Eran Yahav, IBM Research Sponsored by the Laboratory for Secure Systems and the PORTIA project.

Call for Participation The Security and Privacy Day is a biannual workshop sponsored by the greater New York City area computer security research community for bringing area researchers together, fostering multi-institutional collaborations, and discussing and exchanging our ideas and experiences with security and privacy research. We invite you to attend and encourage you to submit a proposal for a poster or demonstration. Please refer to ...read more

This talk explores shape representation and registration through implicit distance functions. A shape of interest in its implicit form corresponds to the zero level-set of a higher dimensional distance function. In certain applications such as shape registration, which aims to recover a transformation that brings a source shape to achieve high spatial correspondence with a target shape, the implicit representation has advantages because it provides additional support to the registration ...read more

n this talk, I will provide an overview of major design principles used to create video games. Topics will include how to create immersion for players, using overlapping goals and risk/reward systems to maintain the user's attention, and how realism and abstraction affect the user's interpretion of and interaction within virtual worlds. I will also discuss my experiences with getting into the video game industry and my work on Sid Meier's Railroads! which will be released on Octob ...read more

In this talk we introduce the notion of warkitting as the drive-by subversion of wireless home routers through unauthorized access by mobile WiFi clients. We describe how such attacks can be performed, evaluate the vulnerability of currently deployed wireless routers based on experimental data, and examine the impact of these attacks on Internet fraud. Our analysis shows that it is possible in practice to carry out warkitting attacks with low cost equipment widely available today and that ...read more

We describe a new type of threat to the Internet infrastructure, in the shape of a highly efficient but very well camouflaged click-fraud attack on the advertising infrastructure. The attack, which we refer to as a "badvertisement", is described and experimentally verified on several prominent advertisement schemes. This stealthy attack can be thought of as a threatening mutation of spam and phishing attacks, with which it has many commonalities, except for the fact that it is not ...read more

The Software Engineering Institute set up a panel in 2005-2006 to explore research issues in the specification, design and operation of Ultra Large Scale systems (in the range of 1 billion lines of code). The speaker talks about the overall research agenda explored by the panel, as well as the issues that were covered by his group within the panel, dealing with ULS Qualities.

Sponsored by the Laboratory ...read more

I will discuss my recent work in the field of "pattern avoiding permutations". A permutation p_1,p_2,...,p_n of 1,2,...,n is said to contain a subpattern (213 say) if some p_{i_1},p_{i_2},p_{i_3} occur with p_{i_2} Knuth proved that if you pass a mixed-up permutation through a single infinite stack, then it can be sorted back to 1,2,...,n if and only if it does not contain a 213 subpattern. It follows that the number of such permutations is Catalan. I will give an overview of the rece ...read more

For more information please contact:

Murray Elder
Assistant Professor
Kidde
Room 126
Phone: 201.216.5150
Fax: 201.216.8321

melder@stevens.edu

In this talk we present a novel approach to the Decision Diffie-Hellman cryptography problem. The security of many cryptographic schemes rely on the hardness of this problem. We are giving a purely statistical criterion to compare this problem in different groups. We are using Z_p with p prime as a prime example but the methods presented are not restricted to these groups. We find empirical evidence that relates the hardness of the DDH problem to the number of prime factors of p-1 and with ...read more

For more information please contact:

Ionut Florescu
Assistant Professor
Babbio
Room 544
Phone: 201.216.5452
Fax: 201.216.8321

ifloresc@stevens.edu

Information authentication is one of the basic information security goals, and it addresses the issues of source corroboration and improper or unauthorized modification of data. More specific, data integrity is the property that the data has not been changed in an unauthorized manner since its creation, transmission or storage. Data origin authentication, or message authentication, is the property whereby a party can be corroborated as a source of the data. Usually, message authentication ...read more

We will discuss recent research by the center for Decision Technologies related to sensor placement. In particular, we will discuss the use of environmental information in providing prior probabilities for intruder detection. We will also discuss the detection of hostile intent.

Sponsored by the Laboratory for Secure Systems and the PORTIA ...read more

For more information please contact:

Dr. Jeffrey Nickerson
Associate Professor and Director of the Center for Decision Technologies
Babbio Center
Room 631
Phone: 201.216.8124
Fax: 201.216.5385

jnickers@stevens.edu

Pairing-based cryptography is one of the most attractive and extensively progressed areas in modern cryptography in the last decade. This is because pairing technology has brought many breakthroughs both in construction and analysis of cryptographic schemes such as ID-based cryptosystem, short signatures, efficient broadcast encryption, and MOV reduction. I will show a method of fast pairing computation and its applications to anonymous signatures.

