imchris.org

Moved to Berkeley: research and climbing

admin — Mon, 25 Jan 2010 03:40:17 +0000

Last fall I moved to Berkeley and started as a postdoc in the EECS department for Vern Paxson. I’ve been there now for about 4 months working on a number of different security topics ranging from web security to bot nets.

On the web front we just found out that we have a paper in WWW 2010 on a system named Alhambra, that was the third (and final) part of my dissertation.

On bots, I’ve taken some responsibility on the farming of bots, including testing new malware binaries, attempting to identify malware, and keeping bots running in an environment where we can monitor them.

Another interesting project has involved Twitter (with Steve and Kurt), and I’ve been doing a lot of infrastructure work to get our code running on the scale we need. Python, Amazon’s EC2, and the multiprocessing library seem to be the key so far to making things work the scale we are aiming for.

Finally, climbing – There’s been a lot of weekend trips since I moved here: Yosemite, Kings Canyon, Pinnacles national monument, Mount Diablo, Bishop, Owns River gorge, Castle Rock state park, and probably others. Climbing a lot at Berkeley Ironworks too.

Red Rocks and RRG climbing

admin — Tue, 01 Sep 2009 23:28:57 +0000

I have just about finished moving out to Berkeley, CA where I have started my position as a postdoc. Now that I almost have a computer setup, its about time to get pictures on here from Red River Gorge, KY and Red Rocks Canyon, NV, the two most recent climbing trips. The RRG trip was this last summer leaving from UIUC with Kurt, Mirella, Justin and Carolyn. The Red Rocks trip was during all our free time during DEFCON, about 4 trips each.

RRG – Climbed for two days, then it started raining. We hit Muir Valley (practice wall area) and the Natural Arch (roadside crag). There’s plenty of climbing all over, but unless you comfortably can climb 5.12 sport or trad, be prepared to drive around to find stuff that’s in your range.

Red Rocks – Mostly climbed at First and Second Pullout, at Black Corridor, the Gallery, and the Panty Wall. The Black Corridor was right in our range for climbing, not impossible, but a good range of routes to climb during the day (and in the shade). The panty wall was simply too easy, and would have been a good warmup if it wasn’t already 105 deg outside. The Gallery area was good but not as big as I expected and it took us a long time to find the right approach. It was our last day so we were tired from DEFCON and the other days of climbing, so a few hours in the morning shade climbing and we had done most of the routes we wanted to.

Gazelle press!

admin — Sat, 25 Jul 2009 17:26:42 +0000

The Gazelle web browser, which was my summer project in 2008 at MSR, has been getting a lot of press lately and even has a wikipedia page now. It’s interesting to read and see what different writers say and how people have been reacting.

A less technical article on CNET – Microsoft browser takes radical path
More technical at OS news – Gazelle: Applying OS concepts to the browser
From The Guardian – Google Chrome OS: is it copying Microsoft’s Gazelle or is it more like Splashtop?
Good one from Arstechnica – Inside Gazelle, Microsoft Research’s “browser OS”
MSR summary and description – When is a browser not a browser?

There’s two official docs from MSR on Gazelle, a tech report and the USENIX Security 2009 publication. The publication is an improved version of the TR, so I’d stick with that. If there are more, let me know (grier@imchris.org). I’ve given a couple talks on Gazelle, one at Stanford for EE 380 that is online somewhere, and anyone can email me for my slides.

Gazelle – MSR project update

admin — Sun, 12 Jul 2009 23:05:43 +0000

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here.

Simply put, Gazelle is a browser with an OS architecture that provides greater strength against different types of attacks than other browsers. By adopting OS principles the browser is able to provide isolation for different-origin content, with additional control over display and user generated events. There’s a lot more to it and the full details are described in the paper.

Back to UIUC, we have adapted a couple of the ideas from the Gazelle paper into the OP web browser, such as the isolation of frames and the display security (and delegate-once policy), though it is a much different implementation than Gazelle.

Gazelle has been slashdotted a few times (first and second), and there’s a pretty good Arstechnica article on it.

Climbing at Jackson and Cedar Bluff

admin — Mon, 01 Jun 2009 18:34:07 +0000

I have recently started climbing outdoors. As of June 2009 I’ve been to Jackson Falls and Cedar Bluff both in southern IL. I’ll try and post pictures of climbs here when I have them. There’s a lot of good resources already online for Jackson and other places in IL, so I’ll try and link those too.

Jackson directions and routes online.

Cedar Bluff directions and routes

Vertical Heartland, A Rock Climber’s Guide to Southern Illinois by Eric Ulner looks like the best resource for climbing in IL.

