Stanford Security Lunch
Fall 2008

Get announcements: Mail Ical

September 24 Organizational meeting

Organizational meeting: Sign up to give a talk!

October 1 Robust defenses for cross-site request forgery

Speaker: Collin Jackson

Abstract: Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability, but none of the three major CSRF defenses are satisfactory and many web sites neglect to prevent login CSRF. In a login CSRF attack, an attacker uses the victim's browser to forge a cross-site request to the honest site's login URL, supplying the attacker's user name and password. This forged request can disrupt the integrity of the session and enable theft of confidential information.

Although the HTTP "Referer" header could be used as an effective general CSRF defense, our experiments indicate that the header is widely blocked at the network layer due to privacy concerns. Our experimental data shows, however, that the header can be used today as a reliable CSRF defense over HTTPS, which is ideal for login CSRF prevention. For the long term, we propose and implement the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns. We also discuss defenses for session initialization attacks and "clickjacking."

Joint work with: Adam Barth and John Mitchell

October 8 Introduction to OpenID and information cards

Speaker: Eric Lam

Abstract: This talk provides an introduction to the OpenID security protocol and the Information Card identity system. OpenID is a single sign-on protocol that is gaining some popularity on the Internet, particularly on blogging sites. Information Card is a way of representing identities using digital photo identity cards, and has gained support in certain corporations and open source communities. This talk will focus on the architectural components of these technologies.

October 15 No talk

October 22 No talk

October 29 Preference based password reset: saving Sarah Palin

Speaker: Gustav Rydstedt

Abstract: Research has outlined a plethora of techniques for breaking the widely used questions for password reset. Mother's maiden name, social security number, or your first pet's name are either easily found or inferable from the wide span of social networks and public databases. In our research, preference based question such as "Do you like Indian food?" or "Do you like country music?" are proposed as an alternative to these question. Preferences have been shown to hold up well over time and are not forgotten.

I will present the recent data and work done for this project and why it could possibly be applicable as an alternative.

November 5 Generalized identity-based encryption

Speaker: Mike Hamburg

Abstract: Since identity-based encryption was constructed in 2001, many variants have appeared in the literature. We propose "generalized identity-based encryption" (GIBE) which, true to its name, generalizes nearly all these variants. We also present a powerful new framework for constructing GIBE schemes. Applications include the ever-present encrypted email, securing classified information, ring signatures and network coding.

Joint work with: Dan Boneh

November 12 Lights-out management systems: insecurity and defenses

Speaker: Hristo Bojinov

Abstract: Lights-out management systems are hardware components that provide an administrator with remote access to a machine in case the operating system crashes, becomes corrupt, or requires maintenance while the machine is powered off. We present a number of vulnerabilities in lights-out management systems from key vendors (Intel, Dell, and IBM) currently shipping in servers and personal computers. We discovered that the same vulnerabilities affect multiple vendors, suggesting a need for documented principles on how to secure lights-out systems. Given our findings, we discuss defenses and guidelines for improving the security of lights-out management systems.

November 19 Language-based isolation of untrusted Javascript

Speaker: Ankur Taly

Abstract: Web sites that incorporate untrusted content may use browser-based or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study methods for filtering and rewriting JavaScript code, using Yahoo! AdSafe and Facebook's FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities and shortcomings, and give a foundation for improved solutions based on an operational semantics of the full ECMA262-3 language. We also discuss how to apply our analysis to address the problems we discovered.

Joint work with: Sergio Maffeis and John Mitchell