imchris.org

In the summer of 2007 I wrote a paper on the OP web browser that was published at Oakland in 2008. A few months afterward I was invited to submit it as a “fast tracked” paper in a journal. I thought it would be a easy way to add in some of the work we had done while working on and using OP since summer 2007.

If, or when, the journal paper actually gets published, security and systems researchers will have been using Chrome since Sept 2008 (over 2 years), had the opportunity to read the Gazelle paper (summer 2009), use Firefox with out-of-process plugins (spring 2010), and possibly even try out a full multi-process Firefox (upcoming release?), not to mention LCIE in IE8 (spring 2009). And this list doesn’t even include the many other security improvements that have been made in these browsers.

My paper about spam on Twitter has been accepted into ACM Conference on Computer and Communications Security in Oct 2010. It’s going to be a fun presentation in Chicago, and I’m looking forward to continuing the project now that we have the first part of our work out on it.

Overall it was an interesting project that’s goal was to understand spam on Twitter and what, if anything, is the difference between Twitter spam and email spam (besides that it’s shorter). More details on the results and analysis after the camera ready…

Official citation:

Chris Grier, Kurt Thomas, Vern Paxson and Michael Zhang, “@spam: The underground on 140 characters or less,” To appear in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), October 2010.

I’ve put added recent publications to the research page including links to the PDFs. Shuo presented our paper on Alhambra at WWW, Cho presented our paper on MegaD infiltration at LEET, and Kurt will be presenting unFriendly at PETS this summer which is a project that examines multi-party privacy on Facebook. If we are lucky, I’ll be presenting a Twitter-related paper next Fall.

Short paper summaries:

Alhambra – a browser-based replay system to test client side security policies. Using replay and comparison metrics we can quickly and automatically determine if a particular browser security policy breaks web applications.

MegaD infiltration – Developed milkers to continually monitor and participate (in a safe manner) in the command and control network used by the MegaD spamming botnet. We present our analysis of four months of C&C infiltration.

unFriendly – Examined multi-party privacy on Facebook. Multi-party privacy conflicts exist when one user has more restrictive privacy settings than their friend and using simple data mining techniques, we are able to infer private profile attributes by examining the conflicts that exist for users on Facebook.

Last fall I moved to Berkeley and started as a postdoc in the EECS department for Vern Paxson. I’ve been there now for about 4 months working on a number of different security topics ranging from web security to bot nets.

On the web front we just found out that we have a paper in WWW 2010 on a system named Alhambra, that was the third (and final) part of my dissertation.

On bots, I’ve taken some responsibility on the farming of bots, including testing new malware binaries, attempting to identify malware, and keeping bots running in an environment where we can monitor them.

Another interesting project has involved Twitter (with Steve and Kurt), and I’ve been doing a lot of infrastructure work to get our code running on the scale we need. Python, Amazon’s EC2, and the multiprocessing library seem to be the key so far to making things work the scale we are aiming for.

Finally, climbing – There’s been a lot of weekend trips since I moved here: Yosemite, Kings Canyon, Pinnacles national monument, Mount Diablo, Bishop, Owns River gorge, Castle Rock state park, and probably others. Climbing a lot at Berkeley Ironworks too.

The Gazelle web browser, which was my summer project in 2008 at MSR, has been getting a lot of press lately and even has a wikipedia page now. It’s interesting to read and see what different writers say and how people have been reacting.

• A less technical article on CNET – Microsoft browser takes radical path
• More technical at OS news – Gazelle: Applying OS concepts to the browser
• From The Guardian – Google Chrome OS: is it copying Microsoft’s Gazelle or is it more like Splashtop?
• Good one from Arstechnica – Inside Gazelle, Microsoft Research’s “browser OS”
• MSR summary and description – When is a browser not a browser?

There’s two official docs from MSR on Gazelle, a tech report and the USENIX Security 2009 publication. The publication is an improved version of the TR, so I’d stick with that. If there are more, let me know (grier@imchris.org). I’ve given a couple talks on Gazelle, one at Stanford for EE 380 that is online somewhere, and anyone can email me for my slides.

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here.

Simply put, Gazelle is a browser with an OS architecture that provides greater strength against different types of attacks than other browsers. By adopting OS principles the browser is able to provide isolation for different-origin content, with additional control over display and user generated events. There’s a lot more to it and the full details are described in the paper.

Back to UIUC, we have adapted a couple of the ideas from the Gazelle paper into the OP web browser, such as the isolation of frames and the display security (and delegate-once policy), though it is a much different implementation than Gazelle.

Gazelle has been slashdotted a few times (first and second), and there’s a pretty good Arstechnica article on it.

Two more publications: The Gazelle paper is going to be at USENIX Security and a short paper at Web 2.0 Security and Privacy on plugin security. See my research page for more information! PDFs should be online as soon as I’ve finished the camera ready versions.

Also, I did a talk at Stanford for the Electrical Engineering Computer Systems Colloquium (EE 380), the video should be online here. There were some technical difficulties with the projector, but for the online version that might not be visible.

SigMIL participated in this year’s Engineering Open House with a project called unFriendly. The goal was originally to see if we could infer, with some degree of success, information about people on Facebook based on their friends’ profiles (we can).

After we had that, the goals changed some to a tool that creates profiles with different sources of information. We had Facebook data (from crawling), campus phone book data (also has a LDAP version), voter records (for Champaign County) and we put it all together in nice google-knockoff web site that lets people search and see what data we can gather and infer about someone. Right now our dataset is limited to people at UIUC, but it wouldn’t be difficult to extend it to larger groups.

Fall 08 started a quick and is already half over. I’ve been continuing my project from Microsoft Research, working with a security group there lead by Helen Wang and working on a couple other security projects at school. I’m almost done with the first part of the MSR project and we will be writing a paper soon. Until that’s written other projects are on hold.

It’s looking like I will be graduating sometime in the spring/summer of 2009 but nothing is final yet. I also want to get a little more research published before I get out of Urbana.

The Illinois Malicious Processor (IMP) project I worked on was written up by InfoWorld! Its a great read: Read it here – That is in addition to it being published at LEET and being awarded a Best Paper Award! The title is “Designing and Implementing Malicious Hardware” and its available online in HTML and PDF formats.