На главную
Видео добавленное пользователем “cmuCyLab”
CMU's Plaid Parliament of Pwning wins third DefCon Capture the Flag in four years
 
02:19
In August 2016, CMU's competitive hacking team, the Plaid Parliament of Pwning (PPP) won the DefCon Capture the Flag competition for the third time in four years. The team beat 14 other finalist teams representing at least 10 countries.
Просмотров: 8615 cmuCyLab
picoCTF: the world's largest hacking competition
 
02:45
REGISTER TODAY: https://2017.picoctf.com/ PicoCTF is an online hacking contest aimed at high school students. In its first two years, PicoCTF attracted nearly 30,000 high school students from around the nation, making it the largest online hacking contest ever. Throughout the competition, participants learn skills that real-world cybersecurity analysts use to protect computers against attackers. picoCTF is run by cybersecurity experts at Carnegie Mellon University.
Просмотров: 11065 cmuCyLab
CyLab's Yang Cai demonstrates visualization of cybersecurity data
 
02:38
Carnegie Mellon CyLab researchers Yang Cai and Sebastian Peryt demonstrate their visualization tool that can be used to help thwart cyber attacks.
Просмотров: 1937 cmuCyLab
5 security & privacy settings Android users should know about
 
02:08
In the spirit of Cybersecurity Awareness Month, we've put together 5 security & privacy settings every Android user should know about to keep themselves and their phones safe.
Просмотров: 5896 cmuCyLab
5 security & privacy settings iPhone users should know about
 
01:54
In the spirit of Cybersecurity Awareness Month, we've put together 5 security & privacy settings every iPhone user should know about to keep themselves and their phones safe.
Просмотров: 1172 cmuCyLab
CMU hacking team going for third DefCon title in four years
 
00:56
CMU's hacking team, the Plaid Parliament of Pwning, will compete for its third DefCon Capture the Flag title in four years. The Capture the Flag competition will be held at DefCon 24, August 5-7, 2016, in the Paris Hotel and Conference Center in Las Vegas.
Просмотров: 6755 cmuCyLab
Adrian Perrig: Exciting Security Research Opportunity - Next-Generation Internet
 
01:03:48
CyLab presents Adrian Perrig, Professor at the ETH in Zurich and CyLab Distinguished Fellow, as part of the weekly seminar series. The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is not commensurate with its importance. Although we cannot conclusively determine what the impact of a 1-minute, 1-hour, 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal operations. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation. Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers. To address these issues, we study the design of a next-generation Internet that is secure, available, and offers privacy by design; that provides appropriate incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage. Such a research environment offers a bonanza for security researchers: a critically important problem space with a medley of challenges to address, and unfettered freedom to think creatively in the absence of limiting constraints. Once we know how good a network could be, we can then engage in incorporating these ideas into the current Internet or study strategies for transition to a next-generation network.
Просмотров: 2128 cmuCyLab
Jonathan McCune - Part 1 - Software-Based Attestation
 
09:38
Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University. For more information on CyLab, go to http://www.cylab.cmu.edu
Просмотров: 543 cmuCyLab
Carnegie Mellon's hacking team aims for unprecedented win at DefCon 25
 
00:52
Carnegie Mellon’s competitive hacking team, the Plaid Parliament of Pwning, is looking to win an unprecedented fourth title at this year’s DefCon cybersecurity conference. Never before has a team ever won more than three times in DefCon’s 21-year history of what many refer to as the “World Series of Hacking.”
Просмотров: 1640 cmuCyLab
Podcast - David Brumley: Checking the World’s Software for Exploitable Bugs
 
01:19:57
David Brumley, director of Carnegie Mellon CyLab, is featured on Carnegie Science Center's Oct 6 podcast.
Просмотров: 338 cmuCyLab
Contribute towards the future of cybersecurity
 
02:01
PicoCTF is a free, online computer security competition run out of Carnegie Mellon University, and it costs tens of thousands of dollars to run each year. Here's why you should consider giving to picoCTF today: https://crowdfunding.cmu.edu/picoCTF
Просмотров: 814 cmuCyLab
David Brumley - Safe Software
 
