|UW CSE Security Lab at the FTC Internet of Things Workshop||11.19.2013|
As a lab, we are very excited about the FTC's Internet of Things workshop, which is going on today. The focus of the workshop is on security and privacy, and the four panels are on: the smart home, connected health and fitness, connected cars, and privacy and security -- topics that we have been working on at UW for years now.
In his opening remarks, Keith Marzullo from the NSF included a slide on exemplar security and privacy projects for cyber-physical systems. The slide listed five example projects, three of which come from the UW CSE Security and Privacy Research Lab. Keith discussed UW's work on analyzing the security and privacy properties of wireless implantable medical devices and, in particular, he cited our Oakland 2008 paper (in collaboration with UMass and BIDMC). He then went on to cite our experimental security analyses of a modern car, which appeared at Oakland 2010 and USENIX Security 2011 (in collaboration with UCSD). And, finally, he discussed the lab's collaborative work with Howard Jay Chizeck (UW EE department) on secure telerobotics.
|Tamara Denning presents Control-Alt-Hack at ACM CCS 2013||11.7.2013|
|Congratulations to Tammy Denning for a great talk at ACM CCS 2013, where she presented her paper "Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education." Elements of the game drew from some of Tammy's other projects, e.g., her research on medical device security and computer security for devices in the home. (More info on Tammy's web page, http://homes.cs.washington.edu/~tdenning/ .)|
|UW CSE Ph.D. alum Roxana Geambasu is runner-up for inaugural SIGOPS Dennis M. Ritchie Doctoral Dissertation Award||11.5.2013|
The Dennis M. Ritchie Doctoral Dissertation Award was created by the computer systems research community in 2013 to recognize research in software systems and to encourage the creativity that Dennis Ritchie embodied, providing a reminder of Ritchie's legacy and what a difference one person can make in the field of software systems research.
At the ACM Symposium on Operating Systems Principles today, UW CSE Ph.D. alumna Roxana Geambasu, a professor in the Computer Science Department at Columbia University, was recognized as runner-up in the inaugural Ritchie Award competition.
Roxana received her PhD from UW CSE in 2011.
|Franzi Roesner at "Rising Stars"||11.4.2013|
Congratulations to Franzi Roesner for giving the opening talk at MIT's invitation-only "Rising Stars in EECS" conference: https://www.rle.mit.edu/risingstars/.
Franzi focused her presentation on her systematic evaluation of the web tracking ecosystem, but she also briefly touched on some of her other areas of computer security research, including: automotive computer security, permission granting in modern operating systems, secure embedded UIs, and security and privacy for augmented reality systems. Franzi's web page is here: http://www.franziroesner.com/.
|Home Automation Security -- and Light Bulbs!||10.22.2013|
|Last week Temitope Oluwafemi presented his work on analyzing the security of an unlikely target -- the CFL light bulbs attached to home automation systems. The light bulbs were not designed for network connectivity. But, by connecting them to home automation-controlled dimmers, they can become reachable by unauthorized parties. The paper answers questions about the possibility to remotely compromise light bulbs, cause fires, seizures and other physical injuries. Fortunately, no fires were started, but we did pop/char some bulbs. It is available here: https://sites.google.com/site/oluwafemit/HomeAutomationFinal.pdf. (This work was also with Sidhant Gupta, Shwetak Patel, and Tadayoshi Kohno, and appeared at the Learning from Authoritative Security Experiment Results (LASER) workshop.)|
|Launching the Companion "Tech Policy Lab"||9.12.2013|
The UW Tech Policy Lab is a unique,
interdisciplinary collaboration that aims to enhance
technology policy through research, education, and thought leadership.
The new venture -- enabled by a founding gift of $1.7 million from
Microsoft -- brings together experts from the University's School of Law, Information School, and Computer Science and Engineering.
The Tech Policy Lab was launched Thursday evening at an event keynoted by University of Washington President Michael Young, Microsoft Executive Vice President and General Counsel Brad Smith, and Microsoft Corporate Vice President and Head of Microsoft Research Peter Lee, plus the three UW co-directors of the Lab: Ryan Calo from the School of Law, Batya Friedman from the Information School, and Yoshi Kohno from Computer Science and Engineering.
|Introducing Dr. Czeskis||8.19.2013|
|Congratulations to Dr. Alexei Czeskis! Dr. Czeskis defended his PhD thesis, titled "Practical, Usable, and Secure Authentication and Authorization on the Web", today. Google is very fortunate to have Dr. Czeskis join their team!|
|Franzi Roesner presents LayerCake to a packed room||8.14.2013|
|UW CSE Security Lab member Franzi Roesner presented LayerCake today to a packed room at USENIX Security 2013. In the photo, everyone is paying attention and fully engaged 20 minutes into the talk! LayerCake is a modified version of Android that supports secure UI embedding. Franzi brought some LayerCake phones with her, and lots of people also joined her for a demo after the talk. The source code for LayerCake is available.|
|Four PhD Candidates to Graduate in 2013-2014||8.13.2013|
The UW CSE Security Lab is looking forward to the 2013-2014 academic year! Security Lab members
(alphabetically) are scheduled to graduate with their PhDs this academic year. They will join the list of lab alumni, which includes Roxana Geambasu, now a professor at Columbia University in New York, and Alexei Czeskis, who will defend next week and join Google's world-class security team in Mountain View.
