Browsing by Author "Wallach, Daniel S."
Now showing 1 - 10 of 10
Results Per Page
Sort Options
Item Analyzing the use of Cyber in Warfare at the Strategic, Operational, and Tactical Levels(2015-04-16) Dressler, Judson; Wallach, Daniel S.; Bronk, Christopher; Ng, EugeneThe United States relies on networked computing for all manner of economic, social, and civic activity. However, cyberspace also presents potential adversaries with an avenue to overcome the overwhelming advantage enjoyed by the US in conventional military power. The introduction of cyberspace has blurred the edge of the battlefield; allowing an adversary to use easily procured equipment and from anywhere attack the process of a commercial or government target. This addition has introduced challenges to many traditional military concepts at each level of warfare: strategic, operational, and tactical. This thesis investigates and presents solutions to three of these challenges. At the strategic level, the DoD has declared cyberspace as a war-fighting domain. The ultra high-speed, fluid, and omnipresent nature of cyberspace makes it fundamentally different from the traditional domains. Strategic thinkers cling to ideological legacies of the past regarding problems, innovations, and strategies. So before imposing past tenets of and terminology onto the new field, these legacies need to be examined to see if they are pertinent and to what degree. At the operational level, the DoD relies heavily on networking technologies to efficiently conduct missions across the globe. This dependency places the nation at risk of a loss of confidentiality, integrity, and availability of its critical information resources; degrading its ability to complete the mission. I introduce the operational framework for establishing situational awareness in cyberspace. Using this framework will provide the nation’s leadership timely and accurate information to gain an understanding of the operational cyber environment to enable decision-making at all levels. In regards to social media, there has become a growing tension between military users’ personal needs and military operational security at the tactical level. Like everyone, military members post seemingly trivial information and pictures; which can be aggregated and augmented by an adversary to determine possible intelligence targets. I investigate the current state of DoD social media policy, use an automated approach to determine the amount of openly available information provided by U.S. military members, analyze it through content analysis, apply machine learning techniques, then finally rank the vulnerability of each individual.Item Component-based adaptation system and method(2004-08-10) De Lara, Eyal; Wallach, Daniel S.; Zwaenepoel, Willy; Rice University; United States Patent and Trademark OfficeA component-based adaptation system is provided in which the operation of an application or the data being used by the application is adapted according to an application-specific or a user-specific policy. Following a request for a document by an application, the requested document is retrieved and converted into an application-independent format. The data of the document is then supplied to the application according to a user-specific or application-specific policy. The application of the policy may result in a lower fidelity version or a subset of the data of the requested document being supplied to the application. The policy may also govern the updating of the data supplied to the application. The data supplied to the application may be updated following the occurrence of a tracked event in the application or according to a background policy governing the supply of updated data without reference to the user's operation of the application. All of the adaptations are implemented without modifying the source code of the application and without modifying the document as it is permanently stored on a data server.Item Component-based adaptation system and method(2009-05-12) De Lara, Eyal; Wallach, Daniel S.; Zwaenepoel, Willy; Rice University; United States Patent and Trademark OfficeA component-based adaptation system is provided in which the operation of an application or the data being used by the application is adapted according to an application-specific or a user-specific policy. Following a request for a document by an application, the requested document is retrieved and converted into an application-independent format. The data of the document is then supplied to the application according to a user-specific or application-specific policy. The application of the policy may result in a lower fidelity version or a subset of the data of the requested document being supplied to the application. The policy may also govern the updating of the data supplied to the application. The data supplied to the application may be updated following the occurrence of a tracked event in the application or according to a background policy governing the supply of updated data without reference to the user's operation of the application. All of the adaptations are implemented without modifying the source code of the application and without modifying the document as it is permanently stored on a data server.Item Data Mining of Chinese Social Media(2014-10-31) Shu, Anhei; Wallach, Daniel S.; Jermaine, Christopher M; Bronk, ChrisWe present measurements and analysis of censorship on Weibo, a popular microblogging site in China. Since we were limited