ICSI Research Review
Friday, October 10, 2014
1:40 - 4:30 p.m., Lecture Hall
Featured talks by ICSI research staff highlighting some of our latest results and new directions in computer science research. Talks will be given in the sixth floor lecture hall.
Agenda:
1:40 Introduction
Dr. Deborah Crawford
ICSI Director
1:45 Algorithmic and Statistical Perspectives on Large-Scale Data Analysis
Professor Michael Mahoney
Research Initiatives and
Statistics Department, UC Berkeley
2:30 Break
2:40 Networking and Security Research at ICSI
Introduction
Professor Vern Paxson
Director, Networking and Security and
EECS Department, UC Berkeley
"How Governments Hack Their Opponents"
Bill Marczak
"The Matter of Heartbleed"
Frank Li
"Individualized Privacy and Security Mechanisms"
Serge Egelman
4:10 Closing Remarks
Dr. Deborah Crawford
ICSI Director
4:30 Close
Abstracts:
2:00 "Algorithmic and Statistical Perspectives on Large-Scale Data Analysis"
Professor Michael Mahoney
Research Initiatives and
Statistics Department, UC Berkeley
Computer scientists have historically adopted quite different views on data (and thus on data management and data analysis) than statisticians, natural scientists, social scientists, and nearly everyone else who uses computation as a tool toward some downstream goal. For example, the former tend to view the data as noiseless bits and focus on algorithms with bounds on worst-case running time, independent of the input; while the latter typically have, either explicitly or implicitly, an underlying statistical model in mind and are interested in using computation and data to gain insight into the world. These issues are relevant now that “large-scale data analysis" has gone from being a technical topic of interest to a subset of computer scientists, to a cultural phenomenon that has a direct effect on nearly everyone. In this talk, I'll share some of my thoughts on these topics, I'll describe two applications (one in social network analysis and one in human genetics) where challenges related to these issues arose and describe how we dealt with them, and I'll offer some thoughts on how this so-called “Big Data" area might evolve.
2:40 "Networking and Security Research at ICSI"
Introduced by Professor Vern Paxson
Director, Networking and Security and
EECS Department, UC Berkeley
"How Governments Hack their Opponents"
by Bill Marczak
Repressive nation-states have long monitored telecommunications to keep tabs on political dissent. However, increasing use of encryption on the web, the global nature of modern opposition movements, and productization of hacking tools are causing these governments to attempt infiltrations of targets' computers and mobile phones to steal information. This talk will explore the different types of actors conducting such hacking in the Middle East and the Horn of Africa – the governments themselves, cyber mercenary groups, and cyber militias – and look at the technology they use, ranging from expensive government-only “lawful intercept" kits, to tools from the cybercrime underground. The talk will tie this hacking to real-world consequences suffered by victims, including arrests, interrogations, and imprisonment.
"The Matter of Heartbleed"
by Frank Li
The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to read protected memory from remote servers, potentially including user passwords and cryptographic master keys. I'll discuss a comprehensive, measurement-based analysis of the vulnerability's impact, including tracking the vulnerable population, assessing how sites responded, observing the stress placed on the HTTPS certificate ecosystem and the activity of attackers, and our experiences with attempting to notify more than 4,000 Internet sites regarding their ongoing vulnerability.
"Individualized Privacy and Security Mechanisms”
by Serge Egelman
Prior usable security and privacy research has reduced risks by showing how to design privacy and security systems to fit the "average user." Of course, no person perfectly fits this profile, and therefore current solutions are only likely to yield local maxima. We are in the process of studying how individual differences (e.g., personality traits) impact risk perceptions and preferences, and that by doing this, we hope to design future systems that are optimized for individuals. For instance, inferences about an individual, learned through observations over time, may allow a system to automatically set more appropriate default privacy settings or redesign security mitigations so as to appear more salient to that individual.