Tammy's interests are in the human aspects of computer security and privacy, with a focus on emerging technologies; past areas of work include security for implantable medical devices, the security of consumer technologies in the home, and security awareness and education. Her web page: http://homes.cs.washington.edu/~tdenning/.
Miro works on applying machine learning methods to quantitatively understand and defend against privacy and security risks in emerging technologies, with a focus on smart sensor environments. His web page: http://homes.cs.washington.edu/~miro/.
Karl works on securing embedded systems through evaluating existing systems (such as automobiles) and developing new tools and techniques to help secure these systems. His web page: https://homes.cs.washington.edu/~supersat/.
Franzi's work has focused on security and privacy issues in the domains of third-party web tracking, permission granting in modern operating systems (such as smartphones), secure embedded user interfaces, and most recently, emerging augmented reality platforms. Her web page: http://www.franziroesner.com/.
|Senator Murray visits the UW CSE Security Lab||8.6.13|
|U.S. Senator Patty Murray visited UW CSE today for a discussion of cybersecurity issues with professors Yoshi Kohno and Ed Lazowska. Following the briefing, graduate students Karl Koscher, Franzi Roesner, and Alexei Czeskis demonstrated the security vulnerabilities of modern automobiles by controlling all aspects of a recent-model sedan from an Internet-connected laptop by exploiting vulnerabilities in the car's telematics unit.|
|UW Security Lab releases LayerCake, a modified version of Android||7.26.2013|
|UW Security Lab's Franzi Roesner just released LayerCake, a modified version of Android that supports secure application embedding. Learn about LayerCake on the LayerCake web page, https://layercake.cs.washington.edu/. The paper behind this work will appear at USENIX Security 2013.|
|PhD Hooding of Security Lab's Alexei Czeskis||6.15.2013|
|Congratulations to Alexei Czeskis! His advisor, Yoshi Kohno, hooded him at today's UW CSE graduation ceremony. Alexei is scheduled to defend his PhD disseration on August 19, 2013.|
|Shift - Leben in der digitalen Welt||6.10.13|
|UW CSE Security Lab member Franzi Roesner stars in another German TV show about automobile security. See the video here, around 2:15 and again around 4:00.|
|Security Lab research presented at Sunday's "Cool Jobs" panel at the Seattle Science Festival||6.7.2013|
The 2013 Seattle Science Festival is the region's only large-scale, community-wide celebration of science and technology. It brings hands-on exhibits, shows, demonstrations and performances to venues throughout the Pacific Northwest. All events provide experiences that educate, engage and inspire an interest in science and technology and stimulate imagination and innovation. The festival runs June 6-16, 2013.
SSF features a "cool jobs" series where attendees can learn, first-hand, from successful and dynamic professionals in some of the most promising fields in science and technology. CSE's Oren Etzioni, Yoshi Kohno (Security Lab), and Helene Martin will join Code.org's Hadi Partovi in a panel that highlights the opportunities in computer science: this Sunday, June 9th, from 7:00 to 9:00 pm, at the Seattle Public Library (Central Library) in the Microsoft Auditorium. (The event is free, but registration is required.)
Additional information here.
|UW wins Pacific Rim Collegiate Cyber Defense Competition for 6th consecutive year!||3.26.2013|
|For the sixth year in a row, the University of Washington has won the Pacific Rim Collegiate Cyber Defense Competition. Next month the team will head to San Antonio in an attempt to win their third consecutive National Collegiate Cyber Defense Competition crown.|
|Control-Alt-Hack appears at Amazon.com's internal security conference||3.17.2013|
|Amazonians got an opportunity to play Control-Alt-Hack after a day of internal training. Control-Alt-Hack is a computer security-themed card game that is designed to be both fun and educational.|
|UW wins Hawaiian "Big Splash" Cyber Defense Competition||3.11.2013|
Batman's Kitchen, an interdisciplinary team involving students from CSE, the iSchool, EE, and pre-engineering, won the Hawaiian "Big Splash" Cyber Defense Competition held 8-10 March 2013. See the UW CSE News site for more information.
|UW Security Lab's Yoshi Kohno profiled in Columns||3.7.2013|
CSE professor Yoshi Kohno is profiled in the March issue of Columns, UW's alumni magazine.
"Kohno's experiments are the stuff of science fiction movies: using a kid's Erector Set to spy on its owner, tracking a runner using his mileage monitor or even hackers taking over a car while it's driving and forcing it to brake to a stop. The only difference between Hollywood make-believe and reality is that this white hat hacker doesn't need special effects to make them reality."
Read the full article here.
|Insecurity of the ORCA regional transit not-so-smart card||2.13.2013|
Since its inception, UW CSE researchers have raised concerns regarding the security and privacy aspects of Seattle's ORCA ("One Regional Card for All") regional transit smartcard.
Now "there's an app for that" -- FareBot, which enables any NFC-equipped Android phone to extract the data from ORCA (and similar transit smartcards in San Francisco, Singapore, and Japan).
FareBot, created by Seattle software developer Eric Butler, builds upon work by UW CSE's Karl Koscher.
Crosscut reports on the app today in two articles.
|Wenn Automation zum Risiko wird||1.22.2013|
|Listen to Security Lab member Franzi Roesner discuss automotive computer security on a German radio station here (between 12:10 and 15:50). Franzi and colleagues at UW and UCSD experimentally discovered exploitable security vulnerabilities in a modern automobile.|
|SensorSift: Balancing Privacy and Utility in Sensor Data||1.14.2013|
The rapid growth of sensors and algorithmic reasoning are creating an important challenge to find balance between user privacy and functionality in smart applications. To address this problem Miro Enev and collaborators have developed a quantitative framework called SensorSift which we recently published and have now made available as open source!
