Archive for October, 2011

NYU-Poly AT&T Applied Security Paper Finalist

Thursday, October 27th, 2011

Yan Huang has been selected as a finalist for the NYU-Poly AT&T Best Applied Security Paper Award for the paper, Faster Secure Two-Party Computation Using Garbled Circuits (USENIX Security 2011, co-authored with David Evans, Jonathan Katz, and Lior Malka). The award recognizes the best paper on applied security in any venue between September 1, 2010 and August 31, 2011.

The award will be announced at a ceremony as part of the CSAW Cybersecurity Competition in New York on 11 November.

Peter Chapman’s CCS talk on Side-Channel Analysis (and Guinness!)

Thursday, October 20th, 2011


Peter Chapman presented our work on side-channel analysis for web applications at CCS yesterday. His slides are available here: [PPTX] [PDF].

It provides an automated way to analyze a web application for side-channel vulnerabilities, as well as a better metric for quantifying those vulnerabilities (that may have applications to many other areas where it is important to know how well states can be distinguished). It is described in more detail in this paper: Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications (and earlier post), but for the important connection to Guinness you need to view the slides. The tool is also freely available at http://www.cs.virginia.edu/sca/ (with a tutorial explaining how to use it!)

UVa Today Story on Secure Computation

Friday, October 14th, 2011

UVa Today has a story about our secure computation project: U.Va. Team Awarded $3 Million NSF Secure Computation Grant, Fariss Samarrai, UVa Today, 14 October 2011.


Photo: Cole Geddy


“Secure computation is the idea that you can have two people compute a function that depends on things that each one knows individually and wants to keep private without exposing their private data to the other person, or to anyone else,” Evans said.

The research has applications in everyday life, from private medical information, such as personal genomics, to privacy-preserving face recognition and electronic commerce.

As a simple example of how it works, consider two people who each have smartphones with personal address books. They would like to know if they know any of the same people by comparing their address books. But, they may not want to share their address books, which include potentially sensitive private information. So how can they find the common entries, without revealing anything about their other contacts?

Read More …

Auditing Information Leakage Talk

Tuesday, October 11th, 2011

Yikan Chen presented his work on Auditing Information Leakage for Distance Metrics at the Third IEEE Conference on Privacy, Security, Risk and Trust today.

The slides are here: [PPTX] [PDF]