Tag: Security
-
Meet the Researcher: Jane Castleman
Jane Castleman is a Master’s student in the Department of Computer Science at Princeton University. Castleman’s research centers around the fairness, transparency, and privacy of algorithmic systems, particularly in the context of generative AI and online platforms. She recently sat down with Princeton undergraduate Jason Persaud ‘27 to discuss her research interests and gave some…
-
A Brief History of Multi-Perspective Issuance Corroboration
“Multi-Perspective Issuance Corroboration” (or “MPIC”) is currently under discussion as an industry-wide standard by the CA/Browser Forum Server Certificate Working Group, and possibly by other Forum Working Groups in the future (i.e., the S/MIME Working Group). This is a promising idea that aims to mitigate the risk of equally-specific Border Gateway Protocol (BGP) attacks by…
-
Security Analysis of the Dominion ImageCast X
Today, the Federal District Court for the Northern District of Georgia permitted the public release of Security Analysis of Georgia’s ImageCast X Ballot Marking Devices, a 96-page report that describes numerous security problems affecting Dominion voting equipment used in Georgia and other states.
-
The anomaly of cheap complexity
Why are our computer systems so complex and so insecure? For years I’ve been trying to explain my understanding of this question. Here’s one explanation–which happens to be in the context of voting computers, but it’s a general phenomenon about all our computers: There are many layers between the application software that implements an electoral…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2)
By Chong Xiang and Prateek Mittal In our previous post, we discussed adversarial patch attacks and presented our first defense algorithm PatchGuard. The PatchGuard framework (small receptive field + secure aggregation) has become the most popular defense strategy over the past year, subsuming a long list of defense instances (Clipped BagNet, De-randomized Smoothing, BagCert, Randomized…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks
By Chong Xiang and Prateek Mittal Thanks to the stunning advancement of Machine Learning (ML) technologies, ML models are increasingly being used in critical societal contexts — such as in the courtroom, where judges look to ML models to determine whether a defendant is a flight risk, and in autonomous driving, where driverless vehicles are…
-
Most top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication on the web. To help, the information security research community has established best practices for helping users create stronger passwords. These include: Block weak…
-
A Multi-pronged Strategy for Securing Internet Routing
By Henry Birge-Lee, Nick Feamster, Mihir Kshirsagar, Prateek Mittal, Jennifer Rexford The Federal Communications Commission (FCC) is conducting an inquiry into how it can help protect against security vulnerabilities in the internet routing infrastructure. A number of large communication companies have weighed in on the approach the FCC should take. CITP’s Tech Policy Clinic convened…