Security and Privacy Research Lab

UW CSE Security Lab Ph.D. student Franzi Roesner has been recognized with the “Best Practical Paper” award at the IEEE Symposium on Security and Privacy. The paper, “User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems,” was co-authored with UW CSE professor Yoshi Kohno, UW CSE Ph.D. alumnus and Microsoft Research staff member Alex Moshchuk, Microsoft Research staff members Bryan Parno and Helen Wang, and Microsoft staff member Crispin Cowan.

Congratulations to Franzi and her co-authors!

UW CSE has just won the 2012 National Collegiate Cyber Defense Competition, repeating 2011’s performance.

Team members Mick Ayzenberg, Henry Baba-Weiss, Ian Finder, Karl Koscher, Landon Meernik, Miles Sackler, Cullen Walsh, and Lars Zornes — coached by Jake Appelbaum and advised by Melody Kadenko — qualified for the National competition by winning the Pacific Rim Regionals last month. Hearty congratulations to these folks, and also to Barbara Endicott-Popovsky of UW’s iSchool for encouraging a UW-wide focus on cybersecurity.

See an excellent UW News article here. See a Seattle Times article previewing the competition here. Wall Street Journal MarketWatch article on the competition here. Seattle Times article on the competition here. Other press, out the wazoo: Sacramento Bee; PR Newswire; Infosec Island; Sys-Con Media; KHQ Spokane; KFVS Eklville; KYTX Tylor Longview; splunk.

The Seattle Times previews the National Collegiate Cyber Defense Competition:

“Somewhere in Texas right now, 30 hackers known as the Red Team are attacking a computer network called Go Mommy, using every trick to try to bring it to its knees.

“Among the defenders: Eight computer-science students from the University of Washington, working to repel the attack — quite possibly while humming the ‘Angry Birds’ theme song.

“This is the world of college cybersecurity competitions, where a dose of black humor underscores an atmosphere of extreme suspicion, and the hackers dish out clever pop-culture references while trying to break the student networks with a bag of dirty tricks.

“The UW team is one of the best in the country. It’s one of 10 teams competing in the National Collegiate Cyber Defense Competition in San Antonio this weekend as the defending champs, having won the competition for the first time last year.”

Read more here.

Last year, UW surprised itself by winning the National Collegiate Cyber Defense Competition. It is perhaps not so surprising, then, that the UW team — composed entirely of CSE students — rocked at this weekend’s Fifth Annual Pacific Rim Regional Collegiate Cyber Defense Competition, winning a return ticket to the nationals. UW’s score exceeded the combined scores of the second, third, and fourth place teams.

Congratulations to team members Mick Ayzenberg, Henry Baba-Weiss, Ian Finder, Karl Koscher, Landon Meernik, Cullen Walsh, Lars Zornes, Miro Enev (grad alternate), Max Sherman (undergrad alternate), Miles Sackler (Team Captain), Melody Kadenko (Team Advisor), and Jake Appelbaum (Team Co-Advisor).

Team Advisor Melody Kadenko says: “I am SO PROUD of them!!! Further, it proves that it’s not necessarily our team training and practice that can account for so many wins (since we don’t do much of that). It’s the CSE curriculum that teaches our students how to analyze, find solutions, think abstractly. The only thing left to teach during training/practice is how to not have a meltdown when something goes horribly wrong, and how to keep the profanity to a minimum when judges are present.”

Go team!

Franzi Roesner is one of the twelve winners (from 198 nominees) of this year’s Microsoft Research Ph.D. Fellowship competition.

Franzi is a UW CSE Ph.D. student working with Yoshi Kohno in the areas of security, privacy, and systems. She was an undergraduate at UT Austin.

Congratulations Franzi!

“Look, I’m not trying to freak you out here. Well, OK, maybe a little. But think about it: We have computers all over the place. Your laptop or desktop PC; maybe you have a tablet too, maybe a smartphone. And it doesn’t stop there. Your car might be computerized, your kitchen, the toys your kids got for Christmas. If any of those computers are connected to any kind of network, there exists an issue of security …

“Yoshi Kohno is an associate professor of computer science and engineering at the University of Washington. He and his team figured out how to break into a car’s internal, computer network. They were able to control the brakes and turn the car on and off. They also fiddled around with a commercially available toy robot. ‘One of the things we found is that as soon as we turned this toy robot on, it advertises a wireless ad hoc network that anyone can connect to,’ Kohno says …

“Kohno’s team has been looking into something far more serious than a toy robot: implanted medical devices. ‘We found that a person using their own equipment could wirelessly communicate with a pacemaker or defibrillator and change its settings, turn on and off therapies, and in fact make it issue a large shock,’ he says.”

Listen to the full story here.

“The break-in is one of the boldest known infiltrations in what has become a regular confrontation between US companies and Chinese hackers.

“Bradley Shear, George Washington University professor and Attorney At Law with the Law Office of Bradley S. Shear, LLC, Alexei Czeskis, Security and Privacy Research Lab with the Department of Computer Science & Engineering at the University of Washington, and Paul Rosenweig, Principal with Red Branch Consulting and a visiting fellow at Heritage, talk about this complex operation, which involved at least 300 internet addresses.”

Listen to the story here.

Jeff Bezos spent several hours in UW CSE labs on December 16 — discussing ubiquitous computing and sensing with Shwetak Patel and students; the future of search with Oren Etzioni; and the security of computer-controlled personal devices (such as automobiles) with Yoshi Kohno and students; as well as discussing future directions for the computer science field with Ed Lazowska and Hank Levy.

Recently, Miro Enev traveled to CCS 2011 to present his work with Sidhant Gupta on uncovering the depth of information leakage available on the modern powerline. The paper suggests that it is possible to tell what someone is watching on a TV by collecting a short period of unintentionally generated electromagnetic interference (EMI) from any wall socket in a home (not just the socket connected to the TV). This research was based on in-lab and in-home experiments with 8 TVs ranging in size, technology, and manufacturer, and a dataset of 20 movies plus over-the-air broadcasts. Miro and Sidhant also demonstrated the ability to train a neural network to predict the EMI of a television without need for physical access to the device. Full details in the paper. UW faculty members Shwetak Patel and Tadayoshi Kohno were also involved.

Earlier this year UW CSE security researcher Franzi Roesner released ShareMeNot — a Firefox plugin designed to help users avoid unwanted tracking by third party social media buttons on the Web while still allowing the user to use those buttons when they wish. ShareMeNot handles the Facebook Like button, the Google +1 button, and others.

Last night Franzi presented a poster of her work at the annual UW CSE Industrial Affiliates meeting. The Madrona Venture Group was extremely impressed by Franzi’s work and awarded her the Madrona Prize Runner Up Award. Congratulations Franzi!