March 5, 2013
Computing and information sciences distinguished lecture: Defending Against Client Compromises in Client-Server Applications
Mike Reiter from the department of computer science at the University of North Carolina at Chapel Hill will present "Defending Against Client Compromises in Client-Server Applications" at 12:30 p.m. March 6 in 126 Nichols Hall.
Abstract: We present new methods for defending against client compromises in two client-server application scenarios. First, we consider online games, in which a client "compromise" reflects the unauthorized manipulation of the game client by the user himself, in order to cheat in the game. To address this threat, we develop a new cheat-detection method with which the server can validate that the messages received from the game client are consistent with the sanctioned client software. We further argue that this technique has applications well beyond games. Second, we consider a user entering private information to a trusted web server, via a client computer that might be compromised by malware. To address this threat, we leverage trusted computing technology in a novel way to ferry the user's private inputs to the remote server while ensuring that malware cannot capture it. This latter technology has usability implications, and we report the results of a three-month user study to evaluate these implications.
Reiter is the Lawrence M. Slifkin distinguished professor in the department of computer science at the University of North Carolina. He received a bachelor's degree in mathematical sciences from University of North Carolina in 1989, and a master's and doctoral degrees in computer science from Cornell University in 1991 and 1993, respectively. He joined AT&T Bell Labs in 1993 and became a founding member of AT&T Labs — Research when NCR and Lucent Technologies, including Bell Labs, were split away from AT&T in 1996. He then returned to Bell Labs in 1998 as director of secure systems research. In 2001, he joined Carnegie Mellon University as a professor of electrical and computer engineering and computer science, where he was also the founding technical director of CyLab. He joined the faculty at University of North Carolina in 2007.
Reiter's research interests include all areas of computer and communications security and distributed computing. He regularly publishes and serves on conference organizing committees in these fields. He served as program chair for the flagship computer security conferences of the IEEE, the ACM and the Internet Society; as editor-in-chief of ACM Transactions on Information and System Security; and on the editorial boards of IEEE Transactions on Software Engineering, IEEE Transactions on Dependable and Secure Computing, the International Journal of Information Security, and Communications of the ACM. He also served on the emerging technology and research advisory committee for the United States Department of Commerce for four years. Reiter was named an ACM fellow in 2008.