most significant bits
newsletter of uw computer science & engineering
volume 21, number 1, spring 2011
university of washington
CSE logo
 home CSE Home    MSB archive Spring 2011 MSB    MSB Archive   Contact Info Contact Info 
contents
CSE Security & Privacy Research Chair's message Reges wins UW teaching award News Warren Jessop retires Datagrams Awards Alumni Achievement Awards Hank Levy elected to NAE Anokwa wins UW grad medal Two win Borg Scholarships Mark Bun wins Goldwater Dodge to competitive workshops CHI Best Paper to HS student Capstone courses Digital design capstone Audio capstone
msb21.1 PDF

Give to CSE

We all know the difference one line of code makes to the success of new software. In the same way, one gift of any size makes a difference to the success of CSE teaching and research. Your gift provides the department with resources for scholarships, fellowships, research support, and funds to build the CSE community we hope you value. As you think about your giving, please consider making a gift to CSE. Every gift, regardless of size, helps maintain a quality experience for students that reflects the sense of community you've come to expect from us. Give online.

About MSB

MSB is a twice yearly publication of UW CSE supported by the Industrial Affiliates Program.

Editor: Kay Beck-Benton
Contributors: Ed Lazowska, Hank Levy, Sandy Marvinney, Alexei Czeskis, Hannah Hickey
Photo credits: Bruce Hemingway, Mary Levin, S. Morris Rose

We want to hear from you!

Do you have news you’d like to share with the CSE community? Comments or suggestions for future issues of MSB? Let us know! Email the editors at msb@cs.washington.edu and be sure to visit us online at: www.cs.washington.edu

Sign up for MSB email

MSB is now available via email. To sign up, send an email to
  msb at cs.washington.edu

CSE Security and Privacy Research

Computer security and privacy are important issues for everyone. Individuals want to be protected against identity and personal data theft. Corporations make huge efforts to protect customer information and intellectual property, and keep services running in the face of adversaries. Governments try to protect national secrets and safeguard critical in frastructure. UW CSE is having widespread impact on the computer security and privacy landscape. Below, we hit a few of the highlights. Learn more at:

NCCDC team
The winning team for the National Collegiate Cyber
Defense Competition, posing in their makeshift
training room in Sieg Hall. Rear: Karl Koscher
(co-captain), Conrad Meyer, Ian Finder,
Mary Pimenova, Cullen Walsh, Alexei Czeskis
(holding trophy, captain), Melody Kadenko
(team adviser). Front: Mark Jordan, Baron Oldenburg

UW CSE Cyber Defense Team wins top national prize

Each year since the inception of the Pacific Rim Collegiate Cyber Defence Competition in 2008, UW CSE has fielded a team. Each year, UW CSE's team has taken first place in the regional competition and gone on to represent the department, the university, and the region in the national competition. And each year at nationals, the UW CSE team has fallen just shy of placing.

This year, though, was different! This year, the UW CSE Cyber Defense Team came out on top, winning the National Collegiate Cyber Defense Competition (NCCDC). The eight team members were graduate students Alexei Czeskis and Karl Koscher, and undergraduate students Conrad Meyer, Ian Finder, Mary Pimenova, Cullen Walsh, Mark Jordan, and Baron Von Oldenburg. Melody Kadenko served as team adviser.

The competition

The NCCDC competition is a three-day event during which teams must defend, administer, and maintain the computer systems of a fictional small company in the face of real attacks. The company network has all the typical small business components: a web server, email, network switch and firewall, a DNS server, customer data and personally identifiable information, intellectual property, workstations, servers, and so on. The types of systems vary (from versions of Windows to different distributions of Linux to Solaris), and the teams know nothing about these prior to the start.

The previous "administrators" of the company were not security minded and left the company systems unpatched, misconfigured, vulnerable, and potentially running intentionally malicious programs. As teams enter the competition area and sit behind their monitors, the red team (professional hackers from the Air Force, Navy, and various consulting firms) begins attacking each company's network. Adding to the pressure, competing teams have to perform standard business operations in the midst of these attacks: setting up VPNs, adding user accounts, performing password audits, adding portals to the company e-commerce website, and more. During the competition, the teams are allowed to bring only paper notes or books with them; no staged resources (online or otherwise) are allowed.

