trust, berkeley site visit, april 26-28, 2006 year 1: research – education – outreach overview...
Post on 20-Dec-2015
216 views
TRANSCRIPT
TRUST, Berkeley Site Visit, April 26-28, 2006
Year 1: Research – Education – OutreachOverview
John Mitchell and Janos Sztipanovits
Year 1 Research Overview 2TRUST, Berkeley Site Visit, April 26-28, 2006
Research Goals
Address pressing issues of the day– Why are computer systems vulnerable to attack?
Will Internet fraud, worms, viruses … be with us forever? Can malicious groups take down critical infrastructures?
– How can we make systems more secure? In ways that are acceptable and desirable to their users?
– What new problems of societal significance can be solved? Medical applications? Manage energy and natural resources?
Deep and lasting scientific progress– Advance the science of computer security– Understand its intersection with system design– Recognize and utilize interdependence w/ other disciplines
Leverage the scale of the TRUST center effectively– Collaboration, education, develop career paths
Year 1 Research Overview 3TRUST, Berkeley Site Visit, April 26-28, 2006
Research Organization
Five research projects +– Web authentication and online identity theft – Electronic medical records– Sensor nets and embedded systems– Trustworthy systems– Network security and defenses
+ Education (managed through same process)
Each research project combines– Faculty and students from several (3-5) sites– Security, Systems and Software, Social Sciences– Education and outreach activities
Some activities contribute to several projects
Year 1 Research Overview 4TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST Research Vision
Privacy
Computer andNetwork Security
Electronic MedicalRecords
Identity TheftProject
Secure NetworkedEmbedded Systems
Software Security
Trusted Platforms
Applied Crypto -graphic Protocols
NetworkSecurity
Secure NetworkEmbedded Sys
Forensic and Privacy
Complex Inter -Dependency mod.
Model -basedSecurity Integration.
Econ., Public Pol. Soc. Chall.
Secure Compo -nent platforms
HCI andSecurity
Secure Info Mgt.Software Tools
Component Technologies
Societal Challenges
Integrative Efforts
TRUST will address social, economic and legal challenges
Specific systems thatrepresent these socialchallenges.
Component technologiesthat will provide solutions
Critical Infrastructure
Details have changed but spirit of this vision remains
Year 1 Research Overview 5TRUST, Berkeley Site Visit, April 26-28, 2006
Problem 1: Online Identity Theft
Password phishing– Forged email and fake web sites steal passwords– Passwords used to withdraw money, degrade trust
Password theft– Criminals break into servers and steal password files
Spyware– Keyloggers steal passwords, product activation codes, etc.
Botnets– Networks of compromised end-user machines spread SPAM, launch
attacks, collect and share stolen information Magnitude
– $$$ Hundreds of millions in direct loss per year– Significant Indirect loss in brand erosion
Loss of confidence in online transactions Inconvenience of restoring credit rating, identity
– Challenge for critical infrastructure protection
Year 1 Research Overview 6TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST team
Stanford– D Boneh, J Mitchell, D Dill, M Rosenblum, Jennifer Granick (Law School)
– A Bortz, N Chou, C Jackson, N Miyake, R Ledesma, B Ross, E Stinson, Y
Teraguchi, …
Berkeley
– D Tygar, R Dhamija, ,,,
– Deidre Mulligan (UC Berkeley Law), Erin Jones, Steve Maurer, …
CMU
– A Perrig, D Song
– B Parno, C Kuo
Partners and collaborators
– US Secret Service, DHS/SRI Id Theft Tech Council, RSA Securities, …
– R Rodriguez, D Maughan, …
And growing …
Year 1 Research Overview 7TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST ID Theft Team (+ more)
Year 1 Research Overview 8TRUST, Berkeley Site Visit, April 26-28, 2006
Phishing Attack
password?
Sends email: “There is a problem with your eBuy account”
User clicks on email link to www.ebuj.com.
User thinks it is ebuy.com, enters eBuy username and password.
Password sent to bad guy
Year 1 Research Overview 9TRUST, Berkeley Site Visit, April 26-28, 2006
SpoofGuard browser extension
SpoofGuard is added to IE tool bar– User configuration – Pop-up notification as method of last resort
Year 1 Research Overview 10TRUST, Berkeley Site Visit, April 26-28, 2006
Berkeley: Dynamic Security Skins
Automatically customize secure windows Visual hashes
– Random Art - visual hash algorithm – Generate unique abstract image for each
authentication– Use the image to “skin” windows or web content– Browser generated or server generated
Year 1 Research Overview 11TRUST, Berkeley Site Visit, April 26-28, 2006
CMU Phoolproof prevention
Eliminates reliance on perfect user behavior Protects against keyloggers, spyware. Uses a trusted mobile device to perform
mutual authentication with the server
password?
Year 1 Research Overview 12TRUST, Berkeley Site Visit, April 26-28, 2006
Tech Transfer
SpoofGuard– Some SpoofGuard heuristics now used in
eBay toolbar and Earthlink ScamBlocker.– Very effective against basic phishing attacks.
PwdHash– Collaboration with RSA Security to implement PwdHash on
one-time RSA SecurID passwords. RSA SecurID passwords vulnerable to online phishing PwdHash helps strengthen SecurID passwords
New browser extensions for privacy– SafeCache and SafeHistory
Client-side architecture for spyware resistance– SpyBlock: virtualization, browser extension, trusted agent
Year 1 Research Overview 13TRUST, Berkeley Site Visit, April 26-28, 2006
Botnets: detect and disable
Botnet - Collection of compromised hosts– Spread like worms and viruses– Platform for many attacks
Spam forwarding, Keystroke logging , denial of service attacks Unique characteristic: “rallying”
– Bots spread like worms and trojans– Centralized control of botnet is characteristic feature
Current efforts– Spyware project with Stanford Law School– CMU botnet detection
Based on methods that bots use to hide themselves– Stanford host-based bot detection
Taint analysis, comparing network buffer and syscall args– Botnet and spyware survival
Spyblock: virtualization and containment of pwd
Year 1 Research Overview 14TRUST, Berkeley Site Visit, April 26-28, 2006
Research Spotlight
StanfordCyberlaw Clinic
Spyware Litigation Project
Lisa Schwartz
Henry Huang
Jennifer Granick
Law, CS faculty,Law students,Many CS grad, undergrad students
Year 1 Research Overview 15TRUST, Berkeley Site Visit, April 26-28, 2006
Backdoor Trojan spyware– distributed via misleading pop-up– installed even if user clicked the
pop-up’s “close” button Users’ computers transformed
into “marketing machines”– Up to 7 pop-ups/minute, …
Who is behind PacerD?– Seychelles P.O. box, Seattle
voice mail number, Russian ISPsSpyware bundle will install unlessuser takes complex or difficult action
Cyberlaw Clinic: PacerD
Oct. ’05– CS team sets up testing environment
Nov. ’05– CS team creates videos depicting
PacerD installation, …, removal– Rootkits detected inside PacerD
Dec. ’05 – Feb. ‘06– Cyberlaw Clinic drafts lawsuit
March – April ‘06– Over 300 PacerD victims contacted– Litigation plan being developed
CPM Media
KVM Media
PacerD
Exfol
“Pyramid of Deception”
Year 1 Research Overview 16TRUST, Berkeley Site Visit, April 26-28, 2006
Cyberlaw Clinic: Enternet
Enternet Media (EM) – Internet ad firm in CA
EliteBar a.k.a. Elite Toolbar– distributed through websites– no notice of installation– prevents uninstallation – collects personal information
EULA: unconscionable terms
Enternet hides EULA and uninstaller:
Uninstaller purposely fails to remove EliteBar
Gov’t Suits Against Enternet
FTC filed against Enternet 11/4/05– injunction froze assets– stopping distribution of EliteBar
City of L.A. also sued Enternet– alleging unfair competition, deception
Criminal charges: In LA, March 2006– Incl false advertising, consumer fraud
Year 1 Research Overview 17TRUST, Berkeley Site Visit, April 26-28, 2006
ID Theft: Future challenges
Criminals become increasingly sophisticated– “In 25 years of law enforcement, this is the closest thing I’ve
seen to the perfect crime” – Don Wilborn Increasing interest at server side
– Losses are significant Need improved platform security
– Protect assets from crimeware Need improved web authentication
– Basic science can be applied to solve problem: challenge-response, two-factor auth, …
Social awareness, legal issues, and human factors– Studies with Law Clinics; user studies, how are users fooled?
