TRUST in the News

2013 Summer Program Applications Now Open

2012-12-17T16:10:00.001-08:00

The TRUST REU is a nine-week summer residential program that offers rising juniors and seniors in computer science or electrical engineering programs the opportunity to conduct research in Cybersecurity, Privacy and Trustworthy Systems. Participants of this program undertake cutting edge research projects. They also have access to enrichment activities including seminars, field trips, one-on-one advice regarding graduate school, and a subsidized GRE prep course. More information can be found on the TRUST REU Website: www.truststc.org/education/reu/index.html
Application Deadline: 2/15/2013

STAR is a nine-week summer residential program for California Community College Students. STAR aims to increase the number of eligible transfer students to four-year programs in computer science and electrical engineering. Participants of this program undertake cutting edge computer science and electrical engineering research projects. They have access to enrichment activities including seminars, field trips, and one-on-one advising sessions. Upon completion of this program students will be better prepared to apply for transfer to a four-year program in computer science or engineering. More information can be found on the STAR Website: www.truststc.org/education/star/index.html
Application Deadline: 2/15/2013

SECuR-IT, the Summer Experience, Colloquium and Research in Information Technology is a ten-week paid internship program for M.S. and Ph.D. students in computer science and electrical engineering. The topic for the intern experience is Cybersecurity, Privacy and Trustworthy Systems. The internship experience includes leading Silicon Valley network security companies, such as eBay, PayPal, Juniper Networks, SalesForce, Symantec and others. More information can be found on the SECuR-IT Website: www.truststc.org/education/securit/index.html
Application Deadline: 3/1/2013

NSF Awards $10 Million Grant to ICSI and Collaborators to Study Human Element of Cybercrime

2012-09-26T11:43:00.001-07:00

The International Computer Science Institute (ICSI), along with the University of California, San Diego and George Mason University have received $10 million in a 5-year grant from the National Science Foundation to examine the roles played by economics and social interactions in Internet security. While security research has focused primarily on those technologies that defend against Internet attacks, the new project led by ICSI Project Leader and UC Berkeley Professor Vern Paxson and Stefan Savage of UC San Diego concentrates on the profit motive in most Internet attacks along with the complex marketplaces supporting them and the relational interdependence of cybercriminals involved in such attacks.

“During our earlier work on analyzing the factors that go into making spam a profitable form of cybercrime, we were deeply struck by the significance of the human side of the equation,” said Paxson, “Non-technical considerations span business concerns, issues of trust-amongst-thieves, and the rise of social media as both a new domain that cybercrime is expanding into, and a way to track interactions amongst the criminals themselves.”

This large multi-institutional award comes in the form of a "Frontier" project, titled Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives as proposed by Prof. Paxson and TRUST investigators Chris Hoofnagle and Deirdre Mulligan among others.

See NSF award announcement and ICSI press release for more information.

Johannes Gerke of Cornell University wins IEEE Award

2012-06-12T09:20:00.000-07:00

Johannes Gerke, computer science professor at Cornell University, is one of 14 prominent technologists to be honored at the IEEE Computer Society's annual awards dinner in Seattle. Professor Gerke will receive the 2011 Technical Achievement Award for his pioneering contributions to data mining and distributed query processing techniques.

"For the IEEE Computer Society, the awards ceremony represents an opportunity to acknowledge these innovators for their sizable contributions to the field of computing,” said David A. Bader, chair of the IEEE Computer Society Awards Committee and professor in the School of Computational Science and Engineering at Georgia Institute of Technology. “This year’s honorees come from diverse backgrounds, and include pioneers in parallel processing, data-mining, database theory, Web applications, computer standards, and many other specialties that are central to the further advancement of computing technology. On behalf of the IEEE Computer Society, I applaud them for their accomplishments."

See seattle pi for more information.

How Al Qaeda Hid Secrets in a Video

2012-05-03T15:55:00.000-07:00

A May 1, 2012 Discovery News article, "How Al Qaeda Hid Secrets In a Porn Video" discusses using steganography to hide documents within a video. UC Berkeley Professor and TRUST participant David Wagner was used as a source in the article. The article states:

"Wagner said that human rights workers have been using steganography to hide testimony by exploited workers or political prisoners from government security forces. The testimony is encrypted onto a file on a cellphone, which can then be scanned at a customs checkpoint without revealing the hidden documents."

See also the Slashdot discussion and the original CNN article

Secretary Of Homeland Security Speaks At San Jose State

2012-04-18T08:59:00.002-07:00

On April 16th, Professor and TRUST campus Principal Investigator at San Jose State University Sigurd Meldal participated in hosting a visit by Secretary of Homeland Security Janet Napolitano to the University.

Napolitano spoke to students about cybersecurity and students' future in this field. As students' lives become more involved with the internet, Napolitano said students may find themselves with opportunities in areas of the nation's online defenses.

