Anna Shubina

Learn More
Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11(More)
Everyday computer insecurity has only gotten worse, even after many years of concerted effort. We must be missing some fundamental yet easily applicable insights into why some designs cannot be secured, how to avoid investing in them and recreating them, and why some result in less insecurity than others. We posit that by treating valid or expected inputs(More)
Adversaries get software to do bad things by rewriting memory and changing control flow. Current approaches to protecting against these attacks leave many exposures; for example, OS-level filesystem protection and OS/architecture support of the userspace/kernelspace distinction fail to protect corrupted userspace code from changing userspace data. In this(More)
—In this work we consider the problem of monitoring information streams for anomalies in a scalable and efficient manner. We study the problem in the context of network streams where the problem has received significant attention. Monitoring the empirical Shannon entropy of a feature in a network packet stream has previously been shown to be useful in(More)
The "Hacker Curriculum" exists as a mostly undocumented set of principles and methods for learning about information security. Hacking, in our view, is defined by the ability to question the trust assumptions in the design and implementation of computer systems rather than any negative use of such skills. Chief among these principles and methods are two(More)
We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our(More)
The views and conclusions do not necessarily represent those of the sponsors. Abstract Computers make very fast, very accurate mistakes. From a refrigerator magnet. Real-world infrastructure offers many scenarios where protocols (and other details) are not released due to being considered too sensitive or for other reasons. This situation makes it hard to(More)