At the heart of our contribution is an algorithm which transforms raw sensor data into a 'sifted' representation which minimizes exposure of user defined private attributes while maximally exposing application-requested public attributes. We envision multiple applications using the same platform, and requesting access to public attributes explicitly not known at the time of the platform creation. Support for future-defined public attributes, while still preserving the defined privacy of the private attributes, is a central challenge that we tackle.
|Control-Alt-Hack appears at a National Science Foundation meeting||1.10.2013|
|Security Lab's Tammy Denning presented a keynote talk and lead a play session of Control-Alt-Hack at an NSF meeting. Thanks Zachary Peterson for the photo! Control-Alt-Hack is a computer security-themed card game that is designed to be both fun and educational.|
|HUFFPOST TV: "'Homeland': Brody Helps Nazir Kill Someone; Producers Talk Shocking Exit And What's Next"||12.12.2012|
Season 2, Episode 10 of Showtime's "Homeland," titled "Broken Hearts," was inspired by the Security Lab's research on the computer security properties of modern pacemakers and defibrillators.
Read all about it here.
|GeekWire's Gift Guide: 13 great geeky gifts from Seattle||12.12.2012|
|GeekWire picked the UW CSE Security Lab's Control-Alt-Hack card game as one of "13 great local gifts for geeks". Read the article here.|
|Auto-Elektronik: Wie Hacker manipulieren konnen||12.6.2012|
|Security Lab's Franzi Roesner discusses automotive computer security on a German TV show. The segment starts around minute 5:20 of this video.|
|UW CSE Security Lab releases the "Control-Alt-Hack" card game||12.3.2012|
Control-Alt-Hack is a computer security-themed card game designed to be entertaining, give a glimpse into white hat hacking, and highlight some of the more surprising aspects of computer security. It targets kids age 14 and up. It's fun, and also educational / awareness-building.
Read the UW C4C press release here.
|Alexei and Franzi win People's Choice Awards at the UW CSE Industry Affiliates Meeting||10.24.2012|
|Congratulations to Alexei Czeskis and Franzi Roesner for winning the People's Choice Awards at the annual UW CSE Industry Affiliates Meeting! Alexei presented a poster titled "Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web". Franzi presented a poster titled "User Interface Toolkit Mechanisms for Securing Interface Elements".|
|Security Lab's Tamara Denning hosts Cory Doctorow for a Q&A visit||10.23.2012|
|UW CSE Security Lab member Tamara Denning hosts science fiction author, activist, journalist and blogger Cory Doctorow for a technically-flavored Q&A session.|
|UW CSE Security Lab's Yoshi Kohno joins Neal Stephenson for a discussion of REAMDE||10.18.2012|
|UW CSE Security Lab's Yoshi Kohno joins author Neal Stephenson, Bethan Cantrell, and Greg Lastowka at the UW School of Law for a discussion of Stephenson's latest book, REAMDE. The discussion was moderated by Ryan Calo. Watch a video of the discussion here.|
|UW CSE's security lab featured on David Pogue's PBS NOVA Science NOW||10.17.2012|
David Pogue’s PBS NOVA Science NOW featured the work of UW CSE Security and Privacy Research Lab as the final segment of the episode “Can Science Stop Crime?”
Those featured include UW CSE faculty member Yoshi Kohno, UW CSE Ph.D. alum Dan Halperin, and UW CSE Ph.D. students Karl Koscher, Franzi Roesner, Alexei “Crash” Czeskis – and the work of these and others.
Watch this 12-minute PBS NOVA Science NOW segment!
|UW CSE's Yoshi Kohno (and really the whole Security Lab) to be featured Wednesday on PBS TV NOVA scienceNOW||10.13.2012|
The Seattle Times describes this Wednesday’s PBS TV NOVA scienceNOW:
“For most people, computer security means just that: Keeping viruses off your desktop or laptop, your PC or your Mac.
“But when Tadayoshi Kohno thinks of computers and security, he thinks about the vulnerabilities inherent in a whole range of devices that are increasingly connected wirelessly to the Internet, to cellphones or to each other.
“A computer scientist at the University of Washington, Kohno has proved that you can hack and take over the circuitry of a pacemaker, an implantable defibrillator, a child’s toy, a mileage-tracking device for runners, and -- perhaps most chilling of all -- a car.
“Kohno, 34, is so good at what he does that government regulators and manufacturers habitually beat a path to his door, in the UW’s computer science and engineering department, where he is an associate professor.
“Kohno will be featured Wednesday on PBS’s NOVA scienceNOW, in an episode that examines whether science can help solve crime.”
Read more here. Watch NOVA scienceNOW on PBS TV on Wednesday (in Seattle, 10 p.m. on KCTS-9)!
|Security Lab's Alexei Czeskis interviewed about White House network breach||10.9.2012|
Alexei Czeskis, a Ph.D. student in UW CSE’s Security and Privacy Research Lab, is interviewed by The Voice of Russia – American Edition.
“After news surfaced over the weekend that a U.S. government computer network was breached by hackers, computer security experts have weighed on the situation, calling it ‘a game between defenders and attackers.’ …
“Host Jessica Jordan spoke with Alexei Czeskis, a Ph.D. candidate in the Security and Privacy Research Lab at the University of Washington, to learn more about the hacking and computer security.”
