security

CS Table 10/9/18: The Big Hack

We will discuss a recent report from Bloomberg about a security breach in the hardware supply chain for servers used by almost 30 major US-based companies. Bloomberg’s reporting suggests that a group within the Chinese government’s intelligence agency were able to add a small chip to motherboards manufactured for SuperMicro, a major server hardware supplier in the US. These chips apparently inject malicious code into the server’s operating system, allowing hackers to remotely access compromised servers and bypass security controls within the operating system. We will discuss the mechanisms used to carry out these attacks, the differences between hardware- and software-based exploits, consider the impacts of such an attack, and discuss possible ways to mitigate attacks like this one in the future.

Readings include Bloomberg's original reporting (The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, J. Robertson and M. Riley, Bloomberg Businessweek, 4 Oct 2018) and two articles providing some additional perspective on this story, which has not yet been independently confirmed (The China SuperMicro Hack: About That Bloomberg Report, N. Weaver, Lawfare, 4 Oct 2018, and Decoding the Chinese SuperMicro super spy-chip scandal: What do we know – and who is telling the truth? K. McCarthy, The Register, 4 Oct 2018.)

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00–12:45pm in JRC 224C (inside the Marketplace). Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department (sign in at the Marketplace front desk).

CS Extra 9/27/2018: Detecting Vulnerable Code: from Mobile Apps to IoT Devices

Thursday, September 27, 2018
4:15 p.m. in Science 3821
Refreshments at 4:00 p.m. in the Computer Science Commons (Science 3817)

Antonio Bianchi, Assistant Professor of Computer Science at The University of Iowa, presents this Thursday Extra.

Mobile application markets, such as the Google's Play Store and the Apple's App Store, receive thousands of new applications every day. Ideally, all these apps should be properly vetted to find both security-relevant programming mistakes. Unfortunately, the sheer amount of the submitted code rules out the possibility of using human experts to analyze it. Consequently, researchers have proposed and implemented different techniques to analyze automatically mobile applications.

In this talk, Bianchi will talk about his research using automated analysis techniques to detect security issues in existing Android applications. In particular, he will present his work in detecting Android applications implementing vulnerable authentication schemas. He will also discuss some of the currently open problems in the field and future research directions.

CS Table 1/30/18: Security Vulnerabilities

At the January 30 CS Table we will discuss the recently-announced Spectre and Meltdown security vulnerabilities. These are complex security vulnerabilities that rely on two important features of modern processors: speculation and out-of-order execution. In addition to a technical discussion of these specific vulnerabilities, we’ll discuss the ways in which vulnerabilities are disclosed and fixed.

There are two assigned readings for Tuesday. The first gives a non-technical analogy for both vulnerabilities, and should be helpful for getting a handle on how these vulnerabilities work. The second looks at the implications for end users and the tech industry.

If you are feeling adventurous, you may want to read the original Spectre and Meltdown papers at https://meltdownattack.com/. These are relatively accessible and include a quite a bit of background information.

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00–1:00pm in JRC 224A (inside the Marketplace). Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department (sign in at the JRC front desk).

Thursday Extra 10/12: Improving software reliability and security

Thursday, October 12, 2017
4:15 p.m. in Science 3821
Refreshments at 4:00 p.m. in the Computer Science Commons (Science 3817)

Improving the reliability and security of software with formal methods and automated reasoning is presented by Cesare Tinelli from The University of Iowa.

Producing robust, reliable software, which performs its intended function and is less prone to errors and security vulnerabilities, is becoming more and more important as software comes to control increasingly large and critical aspects of modern society. This talk makes a case for using mathematically rigorous approaches based on formal logic to specify the behavior of safety-critical software and verify its correctness. These methods can reduce automatically large classes of program analysis problems to constraint satisfaction problems in some formal logic, and then solve them with the aid of automatic reasoners for that logic. The talk will give a brief overview of this approach and discuss its recent successes and applications in industry, focusing on research done at the University of Iowa in this area.

CS Table 2/7: Privacy and security

The Electronic Frontier Foundation (EFF) has put together a detailed guide of a number of recommended practices used to maintain privacy and security at https://ssd.eff.org/, which we will rely on for this week's discussion. Please complete the following readings before Tuesday:

  1. An Introduction to Threat Modeling. EFF Surveillance Self-Defense Guide.
  2. Seven Steps to Digital Security. EFF Surveillance Self-Defense Guide.
  3. At least one other overview, topic, or briefing from the SSD guide.

If you have specific practices that you use and would be willing to share, please come prepared to demonstrate or describe them. When you choose additional readings, you are encouraged to look for guides that you think are relevant to your own use of technology.

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00-1:00pm in JRC 224B. Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department.

CS Table 11/29: Election Hacking

At this CS Table we will discuss a recent turn of events in the presidential election: election security experts are calling for recounts in several critical states. Why are they doing this, and why do we need to recount or audit our elections?

Read these three recent articles building up to this recent call:

In addition, to give you more background on the perils of voting and technology, read this paper by researchers at the University of Michigan, Ann Arbor about breaking into Internet voting systems:

Printed readings are available at Noyce 3827.

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00-1:00pm in JRC 224B. Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department.

CS Table: "Shellshock"

This Friday at CS Table, we discuss a recent security failure in Unix, GNU/Linux, and Mac OS X operating systems: the Shellshock bug. Our reading is:

Computer Science Table is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. We meet on Fridays from 12:10 to 12:50 in Rosenfield 224A (the Day PDR). Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Students not on meal plans can charge their meals to the department.

Contact John Stone for a copy of this week's reading.

CS Table: Trusting Trust

On Friday, 13 September 2013, the readings for CS Table will be two papers on trust.

The first is a classic paper, written as a Turing Award Speech

Ken Thompson. 1984. Reflections on trusting trust. Commun. ACM 27, 8 (August 1984), 761-763. DOI=10.1145/358198.358210 http://doi.acm.org/10.1145/358198.358210

The second is a recent article from The New York Times

Nicole Perlroth, Jeff Larson, and Scott Shane. September 5, 2013. N.S.A. Able to Foil Basic Safeguards of Privacy on Web. The New York Times. http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html

Computer science table is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Fridays at noon in the Day PDR. Contact Sam Rebelsky (rebelsky@grinnell.edu) for the weekly reading. Students on meal plans, faculty, and staff are expected to pay the cost of their meals. Students not on meal plans can charge their meals to the department.

Thursday Extra: "Dynamic code generation and what it takes to get there"

On Thursday, May 3, Isaiah Sarju 2013 will discuss the nature, history, and theory of security vulnerabilities associated with dynamic code generation:

More specifically, the talk will deal with the underlying hacking techniques and security principles which have led to research into dynamic code generation: the history of memory vulnerabilities, the security mechanisms which are used to protect against these attacks, and the state of the art of bypassing these protections.

Refreshments will be served at 4:15 p.m. in the Computer Science Commons (Noyce 3817). The talk, Dynamic code generation and what it takes to get there, will follow at 4:30 p.m. in Noyce 3821. Everyone is welcome to attend!

CS Table: Online Health Information Systems

This Friday, October 14, Kyle and Martin E. will be leading a discussion about Online Health Information Systems. You can find links to the papers for this week at http://foswiki.cs.grinnell.edu/foswiki/bin/view/Courses/HealthCareAndCom... As usual, we'll meet around noon in JRC 224A. Hope to see you there!
Syndicate content