Job ad: post-doctoral researcher in security, operating systems, computer architecture

Hardware & signals, Jobs, Operating systems, Processors

We are pleased to announce a job opening at the University of Cambridge Computer Laboratory for a post-doctoral researcher working in the areas of security, operating systems, and computer architecture.

Research Associate
University of Cambridge – Faculty of Computer Science & Technology

Salary: £27,428 – £35,788 pa
The funds for this post are available for one year:

We are seeking a Post-doctoral Research Associate to join the CTSRD Project, which is investigating fundamental improvements to CPU architecture, operating system (OS), and programming language structure in support of computer security. The CTSRD Project is a collaboration between the University of Cambridge and SRI International, and part of the DARPA CRASH research programme on clean-slate computer system design.

This position will be an integral part of an international team of researchers spanning multiple institutions across academia and industry. The successful candidate will contribute to low-level aspects of system software: compilers, language run-times, and OS kernels. Responsibilities will include researching the application of novel dynamic techniques to C-language operating systems and applications, including adaptation of the FreeBSD kernel and LLVM compiler suite, and measurement of the resulting system.

An ideal candidate will hold (or be close to finishing) a PhD in Computer Science, Mathematics, or similar with a strong background in low-level system software development, which should include at least of one of strong kernel development experience (FreeBSD preferred; Linux acceptable), or compiler internals experience (LLVM preferred; gcc acceptable). Strong experience with the C programming language is critical. Some background in computer security is also recommended.

Candidates must be able to provide evidence of relevant work demonstrated by a research publication track record or industrial experience. Good interpersonal and organisational skills and the ability to work in a team are also essential. This post is intended to be filled as soon as practically possible after the closing date.

Applications should include:

  • Curriculum Vitae
  • Brief statement of the particular contribution you would make to the project
  • A completed form CHRIS6

Completed applications should be sent by post to: Personnel-Admin,Computer Laboratory, William Gates Building, JJ Thomson Avenue, Cambridge, CB3 0FD, or by email to: personnel-admin@cl.cam.ac.uk

Quote Reference: NR10692
Closing Date: 10 January 2012

The University values diversity and is committed to equality of opportunity.

Privacy event on Wednesday

Legal issues, News coverage, Politics, Privacy technology, Security economics, Security engineering

I will be talking in London on Wednesday at a workshop on Anonymity, Privacy, and Open Data about the difficulty of anonymising medical records properly. I’ll be on a panel with Kieron O’Hara who wrote a report on open data for the Cabinet Office earlier this year, and a spokesman from the ICO.

This will be the first public event on the technology and policy issues surrounding anonymisation since yesterday’s announcement that the government will give wide access to anonymous versions of our medical records. I’ve written extensively on the subject: for an overview, see my book chapter which explores the security of medical systems in general from p 282 and the particular problems of using “anonymous” records in research from p 298. For the full Monty, start here.

Anonymity is hard enough if the data controller is capable, and motivated to try hard. In the case of the NHS, anonymity has always been perfunctory; the default is to remove patient names and addresses but leave their postcodes and dates of birth. This makes it easy to re-identify about 99% of patients (the exceptions are mostly twins, soldiers, students and prisoners). And since I wrote that book chapter, the predicted problems have come to pass; for example the NHS lost a laptop containing over eight million patients’ records.

Here we go again

Legal issues, News coverage, Privacy technology, Security economics, Security engineering

The Sunday media have been trailing a speech by David Cameron tomorrow about giving us online access to our medical records and our kids’ school records, and making anonymised versions of them widely available to researchers, companies and others. Here is coverage in the BBC, the Mail and the Telegraph; there’s also a Cabinet Office paper. The measures are supported by the CEO of Glaxo and opposed by many NGOs.

If the Government is going to “ensure all NHS patients can access their personal GP records online by the end of this Parliament”, they’ll have to compel the thousands of GPs who still keep patient records on their own machines to transfer them to centrally-hosted facilities. The systems are maintained by people who have to please the Secretary of State rather than GPs, and thus become progressively less useful. This won’t just waste doctors’ time but will have real consequences for patient safety and the quality of care.

We’ve seen this repeatedly over the lifetime of NPfIT and its predecessor the NHS IM&T strategy. Officials who can’t develop working systems become envious of systems created by doctors; they wrest control, and the deterioration starts.

It’s astounding that a Conservative prime minister could get the idea that nationalising something is the best way to make it work better. It’s also astonishing that a Government containing Liberals who believe in human rights, the rule of law and privacy should support the centralisation of medical records a mere two years after the Joseph Rowntree Reform Trust, a Liberal charity, produced the Database State report which explained how the centralisation of medical records (and for that matter children’s records) destroys privacy and contravenes human-rights law. The coming debate will no doubt be vigorous and will draw on many aspects of information security, from the dreadful security usability (and safety usability) of centrally-purchased NHS systems, through the real hazards of coerced access by vulnerable patients, to the fact that anonymisation doesn’t really work. There’s much more here. Of course the new centralisation effort will probably fail, just like the last two; health informatics is a hard problem, and even Google gave up. But our privacy should not depend on the government being incompetent at wrongdoing. It should refrain from wrongdoing in the first place.

DNSChanger might change the BGPSEC landscape

Internet censorship, Legal issues, News coverage, Politics

In early November, a sophisticated fraud was shut down and a number of people arrested. Malware from a family called “DNSChanger” had been placed on around four million machines (Macs as well as Windows machines) over several years.

The compromised users had their DNS traffic redirected to criminally operated servers. The main aim of the criminals seems to have been to redirect search queries and thereby to make money from displaying adverts.

Part of the mitigation of DNSChanger involves ISC running DNS servers for a while (so that 4 million people whose DNS servers suddenly disappear don’t simultaneously ring their ISP helpdesks complaining that the Internet is broken).

To prevent bad people running the DNS servers instead, the address blocks containing the IPs of the rogue DNS servers which used to belong to the criminals (but are now pointed at ISC) have been “locked”.

This is easy for ARIN (the organisation who looks after North American address space) to acquiesce to, because they have US legal paperwork compelling their assistance. However, the Dutch police have generated some rather less compelling paperwork and served that on RIPE; so RIPE is now asking the Dutch court to clarify the position.

Further details of the issues with the legal paperwork can be found on (or linked from) the Internet Governance Project blog. The IGP is a group of mainly but not entirely US academics working on global Internet policy issues.

As the IGP rightly point out, this is going to be an important case because it is going to draw attention to the role of the RIRs — just at the time when that role is set to become even more important.

As we move to crypto-secured BGP routing, the RIRs (ARIN, RIPE etc) will be providing cryptographic assurance of the validity of address block ownership. Which means, in effect, that we are building a system where the courts in one country (five countries in all, for five RIRs) could remove ISPs and hosting providers from the Internet… and some ISPs [and their governments] (who are beginning to think ahead) are not entirely keen on this prospect.

If, as one might expect, the Dutch courts eventually uphold the DNSChanger compulsion on RIPE (even if the Dutch police have to have a second go at making the paperwork valid) then maybe this will prove the impetus to abandon a pyramid structure for BGP security and move to a “sea of certificates” model (where one independently chooses from several overlapping roots of authority) — which more closely approximates the reality of a global system which touches a myriad set of local jurisdictions.

Oral evidence to the malware inquiry

Academic papers, News coverage, Politics

The House of Commons Science and Technology Select Committee is currently holding an inquiry into malware.

I submitted written evidence in September and today I was one of three experts giving oral evidence to the MPs. The session was televised and so conceivably it may turn up on the TV in some strange timeslot — but if you’re interested then there’s a web version for viewing at your convenience. Shortly there will be a written transcript as well.

The Committee’s original set of questions included one about whether malware infection might usefully be treated as a public health issue — of particular interest to me because I have a published paper which considers the role that Governments might play in countering malware for the public good!

In the event, this wasn’t asked about at all. The questions were much more basic, covering the security of hardware and software, the role of the police (and at one point, bizarrely, considering the merits of the Amstrad PCW; a product I was jointly involved in designing and building, some 25 years ago).

In fact it was all rather more about dealing with crime than dealing with malware — which is fine (and obviously closely connected) but it wasn’t the topic on which everyone submitted evidence. This may mean that the Committee has a shortage of material if their report aims to address the questions that they raised today.

Want to create a really strong password? Don’t ask Google

Authentication, Security engineering, Usability, Web security

Google recently launched a major advertising campaign around its “Good to Know” guides to online safety and privacy. Google’s password advice has appeared on billboards in the London underground and a full-page ad in The Economist. Their example of a “very strong password” is ‘2bon2btitq’, taken from the famous Hamlet quote “To be or not to be, that is the question”.
Empirically though, this is not a strong password-it’s almost exactly average! Continue reading Want to create a really strong password? Don’t ask Google

Complaining about spam to the ICO

Legal issues, Spam

Like I imagine most readers of Light Blue Touchpaper, the vast majority of spam I receive is from overseas. For that you can try complaining to the sender’s ISP, but if the spam is being sent from a botnet, there’s not much you can do to stop them sending you more in the future. There might be an unsubscribe link, but clicking on it will just tell the sender that your address has a real person behind it, and might encourage them to send more spam.

Things are different if the sender (of spam email or text messaging) is in the UK, because then they might have violated the Privacy and Electronic Communications Regulations (PECR), and you can complain to the Information Commissioner’s Office (ICO). The process isn’t fast, or particularly easy, and there are plenty of ways the ICO can avoid investigating, but it can get results.

The last time I went through this process was regarding a PR agency which was sending me repeated emails despite me asking to unsubscribe. I sent the complaint to the ICO in November 2010, and it took over 2 months for them to deal with it, but the ICO did conclude that based on the information available, the PR agency did violate the PECR. At the time, the ICO didn’t have powers to punish an organisation for PECR violations but they did remind the agency of their obligations. I was finally unsubscribed from the list and the PR agency even sent me a box of muffins as an apology.

Things don’t always go smoothly though. Before then I complained about an online DVD rentals company, for similar reasons. The ICO initially refused to invoke the PECR, claiming that “If you work for or attend higher education and are receiving unsolicited marketing emails to a university email address, there is no enforceable opt-out right provided by The Privacy and Electronic Communications Regulations 2003 (the Regulations).” However, they did say that if my name is identifiable from my email address, then the sender is processing personal data and thus is covered by the Data Protection Act. I could therefore ask the company to unsubscribe me (which I had done), and if they continued to send me email after 28 days I could complain to the ICO again.

In fact, the email address to which I was sent the spam was my personal address (I did however send the complaint from my university address), which I told the ICO. The ICO then wrote to the company reminding them of their obligations. I never received further emails from the company so it probably worked, but I didn’t get any muffins or even an apology from them.

Since then, some things have changed — particularly that the ICO can now fine organisations up to £500,000 for very serious breaches of the PECR (although as far as I can tell the ICO has never done so). Hopefully this will encourage organisations to take their obligations seriously. I’ve sent a further complaint to the ICO, so I’ll keep you posted on how this progresses. If you want to try sending a complaint yourselves, instructions can be found on the ICO site.

Sovereignty and Cybercrime

Legal issues, News coverage

I spent the early part of this week at the London Conference on Cyberspace, organised by the UK Foreign Office.

Besides feel-good sessions on how wonderful the Internet can be for social engagement and economic growth, the two themes that had really drawn the participants were cybercrime and cyberwar (the latter being rebranded as ‘cyber security’ to avoid frightening the horses).

There was predictably little progress on the latter topic to be seen in public — Russia wants to strengthen national borders in cyberspace (and Evgeny Kaspersky spoke approvingly of strong online identity) and China’s position is similar (albeit their main intervention from the floor was an offer to investigate hacking attacks that came from their country).

Cybercrime was more straightforwardly condemned (which would not have surprised Calvin Coolidge) but the same fault-lines showed up in this topic as well.
Continue reading Sovereignty and Cybercrime

Will LBT be blocked?

Academic papers, Internet censorship, Legal issues, News coverage

Back in July I wrote a blog article “Will Newzbin be blocked?” which discussed the granting of an injunction to a group of movie companies to force BT to block access to “Newzbin2“.

The parties were back in court this last week to hammer out the exact details of the injunction.

The final wording of the injunction requires BT to block customer access to Newzbin2 by #1(1) rerouting traffic to relevant IPs and #1(2) applying “DPI based” URL blocking. The movie companies have to tell BT which IPs and which URLs are relevant.

#2 of the injunction says that BT can use its existing “Cleanfeed” system (which I wrote about here and at greater length in my PhD thesis here) to meet the requirements of #1, even though Cleanfeed isn’t believed to use DPI at all !

#3 and #4 of the injunction allows the parties to agree to suspend blocking and to come back to court in the future, and #5 relates to the costs of the court action.

One of the (few) upsides of this injunction will be to permit lawful experimentation as to the effectiveness of the Cleanfeed system, assuming that it is used — if the studios ask for all URLs on a website to be blocked, I expect that null routing the website entirely will be simpler for BT than redirecting traffic to the Cleanfeed proxy.

Up until now, discovering a flaw in the technical implementation of Cleanfeed would result in successful access to a child sexual abuse image website. Anyone monitoring the remote end of the connection might then draw the conclusion that images had been viewed and a criminal offence committed. Although careful experimental design could avoid law-breaking, it might be some time into the investigation process before this was properly understood by the criminal justice system, and the intervening period would be somewhat stressful for the investigator.

There is no law that prevents viewing of the contents of Newsbin2, and so the block circumvention techniques proposed over the past few years (starting of course with just using “https”) can now start to be evaluated as to their actual effectiveness.

However, there is more to #1 of the injunction, in that it applies to:

[…] www.newzbin.com, its domains and sub-domains and including payments.newzbin.com and any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin2 website.

I don’t expect that publishing circumvention experience here on LBT could be seen as the predominant purpose of this blog… so I don’t really expect these pages to suddenly become invisible to BT customers. But, since the whole process has an Alice in Wonderland feel to it (someone who believes that blocking websites is possible clearly had little else to do before breakfast), it cannot be entirely ruled out.

Trusted Computing 2.1

Internet censorship, Legal issues, News coverage, Politics, Privacy technology, Security engineering

We’re steadily learning more about the latest Trusted Computing proposals. People have started to grok that building signed boot into UEFI will extend Microsoft’s power over the markets for AV software and other security tools that install around boot time; while ‘Metro’ style apps (i.e. web/tablet/html5 style stuff) could be limited to distribution via the MS app store. Even if users can opt out, most of them won’t. That’s a lot of firms suddenly finding Steve Ballmer’s boot on their jugular.

We’ve also been starting to think about the issues of law enforcement access that arose during the crypto wars and that came to light again with CAs. These issues are even more wicked with trusted boot. If the Turkish government compelled Microsoft to include the Tubitak key in Windows so their intelligence services could do man-in-the-middle attacks on Kurdish MPs’ gmail, then I expect they’ll also tell Microsoft to issue them a UEFI key to authenticate their keylogger malware. Hey, I removed the Tubitak key from my browser, but how do I identify and block all foreign governments’ UEFI keys?

Our Greek colleagues are already a bit cheesed off with Wall Street. How happy will they be if in future they won’t be able to install the security software of their choice on their PCs, but the Turkish secret police will?