There are no breaks or down-time. Tensions run high and the adrenaline keeps pumping. Services go down. Websites get defaced. Customer data gets lost. There is always more to do than there is time. If a team unplugs its network in order to patch, it loses the competition. This year, one team had all of its computers wiped: all of the company data (and operating systems) gone; none of their machines would boot. In other words, the competition is brutal.

The UW CSE team

The UW CSE team was a bit rag-tag compared to the competition. The team trained on refurbished hardware (pulled from one of the team member's basements) in a makeshift lab in Sieg Hall (which, as alums know well, has seen better days). Unlike the teams from many other schools, they were not sponsored by a company. Administrative staff member Melody Kadenko volunteered as team adviser when it was discovered at the last minute that a rule change required an adviser to accompany each team to the national competition. In the best CSE tradition, though, the team had a lot of spirit, pride, energy, and ability! Part of the team's strength was its ability to innovate, react quickly, and create ad hoc solutions on the spot. For example, one team member wrote a network service monitoring program from scratch that let the team know the instant a service (e.g., HTTP[s], POP/SMTP, DNS) went down. This helped the team catch attacks the instant they happened and prevent them from spreading further. And another member came up with non-standard egress traffic firewall that made it much more difficult for attackers to maintain a persistent threat on the team's systems.

The team's ingenuity was not limited to just the competition environment. While competition rules forbade tampering with other teams and attacking the red team, the rules did not prevent practical jokes regarding the physical access control of the competition. Having read the competition rules ahead of time, the UW CSE team came prepared with a card printer. On the first night, the team created fake red team badges and proudly paraded with them during the second day. The actual red team enjoyed the UW CSE team's badges so much that they traded a real red team badge for one of the UW CSE fake badges.

When tensions ran high during the competition, the UW CSE team came up with humorous ways to bring the atmosphere back to normalcy. The team would break out in song (the Angry Birds theme song) to mimic the Angry Birds peace treaty. This would signal to everyone that it was time to relax and that everything would be okay.

Red team badge
CSE team's fake red team badge

The results

The UW CSE team hoped to finish in the top three, but didn't expect to win — they had enjoyed themselves and performed well, which is what mattered. When another team was announced as the third place winner, UW CSE team members were disappointed — maybe they hadn't made the top three. When another team was announced as the second place winner, hearts sank. Then the winning team was announced: UW CSE! The screaming team members were presented with a huge trophy, which now graces the Allen Center front office. (It's too big to fit in any of our display cases!) Everyone on the team received multiple job offers after the big win (but just about everyone already had plans).

To learn more about the team or to read interviews given by the team to various media outlets, visit the team page:

For more information, to sponsor the team, donate hardware, or join, contact Alexei Czeskis at aczeskis at cs.washington.edu.

Security and privacy of modern automobiles: Opening new research directions

Road test course
Road testing on a closed course
(a de-commissioned airport runway).
The experimented-on car, with our
driver wearing a helmet, is in the
background; the chase car is
in the foreground.

UW CSE is for known opening up new security and privacy research directions (e.g., the security of implantable medical devices http://www.secure-medicine.org/). Recently, UW CSE security and privacy researchers partnered with University of California San Diego (UCSD) to form the AutoSec (automotive security) group; together they have once again given the security and privacy research community something new to think about. In their first work, the AutoSec group experimentally found that an attacker who is able to infiltrate virtually any electronic control unit (ECU) of an automobile can leverage this ability to completely circumvent a broad array of safety-critical systems. In their second work, the group showed that an attacker is able to do so remotely. The AutoSec group's findings have not only impacted the scientific community, their efforts have also given rise to new policies at the corporate and legislative level.