Technology transfer– More free software, RSA Security, …
Multi-campus project developing technology, evaluation, social impact Project meetings this spring. Public workshop at Stanford in June.
Year 1 Research Overview 18TRUST, Berkeley Site Visit, April 26-28, 2006
Problem 2: Healthcare Information
Rise in mature population– Population of age 65 and older with – Medicare was 35 million for 2003 and – 35.4 million for 2004
New types of technology– Electronic Patient Records– Telemedicine– Remote Patient Monitoring
Empower patients: – Access to own medical records– Control the information – Monitor access to medical data
Regulatory compliance
Table compiled by the U.S. Administration on
Aging based on data from the U.S. Census Bureau.
United Nations ▪ “Population Aging ▪ 2002”
2050
Percentage of Population over 60 years oldGlobal Average = 21%
Year 1 Research Overview 19TRUST, Berkeley Site Visit, April 26-28, 2006
Privacy and regulatory issues
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
– HIPAA Privacy Rule (2003): gives US citizens Right to access their medical records Right to request amendments, accounting of disclosures, etc.
– HIPAA Security Rule (2005): requires healthcare organizations to Protect for person-identifiable health data that is in electronic format
Complexity of privacy– Variable levels of sensitivity; “sensitive” in the eye of multiple
beholders– No bright line between person-identifiable and “anonymous” data
Complexity of access rights and policies– Simple role-based access control is insufficient– Governing principles: “need-to-know” and “minimum disclosure”
Year 1 Research Overview 20TRUST, Berkeley Site Visit, April 26-28, 2006
ProviderPatient
Payer Society
Primary care
Specialists
AncillariesImmediate
FamilyExtended
Family
Community Support
FriendsLegally Authorized
Reps
Admin.
Staff
Claims Processors
Subcontractors
Clearinghouses
Insurers
Public Health
State Licensure
Boards
Law Enforcement
Internal QA
External accreditation
orgs
Clinical Trials
Sponsors
Fraud Detection
Medical Information
Bureau
Business Consultants
National Security
Bioterrorism Detection
Healthcare Information Access Roles
From: Dan Masys: “The nature of biomedical data”
Year 1 Research Overview 21TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST and MyHealth Teams (Faculty)
Vanderbilt– J Sztipanovits, G Karsai, A Ledeczi
Stanford– J Mitchell, H Garcia-Molina, R Motwani
Berkeley– R Bajcsy, S Sastry, M Eklund– Deidre Mulligan (UC Berkeley Law)
CMU– M Reiter, D Song
Cornell– J Gehrke, S Wicker, F Schneider
VU Medical Center Collaborators– D Masys, M Frisse, D Giuse, J Jirjis, M Johnson, N Lorenzi,
D Mays,
Year 1 Research Overview 22TRUST, Berkeley Site Visit, April 26-28, 2006
Year 1 Research Overview 23TRUST, Berkeley Site Visit, April 26-28, 2006
Patient Portal Project
Vanderbilt MyHealth Patient Portal– Enrolled 8000 patients and grows at the rate of over 1000 new enrollees per month– Secure messaging, access to medical records, appointments
Include real-time monitoring of
congestive heart failure patients– Heterogeneous sensor
network for monitoring– Data integrated into
MyHealth@Vanderbilt Berkeley ITALH Testbed:
seniors in Sonoma– Stationary sensors:
Motion detectors, Camera systems
– Wearable sensor: Fall sensors, Heart rate or pulse monitors
Year 1 Research Overview 24TRUST, Berkeley Site Visit, April 26-28, 2006
Technical Challenges (1/2)
Access ControlUnique problems:
– Policy languages– Policy validation – Distributed policy enforcement
Data PrivacyUnique problems:
– Learning from data while keeping individual data private
– Publishing data without possibility to link back to individuals– Information flow through data access: “leaking secret data”– Incorporating background knowledge– Interaction between privacy and policy languages
Year 1 Research Overview 25TRUST, Berkeley Site Visit, April 26-28, 2006
Technical Challenges (2/2)
Distributed trust managementUnique problems:
– Maintaining trust across multiple players with conflicting interests and policies
Information architecture modeling and analysisUnique problems:
– Technical and organizational heterogeneity– Major role of legacy systems– Scale and complexity
Benchmarking – Creation of synthetic patient data – Real-life patient data
Societal Impact of Patient Portals– What privacy policy would make patients comfortable with
contributing data to research study?
Year 1 Research Overview 26TRUST, Berkeley Site Visit, April 26-28, 2006
Approaches
What solutions are possible? Some examples:– Policy languages (Stanford)– Data privacy (Cornell, Stanford)– Information architecture modeling and analysis
(VU, Berkeley)– Distributed trust management (Cornell, Stanford)– Societal impact (Berkeley)
Use MyHealth (VU) as demo system– Put TRUST research thrusts in MyHealth contexts
Year 1 Research Overview 27TRUST, Berkeley Site Visit, April 26-28, 2006
Initial Steps
Discussions with VU Medical Center in September, 2005– Prof. Bill Stead, Director, Informatics Center – Prof. Dan Masys, Chair, Department of Biomedical Informatics
Design Workshop for Integrative Project on Patient Portals – December 16, 2005 at Vanderbilt Center for Better Health
(http://dbmi.mc.vanderbilt.edu/trust/#Output)– Identified two project candidates and a joint White Paper topic.
