[ZISC Lunch Seminar] Using Text Analytics to Enhance Security Analysis of Mobile Applications

Abstract:   Mobile platforms such as Android and iOS have become a primary form of computing for millions of users. These modern platforms are built around the notion of “apps,” providing rich runtime environments that provide application developers easy access to sensors (e.g., location, camera), user information (e.g., contacts, social networks), and device functionality (e.g.,

[ZISC Lunch Seminar] Towards Securely Verifying Location Claims on the Internet

Abstract: The number of security-sensitive location-aware services over the Internet continues to grow, such as location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing Internet geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy servers and virtual private

[ZISC Lunch Seminar] Enabling Trust with Privacy in Credit Networks

Abstract: A credit network models trust between agents in a distributed environment and enables payments between arbitrary pairs of agents. With their flexible design and robustness against intrusion, credit networks form the basis of several Sybil-tolerant social networks, spam-resistant communication protocols, and payment systems. In this talk, I will introduce the concept of credit network

[ZISC Lunch Seminar] Anonymity in the Bitcoin Peer-to-Peer Network

Abstract: Bitcoin enjoys a public perception of being a privacy-preserving financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the

[ZISC Lunch Seminar] Physical-world attacks on machine-learning (ML) + Using ML to help users make better security decisions

Abstract: This talk will show why we should be concerned about the increasing use of machine-learning (ML) algorithms in safety- and security-critical applications; but also how machine learning can help users maintain their privacy.   First, I will show that state-of-the-art face-recognition algorithms are vulnerable to _physically realizable_ and _inconspicuous_ attacks, allowing attackers to evade

[ZISC Lunch Seminar] Hardware Security in a Post-Snowden World

Abstract: Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security–critical, e.g., automotive electronics, medical devices, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be

[ZISC Lunch Seminar] Software Grand Exposure: SGX Cache Attacks are Practical

Abstract: Intel Software Guard Extension (SGX) is an extension to the x86 instruction set that enables an application to isolate code and data in a container, called enclave. SGX hardware protects the enclave code and data against a malicious operating system, hypervisor, and even low-level firmwares. In particular, the hardware protects the confidentiality of enclave