Stanford Security Lunch
Fall 2021

Get announcements:

September 22, 2021 Secure Source-Tracking for Encrypted Messaging

Speaker:  Charlotte Peale (Stanford)

Abstract:  While the end-to-end encryption properties of popular messaging schemes such as Whatsapp, Messenger, and Signal guarantee privacy for users, these properties also make it very difficult for messaging platforms to enforce any sort of content moderation. This can lead to the unchecked spread of malicious content such as misinformation on such platforms. In 2019, Tyagi et al. developed message traceback, which addresses this issue by allowing a messaging platform to recover the path of a forwarded message after a user reports it for malicious content. In this talk, I'll present an alternative to message traceback that offers more privacy to users and requires less platform-side storage. We term this approach source-tracking for encrypted messaging schemes. Source-tracking enables messaging platforms to provide the privacy guarantees expected from standard end-to-end encryption, but also helps hold the sources of malicious messages accountable: if malicious content is reported by a user, the source can be identified.

September 29, 2021 Improving the Coverage and Compatibility of Web Content Blocking in Brave Browsers

Speaker:  Pete Snyder (Brave)

Abstract:  A large and growing body of research has established the performance, privacy, security and aesthetic benefits of content blocking, sometimes called "ad blocking" or "tracker blocking". However, while the benefits of content blocking are clear, the difficulties and costs of blocking have gone understudied, leaving content blocking tools without robust solutions. Examples of such difficulties include adversarial countermeasures from trackers and webcompat issues caused by blocking.
In this talk I'll present three projects at Brave to improve the state of content blocking on the Web. First, I'll present work from S&P 2021 on programmatically detecting when sites try to evade content blocking, using deep browser instrumentation and behavioral analysis to allow for automated detection of filer list evasion. Second, I'll present SugarCoat, work from CCS 2021 on solving webcompat / privacy tradeoffs in content blocking that uses behavioral and static analysis to programmatically generate implementations of trickling libraries that preserve compatibility without disrupting user serving behaviors. And third, I'll present ongoing work on measuring the web-compatibility impacts of web-privacy interventions.
Finally, I'll discuss how these projects align with Brave's goal of being the best-of-breed privacy browser on the Web, practical lessons learned when incorporating these research projects into product, and briefly mention other research projects going on at Brave.

October 06, 2021 Extricating IoT Devices from Vendor Infrastructure with Karl

Speaker:  Gina Yuan (Stanford)

Abstract:  Most consumer IoT devices are vertically integrated with cloud-side vendor infrastructure. Such architectures present the potential for enormous abuse, as companies gain the technical means of spying on users in their homes. Worse, users have no visibility into cloud-side activity, and hence no way of detecting when such abuse is taking place. In addition, cloud-side IoT infrastructure adds network latency, creates unintuitive failure models, and distorts design goals to generate subscription revenue needed to cover its cost.
Karl is a new smart-home framework designed to host IoT computation and storage on user-chosen devices. A key insight is that cloud-side services have moved towards serverless infrastructure, a model that can just as easily be provided by hardware users already own, such as an old laptop or phone. Alternatively, Karl allows users who want the cloud to rent computation and storage directly, at comparable costs to IoT subscriptions. Most importantly, Karl enforces security policies that cut across devices from multiple vendors and cannot be bypassed by compromised vendors or devices. We introduce two IoT security mechanisms, pipeline permissions and exit policies, that map directly to properties users care about and can be visualized in a way that matches user intuition. We evaluate Karl through two end-to-end applications.

October 13, 2021 Доверя́й, но проверяй : SFI safety for native-compiled Wasm

Speaker:  Evan Johnson (UCSD)

Abstract:  WebAssembly (Wasm) is a platform-independent bytecode that offers both good performance and runtime isolation. To implement isolation, the compiler inserts safety checks when it compiles Wasm to native machine code. While this approach is cheap, it also requires trust in the compiler’s correctness—trust that the compiler has inserted each necessary check, correctly formed, in each proper place. Unfortunately, subtle bugs in the Wasm compiler can break—and have broken—isolation guarantees. To address this problem, we propose verifying memory isolation of Wasm binaries post-compilation. We implement this approach in VeriWasm, a static offline verifier for native x86-64 binaries compiled from Wasm; we prove the verifier’s soundness, and find that it can detect bugs with no false positives. Finally, we describe our deployment of VeriWasm at Fastly.

October 20, 2021 Efficient Functional Commitments: How to Commit to Private Functions

Speaker:  Wilson Nguyen (Stanford)

Abstract:  We construct efficient functional commitments for all bounded size arithmetic circuits. A (function hiding) functional commitment scheme allows a committer to commit to a secret function f and later prove that y = f(x) for public x and y—without revealing any other information about f. Thus, functional commitments allow the operator of a secret process to prove that the process is being applied uniformly to everyone. Possible applications include bail decisions, credit scores, online ranking algorithms, and proprietary software-as-a-service. To build functional commitments, we introduce a new type of protocol: a proof of function relation (PFR) to show that a committed relation is a function. We show that combining a suitable preprocess-ing zk-SNARK with a PFR yields a secure functional commitment scheme. We then construct efficient PFRs for two popular preprocessing zk-SNARKs, and obtain two functional commitment schemes for arithmetic circuits. These constructions build on polynomial commitments (a special case of functional commitments), so our work shows that polynomial commitments are "complete" for functional commitments.