Detailed project planning between TRUST and VU MyHealth – We have a joint memo of collaboration management structure and
research agenda for the next year Workshop on Trust and Privacy in Electronic Medical Records
– April 28th at Berkeley
Year 1 Research Overview 28TRUST, Berkeley Site Visit, April 26-28, 2006
Meeting at Vanderbilt
Year 1 Research Overview 29TRUST, Berkeley Site Visit, April 26-28, 2006
Milestones (Year 1)
Policy languages– HIPAA policy representation and validation
Data Privacy– Assemble sample medical database for evaluating privacy
mechanisms, other mechanisms
Information architecture modeling and analysis– Modeling aspects and language specifications– MyHealth architecture modeling and analysis methods
Distributed trust management Societal impact
– Organizational impacts, changes in the decision processes– Unintended consequences study
Year 1 Research Overview 30TRUST, Berkeley Site Visit, April 26-28, 2006
Research Spotlight
BerkeleyITALH Testbed
Tanya RoostaMarci MeingastEdgar Lobotan
Ruzena Bajcsy
Shankar Sastry
Mike Eklund
Adeeti UllalRustom DessaiWilly CheungAlbert Chang
Electronic Medical Record Project
EECS Faculty, Grad, Undergrad, and SUPERB students
Year 1 Research Overview 31TRUST, Berkeley Site Visit, April 26-28, 2006
Biomedical sensor systems– Can monitor for acute and
chronic conditions and emergency events
– Can be kept locally or transmitted to healthcare professional and EMRs
Storage in medical record – Potential very useful– Currently ad-hoc and manually
performed
Berkeley ITALH Testbed
Oct ’05 – Mar ’06– Development and testing of fall
sensor system joint with Tampere, Finland and Aarhus, Denmark
Mar – Apr ‘06– Commitment from Telecon Italia– Evaluation of EMR system for
integration in Sonoma Apr – May ‘06
– Preparation of lab for experimentation and EMR integration
Jun – Jul ‘06– SUPERB program focus
Privacy
Security
ITALH System
Fall Detector
Berkeley Mote
RS-232
RS-232
E.g. Bluetooth Sender
E.g. Bluetooth Sender
Berkeley Mote
Sensors
Zigbee
Sensors
Mobile Gateway
Home Health System
Mobile Phone
Integrated Camera
Internetand/or
telephone
Berkeley Motes
Hospital
Terminal, WLAN
Access Control
Data Aggregation
ITALH/EMR Development
Use Berkeley Motes,Fall sensors with accelerometers
Year 1 Research Overview 32TRUST, Berkeley Site Visit, April 26-28, 2006
Berkeley ITALH Testbed
Initial Focus: Fall Detection– Falls are the leading cause of
fatal and nonfatal injuries to older people in the U.S.
– Each year, more than 11 million people over 65 fall – one of every three senior citizens
– Treatment of the injuries and complications associated with these falls costs the U.S. over 20 billion annually
Requirements of such a system:– Privacy of data and user
activity, location, etc– Accuracy and robustness– Interoperability as it will form
only one component of a broader system
Secondary Foci:– The devices reveal significant
information about the user– This provides significant
additional opportunities for health monitoring
– It also creates a potential threat to the users privacy
Daily Activity Identification: Sitting, standing,walking
Year 1 Research Overview 33TRUST, Berkeley Site Visit, April 26-28, 2006
Berkeley ITALH Testbed
Being able to measure and analyze a patients activity, enables:
– Accurate feedback for at home treatment,
e.g. osteoporosis, where a clear negative correlation has been shown between activity level and bone density loss
– Rapid and automated response to critical and emergency situations
This benefit can only be had on a societal scale if such devices can be integrated in the EMR systems, so that:
– Data acquisition is at least semi-autonomous
– The data can be guaranteed to be accurate
– The system is secure
openEMed Server
openEMed Physician Client
ITALH/openEMed Client
Mobile system
Home system
Healthcare provider/EMR:myHealth
ITALH/EMR Development
Target implementation
Development and testing
Protocols and policies must be established for the inclusion of automated data collection
– A test system is being developed to integrate the ITALH testbed with an open source EMR system
– This will be integrated with the Vanderbilty myHealth system following initial development
Year 1 Research Overview 34TRUST, Berkeley Site Visit, April 26-28, 2006
Summary
Excellent integrative project candidate Strong interest inside TRUST and in the
medical community We have teamed up with VUMC, which has
the strongest research program and operational testbed
Rapid start-up
Year 1 Research Overview 35TRUST, Berkeley Site Visit, April 26-28, 2006
Problem 3: Embedded Secure Sensor Networks
TRUST is engaged in the development of embedded secure sensor networks – Integrated center R&D at all levels
Sensor Technology Networks Applications Policy/Legal Issues
Activity at all TRUST sites + collaborators– Oak Ridge National Laboratory, …
Year 1 Research Overview 36TRUST, Berkeley Site Visit, April 26-28, 2006
Societal Relevance
Health Care Urban Infrastructure Utilities
– Energy production and transport (e.g. SCADA)– Energy utilization monitoring in homes
Search and Rescue– Disaster response
Heavy Industry Process Control– Oil refineries, chemical, etc.– Chevron is an interested player
Border Control and Monitoring
Year 1 Research Overview 37TRUST, Berkeley Site Visit, April 26-28, 2006
Year 1 Research Overview 38TRUST, Berkeley Site Visit, April 26-28, 2006
Sensor Technology - The Mote
Year 1 Research Overview 39TRUST, Berkeley Site Visit, April 26-28, 2006
Sensor Technology Example:Sensors for Bio-Defense
Bi-layer lipid membrane used to create designer bio-sensors
– When target analyte binds to protein, ion channel conductivity increases.
Currently considering use in water supply protection.
Sensor performance statistics used to define networking requirements.
