Security Lab at Oakland 2018

Congratulations to Kiron Lebeck and Lucy Simko for their excellent talks at the IEEE Symposium on Security and Privacy (Oakland) this week!

Kiron presented his work “Towards Security and Privacy for Multi User Augmented Reality: Foundations with End Users”, in collaboration with Security Lab undergraduate Kimberly Ruth and faculty members Yoshi Kohno and Franzi Roesner. You can watch the video of Kiron’s talk here and read the paper here.

Lucy presented her work on “Computer Security and Privacy for Refugees in the United States”, in collaboration with Security Lab alumna Ada Lerner, Samia Ibtasam, and Security Lab faculty members Franzi Roesner and Yoshi Kohno. You can watch the video of Lucy’s talk here and read the paper here.

Kimberly Ruth named Finalist for CRA Outstanding Undergraduate Researcher Award

Kimberly Ruth was named as a Finalist for the 2018 CRA Outstanding Undergraduate Research Award! This is a very competitive award that “recognizes undergraduate students in North American universities who show outstanding research potential in an area of computing research.” Kimberly’s current research focus is on security and privacy for emerging augmented reality (AR) technologies, and she’s been a member of the Security and Privacy Lab since she was a freshman. Kimberly has had an incredible year, adding this award to the Mary Gates Research Scholarship, the SWSIS Scholarship, and the WRF Fellowship. Congratulations Kimberly on this huge honor!

Improv Workshop

  

To celebrate the end of the academic quarter, Security and Privacy Lab members participated in an improvisation team building workshop facilitated by an instructor from Unexpected Productions. Not only is improv funny and fun, it also provides surprisingly relevant lessons for research and collaboration — such as the “Yes, and…” mindset for brainstorming.

Security Lab at the Allen School’s Industry Affiliates Research Day

The Security and Privacy Lab hosted two sessions of research talks at the Allen School’s Industry Affiliates Research Day today. Presentations included:

  • Kiron Lebeck on “Securing Augmented Reality Output”
  • Peter Ney on “Computer Security, Privacy, and DNA Sequencing. Compromising Computers with Synthetic DNA, Privacy Leaks, and More”
  • Camille Cobb on “Privacy in Online Dating”
  • Eric Zeng on “End User Security & Privacy Concerns with Smart Homes”
  • Ivan Evtimov on “Robust Physical-World Attacks on Deep Learning Models”
  • Lucy Simko on “Recognizing and Imitating Programmer Style”
  • Alex Takakuwa on “Moving to New Devices in the FIDO Ecosystem”
  • Peter Ney on “SeaGlass: Enabling City-Wide IMSI-Catcher Detection”

Thanks to all the speakers for the great talks and to all the attendees for joining us!

Rewriting History: Manipulating the Archived Web from the Present

Web archives such as the Internet Archive’s Wayback Machine are used for a variety of important uses today, including citations and evidence in journalism, scientific articles, and legal proceedings. In a new paper, Security Lab PhD alumna Ada Lerner (now an assistant professor at Wellesley College) and Lab co-directors Yoshi Kohno, and Franzi Roesner show how a malicious actor might be able to manipulate what users see when they view archived pages. The image on the right shows a proof-of-concept example in which a 2011 snapshot of a website has been temporarily modified to show 2017 content.

For more details about how these attacks work and how to defend against them, see the Rewriting History project website or read the full conference paper. Dr. Lerner will be presenting this work this week at the ACM Conference on Computer and Communications Security (CCS) 2017.

We disclosed our results to the Wayback Machine before publication, and we are extremely grateful to Mark Graham and his team at the Internet Archive for their prompt and thoughtful responses in taking action to mitigate these attacks! They have already implemented Content-Security Policy headers, which instruct client browsers not to load content from outside the Archive, blocking many vulnerabilities to one of our attacks. Additionally, they launched a new feature, described in this blog post, which shows users of the Archive the relationship of the timestamps of subresources to the snapshot currently being viewed. This information can help expert users better interpret archival snapshots and catch “anachronistic” requests which may result in benign or malicious modifications to the view of a page.

With this paper, we are also releasing Tracking Excavator, a tool for measuring web tracking in the Archive. Tracking Excavator is described in more detail in our paper from USENIX Security 2016.

Kimberly Ruth Awarded WRF Fellowship

Congratulations to Kimberly Ruth on receiving a Washington Research Foundation Fellowship! These fellowships “recognize and support undergraduates who achieve a high level of accomplishment in research, particularly in areas relevant to the development of new technologies.” Since her freshman year, Kimberly has been an undergraduate researcher in the UW CSE Security and Privacy Lab, co-advised by Professors Tadayoshi Kohno and Franziska Roesner. Her current research focus is on the security and privacy implications of emerging augmented reality (AR) technologies. Read the full award citation here — congratulations Kimberly!

1 2 3 20