Stanford Security Lunch
Winter 2019

Get announcements: Mail Ical

January 09, 2019 No meeting due to Real World Crypto Symposium

January 16, 2019 Client-side Encrypted Cloud Backups for Android

Speaker:  Shabsi Walfish

Abstract:  In the latest release of the Android OS, there is a new feature that enables users to encrypt their device's backup data at the client-side so that the Cloud provider cannot read it. When the user wants to restore their backup to a new device, they are now prompted to enter the lock screen knowledge factor (PIN, pattern, or password) that was used on their old device before their old backup data can be decrypted. While this might sound trivial to implement by using the lock screen to derive an encryption key, that approach doesn't work since lock screen knowledge factors are very low entropy (as little as 10 bits). A simple brute-force exploration of the input space would not only quickly crack the encryption, but would also reveal the user's lock screen knowledge factor to the attacker. To prevent such brute-force attacks, we make use of specialized secure hardware on the Cloud server-side that only allows for a small number of failed attempts to recover the backup before permanently disabling it. In this talk, I'll give a simplified overview of the protocol as well as discuss some of the unique challenges involved in implementing the new feature with custom secure hardware in Google's data centers.

January 23, 2019 No speaker this week

January 30, 2019 No meeting due to Stanford Blockchain Conference

February 06, 2019 Questioning the Implementation of the Linux Kernel Randomization in Cloud Computing Systems

Speaker:  Hector Marco

Abstract:  Cloud computing technology allows to reduce the cost of performing tasks in a flexible, scalable and reliable way. An important technique employed in Cloud systems to reduce the memory footprint across virtual machines is the memory deduplication mechanism. In this talk I will present the challenges that the Linux Kernel Address Space Layout Randomization (KASLR) introduces to the memory deduplication. I will go through KASLR implementation details to identify the reasons why the memory deduplication fails to merge randomized kernels. Experiments show that only 2.5% of the code can be merged when the KASLR is enabled, a huge difference compared to the 100% when the KASLR is disabled. This introduces a challenge in systems where memory is a scarce resource and security is a must, for example in Clear Linux distributions. I will conclude the talk discussing KASLR implementation alternatives compatible with the memory deduplication and the new challenges they are introducing.

February 13, 2019 Cyber Risk Management: AI Generated Signals of Threats and Collaborative Decisions

Speaker:  Isaac Faber

Abstract:  This research presents a warning systems model in which early-stage cyber threat signals are generated using machine learning and artificial intelligence techniques. Cybersecurity is most often, in practice, reactive. The current security paradigm, which is based on the manual forensics of machine-generated data by humans, begins after an event has taken place and can be significantly improved. Moving towards a more proactive posture, system defenders can keep pace with better methods of detection and response. However, this remains difficult due to the dynamic nature of threats and the volume of data generated by security devices. Cyber-threats operate on a set of discrete, observable steps called a 'kill chain.' Using machine learning techniques, data produced from early kill chain steps can be used to automate many traditionally manual defensive responses. However, most AI techniques are sensitive to exploitation and overly burdensome false positive rates. To address this problem this research presents a collaborative decision paradigm with machines making low-impact/high-confidence decisions, and human analysts only mitigate signals elevated with sufficient importance. An early warning system using these techniques has the potential to avoid more severe downstream consequences by disrupting threats at the beginning of the kill chain.

February 20, 2019 TBA

Speaker:  Darin Smith

February 27, 2019 TBA

Speaker:  Roya Ensafi

March 06, 2019 TBA

March 13, 2019 TBA