Outside Player: NY Dept of
Health/ Wadsworth Laboratories
cis compartment
trans compartment lipid
bilayer
Ion channel
metallic gate
Year 1 Research Overview 40TRUST, Berkeley Site Visit, April 26-28, 2006
Sensor Platform Technologies
CU Asynchronous Processor
– Event-driven execution is ideal for sensor platforms
Clockless logic– Spurious signal transitions
(wasted power) eliminated– Hardware only active if it
is used for the computation
MIPS: high-performance– 24pJ/ins and 28 MIPS @
0.6V
Processor Bus Year E/op Ops/sec
Atmel 8 200? 1-4 nJ 4 MIPS
StrongARM 32 200? 1.9 nJ 130 MIPS
MiniMIPS 32 1998 2.3 nJ* 22 MIPS
Amulet3i 32 2000 1.6 nJ* 80 MIPS
80C51 (P) 8 1998 1 nJ** 4 MIPS
Lutonium 8 2003 43 pJ 4 MIPS
SNAP 16 2003 24 pJ 28 MIPS
Year 1 Research Overview 41TRUST, Berkeley Site Visit, April 26-28, 2006
Designer OS for Sensor Networks
Tiny OS– Large, active open source community: – 500 research groups worldwide– OEP for DARPA Network Embedded Systems
Technology– Thousands of active implementations - the
world’s largest (distributed)sensor testbed MagnetOS: Provide a unifying single-
system image abstraction– The entire network looks like a single Java
virtual machine– MagnetOS performs automatic partitioning
Converts applications into distributed components that communicate over a network
– MagnetOS provides transparent component migration
Moves application components within the network to improve performance metrics
MagnetOSRewriter
Year 1 Research Overview 42TRUST, Berkeley Site Visit, April 26-28, 2006
Sextant: Node Localization
Use of large numbers of randomly distributed nodes creates need to discover geographic location
– GPS is bulky, expensive, power-hungry
Set up a set of geographic constraints and solve it in a distributed fashion
– Aggressively extract constraints– Use just a few landmarks (e.g. GPS nodes) to anchor the
constraints
Can determine node location with good accuracy, without GPS or other dedicated hardware
Year 1 Research Overview 43TRUST, Berkeley Site Visit, April 26-28, 2006
SHARP: Hybrid Routing Protocol
Two extremes in routing– Proactive: disseminate routes regardless of
need– Reactive: discover routes when necessary
Neither are optimal for dynamic sensor networks
SHARP adaptively finds the balance point between reactive and proactive routing
– Enables multiple nodes in the network to optimize the routing layer for different metrics
– Outperforms purely reactive and proactive approaches across a range of network conditions
Year 1 Research Overview 44TRUST, Berkeley Site Visit, April 26-28, 2006
Securing the Sensor Network
Security issues– Develop Taxonomy of Attacks
Attacks with and without defined defenses Generic basis on which to evaluate new networks
– Characterizing Worst-Case Results Statistical learning proposed as a means for determining what can be inferred
from data– Evaluate privacy concerns
Ties into privacy road map Security thrusts
– Secure building blocks Secure key distribution Secure node-to-node and broadcast communication Secure routing Secure information aggregation
– Real-time aspects and security– Secure middleware– Secure information processing– Sensing biometrics– Sensor database processing– Internet-scale sensor networks
Year 1 Research Overview 45TRUST, Berkeley Site Visit, April 26-28, 2006
Application Projects (Examples)
Patient Monitoring– Remote monitoring of cardiac patients– See Vanderbilt/Cornell/Berkeley poster
Museum Project– Expressive AI projects using sensors to monitor
patrons at public demonstrations Home Sensor Network Development
– Energy monitoring beyond metering– Opportunities for local information fusion
LA Water Supply Protection– BioSensors + Networking + Civil Infrastructure
Year 1 Research Overview 46TRUST, Berkeley Site Visit, April 26-28, 2006
Research Spotlight
TRUST-ORNLTuFNet
FederatedSensor Networks Project
Akos LedecziISIS-VU
TRUST researchers,graduate students, ORNLresearchers
Yuan XueISIS-VU
ORNL
Year 1 Research Overview 47TRUST, Berkeley Site Visit, April 26-28, 2006
Outside the window
Jumbotron: automatic camera feed
Jumbotron/Screen: Tracking info inside Google Earth
Security is guard walking around the stadium with a cell-phone connected radiation detector and an XSM mote.
His position is continuously tracked using a radio interferometric technique running on the motes.
A camera automatically tracks his position using the geolocation info from the mote network. When the radiation level crosses a threshold the detector sends
an alarm and the camera zooms in on the position.
Dirty Bomb Detection Demo in VU Stadium April 20, 06
Year 1 Research Overview 48TRUST, Berkeley Site Visit, April 26-28, 2006
System Vulnerabilities
Rad level servlet and camera glue
code
Tracking service and
user interface
Nextel/Internet
Mote network
Camera controlnode (Linux)
Jumbotroncontroller
VGA to NTSCadapter
Rad detector, mobile phone
mote
Internet
Mac/Link
Network
Application/Service
Physical• Jamming
• Bogus tracking results• Tracking commandSpoofing• Battery consumption attack
• MAC DoS• Eavesdropping
• Packet dropping• Mis-forwarding• ID spoofing• Forging routingInformation• Disclosing/modifying/replaying tracking results
Sensor network vulnerabilities
Traditional network/system vulnerabilities
• Denial of Service Attack• Information disclosing/modification/replaying• Address Spoofing• etc..
Year 1 Research Overview 49TRUST, Berkeley Site Visit, April 26-28, 2006
Security Support Implemented
Security Support Overview– Jamming Attack Ranging and Tracking using Multiple
Frequencies
– Bogus Tracking Result Majority-based Voting to Filtering
outrange result Peer Authentication among Sensors
– False Tracking Command– Injection of Tracking Result from
Spoofed Sensors Peer Authentication among Sensors
Group-based Peer Authentication– Objective Provide efficient, effective, and flexible peer
sensor authentication
– Solution Symmetric-key based (SkipJack in TinySec) Each sensor node has a different set of keys
through a pre-key distribution scheme Multiple MACs are generated for each message
from a sensor node MACs are verified at the receiver sensor using its
common keys with the sender
– Results computation: 5.3 ms; verification: 2.5 ms (2 common keys), 1.3~1.4ms
(1 shared key), < 0.1 (no keys in common)
Year 1 Research Overview 50TRUST, Berkeley Site Visit, April 26-28, 2006
Privacy Issues
Policy instruments often lag technology development Proposed development of Privacy Road Map that will
frontload policy development– Map sensor capabilities and network mission into deployment
and data use rules– Key near-term: RFIDs, broad-based visual surveillance– Raises issue of impact of network configuration and
heterogeneity on road map
Approach: Extend fair information practices to cover sensor nets at regulatory or legislative level
– Consent enablement is an important issue
Year 1 Research Overview 51TRUST, Berkeley Site Visit, April 26-28, 2006
Economic Issues
Consider standards for transactions between sensor network owners/operators– market creation, bargaining, trading rules for
passing data, avoiding monopolies Open platforms enhance markets, range of
products, efficiency– Software for computers vs. software for cell
phones Significant literature on economic costs of
privacy decision making– Cost of inadvertent disclosure
Year 1 Research Overview 52TRUST, Berkeley Site Visit, April 26-28, 2006
Further Development
Integrate cross-cutting security, privacy, and economic issues into ongoing project development.
Try to stay as generic as possible, while developing technology/policy amenable to evaluation.
Year 1 Research Overview 53TRUST, Berkeley Site Visit, April 26-28, 2006
Problem 4: Trustworthy Systems
Important problems in the public eye– Why are computer systems vulnerable to attack?
Many security vulnerabilities are software bugs– How can we make systems more secure?
Better human factors, security science and engineering practices Four core areas
– Robust software Including: static, dynamic analysis methods for detecting vulnerabilities
– Security policy What actions should be allowed? How to express, enforce policy?
