[Busec] busec tomorrow: Melissa Chase (Wed 10am)

Leonid Reyzin reyzin at cs.bu.edu
Tue Nov 11 12:44:12 EST 2014


The busec seminar tomorrow will feature a talk on secure computation by
Melissa Chase from MSR.  The following week, Engin Kirda from Northeastern
will talk about security vulnerabilities in graphical user interfaces.
Lunch is provided as usual, and abstracts are below.

See you there!
Leo

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

Size-Hiding Secure Computation: Revisiting the Ideal Model
Melissa Chase, MSR.
Wed Nov 12, 2014, 10:00am – 11:30am
Hariri Seminar Room, MCS180

We consider secure two party computation with malicious adversaries in the
setting where the size of one party’s input is private.  Our goal is to
construct schemes for general functionalities that are secure under
standard assumptions.  We begin by showing that under previous definitions,
size hiding computation (against malicious adversaries) implies a form of
“proof of work”, thus it seems impossible to construct from standard
assumptions.  We then revisit the traditional definition of secure
computation in terms of real and ideal world games, and present a new ideal
model which captures some of the spirit and advantages of the original.
Finally, we give a proof of concept construction showing that under this
new definition size hiding secure computation is indeed achievable under
standard assumptions.

This is joint work with Rafail Ostrovsky and Ivan Visconti.


Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in
Graphical User Interfaces
Engin Kirda, NEU.
Wed Nov 19, 2014, 10:00am – 11:30am
Hariri Seminar Room, MCS180

Abstract:

Graphical user interfaces (GUIs) are the predominant means by which users
interact with modern programs.  GUIs contain a number of common visual
elements or widgets such as labels, textfields, buttons, and lists, and
GUIs typically provide the ability to set attributes on these widgets to
control their visibility, enabled status, and whether they are writable.
While these attributes are extremely useful to provide visual cues to users
to guide them through an application's GUI, they can also be misused for
purposes they were not intended.  In particular, in the context of
GUI-based applications that include multiple privilege levels within the
application, GUI element attributes are often misused as a mechanism for
enforcing access control policies.

In this talk, I will present  GEMs, or instances of GUI element misuse, as
a novel class of access control vulnerabilities in GUI-based applications.
I will present a classification of different GEMs that can arise through
misuse of widget attributes, and describe a general algorithm for
identifying and confirming the presence of GEMs in vulnerable
applications.  I will then present GEM Miner, an implementation of our GEM
analysis for the Windows platform.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20141111/2cb36f28/attachment.html>


More information about the Busec mailing list