May 22, 2014
Another challenging year in cyber security and privacy means another compelling IEEE Security and Privacy Symposium, and another compelling IEEE Security and Privacy Symposium means another significant contribution from Carnegie Mellon University CyLab.
This year, three hundred and thirty-three papers were submitted. After a rigorous review process (which included ninety-nine "intensive discussions," one thousand two hundred eighteen reviews and a rebuttal phase), forty-four papers were selected to be published as part of the Symposium.
Of these forty four worthy contributions, four were singled out for IEEE Security and Privacy Symposium 2014 Best Papers Awards:
CMU CyLab researcher Shayak Sen presented the award winning paper co-authored by members of the CyLab and Microsoft Research teams:
In this paper, we demonstrate a collection of techniques to transition to automated privacy compliance compliance checking in big data systems. To this end we designed the LEGALEASE language, instantiated for stating privacy policies as a form of restrictions on information flows, and the GROK data inventory that maps low level data types in code to highlevel policy concepts. We show that LEGALEASE is usable by non-technical privacy champions through a user study. We show that LEGALEASE is expressive enough to capture real-world privacy policies with purpose, role, and storage restrictions with some limited temporal properties, in particular that of Bing and Google. To build the GROK data flow grap we leveraged past work in program analysis and data flow analysis. We demonstrate how to bootstrap labeling the graph with LEGALEASE policy datatypes at massive scale. We note that the structure of the graph allows a small number of annotations to cover a large fraction of the graph. We report on our experiences and learnings from operating the system for over a year in Bing. -- Shayak Sen (Carnegie Mellon University), Saikat Guha (Microsoft Research, India), Anupam Datta (Carnegie Mellon University), Sriram Rajamani (Microsoft Research, India), Janice Tsai (Microsoft Research, Redmond), and Jeannette Wing (Microsoft Research), Bootstrapping Privacy Compliance in Big Data Systems, IEEE Security and Privacy Symposium 2014, Best Student Paper (1 of 2)
But, of course, the Bootstrapping Privacy Compliance paper was not the only CyLab contribution to the Symposium program, e.g., CMU CyLab researcher Zongwei Zhou spoke on Dancing with Giants; Wimpy Kernels for On-Demand Isolation I/O, a paper co-authored with Miao Yu and Virgil Gligor:
Trustworthy applications are unlikely to survive in the marketplace without the ability to use a variety of basic services securely, such as on-demand isolated I/O channels to peripheral devices. This paper presents a security architecture based on a wimpy kernel that provides these services without bloating the underlying trusted computing base. It also presents a concrete implementation of the wimpy kernel for a major I/O subsystem, namely USB subsystem, and a variety of device drivers. Experimental measurements show that the desired minimality and efficiency goals for the trusted base are achieved. -- Zongwei Zhou, Miao Yu, Virgil Gligor, Dancing with Giants; Wimpy Kernels for On-Demand Isolation I/O, IEEE Security and Privacy Symposium 2014
Other CMU papers selected and presented at IEEE SSP 2014 included:
CyLab's contribution to IEEE SPP 2014 also included several papers from two CMU CyLab alumni.
There were three papers co-authored by CMU CyLab alumnus XiaoFeng Wang of Indiana University (Bloomington): Hunting the Red Fox Online: Understanding and dectection of Mass Redirect-Script Injections, Upgrading Your Android, Elevating My Malware - Privilege Escalation Through Mobile OS updating, and Perils of Fragmentation: Security Hazards in Android Device Driven Customizations.
Also, CMU CyLab alumnus Bryan Parno of Microsoft Research and a CMU CyLab alumna Elaine Shi of University of Maryland (College Park) were among the co-authors of PermaCoin: Repurposing Bitcoin Work for Data Preservation, and Shi co-authored a second paper, Automating Efficient RAM-Model Secure Computation.
CyLab's efforts were also apparent on the organizational level at IEEE SSP 2014:
And, looking ahead to next year, Lujo Bauer will be one of the Symposium program chairs. 2015 will likely be another challenging year in cyber security and privacy, which will mean another compelling IEEE Security and Privacy Symposium, with another significant contribution from Carnegie Mellon University CyLab.
See all CyLab News articles