The AutoSec group

The AutoSec group is composed of researchers at UW and at UCSD (some of whom are UW CSE alums). The UW CSE team members are PhD students Alexei Czeskis, Karl Koscher, and Franzi Roesner, undergraduate Conrad Meyer, Professor Shwetak Patel — all led by Professor Tadayoshi (Yoshi) Kohno. You can find the full list of the AutoSec members at:

Computers in cars — Some background

Modern automobiles are pervasively monitored and controlled by numerous computers (50-70 in luxury sedans) coordinated via internal vehicular networks. Many of these computers help increase the overall automobile safety, efficiency, and comfort (think anti-lock brakes, airbag sensors, the infotainment system, and lots more). Additionally, automobiles are increasingly becoming connected to the external environment. Many modern cars not only have a radio with CD/AM/FM/XM/ USB capabilities, but also have complex telematics systems (e.g., BMW's ConnectedDrive, Ford's Sync, GM's OnStar, and others). Most of these systems can connect to a phone through Bluetooth for hands-free calling, to satellites through GPS for in-car navigation, to the cellular network for data services (e.g., map data or on-demand help), and some telematics systems are even deploying app-stores. The AutoSec group formed to investigate (both theoretically and experimentally) what could happen if a malicious person attacked these systems.

What the AutoSec group did

The team bought two mid-range 2009 sedans — one to be used at UCSD, the other at UW — to replicate and validate experiments. Next, the AutoSec group analyzed, researched, and investigated how various car electronics worked. They did not have access to any manufacturer tools or information other than was publicly available. During their investigation, the AutoSec group developed sophisticated firmware and software for analyzing and auditing the automotive environment. Many of the initial tests were performed in the laboratory and were verified with the car on jack stands. Finally, after the group had uncovered many potentially alarming vulnerabilities, the findings were validated on live road tests on a decommissioned airport runway.

Recent UW CSE security and privacy accomplishments
  • PhD student Roxana Geambasu accepted a tenure-track faculty position in the Department of Computer Science at Columbia University. Congratulations Professor Geambasu!
  • Postdoc Justin Cappos accepted a faculty position at NYU Poly. Congratulations Professor Cappos!
  • "Keypad: An auditing file system for theft-prone devices" by Roxana Geambasu and John P. John, and UW CSE faculty members Steve Gribble, Yoshi Kohno, and Hank Levy won the Eurosys 2011 Best Student Paper award.
  • UW CSE Security Lab member Karl Koscher won the College of Engineering Ford Motor Company Fellowship. Congratulations Karl!
  • Alexei Czeskis and Iva Dermendjieva, along with faculty collaborators, won the Multidisciplinary Privacy Award at the 2011 Computers, Privacy & Data Protection conference in Brussels, Belgium. Tamara Denning won the award's honorable mention. This work was done in collaboration with the UW Value Sensitive Design Lab.

What the AutoSec group found

The group found that an attacker who was able to compromise any one of the car's many computers, could fully control almost every other computer in the car. For example, the AutoSec group showed full control of the lights, windows, doors, radio, dash, heating and cooling. They could also enable or disable any or all of the brakes, start or kill the engine, release the shift solenoid, or reverse the brake pedal function. Furthermore, they were able to replicate all of these capabilities both at rest and at speed. Some tests were not performed because of safety concerns (like deploying the airbag). These findings, a detailed analysis of how and why these issues occurred, along with recommendations as to what could be done, were presented at the 2010 IEEE Symposium on Security and Privacy in Oakland, California.

While the paper was well received by members of the automotive industry, others considered the possibility of a remote compromise of a car somewhat far fetched. In response, the AutoSec group conducted more research and published a follow-up paper showing that remote attacks are possible. For example, the group created a file that would play normally on a PC, but when burned on a CD and inserted into a car, would exploit the radio, causing arbitrary code to execute. The demo CD had a benign payload that would unlock the car doors. In other attacks, the group showed that they were able to remotely exploit the car (over an arbitrarily long distance) by calling it (the car's telematics system has a publicly callable number), playing a specially crafted sequence of sounds, and again causing arbitrary code to execute. The group found a variety of mid-range attacks as well — i.e., via Bluetooth. The results were presented to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration in March 2011 and will be published at the USENIX Security Symposium in August 2011.

AutoSec group impact

The group's findings have had tremendous impact upon industry and in research communities. Automotive manufacturers, law enforcement officers, and the government are taking this work seriously. Multiple working groups and workshops have been organized to investigate automotive safety and security more fully. The National Highway Traffic Safety Administration (NHTSA), the Society of Automotive Engineers (SAE), and other safety/standards organizations have noted these results and have contacted the AutoSec group for advice.

For more information, please visit the AutoSec groups page at:

CSE logo
Computer Science & Engineering Box 352350, University of Washington Seattle, WA 98195-2350 Privacy policy and terms of use