TRUST in the News

Professor AnthonyJoseph elected to the ACM

noreply@blogger.com (Mary Stewart) — Wed, 04 Jun 2008 18:01:00 +0000

UC Berkeley Professor Anthony Joseph has been elected to the Association for Computing Machinery Council as Member-At-Large. Elected member are recognized for significant accompliment or for achieving significant impact on the computing field.

UC Berkeley Professor Ruzena Bajcsy elected to American Academy of Arts & Sciences

noreply@blogger.com (Mary Stewart) — Wed, 30 Apr 2008 21:27:00 +0000

A press release issued by UCBerkeleyNews announced that University of California Berkeley Professor Ruzena Bajcsy has been elected to the American Academy of Arts & Sciences.

"The Academy honors excellence by electing to membership remarkable men and women who have made preeminent contributions to their fields, and to the world," academy president Emilio Bizzi said in a prepared statement.

The American Academy of Arts & Sciences is one of the nation's oldest and most prestigious honorary societies and independent policy research centers.

Automatic Patch-Based Exploit Generation is Possible: Techniques and Implementations

noreply@blogger.com (Christopher Brooks) — Sat, 26 Apr 2008 00:32:00 +0000

A paper by David Brumley, Pongsin Poosankam, Dawn Song (TRUST) and Jiang Zheng, "Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications" is getting quite a bit of press:

Electronic Voting at the RSA Conference

noreply@blogger.com (Christopher Brooks) — Mon, 14 Apr 2008 17:15:00 +0000

The RSA Conference April 7-11, 2008 in San Francisco resulted in a few news items about the work of David Wagner.

On April 10, CNet's article, "Expert says flawed e-voting systems need constant audits," discusses Wagner's voting machine audit proposal.

On April 10, SecurityFocus' article, "Researchers tell voting firms, time for a truce," discusses efforts by security researchers and voting machine vendors to work together. Wagner is quoted: "Voting system vendors are, today, where Microsoft was ten years ago."

On April 11, ABC News had an article about threats to the upcoming US Presidential Election. The same article appears at PC World.

Update: On April 11, The Register's article, "Where were you when you learned e-voting was unreliable? presents another view on the conference.

Update: On April 16, Cringley discusses the issue with, "Voting accidents and other avoidable tragedies

Engineers Test Highly Accurate Face Recognition

noreply@blogger.com (Mary Stewart) — Tue, 25 Mar 2008 22:49:00 +0000

The work of postdoctoral researcher Allen Yang, of Professor Shankar Sastry's Heterogeneous Sensor Network (HSN) group at the University of California, Berkeley, is the subject of an article in Wired magazine where a new facial-recognition algorithm was created by Yang with the help of researchers at both UC Berkeley and the University of Illinois at Urbana-Champaign.

"Most algorithms use what's known as meaningful facial features to recognize people-things like the eyes, nose and mouth," says Dr. Yang. "But that's incredibly limiting because you're only looking at pixels from a designated portion of the face and those pixels end up being much smaller than the whole image. Our algorithm shows that you only need to randomly select pixels from anywhere on the face. If you select enough of them, you can produce extremely high accuracy."

Yang's new algorithm may signal a quantum leap in face-recognition technology. Professor Ssstry, dean of UC Berkeley's College of Engineering notes that Yang's new method obsolesces years of research in this field.

Nonetheless, the new technique could have profound impact in many areas, with new models for online advertising, new ways of annotating video and still images, and new techniques for identifying people in public places.

See the complete article in Wired.

Debugging Election Codes

noreply@blogger.com (Mary Stewart) — Thu, 20 Mar 2008 16:51:00 +0000

An announcement on UC Berkeley's Electrical Engineering and Computer Sciences website tells of an article featuring David Wagner in the March issue of a Berkeley Engineering publication about his work reviewing voting machine systems code.

Professor Wagner, as the Principal Investigator of a joint UC Berkeley-UC Davis project commissioned by California Secretary of State Debra Bowen, led a team whose comprehensive examination found major vulnerabilities in voting machine systems.

While the machines were questioned immediately by grassroots activists, mainstream politics and media viewed their concerns about voting machine security as mere lunatic fringe behavior. However, according to Wagner, forward-thinking election officials changed this opinion. "Some elections officers took the activists' concerns seriously and forced these vendors to pry open the covers and hand over the source code," Wagner recalls. "That's what made it real; we could actually examine the code, so it wasn't just speculation anymore."

While Wagner's review prompted Bowen to limit the machines to one per polling place, a well-designed electronic voting machine could be a benefit to democracy.

See details in Innovations.