“To minimize the risks of a successful cyberattack we need everyone,” Napolitano said. “The cyberdomain has become inseparable from our daily lives.”

See article in the Spartan Daily and video coverage of Napolitano's appearance at SJSU on Monday, April 14th.

Web Firms to Adopt 'No Track' Button.

2012-02-25T07:30:00.005-08:00

Support for a do-not-track button by a coalition of Internet giants, including Google, has emerged as part of the White House's call for Congress to pass a "privacy bill of rights" giving people more control over personal data collected about them.

Google and others had been working around the privacy settings of millions of people that use Apple's Safari web browser on their iPhones and computers. The code Google was using to bypass the privacy settings was noticed by Stanford researcher Jonathan Mayer, CS/law student with Professor John Mitchell.

Google disabled its code after being contacted by the Wall Street Journal. A Google spokesman said that

Our updated Privacy Policy will make our privacy practices easier to understand, and it reflects our desire to create a seamless experience for our signed-in users.

See the Wall Street Journal Technology articles on Google's iPhone tracking and No-Track Button for details.

Internet is still vulnerable to cyber-criminals

2012-01-21T11:38:00.000-08:00

A January 21, 2012 San Francisco Chronicle article "Internet is still vulnerable to cyber-criminals" by James Temple discusses Mark Bowden's book "Worm: The First Digital World War," which describes the October 21, 2002 attack on the Internet Domain Name Servers.

The SF Chronicle article states:

Internet Protocol version 6, will create more root name servers and add other security protections.

"But the general consensus today is that it's still pretty fragile," said Doug Tygar, professor of computer science at UC Berkeley.

See also the October 3, 2011 review of 'Worm'.

Android apps and advertising: A bit too cozy

2011-12-13T10:09:00.001-08:00

A Tech Republic blog entry "Android apps and advertising: A bit too cozy" features the research of TRUST Ph.D. student Adrienne Porter Felt.

Adrienne asked non-computer scientists: “Do you think the advertiser can use the app’s permissions?” Twelve people answered with:

Yes: 5
No: 2
I don’t know: 5

It turns out that the answer is not that simple.

Adrienne's blog entry "Advertising and Android Permissions" states:

"Can an advertiser use an app’s permissions?"

"When you see an advertisement in an application, there are three parties. First, there’s the application itself, which asks the user for permissions. Second, there’s the advertising library, which is shoved into the application and therefore gains access to all of the app’s permissions. Third, the advertising library displays the advertisement itself. The advertisement can’t directly use any of the permissions, but the advertising library might share information with the company that is running the ad. So if you see an REI ad while playing a game, you should know that the invisible ad library gets all of the game’s permissions, and it might share information like your location with REI."

Adrienne is a student of Berkeley Professor David Wagner.

Carrier IQ cell phone monitor software is a nightmare

2011-12-05T07:46:00.000-08:00

TRUST Professor Stephen Wicker was quoted in a NetworkWorld article, "Cornell Prof: Carrier IQ affair 'my worst nightmare'". Carrier IQ is software present on various cell phones that provides call quality and other feedback to cell phone companies.

The article quotes Professor Wicker:

"This is my worst nightmare," says Stephen Wicker, a professor of electrical and computer engineering at Cornell. "As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.

"Carrier IQ claims that the collected data is 'anonymized.' Let's give this a moment's thought -- about all that it deserves. How hard would it be to 'de-anonymize' a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?"

The article was also picked picked in a Slashdot article.

White House Honors Cornell's Salman Avestimehr with PECASE

2011-10-05T16:31:00.000-07:00

TRUST investigator and Cornell Professor Salman Avestimehr was named a recipient of the Presidential Early Career Award for Scientists and Engineers, the highest honor bestowed by the United States government on science and engineering professionals in the early stages of their research careers.

Nominated by the National Science Foundation, Prof. Avestimehr was recognized as one of the Nation's "most meritorious scientists and engineers whose early accomplishments show the greatest promise for assuring America's preeminence in science and engineering and contributing to the awarding agencies' missions." The award includes a multi-year research grant.

The press release from the White House, which includes the full list of recipients, is available here. A press release from the Cornell University School of Electrical and Computer Engineering is available here.

"The Science of Cyber Security"

2011-08-09T16:12:00.000-07:00

US News and World Report's article, "The Science of Cyber Security" by Marlene Cimons gives an overview of the Team for Research in Ubiquitous Secure Technology (TRUST). Dean Shankar Sastry is quoted:

"“We no longer can afford to be reactive in our attitudes about cyber security,” ...

“Our current approach is bolt-on, rather than built-in patches, bolted on, like an afterthought. We need to be proactive.”

