|
Jefferson's WheelSecurity Research at the University of Virginia |
Yan Huang presented Private Editing Using Untrusted Cloud Services at the Second International Workshop on Security and Privacy in Cloud Computing in Minneapolis this morning.
Here are the slides from his talk: [PPTX, PDF].
The full paper is also available: [PDF, 10 pages].
Jonathan Burket presented GuardRails at USENIX WebApps 2011. Here are his slides: [PPTX] [PDF]
See http://guardrails.cs.virginia.edu for more information and to download GuardRails.
Our paper on protecting private web content from embedded scripts is now available:
Yuchen Zhou and David Evans. Protecting Private Web Content from Embedded Scripts. European Symposium on Research in Computer Security (ESORICS 2011). Lueven, Belguim. 12-14 September 2011. [PDF, 20 pages]
The paper addresses the problem of when web pages embed scripts from third parties (such as advertising networks or analytics tools) in their pages that contain user’s personal content. Since many such scripts must be embedded directly (that is, not in a separate iframe), they have access to the full page DOM and can access and manipulate this data. Our solution adopts the isolated worlds mechanism to isolate embedded scripts and provide a policy-limited access model. We also present a technique for automatically learning which nodes in a web page may contain sensitive data that should be protected from third-party scripts.
Yuchen will present the paper at ESORICS in Belgium in September.
Source Code
Modified Chromium: https://github.com/Treeeater/Chromium_on_windows
Policy Learner Proxy: https://github.com/Treeeater/GreasySpoon-proxy-script
Today, we are releasing our secure computation framework. Our Java-based framework and library enable programmers to build efficient and scalable privacy-preserving applications using Yao’s garbled circuit techniques.
This paper describes the framework in more detail:
Yan Huang, David Evans, Jonathan Katz, and Lior Malka. Faster Secure Two-Party Computation Using Garbled Circuits, 20th USENIX Security Symposium, San Francisco, CA. 8-12 August 2011. [PDF, 16 pages]
Abstract. Secure two-party computation enables two parties to evaluate a function cooperatively without revealing to either party anything beyond the function’s output. The garbled-circuit technique, a generic approach to secure two-party computation for semi-honest participants, was developed by Yao in the 1980s, but has been viewed as being of limited practical significance due to its inefficiency. We demonstrate several techniques for improving the running time and memory requirements of the garbled-circuit technique, resulting in an implementation of generic secure two-party computation that is significantly faster than any previously reported while also scaling to arbitrarily large circuits. We validate our approach by demonstrating secure computation of circuits with over 109 gates at a rate of roughly 10 microseconds per garbled gate, and showing order-of-magnitude improvements over the best previous privacy-preserving protocols for computing Hamming distance, Levenshtein distance, Smith-Waterman genome alignment, and AES.
The framework and applications are available under the MIT open source license: Download Fast Garbled Circuits Framework.
Yan Huang will present the paper at USENIX Security Symposium in San Francisco this August.