Security through the Lens of Failure

My work involves studying computer security through the lens of security failures. This approach provides many opportunities to apply advanced ideas from computer science to problems of widespread practical importance. By searching for systemic failures and asking why they occurred, we can improve the threat models used to design secure systems, discover unexpected practical limitations to proposed approaches, and inspire new solutions to security problems.

In the first part of the talk, I will describe how I applied this approach in a series of studies of electronic voting systems, including the first independent academic study of a Direct Recording Electronic (DRE) voting machine. Colleagues and I found that voting equipment from different manufacturers suffered from surprisingly similar failures. In the worst cases, a voting machine virus could spread throughout the voting system, silently alter election outcomes. These findings helped shift the national debate on electronic voting, leading a number of states to enact significant changes to their election systems. Drawing on lessons from these studies, I will propose novel election security mechanisms, including ways to use computers to audit election results without needing to trust them to operate correctly.

In other recent work, coauthors and I demonstrated new attacks against on-the-fly disk encryption systems, which are widely used to prevent data theft if a computer is stolen. Contrary to widespread belief, DRAMs used in most computers retain their contents for seconds to minutes after power is lost, and I will show how the retained data can then be recovered through simple techniques requiring no specialized equipment. This phenomenon limits the ability of running software to protect cryptographic key material from an attacker with physical access. I will present new algorithms for finding symmetric and private keys in memory images and for correcting errors caused by bit decay. Finally, I will discuss hardware and software changes that could mitigate these vulnerabilities.