Stanford Security Lunch
Spring 2016

Get announcements:

April 6, 2016 Remote Execution As a Service - Defending the platform against Bad Actors

Speaker:  Matthew Conway and Yang Yang (Heroku)

Abstract:  Heroku is a cloud platform that helps developers deploy, monitor and scale their web apps. We have been using Linux containers to run million of customer applications since 2010. In this talk, we will share how we run containers securely by leveraging features of the Linux kernel and good security practices. We'll also discuss some of the types of abuse the Heroku Security team encounter on the platform, as well as the tools they use to detect and respond to that abuse

April 13, 2016 Backpack to Work: Towards Practical Mixin Linking

Speaker:  Edward Z. Yang

Abstract:  The universal organizing principle for large software systems in programming languages today is the package, the unit by which reusable code may be versioned and distributed. However, most package systems provide only a weak form of modularity, where packages depend directly on other packages. A stronger form of modularity would support separate modular development, where a package may be typechecked against an interface of its dependency.

Backpack is a recent proposal for bringing modularity to Haskell's package system in the form of mixins. Unfortunately, this proposal was intimately tied to the Haskell language in particular. This is problematic for two reasons: first, it means the system is Haskell-specific (and not generalizable to other languages); second, it is not possible to implement, due to the traditional separation between the compiler and the package manager. In this talk, I want to describe Backpack'16: an evolution of the Backpack mixin package system which handles programs in two phases: first, a mixin linking step which "wires" up components, and second, a typechecking phase. The mixin linking phase is completely independent of Haskell and, in principle, can be implemented for any language.

April 20, 2016 Target Fragmentation in Android Apps

Speaker:  Patrick Mutchler

Abstract:  Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the Target Fragmentation Problem.

We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days; 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

April 27, 2016 Incentive Compatibility of Bitcoin Mining Pool Reward Functions

Speaker:  Okke Schrijvers

Abstract:  In this presentation we introduce a game-theoretic model for reward functions within a single Bitcoin mining pool. Our model consists only of an unordered history of reported shares and gives participating miners the strategy choices of either reporting or delaying when they discover a share or full solution. We defined a precise condition for incentive compatibility to ensure miners strategy choices optimize the welfare of the pool as a whole. With this definition we show that proportional mining rewards are not incentive compatible in this model. We introduce and analyze a novel reward function which is incentive compatible in this model. Finally we show that the popular reward function pay-per-lastN-shares is also incentive compatible in a more general model.

May 4, 2016 MASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth LE

Speaker:  Yan Michalevsky

Abstract:  We present new applications for cryptographic secret hand- shakes between mobile devices on top of Bluetooth Low- Energy (LE). Secret handshakes enable mutual authentication, with the property that the parties learn nothing about each other unless they have been both issued credentials by a group administrator. This property provides strong privacy guarantees that enable interesting applications. One of them is proximity-based messaging for private communities.We introduce MASHaBLE, a mobile application that enables participants to send messages to nearby users if and only if they belong to the same secret community. We use direct peer-to-peer communication over Bluetooth LE, rather than relying on a central server. We discuss the specifics of implementing secret handshakes over Bluetooth LE and present our prototype implementation.

May 11, 2016 TBA

Speaker:  Riad Wahby

May 18, 2016 TBA

Speaker:  Joe Bonneau

May 25, 2016 No Lunch -- Oakland S&P

June 1, 2016 TBA

Speaker:  David Wu

June 8, 2016 TBA

Speaker:  Michael Duff (Stanford ISO)