Listen to the interview here.
|Security Lab's Tamara Denning wins 2012 Intel Ph.D. Fellowship||10.1.2012|
|UW CSE Ph.D. student Tamara Denning, who works with professor Yoshi Kohno in UW’s Security and Privacy Research Lab, has been named on of 18 recipients of 2012 Intel Ph.D. Fellowships. Tamara was one of 3 of the 18 to win special recognition of her research at a technical poster session for all of the awardees.|
|"The vulnerability of high-tech cars"||8.22.2012|
American Public Media writes:
“Any computer hooked up to the Internet is a potential victim of malicious hackers.
“Of course, it’s one thing to be hacked on a desktop PC, it’s quite another to be hacked in your car, traveling at 70 miles an hour, with a computer that controls your brakes and steering.
“Yoshi Kohno is part of a research team studying car computer security at the University of Washington. He says don’t freak out. Yet. ‘Right now, my grad students are the only people who are likely to hack your car.’”
|Middle school girls visit UW CSE||7.7.2012|
On Friday June 29, a group of middle school girls spent the morning in UW CSE, followed by an afternoon visit to Amazon.com. In UW CSE, the students were hosted by Crystal Eney, Caitlin Harding, and Victoria Wagner, and participated in activities including “Computer Science Unplugged” (Allison Obourn), sustainability sensing (Eric Larson), and computer security (Karl Koscher).
The girls were participating in G2CS – Girls Gather for Computer Science – a 4-week summer program.
|Security Lab's Alexei Czeskis on American Public Media's "Marketplace"||6.8.2012|
UW CSE Ph.D. student Alexei Czeskis was interviewed on American Public Media’s “Marketplace” concerning a program in San Antonio to track students within their high schools using RFID.
“Alexei Czeskis studies RFID privacy issues at the University of Washington’s Security and Privacy Research Lab. He says it’s hard to predict the consequences of collecting all this data on our children.
“‘We don’t know what it could be used for in the future,’ he says, ‘and that could be something good or it could be something really bad. For example, maybe it’s foreseeable that when these students apply to college for admission, colleges might be able to request this type of data. Those kinds of things could have implications for students further on in their lives.’”
Listen to the story here.
|Moog Google doodle hack by CSE Security Lab's Karl Koscher||5.25.2012|
“Earlier in the week we reported on the pretty epic interactive Google doodle that was an homage to Dr Robert Moog. The super cool landing page allowed visitors to mess around with a virtual Moog synthesizer and then share their noisy creation with others as an application recorded and played back the sounds (On a virtual reel-to-reel no less!)
“One smart engineer is all it takes to push a project further of course. Karl Koscher is a Ph.D. student studying computer security at the University of Washington, and he told TNW …”
Read the post and try it out here.
|Security Lab's Franzi Roesner wins "Best Practical Paper" award at IEEE Symposium on Security and Privacy||5.23.2012|
UW CSE Security Lab Ph.D. student Franzi Roesner has been recognized with the “Best Practical Paper” award at the IEEE Symposium on Security and Privacy. The paper, “User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems,” was co-authored with UW CSE professor Yoshi Kohno, UW CSE Ph.D. alumnus and Microsoft Research staff member Alex Moshchuk, Microsoft Research staff members Bryan Parno and Helen Wang, and Microsoft staff member Crispin Cowan.
Congratulations to Franzi and her co-authors!
|UW CSE repeats as National Collegiate Cyber Defense Competition Champs!||4.22.2012|
UW CSE has just won the 2012 National Collegiate Cyber Defense Competition, repeating 2011's performance.
Team members Mick Ayzenberg, Henry Baba-Weiss, Ian Finder, Karl Koscher, Landon Meernik, Miles Sackler, Cullen Walsh, and Lars Zornes -- coached by Jake Appelbaum and advised by Melody Kadenko -- qualified for the National competition by winning the Pacific Rim Regionals last month. Hearty congratulations to these folks, and also to Barbara Endicott-Popovsky of UW's iSchool for encouraging a UW-wide focus on cybersecurity.
See an excellent UW News article here. See a Seattle Times article previewing the competition here. Wall Street Journal MarketWatch article on the competition here. Seattle Times article on the competition here. Other press, out the wazoo: Sacramento Bee; PR Newswire; Infosec Island; Sys-Con Media; KHQ Spokane; KFVS Eklville; KYTX Tylor Longview; splunk.
|"UW cyber stars defending their title"||4.21.2012|
The Seattle Times previews the National Collegiate Cyber Defense Competition:
"Somewhere in Texas right now, 30 hackers known as the Red Team are attacking a computer network called Go Mommy, using every trick to try to bring it to its knees.
"Among the defenders: Eight computer-science students from the University of Washington, working to repel the attack -- quite possibly while humming the 'Angry Birds' theme song.
"This is the world of college cybersecurity competitions, where a dose of black humor underscores an atmosphere of extreme suspicion, and the hackers dish out clever pop-culture references while trying to break the student networks with a bag of dirty tricks.
"The UW team is one of the best in the country. It's one of 10 teams competing in the National Collegiate Cyber Defense Competition in San Antonio this weekend as the defending champs, having won the competition for the first time last year."