Sponsored by the Laboratory for S ...read more

Marco Pistoia, IBM T.J. Watson Research Center

Modern enterprise systems support Role-Based Access Control (RBAC). Although RBAC allows restricting access to privileged operations, a deployer may actually intend to restrict access to privileged data. In this talk, we present a theoretical foundation for correlating an operation-based RBAC policy with a data-based RBAC policy. Relying on a location-consistency property, we show how to infer whether an operation-based RBAC policy is equiva ...read more

Ahmed Elgammal, Rutgers University

Our objective is to learn representations for the shape and the appearance of moving (dynamic) objects that support tasks such as synthesis, pose recovery, reconstruction, and tracking. In this talk we introduce a framework for learning generative models for dynamic appearance. We study various approaches for embedding global deformation manifold that preserves their geometric structure. Given such embedding, nonlinear mapping(s) is learned from such embedd ...read more

David Molnar, UC Berkeley

The term RFID refers to a range of technologies that allow a reader to sense presence of a "tag" via radio waves. Tags are employed today in applications as diverse as library books, WalMart distribution, pharmaceutical tracking, and electronic passports. At the same time, RFID raises significant privacy and security concerns. I will discuss two techniques for improving RFID security and privacy.

The first technique uses symmetric-key cryptography to ...read more

Paul Syverson, Naval Research Laboratory

Can you set up a server that anyone can access but no one can find? Yes you can. Since 2004 we have deployed location hidden servers on the Tor network. Anyone can set one up and hide it using Tor. (Tor is a freely available anonymous communication network developed by the Naval Research Laboratory and the Free Haven Project; see http://tor.eff.org. It is the most widely deployed and used anonymizing network ever in ...read more

Aleksey Kliger

Information flow through a program is secure if users' high-security inputs do not affect low-security behavior of a program, that is, if an attacker cannot learn any secrets by observing public outputs. Type systems have been used to guarantee secure information flow: a language is designed so that only secure programs are well-typed. We illustrate the principle with one such language based on monads&emdash; types used to indicate the presence of side-effects ...read more

Seny Kamara, Johns Hopkins University

Searchable symmetric encryption (SSE) allows a party to outsource the storage of its data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active research and several security definitions and constructions have been proposed. In this talk we will review existing security definitions, pointing out their shortcomings, and propose new and stronger definit ...read more

Phil Bohannon, Lucent Bell Labs 

Data integrated from multiple sources may contain inconsistencies that violate integrity constraints. The constraint repair problem attempts to find low cost changes that, when applied, will cause the constraints to be satisfied. While in most previous work repair cost is stated in terms of tuple insertions and deletions, we follow recent work to define a database repair as a set of value modifications. In this context, we introduce a novel cost fra ...read more

Ji Hui, University of Maryland

Autonomous navigation in unstructured environments requires that the system can estimate its own motion and the motion of other moving objects and can extract a geometric representation of its environments, which it uses to build a map and localize itself within its environments. In this talk I will describe a number of modules I have developed for visual navigation. First, I will show arguments against the classical approach of solving for moti ...read more

Yiqun Lisa Yin

Cryptographic hash functions are an important component in almost all security applications, especially digital signature schemes. Among existing hash functions, the most widely used ones are MD5, designed by Prof. Rivest of MIT and SHA-1, designed by the National Security Agency. In the past two year, there have been significant advances in the cryptanalysis of hash functions. Real collisions were found for MD5, reduced versions of SHA-1, and several other hash functions ...read more

David Woodruff, Massachusetts Institute of Technology

A private approximation of a function f is defined to be another function F that approximates f in the usual sense, but does not reveal any information about x other than what can be deduced from f(x). We give the first secure two-party private approximation of the L_2 distance with polylogarithmic communication. This, in particular, resolves the main open question of Feigenbaum et al [FIMNSW00] (who achieve sqrt{n} communication fo ...read more

Jonathan Katz, University of Maryland

This talk will survey some recent research focused on designing what might be termed "human-centric" authentication protocols: that is, protocols designed with the limitations of human users firmly in mind. As time permits, this will include work on:

Rene Vidal, Johns Hopkins University

Data segmentation is usually though of as a "chicken-and-egg" problem. In order to estimate a mixture of models one needs to first segment the data and in order to segment the data one needs to know the model parameters. Therefore, data segmentation is usually solved in two stages (1) data clustering and (2) model fitting, or else iteratively using, e.g. the Expectation Maximization (EM) algorithm.

This talk will show that for a ...read more

Simson Garfinkel, Harvard University

What could you do with 1000 used hard drives? Garfinkel examined the data on them that had been left by their previous owners and found credit card numbers, medical records, pornography, and email. But he also found that the oft-neglected need to sanitize discarded media is a serious problem among computer users—one that appears to be getting worse.

This talk examines the results-to-date of Garfinkel's five-year rese ...read more

Reiner Sailer, IBM T.J. Watson

sHype is a hypervisor security architecture developed by IBM Research for different virtual machine monitors. It is available as an integral part of the Xen open-source hypervisor. sHype originally builds on the advantages of the emerging and broadly available hardware support for virtualization by providing simple system-independent and robust security policies. It controls virtual resources across multiple platforms. Our main objective is to provide a ...read more