01:01:25
CyLab presents David Brumley, Assistant Professor at Carnegie Mellon University, as part of the weekly seminar series. Attackers only need to find a single exploitable bug in order to install malware, bots, and viruses on vulnerable computers. Unfortunately, bugs are plentiful. My research teams ambition is to automatically check the world's software, find exploitable bugs, and fix them before they can be used by attackers. A significant part of this vision is to automatically find bugs and generate exploits proving which bugs are security-critical in off-the-shelf software. We call this the Automatic Exploit Generation (AEG) challenge. Our approach to AEG is program verification, but with a twist. Traditional verification takes a program and a specification of safety as inputs, and checks that all execution paths of the program meet the safety specification. The twist in AEG is we replace typical safety properties with an "exploitability" property, and the "verification" process becomes finding a program path in which the exploitability property holds. I'll discuss our results at automatically finding bugs in heavily-utilized programs, as well as generate working exploits that demonstrate which bugs are most serious. In the last part of this talk I'll discuss several remaining research challenges.
Просмотров: 2773 cmuCyLab
How CMU will be working with Bossa Nova to bring artificial intelligence to retail
 
01:40
CyLab's Marios Savvides and his biometrics lab will be teaming up with Bossa Nova, the leading provider of real-time, on-shelf product data for the global retail industry, to develop and integrate artificial intelligence into service robots in retail stores nationwide.
Просмотров: 309 cmuCyLab
David Brumley - Software Security
 
25:28
David Brumley presents "Software Security" at the 11th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 770 cmuCyLab
Carnegie Mellon's new AI reads privacy policies for you
 
01:45
Carnegie Mellon University just launched an interactive website aimed at helping users make sense of their privacy on the web. Try it out: https://explore.usableprivacy.org/
Просмотров: 363 cmuCyLab
SafeSlinger 1.6 Walkthrough
 
02:43
This is a walkthrough of how to setup and use SafeSlinger for Android and iOS devices. Remember, you don't have to be in the same place to Sling Keys with your friends; you can easily Sling Keys over a phone call or video conference. Now, go out there and be safe, Slingers! Learn more at www.cylab.cmu.edu/safeslinger
Просмотров: 369 cmuCyLab
Norman Sadeh - Mobile App Security and Privacy
 
54:49
CyLab presents Norman Sadeh, Professor at Carnegie Mellon University, as part of the weekly seminar series. Over 100 billion mobile apps will be downloaded in 2013, generating around 26 billion dollars in revenue. As the Android and iOS ecosystems continue to compete for both developers and end-users, they are also finding that making large numbers of APIs accessible by developers can give rise to challenging security and privacy issues. Most recently, this trend has resulted in an explosion in the number of mobile app privacy settings (or "permissions") both iOS and Android users are expected to configure, exposing a fundamental tension between privacy and usability. In this presentation, we will discuss recent results that suggest the number of privacy decisions users have to make could be drastically reduced using a small number of privacy preference profiles. The explosion in the number of permission settings made available to mobile app users is also an indication that app stores such as iTunes and Google Play are competing for user trust and want to be known for offering quality apps to their users. But when you have hundreds of thousands of apps in your store, with many of these apps getting regular updates, keeping up and checking every app can be challenging. In the second part of this talk, I will discuss how statistical linguistic analysis of mobile app reviews might enable app stores to supplement their existing review processes. Part of the research presented in this talk was conducted jointly with Jialiu Lin, Bin Liu, Bin Fu, Lei Li, Christos Faloutsos and Jason Hong.
Просмотров: 473 cmuCyLab
Highlights from the Carnegie Colloquium: Digital Governance and Security
 
02:20
On December 2, 2016, Carnegie Mellon University and the Carnegie Endowment for International Peace co-hosted the second session of their joint Carnegie Colloquium on Digital Governance and Security. This colloquium brought together the policy experts from the Carnegie Endowment for Internationals Peace’s global network and the technical experts at Carnegie Mellon University. The event was held at Carnegie Mellon University in Pittsburgh, PA.
Просмотров: 152 cmuCyLab
Dan Geer - "Cybersecurity as a Matter of National Policy"
 
06:21
Dan Geer Keynote "Cybersecurity as a Matter of National Policy" September 29, 2010
Просмотров: 444 cmuCyLab
Marios Savvides Demonstrates Long-Range Iris Recognition System
 
01:54
Electrical and Computer Engineering and CyLab Associate Research Professor Marios Savvides demonstrates the long-range iris recognition system developed in his lab.
Просмотров: 229 cmuCyLab
Juan Andres Guerrer: Cyberspies, Counterspies, and the Missing Validators
 