Read more here.
|UW rocks at the Fifth Annual Pacific Rim Regional Collegiate Cyber Defense Competition||3.25.2012|
Last year, UW surprised itself by winning the National Collegiate Cyber Defense Competition. It is perhaps not so surprising, then, that the UW team -- composed entirely of CSE students -- rocked at this weekend's Fifth Annual Pacific Rim Regional Collegiate Cyber Defense Competition, winning a return ticket to the nationals. UW's score exceeded the combined scores of the second, third, and fourth place teams.
Congratulations to team members Mick Ayzenberg, Henry Baba-Weiss, Ian Finder, Karl Koscher, Landon Meernik, Cullen Walsh, Lars Zornes, Miro Enev (grad alternate), Max Sherman (undergrad alternate), Miles Sackler (Team Captain), Melody Kadenko (Team Advisor), and Jake Appelbaum (Team Co-Advisor).
Team Advisor Melody Kadenko says: "I am SO PROUD of them!!! Further, it proves that it's not necessarily our team training and practice that can account for so many wins (since we don't do much of that). It's the CSE curriculum that teaches our students how to analyze, find solutions, think abstractly. The only thing left to teach during training/practice is how to not have a meltdown when something goes horribly wrong, and how to keep the profanity to a minimum when judges are present."
|Security Lab's Franzi Roesner wins Microsoft Research Ph.D. Fellowship||1.25.2012|
Franzi Roesner is one of the twelve winners (from 198 nominees) of this year's Microsoft Research Ph.D. Fellowship competition.
Franzi is a UW CSE Ph.D. student working with Yoshi Kohno in the areas of security, privacy, and systems. She was an undergraduate at UT Austin.
|Security Lab's Alexei Czeskis on The Voice of Russia: "Chinese hack into US Chamber of Commerce"||12.29.2011|
"The break-in is one of the boldest known infiltrations in what has become a regular confrontation between US companies and Chinese hackers.
"Bradley Shear, George Washington University professor and Attorney At Law with the Law Office of Bradley S. Shear, LLC, Alexei Czeskis, Security and Privacy Research Lab with the Department of Computer Science & Engineering at the University of Washington, and Paul Rosenweig, Principal with Red Branch Consulting and a visiting fellow at Heritage, talk about this complex operation, which involved at least 300 internet addresses."
Listen to the story here.
|Security Lab's Yoshi Kohno on American Public Media: "Could that new toy robot be hacked?"||12.29.2011|
"Look, I'm not trying to freak you out here. Well, OK, maybe a little. But think about it: We have computers all over the place. Your laptop or desktop PC; maybe you have a tablet too, maybe a smartphone. And it doesn't stop there. Your car might be computerized, your kitchen, the toys your kids got for Christmas. If any of those computers are connected to any kind of network, there exists an issue of security ...
"Yoshi Kohno is an associate professor of computer science and engineering at the University of Washington. He and his team figured out how to break into a car's internal, computer network. They were able to control the brakes and turn the car on and off. They also fiddled around with a commercially available toy robot. 'One of the things we found is that as soon as we turned this toy robot on, it advertises a wireless ad hoc network that anyone can connect to,' Kohno says ...
"Kohno's team has been looking into something far more serious than a toy robot: implanted medical devices. 'We found that a person using their own equipment could wirelessly communicate with a pacemaker or defibrillator and change its settings, turn on and off therapies, and in fact make it issue a large shock,' he says."
Listen to the full story here.
|Jeff Bezos @ UW CSE||12.18.2011|
|Jeff Bezos spent several hours in UW CSE labs on December 16 -- discussing ubiquitous computing and sensing with Shwetak Patel and students; the future of search with Oren Etzioni; and the security of computer-controlled personal devices (such as automobiles) with Yoshi Kohno and students; as well as discussing future directions for the computer science field with Ed Lazowska and Hank Levy.|
|What's on TV? Find Out From the Powerline||10.24.2011|
|Recently, Miro Enev traveled to CCS 2011 to present his work with Sidhant Gupta on uncovering the depth of information leakage available on the modern powerline. The paper suggests that it is possible to tell what someone is watching on a TV by collecting a short period of unintentionally generated electromagnetic interference (EMI) from any wall socket in a home (not just the socket connected to the TV). This research was based on in-lab and in-home experiments with 8 TVs ranging in size, technology, and manufacturer, and a dataset of 20 movies plus over-the-air broadcasts. Miro and Sidhant also demonstrated the ability to train a neural network to predict the EMI of a television without need for physical access to the device. Full details in the paper. UW faculty members Shwetak Patel and Tadayoshi Kohno were also involved.|
|Franzi Roesner Wins the Madrona Prize Runner Up Award for ShareMeNot||10.19.2011|
Earlier this year UW CSE security researcher
Franzi Roesner released ShareMeNot -- a Firefox plugin designed to help users avoid unwanted
tracking by third party social media
buttons on the Web while
still allowing the user to use
those buttons when they wish.
