Security and Privacy Research Lab

UW CSE’s Karl Koscher is headed to Taiwan to give the opening talk at the 6th Workshop on Embedded Systems Security (WESS 2011) along with UCSD PhD student (and UW undergraduate alumnus) Steve Checkoway. Karl and Steve will be presenting their recent research results on automotive computer security, co-authored with UW’s Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Yoshi Kohno and UCSD’s Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. You can read about their research at http://www.autosec.org/faq.html.

Members of the UW Security and Privacy Lab surprised Yoshi with his new, most favorite shirt ever! Thank you Alexei, Franzi, Karl, Miro, and Tammy!

The paper titled deSEO: Combating Search-Result Poisoning was published last week at Usenix Security 2011. It describes how malware and viruses are spread through the poisoning of popular search keywords, and develops tools to help search engines fight the problem.

The paper was authored by John P. John and Arvind Krishnamurthy from UW, in collaboration with researchers at MSR, Silicon Valley.

The UW Security and Privacy Lab is now on Twitter. Follow us at https://twitter.com/#!/uw_cse_seclab.

The UW-UCSD collaborative project on automotive security has just published their second paper entitled “Comprehensive Experimental Analyses of Automotive Attack Surfaces” at Usenix Security 2011. The results in this paper were previously presented before a National Academy of Sciences committee on automotive safety (3.13.2011).

On the UW side, this effort was led by Karl Koscher, Alexei Czeskis, and Franziska Roesner (along with faculty member Yoshi Kohno). On the UCSD side, this effort was led by Stephen Checkoway, Damon McCoy, Brian Kantor, and Danny Anderson (along with faculty members Hovav Shacham and Stefan Savage).

A video of the Usenix Security talk is online here.

In order to look their best at Defcon and Usenix Security, members of the UW CSE Security and Privacy Research Lab equipped themselves with t-shirts displaying the text of the waiver they were required to sign before testing their “analyzed automobile” on the runway at Blaine Airport.

We can confirm that no damage was done by the car at Blaine Airport. We are not so sure about the impact of these t-shirts at Defcon and Usenix Security.

Cory Doctorow at BoingBoing is reporting on Franzi Roesner’s latest project, ShareMeNot. Cory writes: “[ShareMeNot is] a Firefox Add-On that defangs social media buttons like the Facebook ‘Like’ button (and others) so that they don’t transmit any information about your browsing habits to these services until (and unless) you click on them. That means that merely visiting a page with a Like or a Tweet or a +1 button (like this one) doesn’t generate a data-trail for the companies that operate those services, but you still get the benefit of the buttons, that is, if you click them, they still work. Smart.” Also involved are UW CSE faculty members Yoshi Kohno and David Wetherall.

Each year, UW Computer Science and Engineering and Microsoft Research host a Summer Research Institute in Computer Science, bringing together dozens of the world’s top researchers for several days to discuss an important emerging topic.

This year’s UW-MSR Summer Research Institute is taking place July 24-27 at Suncadia Resort, located in the Cascades, ninety minutes southeast of Seattle. The topic is “Security and Privacy for a Consumer, Cloud World.” The goal is to identify new directions for consumer and cloud computing, discuss the challenges for protecting security and privacy in a consumer and cloud computing world, and explore directions for mitigating those challenges. The Institute brings together researchers and practitioners from diverse but relevant areas such as computer security, cryptography, mobile systems, cloud computing, systems and networking, and HCI. The organizers are Yoshi Kohno (UW CSE), David Molnar (MSR), and Helen Wang (MSR).

This is the fifteenth UW-MSR Summer Research Institute. Learn more about this year’s UW-MSR Summer Research Institute here.

Alexei Czeskis and Jacob Appelbaum are helping to design a privacy preserving registry for the Washington State medical marijuana data. Their effort was recently mentioned a Seattle Weekly article, available here.

Jake and Alexei have been working directly and indirectly with a variety of stakeholders like the Washington State ACLU, legislators, law enforcement, and Cannabis Defense Coalition to make sure that a technology can be designed to meet the variety of needs and the (sometimes conflicting) goals. Jake’s and Alexei’s work have helped inform the technical language in Senate Bill SB 5073 and more recently — SB 5955.

UW CSE PhD Student Roxana Geambasu has just accepted a tenure-track faculty position in the Department of Computer Science at Columbia University. Congratulations Professor Roxana!!