01:32:47
CyLab presents Juan Andres Guerrero, Senior Security Researcher at Kaspersky Lab, as part of the weekly distinguished seminar series. As espionage becomes more prominent in cyberspace, a nascent industry has been born to investigate and mitigate cyberespionage campaigns. Financial incentives have established a structure for this industry that runs counter to the rules of the great game, by naming and shaming countries in their most sensitive operations. As these companies move their work under the cover of NDAs to avoid inflaming political sensitivities, who will rise to solve the validation crisis and keep threat intelligence producers honest? This talk will discuss the evolution of the threat intelligence production space and the role that academia can play within it.
Просмотров: 452 cmuCyLab
Osman Yagan - Designing Secure and Reliable Wireless Sensor Networks
 
51:43
CyLab presents Osman Yagan, Assistant Research Professor at Carnegie Mellon University, as part of the weekly seminar series. Wireless sensor networks (WSNs) are distributed collection of small sensor nodes that gather security-sensitive data and control security-critical operations in a wide range of industrial, home and business applications. The current developments in the sensor technology and ever increasing applications of WSNs point to a future where the reliability of these networks will be at the core of the society's well-being, and any disruption in their services will be more costly than ever. There is thus a fundamental question as to how one can design wireless sensor networks that are both secure and reliable. In this talk, we will present our approach that addresses this problem by considering WSNs that employ a randomized key predistribution scheme and deriving conditions to ensure the k-connectivity of the resulting network. Random key predistribution schemes are widely accepted solutions for securing WSN communications and the k-connectivity property ensures that the network is reliable in the sense that its connectivity will be preserved despite the failure of any k − 1 sensors or links. Throughout, we will consider two classical key predistribution schemes, namely the Eschenauer-Gligor scheme and the pairwise scheme of Chan, Perrig, and Song. Our approach is based on the analysis of random graph models naturally induced under these schemes, and developing conditions on the network parameters (e.g., number of nodes, density of nodes in the deployed area, link failure probability, number of keys per node, key pool size), which will ensure that the resulting networks are k-connected with very high probability. The main focus of the talk will be on the latest results concerning the k-connectivity of secure WSNs under an ON-OFF communication channel model. Possible extensions to the disk communication model will also be discussed.
Просмотров: 1235 cmuCyLab
Ken Mai: Building Secure Reliable Hardware Roots-of-Trust: Are PUFs Enough?
 
49:31
CyLab presents Ken Mai, Senior Systems Scientist at Carnegie Mellon University, as part of the weekly seminar series. Hardware roots-of-trust are often regarded as the bedrock upon which the rest of the system securities lies. They perform basic security critical functions such as cryptographic key storage/generation, hardware and software authentication, secure data storage, and data encryption/hashing. Further, these blocks must be resistant to various forms of non-invasive and invasive attacks and tampering. We will examine the necessary features and characteristics of hardware roots-of-trust and if current technologies can meet those needs. Specifically, we will focus on the design and implementation of physical unclonable functions (PUFs) and whether they are suitable for hardware roots-of-trust.
Просмотров: 904 cmuCyLab
Jonathan McCune - Part 2 - Software-Based Attestation
 
08:08
Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University. For more information on CyLab, go to http://www.cylab.cmu.edu
Просмотров: 227 cmuCyLab
What is CyLab?
 
02:50
CyLab is Carnegie Mellon's university-wide security and privacy institute. Over 100 faculty and 200 graduate students from across all disciplines at the University are working in CyLab to create a world in which technology can be trusted.
Просмотров: 306 cmuCyLab
Code 2600 - Panel Discussion
 
46:50
On Friday, October 12th, 2012, Carnegie Mellon University CyLab hosted two screenings of CODE 2600, an award-winning full-length documentary on the societal implications of cyber security and cyber risk; and these evening screenings were preceded by an afternoon panel in which CyLab researchers Lorrie Cranor, Nicolas Christin and Norman Sadeh joined the filmmaker for a discussion of the film and the important issues it highlights. In Code 2600, writer/director Jeremy Zerechak not only documents the rise of the Information Technology Age, but he also interviews many of those involved in this extraordinary shift in how we communicate, learn, transact business, and yes, conduct war. Cyber security and privacy luminaries featured in Zerechak's film include: world-class cryptographer and security commentator Bruce Schneier, BlackHat and DEFCON founder Jeff Moss, leading security iconoclast Marcus Ranum, as well as Jennifer Granick, Director of Civil Liberties at Stanford University's Center for Internet and Society, and CyLab's own Lorrie Cranor, Director of CyLab Usable Privacy and Security (CUPS) Laboratory.
Просмотров: 1291 cmuCyLab
Michael Farb - SafeSlinger: Applied Ad-hoc Smartphone Trust Establishment
 