Cedar Bluff – Saturday May 30, we went to Cedar Bluff. I had never been there before. The directions found on the link above are right. Park by the church and hike up a short trail to the bluff. It was raining when we got there, but the first few climbs were dry. At the bluff we climbed:

Africa (left side, 5.8) and Detention (right side, 5.10a) at Cedar Bluff

Detention (5.10a lead, right where the trail meets the bluff)
Africa (5.8 top rope, directly next to Detention)
Fear of Flying (5.9, off-width crack, coming up from the trail go to the left)
Dos Equis (5.9+ lead, coming up the trail go to the right.)

Fear of Flying (5.9, off-width crack) at Cedar Bluff

Jackson Falls – Sunday, may 31 we drove to Jackson. I had been there once before but for the most part climbed new routes. This was the second day of lead climbing outside for me so we took it easy and did some great routes.

Yosemite Slab area – Fun routes, good to get going. Two out of the four of us had never climbed outdoors before, so this was a fun start.

Pete’s Lead (5.7, top rope)
Smidgin (5.6, lead)
Tina’s Soul Food Kitchen (5.7, lead)
Easy Gully (5.6, top rope)

Royal Arch wall – I had climbed here the one time I had been to Jackson before, and done one of the routes next to Deetle Dumps (maybe Archangel, 5.10a, or The Meanest Flower, 5.9)

Deetle Dumps (5.8, lead)

Wave Wall – This route was difficult, either I was tired from the previous day and other climbs or something, but doing Fine Nine really made me tired for the day.

Fine Nine (5.9+, lead, right side picture)

Pete's Lead (5.7, crack on left) and part of Smidgin (5.6 right side of the picture) at Jackson Falls

Fine Nine (5.9+) at Jackson Falls

Mr. Jimmy – A tall free standing boulder, the easy climb was fun and fairly long. The camera battery died before we got here, so there aren’t any pictures.

Big wall Greg’s Chicken Shack (5.6, lead)
Venom (5.10a, lead)

more papers!

admin — Thu, 30 Apr 2009 04:14:52 +0000

Two more publications: The Gazelle paper is going to be at USENIX Security and a short paper at Web 2.0 Security and Privacy on plugin security. See my research page for more information! PDFs should be online as soon as I’ve finished the camera ready versions.

Also, I did a talk at Stanford for the Electrical Engineering Computer Systems Colloquium (EE 380), the video should be online here. There were some technical difficulties with the projector, but for the online version that might not be visible.

unFriendly – looking at personal information

admin — Fri, 13 Mar 2009 19:36:16 +0000

SigMIL participated in this year’s Engineering Open House with a project called unFriendly. The goal was originally to see if we could infer, with some degree of success, information about people on Facebook based on their friends’ profiles (we can).

After we had that, the goals changed some to a tool that creates profiles with different sources of information. We had Facebook data (from crawling), campus phone book data (also has a LDAP version), voter records (for Champaign County) and we put it all together in nice google-knockoff web site that lets people search and see what data we can gather and infer about someone. Right now our dataset is limited to people at UIUC, but it wouldn’t be difficult to extend it to larger groups.

Death Valley

admin — Sun, 21 Dec 2008 03:50:56 +0000

During Thanksgiving break I went to Death Valley National Park. Flew into Las Vegas and drove to the park. It’s an amazing place. I started to write a short page about the different things I ended up doing and there’s pictures on my flicker feed. I joined the pro flickr club so they won’t be disappearing. The trip was pretty long though a lot of fun.

The rest of the fall semester is going to be working on another project, my thesis propsal and setting up prelims. I might even have to start interviewing for jobs.

Fall 2008

admin — Sun, 02 Nov 2008 22:48:57 +0000

Fall 08 started a quick and is already half over. I’ve been continuing my project from Microsoft Research, working with a security group there lead by Helen Wang and working on a couple other security projects at school. I’m almost done with the first part of the MSR project and we will be writing a paper soon. Until that’s written other projects are on hold.

It’s looking like I will be graduating sometime in the spring/summer of 2009 but nothing is final yet. I also want to get a little more research published before I get out of Urbana.

Illinois Malicious Processor Paper

admin — Tue, 15 Apr 2008 04:18:18 +0000

The Illinois Malicious Processor (IMP) project I worked on was written up by InfoWorld! Its a great read: Read it here – That is in addition to it being published at LEET and being awarded a Best Paper Award! The title is “Designing and Implementing Malicious Hardware” and its available online in HTML and PDF formats.