ShareMeNot handles the Facebook
Like button, the Google +1 button,
Last night Franzi presented a poster of her work at the annual UW CSE Industrial Affiliates meeting. The Madrona Venture Group was extremely impressed by Franzi's work and awarded her the Madrona Prize Runner Up Award. Congratulations Franzi!
|UW's Karl Koscher to co-Keynote WESS||10.13.2011|
|UW CSE's Karl Koscher is headed to Taiwan to give the opening talk at the 6th Workshop on Embedded Systems Security (WESS 2011) along with UCSD PhD student (and UW undergraduate alumnus) Steve Checkoway. Karl and Steve will be presenting their recent research results on automotive computer security, co-authored with UW's Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Yoshi Kohno and UCSD's Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. You can read about their research at http://www.autosec.org/faq.html.|
|A Pwning Shirt||9.16.2011|
|Members of the UW Security and Privacy Lab surprised Yoshi with his new, most favorite shirt ever! Thank you Alexei, Franzi, Karl, Miro, and Tammy!|
|Combating Search-Result Poisoning at Usenix Security 2011||8.14.2011|
|The paper titled deSEO: Combating Search-Result Poisoning was published last week at Usenix Security 2011. It describes how malware and viruses are spread through the poisoning of popular search keywords, and develops tools to help search engines fight the problem.|
|The Security Lab is Now on Twitter||8.13.2011|
|The UW Security and Privacy Lab is now on Twitter. Follow us at https://twitter.com/#!/uw_cse_seclab.|
|Comprehensive Experimental Analyses of Automotive Attack Surfaces at Usenix Security 2011||8.10.2011|
The UW-UCSD collaborative project
on automotive security has just
published their second paper entitled
"Comprehensive Experimental Analyses of Automotive Attack Surfaces" at Usenix Security 2011. The results in this paper were previously presented before a National Academy of Sciences committee on automotive safety (3.13.2011).
On the UW side, this effort was led by Karl Koscher, Alexei Czeskis, and Franziska Roesner (along with faculty member Yoshi Kohno). On the UCSD side, this effort was led by Stephen Checkoway, Damon McCoy, Brian Kantor, and Danny Anderson (along with faculty members Hovav Shacham and Stefan Savage).
A video of the Usenix Security talk is online here.
|ShareMeNot -- Protecting Against Tracking from Third-party Social Media Buttons||7.28.2011|
|Cory Doctorow at BoingBoing is reporting on Franzi Roesner's latest project, ShareMeNot. Cory writes: "[ShareMeNot is] a Firefox Add-On that defangs social media buttons like the Facebook 'Like' button (and others) so that they don't transmit any information about your browsing habits to these services until (and unless) you click on them. That means that merely visiting a page with a Like or a Tweet or a +1 button (like this one) doesn't generate a data-trail for the companies that operate those services, but you still get the benefit of the buttons, that is, if you click them, they still work. Smart." Also involved are UW CSE faculty members Yoshi Kohno and David Wetherall.|
|UW MSR Summer Institute on Consumer, Cloud Security||7.25.2011|
Each year, UW Computer Science and Engineering and Microsoft Research host a Summer Research Institute in Computer Science, bringing together dozens of the world's top researchers for several days to discuss an important emerging topic.
This year's UW-MSR Summer Research Institute is taking place July 24-27 at Suncadia Resort, located in the Cascades, ninety minutes southeast of Seattle. The topic is "Security and Privacy for a Consumer, Cloud World." The goal is to identify new directions for consumer and cloud computing, discuss the challenges for protecting security and privacy in a consumer and cloud computing world, and explore directions for mitigating those challenges. The Institute brings together researchers and practitioners from diverse but relevant areas such as computer security, cryptography, mobile systems, cloud computing, systems and networking, and HCI. The organizers are Yoshi Kohno (UW CSE), David Molnar (MSR), and Helen Wang (MSR).
This is the fifteenth UW-MSR Summer Research Institute. Learn more about this year's UW-MSR Summer Research Institute here.
|Congratulations Professor Geambasu!||5.16.2011|
UW CSE PhD Student Roxana Geambasu has just accepted a tenure-track faculty position in the Department of Computer Science at Columbia University. Congratulations Professor Roxana!!
|Helping Design Privacy Preserving Medical Data Registry for Washington State||5.16.2011|
Alexei Czeskis and Jacob Appelbaum are helping to design a privacy preserving registry for the Washington State medical marijuana data. Their effort was recently mentioned a Seattle Weekly article, available here.
Jake and Alexei have been working directly and indirectly with a variety of stakeholders like the Washington State ACLU, legislators, law enforcement, and Cannabis Defense Coalition to make sure that a technology can be designed to meet the variety of needs and the (sometimes conflicting) goals. Jake's and Alexei's work have helped inform the technical language in Senate Bill SB 5073 and more recently -- SB 5955.
|UW CSE Security Team Receives Recognition||5.13.2011|
The UW CSE Security Competition Team was recognized at the 2011 VISA Global Security Summit in Washington DC. Besides high ranking VISA security personnel, the former NSA and CIA chief, the former Attorney General, a four start General, personnel from the US Secret Service, and others were present.
The team was also recently featured in The Christian Science Monitor. The story is available in the magazine and online here.
|KIRO FM Features the UW CSE Security Team||4.20.2011|
|The UW CSE Security Competition Team was featured today in a story on 97.3 KIRO FM. You can read the article here and can also listen to the full audio interview here.|
|"Keypad" wins Eurosys 2011 Best Student Paper||4.13.2011|
"Keypad: An auditing file system for theft-prone devices," a paper describing a new file system that enhances data security on mobile devices, has been named Best Student Paper at this year's EuroSys 2011 conference. The paper was authored by UW CSE graduate students Roxana Geambasu and John P. John and UW CSE faculty members Steve Gribble, Yoshi Kohno, and Hank Levy.
|UW CSE Security Competition Team Wins Nationals!||4.10.2011|
The UW CSE computer security competition team consisting of Alexei Czeskis (team captain), Karl Koscher (team co-founder), Ian Finder, Mary Pimenova, Cullen Walsh, Baron Oldenburg, Conrad Meyer, and Mark Jordan -- coached by Melody Kadenko -- just won the National Collegiate Cyber Defense Competition!