50:49
CyLab presents Michael Farb, Research Programmer at Carnegie Mellon University, as part of the weekly seminar series. Michael presents SafeSlinger, the result of research into several protocols, designed to subvert the bane of public-key cryptography, the man-in-the-middle attack. This solution easily bootstraps secure communication in-person with a device most people already own - their phone. SafeSlinger is designed to allow users to store any data, such as a public key, in their phone's address book. When users run SafeSlinger, they select their own key from the address book, enter a pair of short numbers and confirm a 3-word list matches that displayed by other users' phones. Farb presents the architectural details of how this trust is established, and discuss the engineering choices made as a result of a cross-platform implementation.
Просмотров: 625 cmuCyLab
Business Risks Forum: Ed Stroz - Manipulation of Digital Evidence in Investigations
 
08:55
Ed Stroz, Co-President, Stroz Friedberg -- "Manipulation of Digital Evidence in Investigations" 03-22-10. For more information on CyLab and its Partners Program, go to http://www.cylab.cmu.edu
Просмотров: 652 cmuCyLab
8th Annual CyLab Partners Conference: Collin Jackson - Web Security
 
19:33
Collin Jackson presents "Web Security" at the 8th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 148 cmuCyLab
SensorFly
 
02:07
The SensorFly is a novel low-cost controlled-mobile aerial sensor networking platform developed by Carnegie Mellon Silicon Valley students Aveek Purohit, Zheng Sun, and professor Pei Zhang. It is the most lightweight flying sensor platform implemented to date. SensorFly, with its miniature helicopter-based mobile sensors, addresses the shortcomings of the static sensor networks approach.
Просмотров: 104 cmuCyLab
Nick Nikiforakis: Dial One for Scam - A Large-Scale Analysis of Technical Support Scams
 
01:01:57
CyLab presents Nick Nikiforakis, Assistant Professor at Stony Brook University, as part of the weekly distinguished seminar series. In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide remote machine access to the scammers, who will then "diagnose the problem", before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web. In this talk, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by technical support scams.
Просмотров: 313 cmuCyLab
SOUPS 2014 Keynote: Christopher Soghoian, "Sharing Blame for NSA's Dragnet Surveillance"
 
56:11
The Symposium on Usable Privacy and Security (SOUPS) 2014 was held in July 2014 at Facebook headquarters. Christopher Soghoian, principal technologist at the ACLU, gave the keynote address, titled, "Sharing the blame for the NSA's dragnet surveillance program."
Просмотров: 960 cmuCyLab
Business Risks Forum: Keith Rhodes - Virtual Realpolitik and Cyber Detente
 
54:49
CyLab presents Keith Rhodes, Chief Technology Officer, QinetiQ N.A. as part of the Business Risks Forum series. In the good old/bad old days of the Cold War, there were a two ideas that influenced negotiations between the main belligerents (USA, USSR) starting around 1969: Realpolitik and Detente. Oddly enough, both of these were formally introduced as foreign policy during the Nixon administration and were defined by the same man, Dr. Henry Kissinger. Is it possible that Mutually Assured Destruction (MAD) was effectively held at bay for the past 65 years by two ideas? And now we find ourselves day-to-day bombarded (forgive the pun) with dire news of the coming Great Cyber War...or depending on the news outlet, the current Great Cyber War. So why is there no extension of realpolitik and detente to the virtual cyber-based Cold War? This talk will look at the framework of MAD, how it might be applied to the coming (or current) Great Cyber War and the active role researchers MUST play if there is to be any chance of both virtual realpolitik and cyber detente.
Просмотров: 72 cmuCyLab
David Naylor: Balancing Privacy and Functionality - Secure Communication with Middleboxes
 