Ranking Corporate America on Identity Theft

noreply@blogger.com (Mary Stewart) — Fri, 07 Mar 2008 22:01:00 +0000

The New York Times covered a report compiled by Chris Hoofnagle at the Berkeley Center for Law and Technology at the University of California at Berkeley on the institutions most frequently cited by consumers in fraud complaints.

The country's largest banks and phone companies showed up most frequently, of course. To account for size, Mr. Hoofnagle factored in the total amount of deposits per institution as of Dec. 31, 2006.

Mr. Hoofnagle said he believe the study was an important step in creating an "identity theft marketplace" for consumers.

"I've been working for years to try to spark a market, a true market, for competition on preventing fraud," he said. "Some of these institutions have attempted to compete based on advertisements, but I'm a real believer in the idea that if you give consumers information, they can make better decisions."

For the complete report, see Measuring Identity Theft at Top Banks.

Demands for Personal Information Controls on Social Networking Sites Increase

noreply@blogger.com (Larry Rohrbough) — Fri, 01 Feb 2008 08:07:00 +0000

A Wall Street Journal article discusses the effects to online privacy introduced by services offered on social networking sites such as Facebook and MySpace.

In the article, TRUST security and privacy researcher and clinical research specialist at the UC Berkeley Samuelson Law, Technology & Public Policy Clinic Jennifer King weighs in on the data-sharing implications of such sites and advice to users about keeping their personal information and online activity more private.

TRUST Spring 2008 Conference: April 2-3, 2008

noreply@blogger.com (Christopher Brooks) — Thu, 31 Jan 2008 19:45:00 +0000

The next TRUST Conference to be held April 2-3, 2008 at the Claremont Resort & Spa in Berkeley, CA.

The schedule is to have a full day (~8:00 AM to 5:00 PM) April 2 and a half day (~8:00 AM to 12:00 PM) April 3.

This event will provide you with an opportunity to hear firsthand about the work of TRUST faculty and students-specifically activities that:

Advance a leading-edge research agenda to improve the state-of-the art in
cybersecurity and critical infrastructure protection;
Develop a robust education plan to teach the next generation of computer scientists, engineers, and social scientists; and
Pursue knowledge transfer opportunities to transition TRUST results to end users within industry and the government.

For more information, see the Conference Page.

A Legal Analysis of the Sony BMG Rootkit Debacle

noreply@blogger.com (Mary Stewart) — Mon, 17 Dec 2007 17:41:00 +0000

Deirdre Mulligan and Aaron Perzanowski of the Berkeley Center for Law & Technology published an article on Sony BMG's deployment of digital rights management (DRM) systems that threaten the security of its customer's computers and the integrity of the information infrastructure in general.The DRM systems were released by Sony BMG on millions of Compact Discs in late 2005.

A summary of the article can be found in Slashdot.

CPO Panel Highlights Privacy Challenges

noreply@blogger.com (Larry Rohrbough) — Fri, 14 Dec 2007 18:22:00 +0000

On Wednesday, December 12, TRUST Policy Director Deirdre K. Mulligan participated in a panel of privacy experts for a discussion on Privacy and the Network of You. The event was hosted by Sun Microsystems and moderated by National Public Radio’s Dr. Moira Gunn. Panelists from industry, academia, and the State of California discussed a number of challenges to personal privacy, data protection, and information security as well as recent events such as the large number of data breach incidents and identity theft cases.

Prof. Mulligan, the Director of the Samuelson Law, Technology & Public Policy Clinic and a Clinical Professor of Law at UC Berkeley, was joined by Chief Privacy Officers from Agilent, Intuit, and Sun as well the Chief of the California Office of Privacy Protection.

CSO Perspective on Security Breach Notification Laws

noreply@blogger.com (Larry Rohrbough) — Mon, 10 Dec 2007 23:59:00 +0000

The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley released a study on the effects of security breach notification laws in the United States. The study, co-funded by TRUST, is based on a thorough literature review as well as in-depth interviews with several Chief Information Security Officers (or their equivalents) from various industries. The CISO interviews provide insight into internal organizational structure around security investment decisions, regulatory and market factors that affect investment decisions, organizational responses to the enactment of security breach notification laws, market effects of security breaches, and industry best practices. This study is part of an ongoing effort to inform public policy with research into how businesses are affected by privacy law.

Engineers Learning People Skills, Too

noreply@blogger.com (Mary Stewart) — Mon, 10 Dec 2007 17:19:00 +0000

Shankar Sastry is quoted in an article in the Associated Press yesterday about a change in producing engineering grads that are not only technically capable but able to communicate their expertise effectively.

