Your data is online. Photographs, music, video, email, documents, voicemail, bank account balances, medical records; personal information is moving in to services hosted by third parties at an incredible rate. Cloud-based applications (such as Facebook, Gmail, Flickr, Dropbox and Mint.com) allow us, as individuals, to preserve, analyze, transform, and share our information in ways that could not have been imagined as recently as a decade ago. This transition is having a profound impact on modern culture: the ways we meet, discuss, shop, and learn, are changing on a daily basis. Our data is being used to introduce us to relevant news, interesting products, even possible companions. It is even allowing us to better understand societal issues such as the spread of disease.
Information lies at the heart of these changes. Data, personal data, is both the essential raw material and a fundamental commodity of the modern Internet. Many popular applications perform a subtle refinement here, offering users something for free (such as an email account) in exchange for the ability to collect and resell aggregate data and target advertising.
In this environment, many challenges are arising surrounding personal data: The mechanisms, both technical and legal, required to safeguard it are far from perfect. Most users are woefully uninformed of the risks that they are exposed to. While individuals may not realize it, the very definition of what data is personal, private, and worthy of protection, is actively being challenged and redefined.
In this seminar-based course, we will consider challenges relating to a very specific subset of privacy and security: How secure is the data that we, as users, believe is private, and what are the systems challenges in protecting it?
As we will discover in the course, privacy and security have long been very important issues in computer systems. We currently have the very unique vantage point of living at a time where issues, which have in the past often been somewhat hypothetical, are in the news on a daily basis. In this course we will work to gain a better understanding of the incentives that various stake holders have in dealing with this class of data, and the technical challenges and opportunities that surround it.
The aim of this course is to make you think a lot about security and privacy in modern information systems. You will work to understand the technical issues that make safeguarding personal data hard. We will also spend considerable time discussing the other factors that contribute to privacy-related risk in modern systems.
In addition to the technical systems goals of the course, it is may hope that you will emerge better equipped to discuss and explain these important, complex, and often subtle issues to other. As such, the course will place a strong focus on active participation in discussion during the seminar.
| Wk 1: Jan 10/12 | Ten Thousand FeetThese three overview papers represent three different positions with regard to the discussions that we will have through the course: The first two characterize arguments for the protection versus the value in disclosing private personal data. The last article is an example of a single, well-known compromise that resulted in a large scale release of personal information. A Cypherpunk's Manifesto, Eric Hughes The Law of Online Sharing, Paul Boutin, MIT Technology Review. Wikipedia Article on the PlayStation Network Outage |
The things we trust...In this section of the class, we will explore systemic security risks associated with the infrastructure components that applications are built on. The goal here is to gain a broader understanding of how broad the attack surface really is, and how many components must work correctly for systems to behave as we expect them to. DNS: Name lookups. (Thursday, Jan 12th) Background: Wikipedia on DNS Context: Vint Cerf: SOPA means 'unprecedented censorship' of the Web Declan McCullagh, CNET News, Dec. 15th 2011. Discussion Papers: Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority D. Dagon et al., NDSS 2008. (Wei Sun) Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill S. Crocker et al. (John Harris) | |
| Wk 2: Jan 17 |
BGP: Interdomain Routing (Tuesday Jan 17th) Background: Wikipedia on BGP Context: YouTube Hijacking: A RIPE NCC RIS case study, RIPE China's 18-Minute Mystery, Renesys Blog, November 18th, 2010. Discussion Paper: A Study of Prefix Hijacking and Interception in the Internet, Ballani et al. SIGCOMM 2007. (Bruno da Silva) |
| Wk 3: Jan 24 |
SSL Certificates: Server Authentication (Thursday Jan
19th/Tuesday Jan 24th) Background: An Overview of PKI Trust Models, Radia Perlman Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, Christopher Soghoian and Sid Stamm, Financial Cryptography and Data Security '11. Context: DigiNotar SSL certificate hack amounts to cyberwar, says expert. The Guardian. September, 5 2011. An update on attempted man-in-the-middle attacks Google online security blog. Trustwave Admits It Issued A Certificate To Allow Company To Run Man-In-The-Middle Attacks, TechDirt. Discussion Paper: Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing Wendlandt et al., USENIX ATC 2008. (C. Albert Thompson) Dropbox: The challenges of application design (Thursday Jan 26th) Context: Keys to the cloud castle, The Economist, May 2011. Dropbox Lied to Users About Data Security, Complaint to FTC Alleges, Ryan Singel, Wired, May 2011. How Dropbox sacrifices user privacy for cost savings, Christopher Soghoian, April 2011. Dropbox Security Bug Made Passwords Optional For Four Hours, Jason Kincaid, Techcrunch, June 2011. Discussion Paper: Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space, Martin Mulazzani et al., USENIX Security 2011. (Vignesh Sankaranarayanan) |
