Exploring decision making with Android’s runtime permission dialogs using in-context surveys (Bonne et al)
More info A great deal of research on the management of user data on smartphones via permission systems has revealed significant levels of user discomfort, lack of understanding, and lack of attention. The majority of these studies were conducted on Android devices before runtime permission dialogs were widely deployed. In this paper we explore how users make decisions with runtime dialogs on smartphones with Android 6.0 or higher. We employ an experience sampling methodology in order to ask users the reasons influencing their decisions immediately after they decide. We conducted a longitudinal survey with 157 participants over a 6 week period.
We explore the grant and denial rates of permissions, overall and on a per permission type basis. Overall, our participants accepted 84% of the permission requests. We observe differences in the denial rates across permissions types; these vary from 23% (for microphone) to 10% (calendar). We find that one of the main reasons for granting or denying a permission request depends on users' expectation on whether or not an app should need a permission. A common reason for denying permissions is because users know they can change them later. Among the permissions granted, our participants said they were comfortable with 90% of those decisions — indicating that for 10% of grant decisions users may be consenting reluctantly. Interestingly, we found that women deny permissions twice as often as men.
Android Permissions Remystified: A Field Study on Contextual Integrity (Wijesekera et al)
More info We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity,” i.e., how often applications access protected resources when users are not expecting it. Based on our collection of 27M data points and exit interviews with participants, we examine the situations in which users would like the ability to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request, and overall, they stated a desire to block over a third of all requests. Our findings pave the way for future systems to automatically determine the situations in which users would want to be confronted with security decisions.
USENIX Security 2018 Invited Talk Video: Analogy Cyber Security—From 0101 to Mixed Signals (Wenyuan Xu)
More info Abstract:
With the rapid development of sensing technologies, an increasing number of devices rely on sensors to measure environments or human beings and to control actuators. For instance, smartphones have a rich set of sensors, which range from accelerometers, microphones, to gyroscopes. Voice controllable systems rely on microphones to record voice command and autonomous vehicles depend on the barrier detection sensors to make driving decisions. Such a trend incurs new threats jeopardizing the system security and user privacy. In this talk, we show a collection of threats against the integrity of sensors and their impact on the systems level. For instance, we show that interference (EMI) can alter the measurement of analog sensors and thus affect the reliability of a close loop system. Finally, we discuss defense solutions that can improve the security of sensors.
Wenyuan Xu is a professor in the college of Electrical Engineering, Zhejiang University. She received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She was an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include embedded system security, smart grid security, and smart systems security. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She obtained an ACM CCS best paper award in 2017 and listed on the security researcher hall of fame in 2014 and 2016. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of TOSN.
No seminar - University snow day
PSI: Precise Security Instrumentation for Enterprise Networks (Yu et al)
More info (Delayed a week due to university snow day.)
Abstract: Despite soaring investments in IT infrastructure,
the state of operational network security continues to be abysmal.
We argue that this is because existing enterprise security approaches fundamentally lack precision in one or more dimensions: (1) isolation to ensure that the enforcement mechanism does
not induce interference across different principals; (2) context
to customize policies for different devices; and (3) agility to
rapidly change the security posture in response to events. To
address these shortcomings, we present PSI, a new enterprise
network security architecture that addresses these pain points.
PSI enables fine-grained and dynamic security postures for
different network devices. These are implemented in isolated
enclaves and thus provides precise instrumentation on these above
dimensions by construction. To this end, PSI leverages recent
advances in software-defined networking (SDN) and network
functions virtualization (NFV). We design expressive policy abstractions and scalable orchestration mechanisms to implement
the security postures. We implement PSI using an industry-grade
SDN controller (OpenDaylight) and integrate several commonly
used enforcement tools (e.g., Snort, Bro, Squid). We show that
PSI is scalable and is an enabler for new detection and prevention capabilities that would be difficult to realize with existing
Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos (Xu et al)
More info In this paper, we introduce a novel approach to bypass modern face authentication systems. More specifically, by leveraging a handful of pictures of the target user taken from social media, we show how to create realistic, textured, 3D facial models that undermine the security of widely used face authentication solutions. Our framework makes use of virtual reality (VR) systems, incorporating along the way the ability to perform animations (e.g., raising an eyebrow or smiling) of the facial model, in order to trick liveness detectors into believing that the 3D model is a real human face. The synthetic face of the user is displayed on the screen of the VR device, and as the device rotates and translates in the real world, the 3D face moves accordingly. To an observing face authentication system, the depth and motion cues of the display match what would be expected for a human face. We argue that such VR-based spoofing attacks constitute a fundamentally new class of attacks that point to a serious weaknesses in camera-based authentication systems: Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism. To demonstrate the practical nature of this threat, we conduct thorough experiments using an end-to-end implementation of our approach and show how it undermines the security of several face authentication solutions that include both motion-based and liveness detectors.