Dean of the College of Engineering and Director of TRUST, Sastry is asking professors to take a more Socratic approach to teaching, that is, more discussion and less rote drilling.

"The days of boot camp -- where we say "Thou shalt study physics and mathematics and, oh by the way, you'll find out what's going to come out of this next year or the year after' -- I think are gone," says Sastry.

Applications for SECuR-IT, WISE and SUPERB available until January 31, 2008

noreply@blogger.com (Christopher Brooks) — Tue, 04 Dec 2007 23:34:00 +0000

Applications to three summer TRUST programs are now being taken. The closing date for applications is January 31, 2008. The three programs are:

Summer Experience, Colloquium and Research in Information Technology at Stanford University and San Jose State University (SECuR-IT)
June 2 to August 8, 2008: Stanford & San Jose
Deadline for applications: January 31, 2008

Summer Undergraduate Program in Engineering Research at Berkeley (SUPERB)
June 9 - August 01, 2008: Berkeley
Deadline for applications: January 31, 2008

Women’s Institute in Summer Enrichment (WISE)
June 8th through 13th, 2008: Ithaca, New York
Deadline for applications: March 31, 2008

FaceBook: Giving Personal Info for Profit?

noreply@blogger.com (Mary Stewart) — Fri, 16 Nov 2007 17:53:00 +0000

Facebook, the Internet social networking site, has decided to allow companies to create personalized ads for account holders (which number more than 50 million active users) with their friends' profile pictures attached. Professor Ken Birman, computer science, and a member of the Team for Research in Ubiquitous Secure Technology (TRUST) thinks that Facebook's announcement is another step on an already slippery slope toward a lack of social privacy.

Professor Birman said "I worry that we're gradually creating the world of Minority Report", referring to the futuristic sci-fi film where passersby are tracked as they move and are assailed with personalized advertising projected on walls. "We're witnessing a massive erosion of privacy, and society as a whole seems to be accepting this trend without even questioning it."

For the complete article see the Nov. 14th issue of the Cornell Daily Sun

Stanford/TRUST faculty offer Advanced Computer Security Certificate Online: What You Don’t Know Can Hurt You

noreply@blogger.com (Christopher Brooks) — Thu, 25 Oct 2007 14:49:00 +0000

TRUST faculty Dan Boneh and John Mitchell have developed an
Advanced Computer Security Certificate that can be taken as online classes. The BusinessWire article states

"Specific topics covered include secure software design, buffer overflows, SQL injection attacks, authentication, access control, data integrity, symmetric encryption, public-key cryptography, and more. The Advanced Computer Security certificate program requires six courses three core and three electives. The instructors regularly update the content. Each course is self- paced and approximately six hours long, and is available at any time. Detailed information about the program is found at http://proed.stanford.edu/?security."

Security Focus Interviews Adam Barth about DNS Rebinding

noreply@blogger.com (Christopher Brooks) — Thu, 25 Oct 2007 14:32:00 +0000

Security Focus has an interview with TRUST's Adam Barth. The interview, "Rebinding attacks unbound." Adam is quoted as saying:

"I'm a Ph.D. student at Stanford University and a member of the Stanford Web Security Lab. Collin Jackson, Andrew Bortz, Weidong Shao, Dan Boneh, and I are presenting a paper at the 2007 ACM Conference on Computer and Communications Security, detailing how to protect browsers from DNS rebinding attacks."

Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets

noreply@blogger.com (Christopher Brooks) — Wed, 17 Oct 2007 15:00:00 +0000

Trust researcher Adrian Perrig's work is highlighted in a CMU press release: "Carnegie Mellon's Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets." The work, done in conjuction with Vern Paxson and others is described as:

To stem the flow of stolen credit cards and identity data, Carnegie Mellon researchers proposed two technical approaches to reduce the number of successful market transactions, including a slander attack and another technique, which were aimed at undercutting the cyber-crooks verification or reputation system.

"Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.

In a slander attack, an attacker eliminates the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services," Franklin said.

The researchers also propose to undercut the burgeoning black market activity by creating a deceptive sales environment.

Perrig's team developed a technique to establish fake verified-status identities that are difficult to distinguish from other-verified status sellers making it hard for buyers to identify the honest verified-status sellers from dishonest verified-status sellers.

"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behavior is known as 'ripping.' And it is the goal of all black market site's verification systems to minimize such behavior," said Franklin.

The work has also been featured in a Slashdot.

The "Profiles in Team Science" document and website covers TRUST

noreply@blogger.com (Christopher Brooks) — Fri, 05 Oct 2007 16:14:00 +0000

Deborah Illman's, "Profiles in Team Science," has a nicely done overview of the Team for Research in Ubiquitous Secure Technology (TRUST).

