Theory Plus Practice in Computer Security : Radio FrequencyIdentification and Whitebox Fuzzing
David Molnar
Univeristy of California at Berkeley
SWS Colloquium
David Molnar is a PhD candidate at the University of California,
Berkeley, degree expected Spring 2009. His work centers on privacy,
cryptography, and computer security, advised by David Wagner. Most
recently, he has been interested in RFID privacy, and in applying
constraint solvers to finding software bugs at scale (see http://www.metafuzz.com). He is a previous National Science Foundation
Graduate Fellow and Intel Open Collaboration Research Graduate Fellow.
I will describe two areas in computer security that
demonstrate the wide range of techniques, from both theory and practice,
we need to make impact. First, I treat privacy and security in Radio
Frequency Identification (RFID). RFID refers to a range of technologies
where a small device with an antenna, or "tag" is attached to an item
and can be queried later wirelessly by a reader. While proponents of
RFID promise security and efficiency benefits, the technology also
raises serious security concerns. I will describe my work on practical
security analysis of RFID in library books and the United States
e-passport deployments. These deployments in turn uncover a new
theoretical problem, that of "scalable private authentication." I will
describe the first solution to this problem that scales sub-linearly in
the number of RFID tags.
Second, I describe recent work in "whitebox fuzz testing," a new
approach to finding security bugs. Security bugs cost millions of
dollars to patch after the fact, so we want to find and fix them as
early in the deployment cycle as possible. I review previous fuzz
testing work, how fuzzing has been responsible for serious security
bugs, and classic fuzz testing's inability to deal with "unlikely" code
paths. I then show how marrying the idea of dynamic test generation with
fuzz testing overcomes these shortcomings, but raises significant
scaling problems. Two recent tools, SAGE at Microsoft Research, and
SmartFuzz at Berkeley, overcome these scaling problems; I present
results on the effectiveness of these tools on commodity Windows and
Linux media playing software. Finally, I close with directions for
leveraging cloud computing to improve developers' testing and debugging
experience.
The talk describes joint work with Ari Juels and David Wagner (RFID),
and with Patrice Godefroid, Michael Y. Levin, and Xue Cong Li and David
Wagner (Whitebox Fuzzing).