Erika Chin: "Seven ways to hang yourself with Google Android"

2011-08-09T16:03:00.000-07:00

The research work of Erika Chin, an EECS graduate student studying smartphone security was featured in a Consumer Reports online magazine article titled "Def Con 19: Android apps ask for too much power". Erika and principal researcher Yekaterina Tsipenyuk O’Neil reported that after studying dozens of Android apps, 30 percent of them were over privileged and creates a larger security risk to your personal information and phone.
(Based on text by Miyoko Tsubamoto)

Stanford's Dan Boneh Receives Dean's Award for Industry Education Innovation

2011-06-13T22:56:00.000-07:00

TRUST researcher and Stanford University Professor Dan Boneh was awarded the School of Engineering Dean's Award for Industry Education Innovation. The award is given for "outstanding teaching and exemplary leadership in industry education" and Dan was recognized for his leadership of the Stanford Advanced Computer Security Certificate program as well as teaching courses on computer systems security and cryptography. These courses are offered by the Stanford Center for Professional Development which focuses on connecting working professionals worldwide to the research and teaching of Stanford University faculty in the School of Engineering and related academic departments.

TRUST Researchers to Lead Intel Security Center

2011-06-10T16:45:00.000-07:00

Intel Labs announced the creation of the Intel Science and Technology Center for Secure Computing (ISTCSC) to be led by UC Berkeley with partner institutions Carnegie Mellon, Drexel, Duke, and Illinois.

The center's work will focus on making personal computers safer from malware, securing mobile devices, and protecting personal data when it is distributed across the Internet by giving people more control over it. The center is the second announced by Intel as part of their 5-year, $100 million ISTC program that will increase university research, accelerate innovation, and encourage tighter collaboration between university thought leaders and Intel. The ISTCSC will be funded at a level of $2.5 million per year for five years.

The center will be co-led by TRUST investigator and UC Berkeley Professor David Wagner and Intel Senior Principal Engineer John Manferdelli. Among the faculty researchers participating in the center are TRUST investigators Anthony Joseph, Vern Paxson, Dawn Song, and Doug Tygar from UC Berkeley and Adrian Perrig from Carnegie Mellon.

Intel released a press statement announcing the creation of the center and the center’s website contains a white paper describing the center’s research agenda.

Audio Captchas defeated

2011-06-03T10:07:00.000-07:00

Stanford Professor John Mitchell, postdoctoral research Elie Bursztein and their colleagues have developed a way to defeat the audio version of Captchas. See The Register and the Stanford News coverage.

Stephen Wicker on iOS user privacy

2011-04-22T10:40:00.000-07:00

Professor Stephen Wicker was quoted in Network World's article "Cornell prof warns iPhone, iPad users: "We're selling our privacy" about the recently reported location logging by the iPhone and iPad. The Network World article quotes Professor Wicker:

"It is vitally important to recognize that cellular telephony is a surveillance technology, and that unless we openly discuss this surveillance capability and craft appropriate legal and technological limits to that capability, we may lose some or all of the social benefits of this technology, as well as a significant piece of ourselves," says Stephen Wicker, Cornell professor of electrical and computer engineering. "Most people don't understand that we're selling our privacy to have these devices."

Doug Tygar on the LinkedIn outage in China

2011-02-26T16:36:00.000-08:00

Bloomberg's February 25, 2011 article
"LinkedIn Service Is Restored in Beijing After `Jasmine' 24-Hour Disruption" discusses how LinkedIn was blocked in China after a user posted comments about how "Tunisia’s Jasmine Revolution should spread to the Asian nation that’s been ruled by the Communist Party since 1949." The article quotes TRUST's Doug Tygar:

“Often, this is done as a sort of a warning signal -- sort of a shot across the bow,” said Doug Tygar, professor of computer science at the University of California at Berkeley. “A portion of that is symbolic.”

The quote was also printed on page D-1 of the San Francisco Chronicle, "Business Report - The Chronicle with Bloomberg."

Cornell's Hakim Weatherspoon Awarded Sloan Fellowship

2011-02-23T16:33:00.000-08:00

TRUST investigator and Cornell University Prof. Hakim Weatherspoon was named a recipient of the 2011 Sloan Research Fellowship of the Alfred P. Sloan Foundation.

Sloan Research Fellowships seek to stimulate fundamental research by early-career scientists and scholars of outstanding promise and are awarded yearly to researchers in recognition of distinguished performance and a unique potential to make substantial contributions to their field.

A press release of the 2011 fellowship awards is available here.

Car Theft by Antenna

2011-01-18T07:08:00.000-08:00

According to new research to be presented at the Network and Distributed System Security Symposium next month in San Diego, California, car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key.

Researchers successfully attacked eight car manufacturers' passive keyless entry and start systems—wireless key fobs that open a car's doors and start the engine by proximity alone. Because a car won't open or start if the signal from its key takes too long to arrive, the researchers devised a way to speed communication between their their antennas. They were able to keep the signals in analog format, which reduced their delay from microseconds to nanoseconds, making their attack more difficult to detect.

