Stanford Security Lunch
Spring 2008

Get announcements: Mail Ical

April 9 Organizational meeting

Organizational meeting: Sign up to give a talk!

April 16 ForceHTTPS: protecting high-security sites from network attacks

Speaker: Collin Jackson

Abstract: As wireless networks proliferate, web browsers operate in an increasingly hostile network environment. The HTTPS protocol has the potential to protect web users from network attackers, but real-world deployments must cope with misconfigured servers, causing imperfect web sites and users to compromise browsing sessions inadvertently. ForceHTTPS is a simple browser security mechanism that web sites or users can use to opt in to stricter error processing, improving the security of HTTPS by preventing network attacks that leverage the browser's lax error processing. By augmenting the browser with a database of custom URL rewrite rules, ForceHTTPS allows sophisticated users to transparently retrofit security onto some insecure sites that support HTTPS. We provide a prototype implementation of ForceHTTPS as a Firefox browser extension.

Joint work with: Adam Barth

April 23 Emerging fraud trends at internet speeds

Speaker: Ori Eisen (41st Parameter)

Abstract: In the rapidly expanding and ever-changing world of Card-Not-Present fraud, five key emerging trends pose the greatest risk to Internet retailers today. Join Ori Eisen, as he takes you step-by-step through the tactics behind these devastating schemes and how to identify and react to minimize impact to your bottom line.

April 30 A layered architecture for detecting malicious behaviors

Speaker: Liz Stinson

Abstract: We build on previous research which characterized the remote- control behavior of malicious bots by identifying system call invocations on data received over the network. Our current research explores the feasibility of correlating system calls in order to identify high-level, semantically meaningful actions, such as "proxying", "keystroke logging", "data leaking", and "downloading and executing a program". Our system consists of three components: behavior specifications, a system-wide emulator, and a behavior matcher.

We specify high-level behaviors through a hierarchy of manually constructed system-call dependence graphs with constraints on the calls' ordering and arguments. Our collection of graphs constitutes a behavior specification language with which novel, high-level behaviors can be easily described. The emulator monitors process execution, performing fine-grained, instruction-level data-flow analysis, and generates a stream of events, which the behavior matcher attempts to match to the provided specifications.

To assess our graphs' coverage of semantically equivalent but programmatically different execution paths, we ran eleven benign programs within our monitoring framework and performed matching against a set of behavior graphs corresponding to innocuous actions. In all cases the benign programs matched the expected specifications. We then tested these benign programs and seven malicious bots against seven specifications corresponding to malicious behaviors and obtained low false positives and no false negatives.

Joint work with: Lorenzo Martignoni, Matt Fredrikson, Somesh Jha and John Mitchell

May 7 Attacks on HB authentication protocols

Speaker: Leo Ducas

Abstract: With the ubiquitous deployment of programmable RFID tags in applications such as supply-chain management and passports, privacy concerns dictate the need to authenticate RFID tags. To this end, Hopper and Blum introduced the HB protocol, the security of which is based on the learning parity with noise (LPN) problem, which is NP-Hard.

In the HB protocol, the tag and the reader have a 64-bit shared secret S. The reader transmits a challenge bitstring q to the tag, which performs a bit-wise AND of q and S then computes the parity p of the resulting bitstring. If the tag transmitted p then a passive attacker could learn the value of S given some number of <q,p> tuples. Consequently, the tag will obtain r by flipping p with some probability ε then transmit r to the reader. After n iterations, the reader will accept the tag only if the tag's responses have approximately (n * ε) errors. The flipping of parity bits is referred to as injecting noise and imposes substantial computational complexity for the passive adversary.

An active attacker, however, can repeatedly send the same q to the tag and obtain the likely corresponding p by taking the majority of the tag's outputs (given ε < 0.5). Hence, the HB protocol is not secure against active attacks. Derivations such as HB+, HB++, and HB# have been introduced to address this limitation. I will first present general ideas for performing noise reduction on all noise-based protocols, then show an attack on the most recent HB derivation, HB#.

May 14 Fraud Scan

Speaker: Alasdair Bruce (Digital Envoy, Inc.)

Abstract: Digital Resolve's Fraud Scan provides front-end authentication and post-transaction analytics by identifying and tracking user activity in real time. Fraud Scan is deployed passively on an enterprise network, reading network communication in transit and requiring no changes to transaction-processing applications. The system translates network and application events into business context and "sessionizes" activity to continually reassess and rescore new actions in both present and historical contexts.

May 21 An operational semantics for JavaScript (ECMA 2.62)

Speaker: Ankur Taly

Note: This talk will be at 4:00 PM. It will be a Security Tea, rather than a Security Lunch.

Abstract: In this work, we define a structured operational semantics for the ECMAScript standard language corresponding to JavaScript. The semantics is based on the standard and a number of experiments with different implementations and browsers. Some basic properties of the semantics are proved, including a soundness theorem and a characterization of the reachable portion of the heap. As a simple test of the applicability of the semantics to browser security issues, we analyze a candidate browser security mechanism from the literature that is written in JavaScript, showing that some implementations are secure for the versions of \js{} implemented in some browsers, and no implementation we have examined is secure for other browsers.

Joint work with: John Mitchell and Sergio Maffeis

May 28 Code-carrying authorization

Speaker: Sergio Maffeis (Imperial College London and UCSC)

Abstract: In authorization, there is often a wish to shift the burden of proof to those making requests, since they may have more resources and more specific knowledge to construct the required proofs. We introduce an extreme instance of this approach, which we call Code-Carrying Authorization (CCA). With CCA, access-control decisions can partly be delegated to untrusted code obtained at run-time. The dynamic verification of this code ensures the safety of authorization decisions. We define and study this approach in the setting of a higher-order spi calculus. The type system of this calculus provides the needed support for static and dynamic verification.

Joint work with: Martin Abadi (Microsoft Research)

June 4 Next gen web app worms: punchline or problem?

Speaker: John Terrill (TruState)

Abstract: The past two years have seen several web worm attacks against various online applications. While these worms have gotten more sophisticated and made use of additional technologies like Flash and media formats, they all have some basic limitations such as infecting new domains and injection methods. These worms are fairly easily detected using signatures and these limitations have made web worms annoying, but ultimately controllable. Often the source website simply fixes a single flaw and the worm dies.

In this presentation I will examine ways web worms might evolve to overcome these limitations. I will describe a hybrid web worm combining both server-side and client side languages to exploit both the web server and the web browser to aid in its propagation across multiple hosts. I will discuss how such a hybrid worm is able to find new vulnerable systems and infect new hosts on different domains from both the client and the server. In addition I will look at how a hybrid worm could upgrade its infection methods while in the wild by fetching and parsing new web vulnerability information from public security sites, preventing a single silver bullet fix from stopping it. We will examine how web worms could implement polymorphism and source code mutation to evade signature detection systems. While these are not new concepts, applying them to interpreted languages like Perl or JavaScript inside a browser allowed for some interesting twists and caused some challenges.

Joint work with: Billy Hoffman (HP Security Labs)