Vitaly Shmatikov

Hovav Shacham, a prominent computer science researcher, lectured to students on campus Monday morning as part of the annual computer safety series. ShachamÂ’s talk discussed the communication between secure systems and untrusted interfaces.

Photo Credit: Shannon Kintner | Daily Texan Staff

Similar to Iago’s betrayal of Othello, various components of computer operating systems can manipulate the applications and technologies we use in our computers.

Hovav Shacham, assistant professor of computer science and engineering at the University of California at San Diego, addressed UT students and faculty Monday on computer “IAGO attacks” as part of the annual computer safety series. The lecture, hosted by the Center for Information Assurance and Security, was given by Shacham because he is one of the world’s most prominent researchers in his field, said center director Vitaly Shmatikov.

“His results are very new and have yet to be published, but they have serious implications for a lot of ongoing research on secure systems,” Shmatikov said.

A sequence within a computer system can lead a supposedly protected process to act against its original interests and force the hardware-software interface, or kernel, to do whatever it wants, Shacham said at the lecture. If the kernel is untrusted, even a reliable application could be misused, he said.

“Designing and implementing secure systems is very difficult and a lot of thought goes into understanding the risks,” Shmatikov said about Shacham’s work. “It is necessary to have people like Shacham carefully investigating the true level of security provided by modern computer systems.”

Shacham said his work revolves around implementing a new supervisor within the bridge between application use and actual data usage to prevent components of operating systems from manipulating the true purpose of our computer use.

Shacham said these “IAGO attacks” occur when the kernel, which is responsible for managing the communication between the hardware and software components of the system, successfully subverts the application from its original goal. The kernel attempts to make it do anything it wants to, so if the kernel is untrusted, all the data could be lost or influenced in an unintended way, he said.

“Operating system tasks are performed differently with different kernels, so each situation is different,” Shacham said.

“However, the supervisor has to be applied in order to separate the application and the kernel.”

“This separation would prevent the kernel from abusing its power over the application,” Shacham said.

Computer science graduate student Deepak Goel said listening to Shacham is not only interesting, but its relevance to the average computer user is also important.

“Even if we think some of our actions on the computer are trivial, it is necessary for it to all be safe and his work is making that possible,” Goel said.

Printed on Tuesday, March 6, 2012 as: Lectureer speaks on secure systems

Students, faculty and staff at UT may find their smartphones capable of securing sensitive data from their home computers, thanks to researchers from the University of Toronto.

David Lie, University of Toronto electrical and computer engineering professor, worked with other researchers from the University of Toronto as well as Concordia University in Montreal to develop a security software incorporating smartphone technology. Lie and his team have come up with a prototype of an application called “Unicorn: Two-Factor Attestation for Data Security.” The application combines elements that combat malware and phishing, which Lie said are the two biggest threats currently facing users attempting security-sensitive tasks.

Lie brought his research to UT in a presentation titled “Using Smartphones to Improve Security: New Capabilities and Challenges” on Thursday. The lecture was part of the Security Seminar Speaker Series in the department of computer science.

The lecture series began last year in the Center for Information Assurance and Security, said computer science associate professor and director of the center Vitaly Shmatikov. Shmatikov said the center tries to bring lecturers who have relevant research in the computer science field.

“I have seen a fair bit of research on the topic of [smartphone security],” Shmatikov said. “[Lie’s] work, however, takes an unusual direction with the connection between phones and computers.”

Lie’s talk focused on the ways that smartphones allow users to impose security features on their own online activity. Features of smartphones that provide this kind of security include a stronger defense against malware compared to PCs due to a restriction on software installation. Users’ constant connection with their smartphone is an additional factor in these strengthened security measures, Lie said.

“We’re looking at how we could use some of these wireless capabilities to solve some old security problems,” Lie said.

The Unicorn prototype first protects authentication credentials with a security token requiring attestation of the fact that a computer is free of malware before releasing credentials, according to the abstract of the project. The second security factor involves validating the computer with either a remote server or a Trusted Platform Module (TPM).

Aloysius Mok, computer science professor and attendee at the seminar, said Lie’s computer security research is important and brings something new to the field.

“I think that he had some pretty interesting research,” Mok said. “I would not be surprised if his project turned into a successful commercial product.”

Printed on Friday, February 3, 2012 as: Lie discusses security by smartphones