Thursday, October 25, 2007

Stanford/TRUST faculty offer Advanced Computer Security Certificate Online: What You Don’t Know Can Hurt You

TRUST faculty Dan Boneh and John Mitchell have developed an
Advanced Computer Security Certificate that can be taken as online classes. The BusinessWire article states
"Specific topics covered include secure software design, buffer overflows, SQL injection attacks, authentication, access control, data integrity, symmetric encryption, public-key cryptography, and more. The Advanced Computer Security certificate program requires six courses three core and three electives. The instructors regularly update the content. Each course is self- paced and approximately six hours long, and is available at any time. Detailed information about the program is found at http://proed.stanford.edu/?security."

Security Focus Interviews Adam Barth about DNS Rebinding

Security Focus has an interview with TRUST's Adam Barth. The interview, "Rebinding attacks unbound." Adam is quoted as saying:
"I'm a Ph.D. student at Stanford University and a member of the Stanford Web Security Lab. Collin Jackson, Andrew Bortz, Weidong Shao, Dan Boneh, and I are presenting a paper at the 2007 ACM Conference on Computer and Communications Security, detailing how to protect browsers from DNS rebinding attacks."

Wednesday, October 17, 2007

Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets

Trust researcher Adrian Perrig's work is highlighted in a CMU press release: "Carnegie Mellon's Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets." The work, done in conjuction with Vern Paxson and others is described as:
To stem the flow of stolen credit cards and identity data, Carnegie Mellon researchers proposed two technical approaches to reduce the number of successful market transactions, including a slander attack and another technique, which were aimed at undercutting the cyber-crooks verification or reputation system.

"Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.

In a slander attack, an attacker eliminates the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services," Franklin said.

The researchers also propose to undercut the burgeoning black market activity by creating a deceptive sales environment.

Perrig's team developed a technique to establish fake verified-status identities that are difficult to distinguish from other-verified status sellers making it hard for buyers to identify the honest verified-status sellers from dishonest verified-status sellers.

"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behavior is known as 'ripping.' And it is the goal of all black market site's verification systems to minimize such behavior," said Franklin.
The work has also been featured in a Slashdot.

Friday, October 05, 2007

The "Profiles in Team Science" document and website covers TRUST