38:39
CyLab presents David Naylor, PhD Candidate in the School of Computer Science, as part of the weekly Distinguished Seminar Series. We are clearly moving toward an Internet where encryption is ubiquitous—by some estimates, more than half of all Web traffic is HTTPS, and the number is growing. This is a win in terms of privacy and security, but it comes at the cost of functionality and performance, since encryption blinds middleboxes (devices like intrusion detection systems or web caches that process traffic in the network). In this talk I will describe two recent and ongoing projects exploring techniques for including middleboxes in secure sessions in a controlled manner. The first is a protocol, developed in collaboration with Telefónica Research and called Multi-Context TLS (mcTLS), that adds access control to TLS so that middleboxes can be added to a TLS session with restricted permissions. The second, which is ongoing work with Microsoft Research, explores bringing trusted computing technologies like Intel SGX to network middleboxes.
Просмотров: 283 cmuCyLab
CyLab Seminar Series: Bruno Sinopoli - Sensing, Estimation and Control of Cyber-Physical Systems
 
09:36
Bruno Sinopoli Sensing, Estimation and Control of Cyber-Physical Systems May 4, 2010
Просмотров: 893 cmuCyLab
Anupam Datta - Privacy through Accountability
 
57:42
CyLab presents Anupam Datta, Associate Professor at Carnegie Mellon University, as part of the weekly seminar series. Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. To mitigate privacy concerns, organizations are required to respect privacy laws in regulated sectors (e.g., HIPAA in healthcare, GLBA in financial sector) and to adhere to self-declared privacy policies in self-regulated sectors (e.g., privacy policies of companies such as Google and Facebook in Web services). We investigate the possibility of formalizing and enforcing such practical privacy policies using computational techniques. We formalize privacy policies that prescribe and proscribe flows of personal information as well as those that place restrictions on the purposes for which a governed entity may use personal information. Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled audit and accountability mechanisms with provable properties that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame and punishing violators. We apply these techniques to several US privacy laws and organizational privacy policies, in particular, producing the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.
Просмотров: 188 cmuCyLab
Adrian Perrig - High Resilience Internet Communication
 
28:16
Adrian Perrig presents "High Resilience Internet Communication" at the 9th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 170 cmuCyLab
Jonathan McCune - Part 4 - Software-Based Attestation
 
05:36
Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University. For more information on CyLab, go to http://www.cylab.cmu.edu
Просмотров: 132 cmuCyLab
8th Annual CyLab Partners Conference: David Brumley - Safe Software
 
19:33
David Brumley presents "Safe Software" at the 8th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 234 cmuCyLab
Business Risks Forum: Michelle Dennedy - Privacy by Design for our Technology and Our Future
 
01:13:30
CyLab presents Michelle Dennedy, VP and Chief Privacy Officer at McAfee, Inc as part of its Business Risks Forum series. Michelle Dennedy has been working in the cyber protection area for well over a decade. She discusses the basic elements for Privacy by Design--or, how to build a better and more ethical mousetrap. She also discusses the elements of Fair Information Privacy Principles that are the foundations for most of the worlds' data privacy legislative schemes. Dennedy highlights the reality of being a professional in the data protection space and some tools and tips to prepare to fight for budget for ones data protection projects, build a sustainable privacy program in partnership with technical, product, legal and audit teams. Finally, she discusses how choices in the corporate and government data protection worlds may impact our communities.
Просмотров: 915 cmuCyLab
Cormac Herley: Passwords - A Guide to the Ruins and Lessons for Improvement
 
01:25:11
CyLab presents Cormac Herley, Principal Researcher at Microsoft Research, as part of its weekly seminar series. We review some of our recent work on authentication and search for lessons on why problems here have proved so persistent. First, considering a user who has, not one but dozens of accounts to maintain, we find that the common advice (choose random passwords and one per account) is not merely difficult but impossible in the absence of memory aids. We show that weak passwords and password re-use, far from being shameful manifestations of user failings, are essential tools in allocating effort as portfolio size grows. Second, we examine the gap between the effort needed to withstand online and offline attacks, and find it to be enormous: probable safety occurring when a password resists 10^6 and 10^14 guesses respectively. This implies that many common practices guarantee large-scale waste of user effort. These include exceeding the online while falling short of the offline threshold, and encouraging users to resist offline guessing at sites where passwords are stored plaintext or reversibly encrypted. Finally, we seek lessons. How do we end up insisting on the necessity of things that prove impossible? Why do we keep getting things wrong? What will it take to move things forward?
Просмотров: 789 cmuCyLab
8th Annual CyLab Partners Conference: Bruno Sinopoli - On the Security of Cyber-Physical Systems
 
23:56
Bruno Sinopoli presents "On the Security of Cyber-Physical Systems" at the 8th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 325 cmuCyLab
Virgil Gligor - Part I - Axioms of (In)Security and Human-Usable Security
 