The finals, held April 9 and 10, featured 9 teams from across the nation -- the winners of 9 regional competitions.
Update (4.11.2011): The Seattle Times just wrote an article about the team's win.
Update (4.13.2011): UW Today also wrote an article about the team.
|Karl Koscher Wins Ford Fellowship||4.1.2011|
|UW CSE Security Lab member Karl Koscher just won the College of Engineering Ford Motor Company Fellowship. Congratulations Karl!|
|Detecting Certificate Authority Compromises and Web Browser Collusion||3.23.201|
From Freedom to Tinker: "Today, the public learned of a previously undisclosed compromise of a trusted Certificate Authority -- one of the entities that issues certificates attesting to the identity of "secure" web sites. Last week, Comodo quietly issued a command via its certificate revocation servers designed to tell browsers to no longer accept 9 certificates. ...
"This implied that the certificates were likely malicious, and may even been used by a third-party to impersonate secure sites. ...
"Clearly, something exceptional happened behind the scenes. Security hacker Jacob Appelbaum did some fantastic detective work using the EFF's SSL Observatory data and discovered that all of the certificates in question originated from Comodo -- perhaps from one of the many affiliated companies that issues certificates under Comodo's authority via their 'Registration Authority' (RA) program. Evidently, someone had figured out how to successfully attack Comodo or one of their RAs, or had colluded with them in getting some invalid certs."
Jacob Appelbaum is a UW Security and Privacy Lab researcher and a Tor developer. You can read more about Jacob's discoveries here.
|UW CSE Security Competition Team Wins Regionals!||3.20.2011|
The UW CSE cyber defense competition team just won regionals! Congratulations
to team members Alexei Czeskis (team captain),
and Cullen Walsh!
Update (4.7.2011): The Seattle Times has written an article about the team: "A team of eight University of Washington students will wage war this weekend against an expert force, defending their territory with stealth tactics and on-the-fly invention. But there are no physical weapons involved. There's not even a physical battleground. For the fourth year in a row, the team will compete in the National Collegiate Cyber Defense Competition, in which teams from around the country attempt to shield a computer system from professional hackers aiming to cause havoc ranging from stealing trade secrets to turning home pages into random YouTube videos."
Read the full article here.
|Comprehensive Experimental Analyses of Automotive Attack Surfaces Presented Before the National Academy of Sciences||3.13.2011|
and Franziska Roesner,
and their University of California at San Diego collaborators
and Danny Anderson, whose study of the vulnerability of modern cars to
remote compromise was picked up by the press after being presented
The Associated Press and The New York Times broke the story, with additional coverage at Technology Review, PCWorld, Slashdot, Jamie Zawinski’s blog, Boing Boing, and The Volokh Conspiracy. More information at the CEASS site.
|The 2011 CPDP Multidisciplinary Privacy Award||2.1.2011|
UW security and privacy researchers had a strong showing at the 2011 Computers, Privacy & Data Protection conference in Brussels, Belgium, winning both the Multidisciplinary Privacy Award award and an honorable mention.
The goal of the CPDP multi-disciplinary privacy research award is to promote the need for and reward the results of multidisciplinary research, with the participation of the representative of diverse constituencies engaged in the investigation of the new ideas in data protection. Any paper published or accepted for publication in 2010 was eligible to win.
UW CSE grad student Alexei Czeskis and alumni Iva Dermendjieva and Hussein Yapit won the award for their work on balancing privacy and value tensions in mobile parenting technologies (published at SOUPS 2010 with co-authors Alan Borning, Batya Friedman, Brian Gill, and Tadayoshi Kohno). Alexei, pictured on the right, went to Belgium to receive the award.
UW CSE PhD student Tamara Denning won an honorable mention for her work on analyzing human values and security for wireless implantable medical devices (published at CHI 2010 with co-authors Alan Borning, Batya Friedman, Brian Gill, Tadayoshi Kohno, and William Maisel).
|Identity Theft in the Electronic Age||1.26.2011|
|UW security research Karl Koscher is featured in 16:9, Canada's version of 60 Minutes. Karl is seen discussing his research on the security and privacy properties of the new US Passport Cards and Enhanced Drivers Licenses. Also featured in the video is UW PhD student Emily Fortuna.|
|Transparent Tor Access Point||12.21.2010|
|Jacob Appelbaum's new vision -- to create a "home Internet with anonymity built in" -- is featured in MIT's Technology Review magazine. Jacob is a UW security and privacy lab research scientist and core Tor developer. His key idea is to integrate the Tor anonymity system directly into wireless routers, thereby making strong privacy more accessible to the general public. UW security researcher Alexei Czeskis and others from the Tor community are also participating in this project. Good luck Jacob and Alexei with this new direction!|
|Jacob in NY Times Magazine||12.17.2010|
|The New York Times Magazine has a detailed article on online anonymity and the Tor project. UW security researcher and Tor developer Jacob Appelbaum is extensively quoted. Originally funded by the U.S. Department of Defense, Tor now helps protect the privacy of hundreds of thousands of people around the world.|
|Skein Chosen as SHA-3 Finalist||12.10.2010|
|The U.S. National Institute of Standards and Technology (NIST) has selected the Skein cryptographic hash function as one of five finalists in its SHA-3 competition. The winner will become the new U.S. hash function standard. Sixty-four proposed hash function designs were submitted to NIST when the competition began two years ago. Skein was designed by a team of cryptographers and computer security experts, including UW's Yoshi Kohno. (If you look closely, you'll notice that the team photo was taken in the beautiful halls of the UW Paul G. Allen Center for Computer Science & Engineering.)|
|Awards at UW CSE Industrial Affiliates Meeting||10.28.2010|
The annual UW Computer Science & Engineering Industrial Affiliates Meeting took place on October 27th and 28th.