Deirdre Mulligan: Data breach laws have had positive effect

noreply@blogger.com (Christopher Brooks) — Thu, 27 Sep 2007 14:52:00 +0000

Deirdre Mulligan is quoted in Silicon.com's article, "Data breach laws 'make companies serious about security'."

The legislation has had a positive effect on security, according to Deirdre Mulligan, clinical professor of law at the UC Berkeley School of Law.

She told silicon.com: "I believe that the law has heightened the attention paid to information security. The initial impact of the law was likely to make incidents public but the lasting effect should be to reduce the number and severity of breaches by creating incentives to invest in security."

Mulligan said her research had shown that security breaches drive information exchange among security professionals - for example some chief security officers summarised news reports from breaches at other organisations and circulated them to staff with 'lessons learned' from each incident.

She said: "The goal of the law was to improve security practices, not provide notices. Research and anecdote both suggest that it has improved practices along many dimensions. As practices improve, notices should decrease."

Some organisations have a 'that could have been us' moment and patch systems with similar vulnerabilities to the organisation that had a breach. The introduction of the legislation has meant an improved focus on security and better information about costs of failure, which allows for sounder investments, she added.

Pam Samuelson named a Berkman Center Fellow

noreply@blogger.com (Christopher Brooks) — Thu, 27 Sep 2007 14:43:00 +0000

Pam Samuelson was named a fellow to the Berkman Center for Internet & Society. Professor Samuelson will be presenting the keynote on October 10 to the IP and the Trend towards Openness conference. Details about Berkman fellows may be found in: "UN: Berkman Center Announces 07-08 Fellows."

Engineering a new curriculum

noreply@blogger.com (Christopher Brooks) — Wed, 26 Sep 2007 14:51:00 +0000

CNet's article, "Engineering a new curriculum," discusses an interview with UC Berkeley Dean of Engineering Shankar Sastry. Dean Sastry discusses changes in the engineering curriculum, including mixing soft sciences such as sociology and economics with engineering. This work is also part of the mission of the Team for Research in Ubiquitous Secure Technology (TRUST).

Trust Autumn 2007 Conference

noreply@blogger.com (Christopher Brooks) — Mon, 10 Sep 2007 00:07:00 +0000

The TRUST Autumn 2007 Conference October 10-11, 2007 will be held in Ithaca, NY and hosted by TRUST partner institution Cornell University.

Conference Information - The latest information on the event can be found on the conference page of the TRUST website at http://www.truststc.org/conferences/07/FallRetreat/. Please check back frequently as this page will be updated as more information is available.

Conference Hotel Information Trust website account required, see How can I request a login account on this website?

Registration - In order to plan for your arrival and have an accurate headcount of attendees, please register to let us know you will be attending the conference. You may register online.

Schedule - We are still finalizing the conference agenda and schedule of events. The conference will run from ~8:30 AM to 5:30 PM on October 10 and ~8:30 AM to 12:00 PM on October 11. Breakfast and lunch will be provided both days and we are organizing a dinner for the evening of October 10. Please check the conference page of the TRUST website for the latest information and agenda.

The conference will feature TRUST researchers who are advancing a leading-edge agenda to improve the state-of-the art in cybersecurity and critical infrastructure protection. It will provide you with an opportunity to hear firsthand about research, education, outreach, and technology transition activities within the TRUST center. We hope you will join us for this exciting event! If you have any questions or need additional information, please contact Sally Alcala, the TRUST Program Coordinator, at salcala at eecs dot berkeley edu or 510-643-8425.

Symatec Graduate Fellowship

noreply@blogger.com (Christopher Brooks) — Mon, 10 Sep 2007 00:02:00 +0000

Darren Shou, Senior Manager at Symantec Research Labs writes:

[...]we're now accepting applicants for our 2008 Symantec Fellowship. This is a multiple award, one year fellowship for graduate students pursuing innovative research related to information security and availability. It provides a $20,000 stipend, plus tuition and fees and is distinguished by an opportunity to work along-side our leading researchers.
http://www.symantec.com/about/careers/college/fellowship.jsp

UK House of Lords report, "Personal Internet Security," includes TRUST talk summaries

noreply@blogger.com (Christopher Brooks) — Wed, 15 Aug 2007 14:33:00 +0000

TRUST faculty briefed the UK House of Lords Science and Technology committee when they visited UC Berkeley on March 7, 2007. Summaries of their talks can be found on pages 103-106 of the final report, "Personal Internet Security."