– Platform integrity Including: hardware attestation, software-based isolation, virtualization
– Intrusion-tolerant systems System architectures and implementation techniques so that systems
will resist and survive attacks
Year 1 Research Overview 54TRUST, Berkeley Site Visit, April 26-28, 2006
Subarea 1. Robust software
Computer attacks are serious problem– Scripts for exploiting known vulnerabilities– Techniques and tools for creating new exploits
Many possible targets– Widely used UNIX programs: sendmail, BIND, etc.– Various server-type programs
ftp, http (Web server and file transfer) pop, imap (Email server) irc, whois, finger (Other applications, services)
– Mail clients (overrun filenames for attachments) Netscape mail (7/1998) MS Outlook mail (11/1998)
Year 1 Research Overview 55TRUST, Berkeley Site Visit, April 26-28, 2006
Research Spotlight
Monica Lam
Automated Software Analsys
Find errors that can lead to vulnerabilities
Year 1 Research Overview 56TRUST, Berkeley Site Visit, April 26-28, 2006
D. Wagner - Detection of Buffer Overrun Vulnerabilities
– Integer range analysis problem– Sendmail: 4 bugs/44 warnings– Features necessary to achieve
better precision Flow sensitivity Pointer analysis
Static Analysis
M. Lam – Combine and improve previous results
– Interprocedural methods– Strategically leverage more
precise aliasing analysis– Standard architecture for
combining methods– Today: B Livshits poster
A. Aiken - Format String Vulnerabilities Type Qualifiers
– “Tainted” annotations, requires some, infers the rest
– Features necessary to achieve better precision
Context sensitivity Field sensitivity
Program
IP SSA
Buffer overruns
Error traces
Format violations
…others…easy to write tools
Can add new
analyses
Data flow NULL deref’s
Year 1 Research Overview 57TRUST, Berkeley Site Visit, April 26-28, 2006
Example: Tainting Violation in muh
0838 s = ( char * )malloc( 1024 );0839 while( fgets( s, 1023, messagelog ) ) {0840 if( s[ strlen( s ) - 1 ] == '\n' ) s[ strlen( s )...0841 irc_notice( &c_client, status.nickname, s );0842 }0843 FREESTRING( s );0844 0845 irc_notice( &c_client, status.nickname, CLNT_MSGLOGEND );
257 void irc_notice(connection_type *connection, char nickname[], char *format, ... )258 {259 va_list va;260 char buffer[ BUFFERSIZE ];261 262 va_start( va, format );263 vsnprintf( buffer, BUFFERSIZE - 10, format, va );264 va_end( va );
muh.c:839
irc.c:263
Year 1 Research Overview 58TRUST, Berkeley Site Visit, April 26-28, 2006
Example: Buffer Overrun in gzip
0589 if (to_stdout && !test && !list && (!decompress || ...0590 SET_BINARY_MODE(fileno(stdout));0591 }0592 while (optind < argc) {0593 treat_file(argv[optind++]);
0704 local void treat_file(iname)0705 char *iname;0706 {
...0716 if (get_istat(iname, &istat) != OK) return;
0997 local int get_istat(iname, sbuf)0998 char *iname;0999 struct stat *sbuf;1000 {
...1009 strcpy(ifname, iname);
gzip.c:593
gzip.c:1009
gzip.c:716
Need to have a model of strcpy
Year 1 Research Overview 59TRUST, Berkeley Site Visit, April 26-28, 2006
Sample Experimental Results
Program Version # LOC Procedures
lhttp 0.1 888 21bftpd 1.0.11 2,946 47trollftpd 1.26 3,584 48man 1.5h1 4,139 83cfingerd 1.4.3 5,094 66muh 2.05d 5,695 95gzip 1.2.4 8,162 93
Monica Lam study: 7 server-type programs
Program Total Buffer Format False Number Number Definitions Proce Tool'sname number of overruns string positives of of spanned dures runtime
warnings violations sources sinks spanned sec
lhttpd 1 1 20 (w/o preds) 4 1 7 4 7.08bftpd 2 1 1 5 2 5,7 1,3 2.34trollftpd 1 1 4 1 23 5 8.52man 1 1 3 1 6 4 9.67cfingerd 1 1 4 1 10 4 7.44muh 1 1 3 1 7 3 7.52gzip 1 1 3 1 7 5 2.03
Other studies (Engler, Wagner, etc.) achieve similar results for other kinds of errors
Significant bugs found using automated tools
TRUST challenge: compare and combine methods developed by different campuses
Year 1 Research Overview 60TRUST, Berkeley Site Visit, April 26-28, 2006
Larger Picture
Goal: New techniques for improving the security of our software– Many complementary approaches:
Static analysis of source code; Dynamic analysis with symbolic execution; Taint and information flow tracking; Inline reference monitors; Proof-carrying code; Logical decision procedures; Semantics and foundations of programming languages
– Many exciting uses: Detection of security bugs; Automatic generation of signatures for intrusion
detection or virus scanning; Verification of security properties TRUST Collaboration
– Many cross-institution collaborations underway / recently initiated– Challenge applications to demonstrate our methods:
Hardening the security of open source software Protect network services/servers against data-driven remote attacks Improving the quality of electronic voting software
– Shared benchmarks: Apache (including core, plug-ins, PHP scripts, …) TCP/IP stacks Network servers? One or two key industrial applications?
(Productivity software? Medical? E-commerce? Internet services?)
Year 1 Research Overview 61TRUST, Berkeley Site Visit, April 26-28, 2006
Partner: Coverity, Inc
Stanford, Symantec, Coverity, DHS Open Source Software Quality Project
Year 1 Research Overview 62TRUST, Berkeley Site Visit, April 26-28, 2006
Subarea 2. Security policy
Access policy– How to express, enforce policy?– Policy lifecycle management (debugger, etc)
Enforcement– Control access and propagation
E.g., Java stack inspection What code to trust?
– How to enforce end-to-end policy? e.g., information I cannot be transmitted to output O Access control mechanisms are necessary, access
control policies are insufficient
Year 1 Research Overview 63TRUST, Berkeley Site Visit, April 26-28, 2006
Enforcing language-based security
Programs are annotated with security policies
Compiler checks, possibly transforms program to ensure that all executions obey rules
Loader, run-time system validates program policy against system policies
Source CodePolicy
Target Code Policy
SystemPolicy
Executable code
?