in the rate at which we could download posts, we identified users likely to participate in sensitive topics and recursively followed their social contacts, biasing our search toward a subset of Weibo where we hoped to be more likely to observe censorship. Our architecture enables us to detect post deletions within one minute of the deletion event, giving us a high-fidelity view of what is being deleted by the censors and when. We found that deletions happen most heavily in the first hour after a post has been submitted. Focusing on original posts, not reposts/retweets, we observed that nearly 30% of the total deletion events occur within 5-30 minutes. Nearly 90% of the deletions happen within the first 24 hours. Leveraging our data, we also consider a variety of hypotheses about the mechanisms used by Weibo for censorship, such as the extent to which they use retrospective keyword-based censorship, and how repost/retweet popularity interacts with censorship. By leveraging natural language processing techniques we also perform a topical analysis of the deleted posts, overcoming the usage of neologisms, named entities, and informal language that typifies Chinese social media. Using Independent Component Analysis, we find that the topics where mass removal happens the fastest are those that combine events that are hot topics in Weibo as a whole (e.g., the Beijing rainstorms or a sex scandal) with themes common to sensitive posts (e.g., Beijing, government, China, and policeman). Air pollution is a pressing concern for industrialized countries. Air quality measurements and their interpretations often take on political overtones. Similar concerns reflect the our understanding of what levels of measured pollution correspond to different levels of human nuisance, impairment, or injury. In this paper, we consider air pollution metrics from four large Chinese cities (U.S. embassy/consulate data, and Chinese domestic measurements) and compare them to a large volume of discussions on Weibo (a popular Chinese microblogging system). In the city with the worst PM2.5, Beijing, we found a strong correlation (R=0.82) between Chinese use of pollution-related terms and the ambient pollution. In other Chinese cities with lower pollution, the correlation was weaker. Nonetheless, our results show that social media may be a valuable proxy measurement for pollution, which may be quite valuable when traditional measurement stations are unavailable (or whose output is censored or misreported).Item Improving user authentication on the web: Protected login, strong sessions, and identity federation(2014-01-14) Dietz, Mike; Wallach, Daniel S.; Ng, T. S. Eugene; Koushanfar, FarinazClient authentication on the web has remained in the internet-equivalent of the stone ages for the last two decades. Instead of adopting modern public-key-based authentication mechanisms, we seem to be stuck with traditional methods like passwords and cookies. These authentication methods are vulnerable to a wide range of attacks from simple password reuse to strong man-in-the-middle attackers that can inject themselves into the middle of encrypted communication channels. While many potential solutions have been proposed to sole the issues with the use of passwords and cookies for web authentication, most have failed to take hold. This lack of adoption stems from two issues. First, traditional password based authentication provides a very simple user experience. Any new technique must not increase user friction during login and provide a reasonable user experience. Secondly, a new authentication technique must not be difficult to implement in existing browsers and web applications or deploy to users. This thesis presents three techniques that provide protection against strong attackers while providing a low friction user experience. The first, Origin Bound Certificates, is a session hardening technique that cryptographically binds the user's authentication cookie to the TLS channel the cookie is presented over. This technique protects a user's session against strong attackers, requires no additional user interaction, requires little (or no) modification to existing web applications, and is compatible with existing data center infrastructure like TLS terminators. The second, Opportunistic Cryptographic Identity Assertions, is a technique in which the web browsers communicates with a user's cell phone in order to establish it as an opportunistic second factor in the initial login operation. This technique provides security assurances comparable or greater than conventional two factor authentication (i.e. phishing and password reuse prevention) while offering a simple user experience. Finally, I discuss a new federated login system that makes use of a new browser provided construct called the PostKey API. This interface allows the browser to create a cross certification that asserts ownership of client side keys to a trusted third party. The these cross certifications can be verified by an identity provider and used to harden existing federated login protocols as well as to create a new federation protocol that is resistant to man-in-the-middle attacks and leaked authentication tokens and provides relying parties with the means the better secure communication with the user.Item Privacy Concerns in Android Advertising Libraries(2014-01-27) Book, Theodore Rand; Wallach, Daniel S.; Zhong, LinThis work investigates privacy characteristics of Android advertising libraries. Taking