hacker,” Nohl exposes vulnerabilities to spur improvements in the systems that he researches. He now does such work around the world as the founder and director of research at Security Research Labs in Berlin.

To prevent those with nefarious purposes from exploiting security holes he uncovers, Nohl typically withholds key details of the exploit and discloses his findings only months after sharing his research with the relevant manufacturers or trade organizations to allow them to roll out upgrades or countermeasures to mitigate the security risk.

Since graduating from U.Va. in August 2008, Nohl has gone on to discover and demonstrate two key security vulnerabilities in mobile phones – encryption flaws in both the GSM protocol that most cell phones use to communicate with cell towers, and in SIM cards, the tiny “subscriber identity module” chip in every phone that identifies and authenticates the phone.

Both discoveries generated worldwide media coverage.

As just one example of possible ramifications, the latter security hole could allow a malicious hacker to send a virus through a text message, which could then allow the hacker to eavesdrop on calls or make purchases through mobile payment systems.

“Karsten has had an outstanding impact in analyzing how cryptography gets used in the real world and demonstrating what goes wrong when important engineering principles are not followed carefully,” said computer science professor David Evans, Nohl’s former doctoral adviser and a co-organizer of Friday’s talk. “The vulnerabilities he has identified in RFID algorithms, GSM encryption and SIM cards impact billions of devices most of us use every day, and it’s really important that people understand the security weaknesses in these systems and that vendors work to improve them. Karsten’s work is a fundamental step toward those goals.”

Nohl’s talk will discuss how security exploits with real-world implications are usually enabled by not just one design flaw, but by deviations from best practices on multiple design layers. Protection designs that focus on a single security function and neglect complementary layers are more prone to compromise, Nohl will argue, with examples from his own research on three widely deployed technologies – cell phones, car keys and smartcards.

“Real-world cryptographic systems rarely meet academic expectations, with most systems being shown ‘insecure’ at some point,” Nohl said in an email description of his talk. “At the same time, our IT-driven world has not yet fallen apart, suggesting that many protection mechanisms are ‘secure enough’ for how they are employed.”

The talk will be followed by a reception in the fourth-floor atrium of Rice Hall.

The event is co-sponsored by the departments of Computer Science and Electrical and Computer Engineering, which jointly administer U.Va.’s computer engineering Program in the School of Engineering and Applied Science.

Security exploits nearly always stem from attackers finding ways to violate assumptions system implementers relied upon. As a simple example, consider a classic buffer overflow attack which is possible because the implementers assumed (perhaps implicitly) that the size of some data could not exceed the buffer size, but an attacker found a way to create an input that violates that assumption.

In this work, joint with colleagues at Microsoft Research, we consider the implicit assumptions upon which secure use of single sign-on SDKs depends. Our study of three important authentication and authorization SDKs (including Facebook’s) supports the need for systematically explicating SDKs to uncover these assumptions. We found assumptions that were critical to secure use of the SDKs, but that were not clearly documented and were subtle enough to be missed by the majority of tested apps.

We advocate that a systematic explication process for uncovering these assumptions should be part of the engineering process for developing security-critical SDKs.

For details, see our paper:

Fraudulent mobile applications could trick users into entering sensitive passwords, and then send those passwords to rogue site operators. With current technologies, users have no way of knowing that when they enter a password it is going to the intended application. What is needed is a trusted path for password entry, so when users enter a password they can trust that it will only be visible to the trusted provider.

This paper presents a solution that does not require any modifications to existing apps or application servers, but modifies the Android kernel to establish a shared secret between the user and kernel as part of the boot process, and then uses that shared secret to provide a trusted path for password entry.

Tianhao Tong will present the paper at Moble Security Technologies (MoST) in San Francisco, CA, 23 May 2013.

Paper: Tianhao Tong and David Evans. GuarDroid: A Trusted Path for Password Entry. In Moble Security Technologies (MoST), San Francisco, CA, 23 May 2013. [PDF, 10 pages]

Code: GuarDroid.net

Samee Zahur and I have written a paper on Circuit Structures for Improving Efficiency of Security and Privacy Tools. The paper explores ways to design static circuits (as used in garbled circuit protocols and symbolic execution, among other things) to provide reasonable efficiency for algorithms that use common data structures like arrays. By taking advantage of somewhat predictable access patterns, as well as batching, our circuit structures are able to provide operations with amortized cost that is polylogarithmic in the size of the data structure (in contrast to naive approaches that would require effectively copying the entire data structure for each operation). Samee will present the paper at the IEEE Symposium on Security and Privacy (“Oakland”) in San Francisco in May.

Full paper (15 pages): [PDF]
Project: MightBeEvil.com/netlist

Code: http://github.com/samee/netlist

I was interviewed on Gary McGraw’s Silver Bullet podcast.

Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project. They close out their discussion with a story about David’s trip to the World Cup in Korea and a choice between GEB and scheme.

You can download the podcast from http://www.cigital.com/silver-bullet/show-076/.

Peter Chapman presented our work on side-channel analysis for web applications at CCS yesterday. His slides are available here: [PPTX] [PDF].

It provides an automated way to analyze a web application for side-channel vulnerabilities, as well as a better metric for quantifying those vulnerabilities (that may have applications to many other areas where it is important to know how well states can be distinguished). It is described in more detail in this paper: Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications (and earlier post), but for the important connection to Guinness you need to view the slides. The tool is also freely available at http://www.cs.virginia.edu/sca/ (with a tutorial explaining how to use it!)

Videos from all the talks at USENIX Security are now available on the conference site.

Here are the talks by UVa people:

• Peter Chapman (HotSec Workshop): Privacy-Preserving Applications on Smartphones and Q & A (extensive discussion session, including the other two talks in the session)
• Pieter Hooimeijer: Fast and Precise Sanitizer Analysis with BEK
• Adrienne Porter Felt (now at UC Berkeley): Permission Re-Delegation: Attacks and Defenses
• Michael Dietz (now at Rice University): QUIRE: Lightweight Provenance for Smart Phone Operating Systems
• Yan Huang: Faster Secure Two-Party Computation Using Garbled Circuits

I would also highly recommend Collin Jackson’s invited talk on Crossing the Chasm: Pitching Security Research to Mainstream Browser Vendors.