Year 1 Research Overview 64TRUST, Berkeley Site Visit, April 26-28, 2006
Subarea 3. Platform integrity
Trusted platforms and attestation– “Trusted platforms” refers to platforms in which the running
software has been authenticated as having desirable attributes
– “Attestation” refers to authenticating the software running on a node remotely
Example projects– Nexus OS implementing new trustworthy computing
abstractions (Cornell)– Privacy-preserving attestation (Stanford)– TERRA attestation of full virtual machines (Stanford) – Software attestation (CMU)– Trusted user input/output (CMU, Stanford)
Year 1 Research Overview 65TRUST, Berkeley Site Visit, April 26-28, 2006
Subarea 4. Intrusion-tolerant systems
Sample direction: distributed trust– Implement services in a distributed fashion so that no one
component is trusted Example projects
– In P2P systems that mask node misbehaviors (Cornell) Prevents injecting a name into CODONS (a DNS replacement) Prevents injecting a page into Cobweb (Akamai-like web cache) Prevents injecting bad info into Corona (news system for web)
– In certificate authorities and single sign-on (Cornell)– In storage systems (Stanford, CMU)– Underlying protocols for service deployment, access (CMU)– Formal verification of distributed trust protocols (Cornell)– Implementing default-disconnect in LANs (Stanford)
Year 1 Research Overview 66TRUST, Berkeley Site Visit, April 26-28, 2006
Problem 5: Network Security
Networked applications are susceptible to attack– Develop secure methods for resisting network attacks
Cryptography is powerful, but requires key management Examples: SSL/TLS, VPN, key management for IPSEC
– New applications raise new challenges, e.g. VoIP
Network infrastructure is susceptible to attack– DoS, Virus and worm propagation flood network, blocks traffic– Authenticated access to wireless network– Isolation (traffic shaping, firewalls), Intrusion detection
Goals include:– Improve security of networks and applications that use them– Collaborate on next-generation networking– Improve educational resources on network security
Year 1 Research Overview 67TRUST, Berkeley Site Visit, April 26-28, 2006
Example True SCADA Scenarios
Port of Houston, 20 Sept 2001– >1 billion containers (2000), 6,400 ships (2002), $11 billion revenue (2002)– $15 billion petrochemical complex: largest in nation, second in the world– Web site disabled by denial of service attack– 19 year old UK teenage member of a group called Allied Haxor Elite trying to get
back at a girl he met in a chatroom (Found not guilty)
Ohio's Davis-Besse nuclear power plant, offline, Jan 2003– Slammer worm penetrated a private computer network and disabled a safety
monitoring system for ~5 hours– Penetrated unsecured network of an unnamed Davis-Besse contractor, then
squirmed through a T1 line bridging that network and Davis-Besse's corporate network
Northeast power outage, 50 million people, August 2003– MSBlaster worm crippled key detection systems and delayed response during a
critical time: “significantly worsened the effect of the outage”
Year 1 Research Overview 68TRUST, Berkeley Site Visit, April 26-28, 2006
General Network Threats
Worms/Viruses – Propagation
Hackers/Intruders – Infiltration
Compromised Machines – Botnets
Insider Threat – Exfiltration
Year 1 Research Overview 69TRUST, Berkeley Site Visit, April 26-28, 2006
Research Spotlight
Worm/DoS Defense
One slice of network security
research in TRUST
Year 1 Research Overview 70TRUST, Berkeley Site Visit, April 26-28, 2006
Can We Build a “DOS Firewall”?
Example of the efficacy of published DoS filters
Trained on attack & normal traffic
Trained on normal traffic only
[Collins & Reiter]
Year 1 Research Overview 71TRUST, Berkeley Site Visit, April 26-28, 2006
Egress Limiting for Worm Containment
Detection: Large fan-out, increased failures, no DNS translationsContainment: Rate limiting
[Wong, Studer, Bielski & Wang]
Year 1 Research Overview 72TRUST, Berkeley Site Visit, April 26-28, 2006
Internet Indirection Infrastructure (i3)
Sender
id Rtrigger
iddata
Receiver (R)
iddata
Rdata
Victim (V)id V
Attacker(A)
Use backup triggers on other i3 nodes to mitigate DoS attacks
[Stoica]
Year 1 Research Overview 73TRUST, Berkeley Site Visit, April 26-28, 2006
Ingress Rate Limiting w/ Client Puzzles
Adversary
Server
Legitimate client
Designing puzzle mechanisms to defend against – Connection depletion attacks (TCP)– Bandwidth exhaustion attacks (IP)
[Wang & Reiter]
Year 1 Research Overview 74TRUST, Berkeley Site Visit, April 26-28, 2006
PI Marking
Queue-based marking– Routers “push” marking into IP Identification field
Marks can be used to filter …– Unaffected by source address spoofing
… or returned to source to use as a capability
[Yaar, Perrig, Song]
Year 1 Research Overview 75TRUST, Berkeley Site Visit, April 26-28, 2006
Sting: Auto Worm Defense System
!
ExploitDetected!
[Brumley, Newsome, Song]
Year 1 Research Overview 76TRUST, Berkeley Site Visit, April 26-28, 2006
TrafficComber
Distributed high-speed network monitoring system– Efficiently detect new (global) traffic behavior
– Accurately identify malicious IP addresses & attack patterns
Focuses & components– Streaming algorithms design
Fast memory-efficient algorithms for high-speed links New streaming algorithms for superspreader detection
– Machine learning, graph theory techniques Traffic correlation & anomaly detection Stepping-stone detection
– Privacy-preserving information sharing New cryptographic algorithms/protocols Privacy-preserving set operations
[Blum, Gibbons, Kissner, Song, Venkataraman]
Year 1 Research Overview 77TRUST, Berkeley Site Visit, April 26-28, 2006
Finding the Source of Worms
Attack Reconstruction: identify communications that carry attack forwardAttacker Identification: pinpoint attack source(s) Are these possibly feasible?
BE
F
C D
G
H
t1 t3
t2
t4
t7t5
t6
Host contact graph Host attack tree
[Sekar, Xie, Maltz, Reiter, Zhang]
Year 1 Research Overview 78TRUST, Berkeley Site Visit, April 26-28, 2006
DETER (http://www.deterlab.net/)
Background– Lack of large-scale experimental infrastructure– Missing objective test data, traffic and metrics
Goals– Facilitate scientific experimentation
Establish baseline for validation of new approaches Scientifically rigorous testing frameworks/methodologies Attack scenarios/simulators, topology generators,
background traffic, monitoring/visualization tools
– Provide an open safe platform for experimental approaches that involve breaking the network
“Real systems, Real code, Real attacks!”
Year 1 Research Overview 79TRUST, Berkeley Site Visit, April 26-28, 2006
PC
‘User’Server
PC
Control Network
ISI Cluster
Userfiles
Cisco SW Foundry SW
Node Serial Line Server
‘Boss’Server
PC PC
UCB Cluster
PowerCont’ler
PowerCont’ler
PC … …
trunk trunk
Control Network
Internet
IPsec
IPsec
User
FW
CE
NIC
FW
Node Serial Line Server
Backup‘User’
Backup ‘Boss’
Year 1 Research Overview 80TRUST, Berkeley Site Visit, April 26-28, 2006
Example DETER Topologies
Year 1 Research Overview 81TRUST, Berkeley Site Visit, April 26-28, 2006
DETER Testbed Status
201 nodes now available!– Expect to double in 2006
Experimental node OS:– Standard OS: RedHat Linux 7.3 or FreeBSD 4.9– New: Windows XP– Users can load arbitrary code, in fact
User has root access to all allocated nodes– Secure process replaces OS after each experiment– Adding support to scrub disks after experiments
Funded by NSF CISE and DHS HSARPA– Open to all researchers: gov’t, industrial, and academic
Year 1 Research Overview 82TRUST, Berkeley Site Visit, April 26-28, 2006
Network protocol analysis
Protocol analysis methods– Model checking, automated tools– Logical proof methods
Case studies– 802.11i Wireless networking– IKE for IPSEC– VoIP – security additions to SIP
Work with standards organizations– IEEE: contributed to 802.11i standard– IETF/IEEE: 802.16e metro area networking– Wi-Fi Alliance: wireless access point registration
Education: course development, materials Research challenges
– Extend applicability of tools, improve usability– Fundamental science: protocol analysis and crypto– Clean slate network design: what are better designs?