a sample of 114,000 apps, we extract and classify their ad libraries. We then seek to understand how they make use of sensitive user data. First, we study the use of permission-protected Android API calls that provide access to user data. Here, we measure change over time by distinguishing unique versions of each library, dating them, and calculating their permission usage. We find that the use of most permissions has increased over the last several years, and that more libraries are able to use permissions that pose particular risks to user privacy and security. Next, we shift to the application side and consider information passed directly from the application to the ad library. We do this by reconstructing the APIs for our libraries, and examining how those APIs are used in our sample of Android applications. We find that many applications pass personal information directly to their ad libraries, without any need for the library to query the operating system directly. This behavior is most common in more popular applications, suggesting that the promise of advertising dollars encourages application developers to violate users' privacy. In sum, we find that ad libraries make use of both the operating system and their host application to collect sensitive information about their users.Item Privacy Concerns in Android Advertising Libraries(2015-09-10) Book, Theodore Rand; Wallach, Daniel S.; Bronk, Chris; Zhong, LinThis work investigates privacy characteristics of Android advertising libraries. Taking a sample of 114,000 apps, we extract and classify their ad libraries. We then seek to understand how they make use of sensitive user data. First, we study the use of permission-protected Android API calls that provide access to user data. Here, we measure change over time by distinguishing unique versions of each library, dating them, and calculating their permission usage. We find that the use of most permissions has increased over the last several years, and that more libraries are able to use permissions that pose particular risks to user privacy and security. Next, we shift to the application side and consider information passed directly from the application to the ad library. We do this by reconstructing the APIs for our libraries, and examining how those APIs are used in our sample of Android applications. We find that many applications pass personal information directly to their ad libraries, without any need for the library to query the operating system directly. This behavior is most common in more popular applications, suggesting that the promise of advertising dollars encourages application developers to violate users' privacy. Finally, we examine the interface between ad libraries and their datacenters. Focusing on the most popular ad library, we create a network of simulated mobile devices and collect 225,000 individual ads. We use differential correlation to measure the features used to target ads. We find that ads are targeted by application, time, location and user, and quantify those observations. In sum, we find that ad libraries make use of both the operating system and their host application to collect sensitive information about their users, and that this information is, in turn, used for ad targeting.Item PUF authentication and key-exchange by substring matching(2017-04-18) Rostami, Masoud; Majzoobi, Mehrdad; Koushanfar, Farinaz; Wallach, Daniel S.; Devadas, Srinivas; Rice University; Massachusetts Institute Of Technology; United States Patent and Trademark OfficeMechanisms for operating a prover device and a verifier device so that the verifier device can verify the authenticity of the prover device. The prover device generates a data string by: (a) submitting a challenge to a physical unclonable function (PUF) to obtain a response string, (b) selecting a substring from the response string, (c) injecting the selected substring into the data string, and (d) injecting random bits into bit positions of the data string not assigned to the selected substring. The verifier: (e) generates an estimated response string by evaluating a computational model of the PUF based on the challenge; (f) performs a search process to identify the selected substring within the data string using the estimated response string; and (g) determines whether the prover device is authentic based on a measure of similarity between the identified substring and a corresponding substring of the estimated response string.Item QUIRE: Lightweight Provenance for Smart Phone Operating Systems(2012) Dietz, Michael; Wallach, Daniel S.Smartphone applications(apps) often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a confused deputy attack). This thesis presents two new security mechanisms built into the Android operating system to address these issues. First, the call chain of all interprocess communications are tracked, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Additionally, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote endpoints visibility into the state of the phone when an RPC is made.Item Separating Smartphone advertising from applications(2012-09-05) Shekhar, Shashi; Wallach, Daniel S.; Cox, Alan L.; Zhong, LinA wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This thesis describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from QUIRE to allow the remote server to validate the authenticity of client-side behavior. In this thesis, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code.