posted by Richard Power
The 34th annual IEEE Security and Privacy Symposium was held May 19-22 2013, in downtown San Francisco. Once again, as in recent years, Carnegie Mellon University CyLab researchers made a significant contribution to both its content and its tone.
CyLab Distinguished Fellow Adrian Perrig served as one of the three Program Chairs, along with Wenke Lee of Georgia Tech and Michael Backes of Saarland University.
Also, four of the thirteen Session Chairs were current or former CyLab researchers: current faculty members Lujo Bauer and Anupam Datta, and former faculty members Jon McCune, now with Google, and Bryan Parno, now with Microsoft Research.
Two CyLab papers were among the thirty-eight presented: The Crossfire Attack authored by Min Suk Kang, Soo Bum Lee and Virgil D. Gligor of CyLab, and Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework authored by CyLab researchers Amit Vasudevan, Limin Jia, James Newsome and Anupam Datta, along with Sagar Chaki of the Software Engineering Institute (SEI) at Carnegie Mellon University and Jonathan M. McCune of Google (a former CyLab researcher, as mentioned above).
Furthermore, the Best Paper Award went to Bryan Parno for Pinocchio: Nearly Practical Veriﬁable Computation, co-authored with Craig Gentry and Mariana Raykova of IBM Research and Jon Howell, also of Microsoft Research. Before he went to Microsoft, Parno did his PhD at Carnegie Mellon University CyLab under the supervision of Adrian Perrig, and his dissertation won the 2010 ACM Doctoral Dissertation Award.
Here are excerpts from the two CyLab papers presented, with links to the full texts:
In this paper, we present the Crossfire attack. This attack can effectively cut off the Internet connections of a targeted enterprise (e.g., a university campus, a military base, a set of energy distribution stations); it can also disable up to 53% of the total number of Internet connections of some US states, and up to about 33% of all the connections of the West Coast of the US. The attack has the hallmarks of Internet terrorism3: it is low cost using legitimate-looking means (e.g., low-intensity, protocol conforming traffic); its locus cannot be anticipated and it cannot be detected until substantial, persistent damage is done; and most importantly, it is indirect: the immediate target of the attack (i.e., selected Internet links) is not necessarily the intended victim (i.e., an end-point enterprise, state, region, or small country). The low cost of the attack (viz., Section IV), would also enable a perpetrator to blackmail the victim. The Crossfire Attack , Min Suk Kang, Soo Bum Lee and Virgil D. Gligor (Carnegie Mellon University CyLab)
We propose an eXtensible and Modular HypervisorFramework (XMHF) which strives to be a comprehensible and flexible platform for building hypervisor applications (“hypapps”). XMHF is based on a design methodology that enables automated verification of hypervisor memory integrity. In particular, the automated verification was performed on the actual source code of XMHF – consisting of 5208 lines of C code – using the CBMC model checker. We believe that XMHF provides a good starting point for research and development on hypervisors with rigorous and “designed-in” security guarantees. Given XMHF’s features and performance characteristics, we believe that it can significantly enhance (security-oriented) hypervisor research and development. Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework, Amit Vasudevan, Limin Jia, James Newsome and Anupam Datta (Carnegie Mellon University CyLab), Sagar Chaki (SEI, Carnegie Mellon University) and Jonathan M. McCune (Google)
Some Related Posts:
(above in photo: Min Suk Kang with fellow CyLab grad student, after presenting The Crossfire Attack at 34th Annual IEEE Security & Privacy Symposium (May 2013, San Francisco).
See all CyLab Chronicles articles