David Wagner,professor of computer science at the University of California at Berkeley who has studied the cryptographic systems used in keyless entry systems, says the research "should help car manufacturers improve auto security systems in the future." Wagner doesn't think the research ought to make car owners anxious. "There are probably easier ways to steal cars," he says. But, he adds, a "nasty aspect of high-tech car theft" is that "it doesn't leave any sign of forced entry," so if a thief did use this method to steal a car, he says, it might be hard for police and insurance companies to get sufficient evidence of what happened. Wagner believes that manufacturers, police, and insurance companies all need to prepare for this eventuality.

See full article in Technology Review, published by MIT.

Commerce announces new shop to oversee online security

2011-01-07T16:34:00.000-08:00

NextGov.com's article "Commerce announces new shop to oversee online security" covers Commerce Secretary Gary Locke's announcement that

The Obama administration is creating an office that will coordinate with the private sector to establish a secure pathway for people, organizations and computer programs to execute online transactions...

Locke spoke at an industry forum sponsored by many groups, including TRUST.

White House Honors Vanderbilt's Bradley Malin

2010-11-16T11:47:00.000-08:00

TRUST investigator and Vanderbilt University Professor Bradley Malin was named a recipient of the Presidential Early Career Award for Scientists and Engineers, the highest honor bestowed by the United States government on science and engineering professionals in the early stages of their research careers.

Nominated by the National Institutes of Health and Department of Health and Human Services, Prof. Malin was recognized as one of the Nation's "most meritorious scientists and engineers whose early accomplishments show the greatest promise for assuring America's preeminence in science and engineering and contributing to the awarding agencies' missions." The award includes a multi-year research grant.

The press release from the Office of Science and Technology Policy (OSTP), which includes the full list of recipients, is available here.

"Fabric" To Weave Security into Code

2010-10-21T12:06:00.000-07:00

Cornell computer science faculty, Fred Schneider and Andrew Meyers are developing a new computer platform, dubbed Fabric, that offers a way to build security into computer systems from the start by incorporating security in the language used to write the programs.

Professor Schneider states that until now, computer security has been reactive; when hackers discover a way in, we patch it.

"Our defenses improve only after they have been successfully penetrated," he explained.

Fabric's programming language, an extension of the widely used Java language, builds in security as the program is written. Fabric is still a prototype, being tested on a database of Cornell computer science students.

Schneider and Myers plan to scale it up for very large distributed systems, provide for more complex security restrictions on objects and enable "mobile code" — programs that can reside on one node of a network and be run on another with assurance that they are safe and do what they claim to do. And perhaps most important (and perhaps hardest), they hope to provide formal mathematical proof that a system is really secure.

See article in
Dr. Dobb's, The World of Software Development.

UC Berkeley's Dawn Song Awarded MacArthur Fellowship

2010-09-29T01:23:00.000-07:00

TRUST researcher and UC Berkeley Professor Dawn Song was named a 2010 MacArthur Fellow by the John D. and Catherine T. MacArthur Foundation.

The so-called "genius award" is given to individuals "who have shown extraordinary originality and dedication in their creative pursuits and a marked capacity for self-direction" as well as "exceptional creativity, promise for important future advances based on a track record of significant accomplishment, and potential for the fellowship to facilitate subsequent creative work." Prof. Song, one of 23 recipients of this year's award, was cited for her work in applying "rigorous theoretical methods to understand the deep interactions of software, hardware, and networks that make computer systems vulnerable to attack or interference."

Details on Prof. Song's work and her award are available here.

TRUST Autumn 2010 Conference: Nov. 10-11, 2010

2010-09-21T09:22:00.000-07:00

The next TRUST Conference will be held November 10-11, 2010 at the Jen-Hsun Huang Engineering Center on the campus of Stanford University. The conference will run from approximately 8:00 AM to 5:00 PM both November 10 and 11.

This event will provide attendees with an opportunity to hear firsthand about the work of TRUST faculty and students-specifically activities that:

Advance a leading-edge research agenda to improve the state-of-the art in cyber security and critical infrastructure protection;
Develop robust education and diversity plans to teach the next generation of computer scientists, engineers, and social scientists; and
Pursue knowledge transfer opportunities to transition TRUST results to end users within industry and the government.

For more information, see the TRUST Autumn 2010 Conference Page.

WSJ: "J.P. Morgan Wrestles Web Snarl

2010-09-20T10:46:00.000-07:00

UC Berkeley Professor Doug Tygar was quoted in a September 15, 2010 Wall Street Journal website article, "J.P. Morgan Wrestles Web Snarl." The article discusses an outage at chase.com. Professor Tygar is quotes as stating, ""if they have so much trouble with a software failure, what happens with an actual attack?"