Title: "These aren’t the

droids you’re looking for" &"Popularity is Everything"Speaker: Jaeyeon Jung(Univ. of

Washington), Stuart Schechter(Microsoft Research)Date : April 26th (Tuesday) 4:00 PM

~ 5:00 PMLocation : Science Library,611 ICP lecture room, Korea UniversitySubject 1

:Title: "These aren’t the droids you’re looking for" Speaker: Jaeyeon Jung (Univ.

of Washington and KAIST)Abstract :“These aren''t the droids you''re looking for”

and other new approaches to protect your mobile device from imperious

applications.Many popular Android and iPhone applications share users’ sensitive

information (unique device IDs, location, contacts, etc.) in ways that users neither

expect nor desire.To identify potentially-unwanted information disclosures, we built

TaintDroid, a dynamic information tracking system for Android.We tested over a

hundred popular Android applications using TaintDroid and found that transmission of

device IDs and location data to third parties is pervasive.TaintDroid is optimized to

keep performance impacts below user-discernable levels, with overheads peaking at 14%

for CPU-intensive microbenchmarks.We then extended TaintDroid to implement, and

compare, two mechanisms designed to protect users’ sensitive data.We apply these

mechanisms to real applications to experimentally determine the impact of each on

user experience. I will conclude the talk by outlining the remaining components for

the end-to-end mobile device privacy solution we have envisioned.This is joint work

with Peter Hornyack, Seungyeop Han, and David Wetherall, of the University of

Washington, and Stuart Schechter of Microsoft Research.Biographies: Jaeyeon Jung

researches networking, systems, security & privacy, and HCI.From 2007 to 2011, she

led projects at Intel Labs focused on improving the privacy of consumers through

improved transparency and control.Jaeyeon received her Ph.D. in Computer Science from

MIT in 2006, where she developed the threshold-random walk algorithm for detecting

port scans and malware-infected systems.Following her PhD, she applied these

algorithms at Mazu networks and observed their impact on customers’ systems.Jaeyeon

holds a Bachelor''s and Master''s degrees from the Korea Advanced Institute of

Science and Technology (KAIST).She is an affiliate faculty member at the University

of Washington and KAIST.Subject 2 :Title:"Popularity is Everything"Speaker : Stuart

Schechter(Microsoft Research)Abstract : Popularity is Everything: A new approach to

protecting passwords from statistical-guessing attacksWe propose allowing users of

Internet-scale systems to choose any password they want…so long as it''s not already

toopopular with other users. This approach requires that we track which passwords are

in use to determine when they become popular.Alas, storing plaintext passwords may

itself be a security risk.We solve this problem using a data structure known as a

count-min sketch to create a password popularity oracle.We populate the oracle with

existing users'' passwords and update it every time a user chooses a new

password.Unlike most applications of probabilistic data structures, which seek to

achieve only a maximum acceptable rate false-positives, we set a minimum acceptable

false-positive rate to confound attackers who might query the oracle or steal a copy

of it.This is joint work with Cormac Herley (Microsoft Research) and Michael

Mitzenmacher (Harvard).Biographies: Stuart Schechter is a man of few accomplishments

and so, the reluctant reader should be pleased to learn, his biography is

correspondingly short.Stuart researches computer security, human behavior, and

occasionally missteps in such distant topics as computer architecture.Those who have

worked with Stuart rave about his “tireless dedication… to shooting down any idea

that he cannot take credit for.” Institutions that may or may not be re-evaluating

their admissions or hiring policies in response to past associations with Stuart

include The Ohio State University College of Engineering (B.S.), Harvard''s School of

Engineering and Applied Sciences (Ph.D.), MIT Lincoln Laboratory (his former

employer), Microsoft Research (his current employer), and KAIST (to use a

Facebookism, “It’s complicated”).