Year 1 Research Overview 83TRUST, Berkeley Site Visit, April 26-28, 2006
Network Security
Huge field– Many challenges– Lots of different kinds of work
From network protocols to routing, congestion control
Outstanding opportunities– GENI initiative for Internet redesign– DETER testbed, Industrial collaboration– Network researchers at all TRUST sites
Drinking from a firehose
TRUST, Berkeley Site Visit, April 26-28, 2006
Education
Sigurd Meldal (SJSU)Janos Sztipanovits (Vanderbilt)
Year 1 Research Overview 85TRUST, Berkeley Site Visit, April 26-28, 2006
Education Vision
Trust education– part of technological and social literacy– central to technological and policy-making professional
competency Trust education integrates domains
– trust solutions = policy options + technology options Trust education within domains
– From engineering to the social sciences Trust education cuts across education levels
– K-12, undergraduate programs, profession-oriented masters programs, research-oriented doctoral programs
Year 1 Research Overview 86TRUST, Berkeley Site Visit, April 26-28, 2006
Education Implementation
Main Activities
– Education Community Development (EDC)– The TRUST Academy Online (TAO)– Curriculum Development and Refinement– TRUST Workshops
Year 1 Research Overview 87TRUST, Berkeley Site Visit, April 26-28, 2006
Participants in the Ecosystem
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this p icture.
Year 1 Research Overview 88TRUST, Berkeley Site Visit, April 26-28, 2006
Knowledge Certification
Standardized knowledge units: National Information Assurance Training
Standards (CNSS) NIETP Centers for Academic Excellence in IA
Education
Assist in the broad adoption of such curricula.
Evaluate, adapt or substitute units or standards as indicated by domain requirements
Year 1 Research Overview 89TRUST, Berkeley Site Visit, April 26-28, 2006
Learning Technology Infrastructure
Established strong relationship between TRUST and VaNTH* – Assessment Methods and Technology– Learning Technology
Challenge-based courses (design and delivery methods)
Adaptive learning and course delivery strategies, development of adaptive expertise
* Vanderbilt-Northwestern-Texas-Harvard/MIT Engineering Research Center
Year 1 Research Overview 90TRUST, Berkeley Site Visit, April 26-28, 2006
Education Spotlight
TRUSTAcademy On-Line
TRUSTRepository Project
TRUST researchers,graduate students,VaNTH researchers
Yuan XueISIS-VU
Xiao SuSJSU
Larry HowardISIS-VU
Sigurd MeldalSJSU
Weider Yu SJSU
Simon Shim SJSU
Year 1 Research Overview 91TRUST, Berkeley Site Visit, April 26-28, 2006
Aspects of support– Collaborative, evolutionary
design of adaptive learning experiences
– Instrumented enactment of designs with learners
– Design reflection by educators– Online dissemination
TRUST Academy On-line
Principal components– Visual integrated design
environment (CAPE) Design and content repository
– Interoperable delivery platform (eLMS)
– Dissemination Portal (TAO)
Year 1 Research Overview 92TRUST, Berkeley Site Visit, April 26-28, 2006
TAO Content
WEB-based dissemination
portal/content management system for
classroom resources: syllabi, lecture notes, readings, assessment materials, and instructor guides
re-targetable learning modules on-line learning resources: direct
access to courseware for evaluation
Network Security Courseware
Yuan Xue (Vanderbilt), Xiao Su (SJSU)
Sources– Vanderbilt’s CS291 (Network Security)– Stanford’s CS259 (Security Analysis
of Network Protocols)– SJSU’s CmpE209 (Network Security)
Network Security Course Modules How bad guys work
– Attacks from hackers’ perspective Cryptography
– Secret key, public key, hash functions Authentication protocols
– Key exchange protocols Network security standards
– Wireless security, IP security, SSL, ..
Year 1 Research Overview 93TRUST, Berkeley Site Visit, April 26-28, 2006
General Steps
Content creation Presentation & Packaging Learning Strategy Formalization Delivery methods Evangelization and dissemination Challenges
– Bringing in the policy-oriented educators– Bringing in the non-CS engineering disciplines– Evangelizing
Year 1 Research Overview 94TRUST, Berkeley Site Visit, April 26-28, 2006
Undergraduate Curriculum Refinement & Development
Develop (new) material for (new) domains Collect course material and teaching
experiences from the TRUST partners Identify knowledge units – generate
retargetable learning modules Define appropriate taxonomic structures
Year 1 Research Overview 95TRUST, Berkeley Site Visit, April 26-28, 2006
Facilitate Adoption of New Material
Security science (incremental, integrative, learning modules)– In-discipline: operating systems, programming languages, cryptography,
secure networking, hardware architectures…Canonical security courses
– Cross-discipline: Social impact, law, privacy, organizational roles, infrastructure
– Case studies as vehicle for learning modules Social sciences (incremental, integrative, learning modules)
– In-discipline: Privacy, information management and security, economics, organization theory, IP
– Cross-discipline: Fundamentals of security technologies, technology awareness
General Education – TRUST as a core competency for the educated person
Systems science (new capstone courses)– Cross-discipline: Design and analysis of complex systems
Courseware repository– Web-deliverable courseware – VaNTH/eLMS
Year 1 Research Overview 96TRUST, Berkeley Site Visit, April 26-28, 2006
Graduate Curriculum Refinement & Development
New courses will be jointly developed:– Design and Analysis of Secure Systems. – Integrative Systems Science
Advanced graduate seminars Computer and system security laboratory
– Team competitions New courses designed for engineering
audience; joint offering across partners using web-cast technology
Year 1 Research Overview 97TRUST, Berkeley Site Visit, April 26-28, 2006
Repository Content
Retargetable Learning Modules– Elements of the learning process
Courses– Teach security in a context
Year 1 Research Overview 98TRUST, Berkeley Site Visit, April 26-28, 2006
Learning Module Repository
Facilitate efficient reuse of courseware– Lectures– Projects– Homework assignments
Organized into small modules– May be incorporated into other courses
Example: The RSA module may be used in an algorithms class
Easy to adapt to different audiences– Same topics covered by different instructors in different
courses at different universities– Example: cryptography
Facilitate designing course architectures– The Lego approach to coursework design
Year 1 Research Overview 99TRUST, Berkeley Site Visit, April 26-28, 2006
Course Repository
Implement Course Repository in CAPE– Specify taxonomy– Define course learning objectives– Simulate learning process via sequencing of course modules– Include relevant resources in a course module
Lecture notes, Presentation slides Home assignments, Projects Exams, Quizzes
Web-based Delivery System – Hosted by VaNTH from Vanderbilt University– https://try.elms.vanth.org
Year 1 Research Overview 100TRUST, Berkeley Site Visit, April 26-28, 2006
Ongoing Work
Pilot module sets: Network security Introductory upper-division topics Security in chemical processing systems
Pilot experiment: Design a course on the basis of the repository
Establishing a broader community: Invite CERT, SEI, other IA institutions and initiatives
to make use of the repository and authoring tools. Establish a CSU-wide consortium for security
curriculum development
Year 1 Research Overview 101TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST Education Workshops
Engaging the broader teaching community Work with CERT, the IA Capability Building effort and
minority serving institutions.