| Wk 4: Jan 31 |
Attacking the client device (Tuesday Jan 31) Related Readings: (optional) The Security Architecture of the Chromium Browser, Adam Barth et al. Discussion Paper: Measuring Pay-per-Install: The Commoditization of Malware Distribution, Juan Caballero et al., USENIX Security 2011.(Anup Mathew) The insider threat (Thursday, Feb 2) Context: Thwarting an internal hacker, Bruce Schneier, Wall Street Journal, Feb 16th, 2009. WikiLeaks scandal sparks US intelligence reform, Chantal Valery (AFP), Jan 26th 2012. Discussion Paper: Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems, Xiaoxin Chen et al., ASPLOS 2008.(Simona Radu) |
| Wk 5: Feb 7 | Secure(r) SystemsWe now switch focus to discuss some interesting approaches to improving the protection of data in recent systems research. Controlling access to databases (Tuesday, Feb 7) Context: Breach Brings Scrutiny: Incident Sparks Concern Over Outsourcing of Email Marketing, Wall Street Journal, April 5th, 2011. Discussion Paper: CryptDB: Protecting Confidentiality with Encrypted Query Processing, Raluca Ada Popa et al., SOSP 2011. (Melsa Smith) Assurances regarding the software that can interact with data. (Thursday, Feb 9) Context: Anti-virus vendors warn over Win32.Induc virus that attacks the Windows-based development environment Delphi, SC Magazine, August 2009. Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan, Krebs on Security, February 2012. Discussion Paper: Logical Attestation: An Authorization Architecture for Trustworthy Computing, Emin Gün Sirer et al., SOSP 2011. (Chris Head) |
| Wk 6: Feb 14 |
Background: Wikipedia article on Multilevel Security A Decentralized Model for Information Flow Control, Myers et al., SOSP 1997. Discussion Paper: Labels and Event Processes in the Asbestos Operating System, Petros Efstathopoulos et al., SOSP 2005. (Lee Beckman) Intrusion Recovery for Database-backed Web Applications, Ramesh Chandra et al.(Rahul Jiresal) |
| Wk 7: Feb 28/Mar 1 | Secure(r) Systems (cont.)SPORC: Group Collaboration using Untrusted Cloud Resources. A. Feldman et al., OSDI 2010. (Farid M.)Silverline: Toward Data Confidentiality in Storage-Intensive Cloud Applications. K. Puttaswamy et al., SoCC 2011. (Simona Radu) |
| Wk 8: Mar 6/8 | Deletion and AuditVanish: Increasing data privacy with self-destructing data. R. Geambasu, et al. USENIX Security 2009. (C. Albert Thompson)Keypad: An Auditing File System for Theft-prone Devices. R. Geambasu et al., EuroSys 2011. Bruno da Silva |
| Wk 9: Mar 13/15 | User Tracking and PersonalizationAdditional discussion paper (Tuesday): I've Got Nothing to Hide' and Other Misunderstandings of Privacy Daniel J. Solove, San Diego Law Review, Vol. 44, p. 745, 2007.Context: the Web's Cutting Edge, Anonymity in Name Only, Wall Street Journal, Aug 4, 2010. Detecting and Defending Against Third-Party Tracking on the Web, F. Roesner et al. NSDI 2012.(John Harris) Note: this paper is available in HotCRP. How Unique Is Your Web Browser? P. Eckersley, PETS 2010. (Vignesh Sankaranarayanan) |
| Wk 10: Mar 20/22 | Advertising and SpecializationREPRIV: Re-Imagining Content Personalization and In-Browser Privacy, Fredrikson et al., Oakland 2011. (Anup Mathew)Privad: Practical Privacy in Online Advertising. S. Guha et al. NSDI 2011. (Wei Sun) |
| Wk 11: Mar 27/29 | Selling User Data"Towards Statistical Queries over Distributed Private User Data", R. Chen et al., NSDI 2012. (Melsa Smith)DiffPriv MSR Paper. (Lee Beckman) |
| Wk 12: Apr 3/5 | Demos |
538W is a seminar-style course that also happens to qualify as a systems breadth requirement for UBC graduate students. This means that, accordingly, you will need to do two things to do well in the course: (1) Participate in seminar discussions, and build an interesting system. If you are unable to contribute constructively to a classroom discussion with 10-20 of your peers, or you are uncomfortable spending quite a bit of time over the next four months building and presenting a nontrivial software project, this probably isn't the course for you! Furthermore, you will be expected to write a brief article-style essay, due at the end of reading week, that describes a current privacy-related issue to a general audience.
Marks are allocated as follows:
Reviews: You will be responsible for submitting conference program committee-style reviews into a local instance of hotcrp by 8pm, the evening before papers are discussed in class. Once submitted, you will be able to read any reviews that have been submitted by your peers.
Essay: The essay assignment is that you write a brief article, about two thousand words in length, that describes and discusses a current issue related to online privacy and security. The goal of this is to identify and understand an interesting current issue, and demonstrate that you can articulate it to a general audience. The essay is due, in pdf format, at the end of reading week. Sould you desire, I am happy to provide feedback on possible essay topics prior to the start of reading week.
Project write-ups are to be brief, five-page descriptions of the problem that your system is trying to solve, the approach to implementation, a set of results in applying or evaluating the system, and a summary of relevant related work.
HOTCRP: please create yourself an account on the hotcrp server, which is at http://hotcrp.nss.cs.ubc.ca/538W/. This is the system where you are responsible for entering reviews on the papers that we discuss in class.
The
Transparent Society, David Brin.
Delete: The Virtue of Forgetting in the Digital Age, Viktor Mayer-Schönberger.
Challenges
in Cloud and Mobile Computing, Roxana Geambasu (Columbia)
Computer
Security, Stefan Savage (UCSD)
Privacy-Enhancing
Technologies, Nikita Borisov (UIUC)