On the 27th, more than 100 representatives from Affiliates companies participated in a day of research presentations, and more than
than 250 Seattle-area alumni joined for an evening of posters. There were also awards.
UW security and privacy lab PhD students Karl Koscher, Alexei Czeskis, and
Franzi Roesner won an award for their poster on car security,
and PhD student Roxana Geambasu and
graduate student Amit Levy won an award for their poster on Comet: An Active Distributed Key-Value Store.
The photo at the right, taken by UW CSE faculty member Bruce Hemingway, shows (from left) Karl, Alexei, and Franzi discussing their poster with an attendee.
|Five New Types of Cyber Attacks||10.18.2010|
|An article at AolNews warns of five new classes of cyber attacks, research into two of which were pioneered by UW security and privacy lab researchers. In 2008 UW researchers, in collaboration with the University of Massachusetts Amherst and the Beth Israel Deaconess Medical Center, published an award-winning paper at the 2008 IEEE Symposium on Security and Privacy evaluating the computer security risks and challenges with implantable medical devices. Earlier this year, UW and UC San Diego researchers published a paper at the 2010 IEEE Symposium on Security and Privacy describing the results of an extensive experimental analysis of a modern car. This research is forward-looking. No known threats have manifested to date, and UW researchers are now focused on developing defenses for futures medical devices and automobiles.|
|New York Times Magazine: Does the Web Ever Forget?||7.25.2010|
|The New York Times Magazine has an excellent article discussing the consequences of a Web that never forgets. What happens when the innocent emails and Facebook posts you send today suddenly resurface 10 or 20 years later? Is there any way for users to proactively control the lifetimes of data stored on third-party Web services, like GMail, Facebook, and Flicker? Last year UW security and privacy researchers Roxana Geambasu and Amit Levy, along with faculty members Yoshi Kohno and Hank Levy, published an award-winning paper at 2009 USENIX Security describing a new approach for empowering users with such control. Their new direction direction, called Vanish, is featured in this article.|
|Security Lab Reunion at Oakland 2010||5.18.2010|
The IEEE Symposium on Security and Privacy
("The Oakland Conference") is one of the flagship conferences for the computer security
and privacy research community.
Today all UW CSE affiliates (students, faculty, alumni, affiliate faculty) at Oakland decided
to wear their UW CSE T-shirts. There was an impressive number of us there!
In the photo: Roxana Geambasu (UW CSE Ph.D. student), Tammy Denning (UW CSE Ph.D. student), David Molnar (MSR, teaching in UW CSE), Alexei Czeskis (UW CSE Ph.D. student), Franzi Roesner (UW CSE Ph.D. student), Stefan Savage (UW CSE Ph.D. alumnus, now UCSD CSE faculty), Steve Checkoway (UW CSE B.S. alumnus, now UCSD CSE Ph.D. student), Damon McCoy (UW CSE Ph.D. intern, now UCSD CSE postdoc), Karl Koscher (UW CSE Ph.D. student), Tadayoshi Kohno (UW CSE faculty), Gabriel Maganis (UW CSE B.S. alumnus, now UCD Ph.D. student), Charlie Reis (UW CSE Ph.D. alumnus, now Google Seattle), Miro Enev (UW CSE Ph.D. student), Vitaly Shmatikov (UW CSE B.S. alumnus, now UT Austin faculty).
|Experimental Security Analysis of a Modern Automobile||5.16.2010|
|UW security and privacy researchers Karl Koscher, Alexei Czeskis, Franzi Roesner, Shwetak Patel, and Yoshi Kohno, along with collaborators from the University of California San Diego led by (UW alumnus!) Stefan Savage, describe the results of an extensive experimental security analysis of a modern car in their paper at the 2010 IEEE Symposium on Security and Privacy. More information at the Center for Automotive Embedded Systems Security Web site and in articles in The New York Times, New Scientist, Technology Review, PC World, TechFlash, and Popular Mechanics.|
|CNN: Scientists Work to Keep Hackers Out of Implanted Medical Devices||4.16.2010|
|This week UW security researcher Tamara Denning presented her study of patients, pacemakers, and security defenses at CHI 2010. A CNN reporter was in the audience and decided to write an article about her work. Tammy used semi-structured interviews with cardiac device patients to provide a scientifically-informed understanding of how different security solutions for wireless implantable medical devices interact with patients' values. This work was in collaboration with Seattle Pacific University and the Beth Israel Deaconess Medical Center. The CNN article also features UW's 2008 experimental security analysis of an implantable cardiac defibrillator (in collaboration with UMass and BIDMC) and discusses the points made in a recent New England Journal of Medicine perspective article (also in collaboration with BIDMC).|