Immediate expectations: A TRUST/CERT sponsored participation in education
conferences (proposal with CMU, UC Berkeley, Vanderbilt and SJSU to the annual FIE Conference series)
A TRUST/SEI symposium following up on the SEI IA Education Summer Schools and the TRUST Summer Schools (proposal with SJSU and CMU/SEI under the NSF IACBP)
Year 1 Research Overview 102TRUST, Berkeley Site Visit, April 26-28, 2006
TRUST Workshops
Sensor Networking Workshop, Cornell and New York Department of Health - Tuesday, October 11, 2005.
Cornell-Tsinghua Workshop on Information Technology, November 18, Tsinghua University, Beijing, China. TRUST
Workshop on Social Security Numbers (jointly with PORTIA), Stanford – May 2006.
Year 1 Research Overview 104TRUST, Berkeley Site Visit, April 26-28, 2006
OUTREACH Strategy
We are engaged in two kinds of outreach activities:
Local, in which each local groups have their own outreach activities tailored to the local conditions.
Overall Center activities which engage the community at large. Here, we are most concerned how to disseminate our knowledge to the widest diverse population.
Year 1 Research Overview 105TRUST, Berkeley Site Visit, April 26-28, 2006
Local Activities
BFOIT - Berkeley Foundation for Opportunities in Information Technology http://www.bfoit.org/ (Nurturing underrepresented high school students and their teachers in TRUST areas. Prof. Bajcsy, personal participation and fund raising.)
SUPERB-IT - Summer Undergraduate Program in Engineering Research at Berkeley - Information Technologyhttp://www.eecs.berkeley.edu/Programs/ugrad/superb/superb.html (Increased number of underrepresented students by 4)
SIPHER - Summer Internship Program in Hybrid and Embedded Software Research http://fountain.isis.vanderbilt.edu/fountain/Teaching/ (Increased number of underrepresented students by 2)
Pennsylvania Area HBCU Outreach - Historically Black Colleges and Universities http://is.hss.cmu.edu/summer.html (Increased number of underrepresented students by 5)
Year 1 Research Overview 106TRUST, Berkeley Site Visit, April 26-28, 2006
Center Activities: WISE
Women’s Institute in Summer Enrichment (WISE) is a residential summer program on the University of California, Berkeley campus that brings together women (but it is not restricted to women only!) from all disciplines that are interested in TRUSTed systems in Science and Technology and all of the social, political, and economical ramifications that are associated with these systems.
Professors from across the country come to Berkeley to teach power courses in several disciplines, including computer science, economics, law, and electrical engineering. The one-week program includes rigorous classes in the morning, and allows participants to explore through hands-on experiments and team-based projects in the afternoons.
Year 1 Research Overview 107TRUST, Berkeley Site Visit, April 26-28, 2006
Application for the WISE program
Applications for summer 2006 are available on this website on the Application page (we shall shortly set this up). Our tuition fee for summer 2006 will be $1,500 -- applicants with financial need may request a fee waiver on the application form.
20 participants was selected from a nationwide applicant pool of young women and men who have demonstrated outstanding academic talent. No prior experience in computer programming, law, or engineering is required, but we expect students to be able to handle college-level material at a rapid pace. 19 out of the 20 participants are women (graduate students and junior faculty)
Year 1 Research Overview 108TRUST, Berkeley Site Visit, April 26-28, 2006
The currently signed up faculty for WISE
Name
Cynthia Dwork
Cynthia Irvine
Gail Kaiser
Jeanette Wing
Joan Feigenbaum
John Mitchell
Klara Nahrstedt
Rebecca Wright
Sonia Fahmy
Stephen Mauer
Steve Weber
Yuan Xue
Institution
Microsoft Palo Alto
Naval Postgraduate School
Columbia University
CMU
Yale University
Stanford University
UIUC
Stephen Institute of Technology
Purdue University
UC Berkeley
UC Berkeley
Vanderbilt
Year 1 Research Overview 109TRUST, Berkeley Site Visit, April 26-28, 2006
WISE Schedule
The workshop will be held at UC Berkeley Campus starting on July 5th ,06 until July 11th,06 included.
The summer school will be organized into two parts:Mornings 3 hours lectures;Afternoons 3 hours exercises.
The lectures will be given by the teachers listed above, the exercises will be supervised by graduate students.
Year 1 Research Overview 110TRUST, Berkeley Site Visit, April 26-28, 2006
Center Activities: National Visibility
Participation in National Conferences to build contacts and “get the word out”:
– Dr. W.Robinson from Vanderbilt University attended the NSF Joint Annual Meeting HER, on March 16-17th, 2006 in Washington, DC.,see : http://www.edjassociates.com/jam06
– Meltem Erol from UCB attended HBCU conference in February, 2006 in Baltimore, Md. See: http://www.hbcu-upconference.com/
Year 1 Research Overview 111TRUST, Berkeley Site Visit, April 26-28, 2006
Visiting positions
Cornell has funded Judy Cardell from Smith college to be engaged in the TRUST Sensor Networking project
TRUST funded Weider Yu from SJSU to participate in CMU’s Information Assurance Capacity Building Program (IACPB)
Stanford will host this summer professor Mario Garcia from Texas A&M University –Corpus Christi. This visit is sponsored by NSF Quality Education for Minorities (QEM) Program
Year 1 Research Overview 112TRUST, Berkeley Site Visit, April 26-28, 2006
Joint projects:
– Professor Bajcsy together with Prof. Nahrsted from UIUC, Prof. Wymur (UCB) and prof. Katherine Mezure form Mills college are building cyberinfrastructure for distributed dance performances in the Cyberspace
– Professor Xue from Vanderbilt and Professor Xiao Su at SJSU worked on a pilot project on designing network security courseware repository
Center Activities: National Visibility
Year 1 Research Overview 113TRUST, Berkeley Site Visit, April 26-28, 2006
Other OUTREACH plans
Organize regular TRUST seminars, weekly from a speaker pool (Researchers engaged in cyber security agenda)
Reach out to collaborate with the National Laboratories
Recruit diverse population of students as graduate students interested in TRUST agenda.