09:02
Virgil Gligor, CyLab Director, issues "A Challenge for Trustworthy Computing" at TIW 2010 on the Carnegie Mellon Campus, in Pittsburgh, Pa., on 6-7-10. For more information on CyLab and its Partners Program, go to http://www.cylab.cmu.edu
Просмотров: 459 cmuCyLab
Lorrie Cranor - Privacy Nudges and Self-Censorship on Social Media
 
59:06
CyLab presents Lorrie Cranor, Associate Professor at Carnegie Mellon University, as part of the weekly seminar series. Anecdotal evidence and scholarly research have shown that a significant portion of Internet users experience regrets over their social network disclosures. To help individuals avoid regrettable disclosures, we employed lessons from behavioral decision research and soft paternalism to design mechanisms that "nudge" users to consider the content and context of their online disclosures more carefully. We developed three privacy nudges for Facebook, focusing on visual cues about the audience, time delays, and feedback mechanisms. I will talk about how our research on regrettable disclosures on social networks informed our Facebook privacy nudge designs and present results of our field trials. While nudges are designed to encourage self-censorship, many social network users already practice self-censorship regularly. I will also discuss a study in which we explored self-censorship on Facebook by asking participants to report all content that they thought about sharing but decided not to share on Facebook for a week. Our results shed light on the types of content users tend to self-censor as well as the difficulties Facebook users have in precisely targeting content to a desired audience.
Просмотров: 375 cmuCyLab
SafeSlinger for Secure Communications
 
03:05
CyLab researchers have developed and released a new smartphone app to provide users with a free and easy to use means for secure messaging and file transfer. With SafeSlinger, a user can establish secure communications directly with trusted individuals and groups in ten seconds, with nothing more than the smartphone in their hand. Learn more: http://www.cylab.cmu.edu/safeslinger (mobile: http://www.cylab.cmu.edu/safeslinger/m.html)
Просмотров: 13360 cmuCyLab
Anthony Rowe: Networked Embedded Systems: Integration with the Physical Environment
 
02:10
"Whether people like it or not, the Internet of Things is coming, and hopefully with the research that we're doing here, it'll be a positive experience." In this video, Associate Professor of Electrical & Computer Engineering Anthony Rowe discusses technologies that integrate computers and sensors with the physical environment to better manage the world around us.
Просмотров: 93 cmuCyLab
Anthony Rowe - Large-Scale Sensing
 
19:05
Anthony Rowe presents "Large-Scale Sensing" at the 9th Annual CyLab Partners Conference. A valued benefit of CyLab's corporate partners program, this annual event allows attendees to immerse themselves in numerous CyLab research projects. Learn more at www.cylab.cmu.edu.
Просмотров: 202 cmuCyLab
CyLab Seminar Series: Anupam Datta -  Modularity in Computer Security
 
10:32
Anupam Datta Modularity in Computer Security February 22, 2010
Просмотров: 472 cmuCyLab
CyLab Seminar Series: Nicolas Christin - Understanding Online Criminals
 
52:48
CyLab presents Nicolas Christin, Associate Director of the Information Networking Institute at Carnegie Mellon University, as part of the weekly CyLab seminar series. His talk addresses how online crime has undergone an extremely rapid growth in the past decade, and understanding it from an economic and operational standpoint has become a key to trying to turn the tide. In this talk, he describes two measurement studies that we have conducted to that effect over the past two years.
Просмотров: 295 cmuCyLab
Lujo Bauer - Helping Users Create Better Passwords
 
01:08:18
CyLab presents Lujo Bauer, Assistant Research Professor at Carnegie Mellon University, as part of the weekly seminar series. Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this threat, password composition policies have grown increasingly complex. In this talk, Bauer will first review our earlier results on the security and usability of different password-composition policies, and of metrics for quantifying password security. He will then discuss two more recent studies of passwords. In one, we take a look at passphrases, which have been suggested as secure and usable for decades. Through empirical investigation, we seek to determine whether passphrases are or can be the panacea for user authentication. (Spoiler: probably not.) In the second study, we focus on password-strength meters. These visual indicators of password strength are commonly used in the hope of nudging users to create better passwords, but their effects on the security and usability of passwords have not been well understood. Our work seeks to empirically determine these effects, as well as to shed light on which elements of password-meter design are important.
Просмотров: 968 cmuCyLab