October 27, 2021 Security and Privacy as an Incentive Alignment Problem: Breaking Internet Voting Systems Used in U.S. Federal Elections

Speaker:  Michael Specter (MIT/Google)

Abstract:  In this talk, I’ll introduce the concept of security research motivated by the need to realign incentives of market actors toward providing better security. I’ll argue that a research approach guided by a deep understanding of the economic, regulatory, and technical attributes of the actors involved is crucial for solving important societally-relevant problems in computer security. To illustrate this approach, I’ll present the first security analysis of Internet voting systems used in U.S. federal elections -- including those used in the 2020 U.S. Presidential race. We find that, despite decades of cryptography and systems security research into voting schemes, all deployed Internet voting systems are far from the ideal presented in the literature and suffer from serious security and privacy flaws. I’ll cover:

November 03, 2021 DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale

Speaker:  Aurore Fass (CISPA/Stanford)

Abstract:  Browser extensions are popular to enhance user browsing experience. By design, they have access to security- and privacy-critical APIs to perform tasks that web pages cannot traditionally do. Even though web pages and extensions are isolated, they can communicate through messages. In practice, a web page under the control of an attacker can send malicious payloads to a vulnerable extension, tailored to exploit its elevated privileges, leading to, e.g., arbitrary code execution or sensitive user data exfiltration.
In this talk, I will present our system DoubleX (ACM CCS 2021) to detect security and privacy threats in vulnerable extensions. DoubleX abstracts extension code with control & data flows and pointer analysis, and models message interaction within and outside of an extension. This way, DoubleX can track and detect suspicious data flows between an attacker and sensitive APIs in extensions. We evaluated DoubleX on 154,484 Chrome extensions, where it has both a high precision (89% verified dangerous data flows) and recall (detection of 93% of known flaws). Overall, we detected 184 vulnerable Chrome extensions, 87% of which we found to be already vulnerable a year ago. This highlights the need for a system like DoubleX to prevent vulnerable extensions from entering the Store in the first place.

Preprint:  CCS 2021

November 10, 2021 Snoopy: Surpassing the Scalability Bottleneck of Oblivious Storage

Speaker:  Vivian Fang and Emma Dauterman (Berkeley)

Abstract:  Existing oblivious storage systems provide strong security by hiding access patterns, but do not scale to sustain high throughput as they rely on a central point of coordination. To overcome this scalability bottleneck, we present Snoopy, an object store that is both oblivious and scalable such that adding more machines increases system throughput. Snoopy contributes techniques tailored to the high-throughput regime to securely distribute and efficiently parallelize every system component without prohibitive coordination costs. These techniques enable Snoopy to scale similarly to a plaintext storage system. Snoopy achieves 13.7× higher throughput than Obladi, a state-of-the-art oblivious storage system. Specifically, Obladi reaches a throughput of 6.7K requests/s for two million 160-byte objects and cannot scale beyond a proxy and server machine. For the same data size, Snoopy uses 18 machines to scale to 92K requests/s with average latency under 500ms. This work will appear at SOSP '21 and is joint work with Ioannis Demertzis, Natacha Crooks, and Raluca Ada Popa.

Preprint:  ePrint

November 17, 2021 "Whether it's moral is a whole other story": Consumer perspectives on privacy regulations and corporate data practices

Speaker:  Leah Zhang-Kennedy (University of Waterloo)

Abstract:  Making online privacy decisions is increasingly difficult for users due to the complexity of information technologies and the various activities users engage with online across multiple platforms and devices. In this talk, I argue that understanding users’ perspectives on privacy ethics could offer rich insights into how they engage in online privacy decision-making. I will present the findings from a survey and interview study where we explored how Canadians respond to hypothetical privacy violations using ten scenarios adapted from real cases. We found that users rely on a "moral code" to assess privacy violations based on the core moral values of trust, transparency, control, and access. While privacy laws govern businesses’ collection, use, and disclosure of personal information, our findings suggest that users do not necessarily perceive businesses’ compliance with the law as sufficient for ethical conduct.

Paper:  SOUPS 2021

November 24, 2021 Thanksgiving

December 01, 2021 Short-lived zero-knowledge proofs and signatures

Speaker:  Joseph Bonneau (NYU)

Abstract:  This talk will discuss short-lived proofs, a non-interactive proof of knowledge with a novel feature: after a specified period of time, the proof is no longer convincing. This time-delayed loss of soundness happens "naturally" without further involvement from the prover or any third party. The talk will discuss potential applications of short-lived proofs and short-lived signatures (a special case). It will also show several practical constructions built using verifiable delay functions (VDFs), including two novel types of VDFs, re-randomizable VDFs and zero-knowledge VDFs, which may be of independent interest.

December 08, 2021 MAGE: Nearly Zero-Cost Virtual Memory for Secure Computation

Speaker:  Sam Kumar (Berkeley)

Abstract:  Secure Computation (SC) is a family of cryptographic primitives for computing on encrypted data in single-party and multi-party settings. SC is being increasingly adopted by industry for a variety of applications. A significant obstacle to using SC for practical applications is the memory overhead of the underlying cryptography. We develop MAGE, an execution engine for SC that efficiently runs SC computations that do not fit in memory. We observe that, due to their intended security guarantees, SC schemes are inherently oblivious—their memory access patterns are independent of the input data. Using this property, MAGE calculates the memory access pattern ahead of time and uses it to produce a memory management plan. This formulation of memory management, which we call memory programming, is a generalization of paging that allows MAGE to provide a highly efficient virtual memory abstraction for SC. MAGE outperforms the OS virtual memory system by up to an order of magnitude, and in many cases, runs SC computations that do not fit in memory at nearly the same speed as if the underlying machines had unbounded physical memory to fit the entire computation. A paper describing this research appeared at OSDI 2021, where it received a Jay Lepreau Best Paper Award.

Paper:  OSDI 2021