USENIX Enigma Conference Video: CRYPTOCURRENCY: BURN IT WITH FIRE (Nicholas Weaver)
More info (If there is time after discussion, we will also watch THE URLEPHANT IN THE ROOM: https://www.usenix.org/conference/enigma2019/presentation/stark.)
The entire cryptocurrency and blockchain space is effectively one big fraud. Cryptocurrencies are not fit for purpose unless you need censorship resistance, are fundamentally incompatible with modern finance, and are unfixable. They are, however, destroyable as they have technical, legal, and social weaknesses that can be exploited.
PASTA: PASsword-based Threshold Authentication (Shashank Agrawal et al.)
More info Abstract: Token-based authentication is commonly used to enable a
single-sign-on experience on the web, in mobile applications and on
enterprise networks using a wide range of open standards and network
authentication protocols: clients sign on to an identity provider using
their username/password to obtain a cryptographic token generated with a
master secret key, and store the token for future accesses to various
services and applications. The authentication server(s) are single point
of failures that if breached, enable attackers to forge arbitrary tokens
or mount offline dictionary attacks to recover client credentials. Our
work is the first to introduce and formalize the notion of
password-based threshold token-based authentication which distributes
the role of an identity provider among servers. Any servers can
collectively verify passwords and generate tokens, whilenot−1servers can
forge a valid token or mount offline dictionary attacks. We then
introduce PASTA, a general framework that can be instantiated using any
threshold token generation scheme, wherein clients can “sign-on" using a
two-round (optimal) protocol that meets our strong notions of
unforgeability and password-safety. We instantiate and implement our
framework in C++ using two threshold message authentication codes (MAC)
and two threshold digital signatures with different trade-offs. Our
experiments show that the overhead of protecting secrets and credentials
against breaches in PASTA, i.e. compared to a naïve single server
solution, is extremely low (1-5%) in the most likely setting where
client and servers communicate over the internet. The overhead is higher
in case of MAC-based tokens over a LAN (though still only a few
milliseconds) due to public-key operations in PASTA. We show, however,
that this cost is inherent by proving a symmetric-key only solution
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level (Stevens et al)
More info Abstract:
Digital security professionals use threat modeling to assess and improve the security posture of an organization or product. However, no threat-modeling techniques have been systematically evaluated in a real-world, enterprise environment. In this case study, we introduce formalized threat modeling to New York City Cyber Command: the primary digital defense organization for the most populous city in the United States. We find that threat modeling improved self-efficacy; 20 of 25 participants regularly incorporated it within their daily duties 30 days after training, without further prompting. After 120 days, implemented participant-designed threat mitigation strategies provided tangible security benefits for NYC, including blocking 541 unique intrusion attempts, preventing the hijacking of five privileged user accounts, and addressing three public-facing server vulnerabilities. Overall, these results suggest that the introduction of threat modeling can provide valuable benefits in an enterprise setting.
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks (Melicher et al)
More info Abstract:
Fear the Reaper: Characterization and Fast Detection of Card Skimmers (Scaife et al)
More info Abstract:
Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices including point of sale terminals, gas pumps, and ATMs. Detecting such devices can be difficult, and while many experts offer advice in doing so, there exists no large-scale characterization of skimmer technology to support such defenses. In this paper, we perform the first such study based on skimmers recovered by the NYPD's Financial Crimes Task Force over a 16 month period. After systematizing these devices, we develop the Skim Reaper, a detector which takes advantage of the physical properties and constraints necessary for many skimmers to steal card data. Our analysis shows the Skim Reaper effectively detects 100% of devices supplied by the NYPD. In so doing, we provide the first robust and portable mechanism for detecting card skimmers.
In-Progress Draft Discussion
This offering of CS 7936 will focus on reading and discussing recent papers in security and privacy research from conferences such as:
Class announcements are sent out on firstname.lastname@example.org. You can subscribe at http://mailman.cs.utah.edu/mailman/listinfo/security-privacy.
Students may enroll for one (1) credit. Although the University lists the course as “variable credit,” the two- and three-credit options are not currently available.
Students enrolled in the seminar are expected to read the papers prior to the seminar. Additionally, students are expected to sign up to lead the discussion on one or more seminar meeting. Leading the disucssion means:
Some papers are free to access, while others are behind paywalls. The university has a paid subscription to most of the libraries where those papers can be found. There are several ways to access those papers: