As a key part of our mission, the Center for Long-Term Cybersecurity sponsors research at UC Berkeley and beyond. Below are some recent news highlights from our community of grantees.
CLTC-Funded Research on “Differential Privacy” Adopted by Uber, Covered in Wired
A CLTC-funded initiative focused on improving the privacy of SQL queries has been adopted for use by Uber—and received coverage in Wired. The researchers, Professor Dawn Song, Postdoctoral Researcher Joseph Near, and Graduate Student Researcher Noah Johnson, received funding for a project focused on “differential privacy, which allows general statistical analysis of data while providing individuals with a strong formal guarantee of privacy.” As reported by Wired, Uber “announced a new and well-timed advance in that privacy engineering field, releasing an open-source tool designed to give the ride-sharing firm—and any other company that adopts its technique—a new method of letting engineers gather statistical results from massive datasets while still remaining blindfolded to the personal details of any single user…. The method, known as elastic sensitivity, was built with the help of a group of University of California at Berkeley researchers, who spent the last 18 months testing it against a collection of 8.1 million actual statistical queries Uber’s staff made to their existing database, as those staffers analyzed everything from traffic patterns to revenue generated by different cities’ drivers. The system they developed as a result, called FLEX, uses some mathematical tricks to set a limit on how much any of those statistical queries can reveal about any individual Uber rider or driver.” Read the Wired story here.
CLTC Grantee in Washington Post’s “Monkey Cage”
Past CLTC Grantee Benjamin Jensen has co-authored a piece on the Washington Post’s “Monkey Cage” entitled, “Cyberwarfare has taken a new turn. Yes, it’s time to worry.” Together with Brandon Valeriano and Ryan C. Maness, Jensen, an associate professor at Marine Corps University and Scholar-in-Residence at American University, argues that the recent ransomware attacks represented “disruptive cyber-actions — with the apparent goals of signaling capability, disrupting normal systems and demonstrating the instability of Western democratic models.” In other words, they argue the perpetrators of the attack were less concerned with collecting ransom as they were with “sending a signal.” Read the full essay here.
“Defense Against Social Engineering Attacks” at Usenix Security 2017
In 2016, CLTC funded a team of UC Berkeley researchers—including David Wagner and Vern Paxson, Professors in the Department of Electrical Engineering and Computer Sciences, and Grant Ho, a Ph.D. Candidate—for a research initiative entitled “Defense Against Social Engineering Attacks.” The team set out to study how to detect targeted social engineering attacks that occur online, with a focus on detecting spear phishing and enabling organizations to defend themselves against this attack vector. The team reported that a research paper on this work was accepted at Usenix Security 2017, one of the top scientific conferences in the field, and has been accepted for presentation at BroCon 2017. In addition, a system based on these researchers’ work has been implemented and deployed at Lawrence Berkeley National Labs and is current in use to defend their systems against spear phishing attacks.