Defending Against Client Compromises in Client-Server Applications

Type: 
Distinguished Lecturer
Speaker's Name: 
Mike Reiter
Speaker's From Label: 
Department of Computer Science, University of North Carolina at Chapel Hill
Date & Time: 
Wednesday, March 6, 2013 - 12:30pm
Location: 
Nichols 126
Talk Summary: 

We present new methods for defending against client
compromises in two client-server application scenarios. First, we
consider online games, in which a client "compromise" reflects the
unauthorized manipulation of the game client by the user himself, in
order to cheat in the game. To address this threat, we develop a new
cheat-detection method with which the server can validate that the
messages received from the game client are consistent with the
sanctioned client software. We further argue that this technique has
applications well beyond games. Second, we consider a user entering
private information to a trusted web server, via a client computer that
might be compromised by malware. To address this threat, we leverage
trusted computing technology in a novel way to ferry the user's private
inputs to the remote server while ensuring that malware cannot capture
it. This latter technology has usability implications, and we report the
results of a three-month user study to evaluate these implications.

Brief Biography: 

Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the
Department of Computer Science at the University of North Carolina at
Chapel Hill (UNC). He received the B.S. degree in mathematical sciences
from UNC in 1989, and the M.S. and Ph.D. degrees in Computer Science
from Cornell University in 1991 and 1993, respectively. He joined AT&T
Bell Labs in 1993 and became a founding member of AT&T Labs – Research
when NCR and Lucent Technologies (including Bell Labs) were split away
from AT&T in 1996. He then returned to Bell Labs in 1998 as Director of
Secure Systems Research. In 2001, he joined Carnegie Mellon University
as a Professor of Electrical & Computer Engineering and Computer
Science, where he was also the founding Technical Director of CyLab. He
joined the faculty at UNC in 2007.

Dr. Reiter's research interests include all areas of computer and
communications security and distributed computing. He regularly
publishes and serves on conference organizing committees in these
fields. He served as program chair for the flagship computer security
conferences of the IEEE, the ACM, and the Internet Society; as
Editor-in-Chief of ACM Transactions on Information and System Security;
and on the editorial boards of IEEE Transactions on Software
Engineering, IEEE Transactions on Dependable and Secure Computing, the
International Journal of Information Security, and Communications of the
ACM. He also served on the Emerging Technology and Research Advisory
Committee for the United States Department of Commerce for four years.

Dr. Reiter was named an ACM Fellow in 2008.