Friday, March 31, 2017

Five Research Ideas Instagram Could Have Used to Protect Comey's Secret Twitter

Even though cybersecurity is one of the hottest topics on the Internet, my specific area of research, information flow security, has remained relatively obscure. Until now, that is.

You may have heard of "information flow" as a term that has been thrown around with terms like "data breach," "information leak," and "1337 hax0r." You may not be aware that information flow is a specific term, referring to the practice of tracking sensitive data as it flows through a program. While techniques like access control and encryption protect individual pieces of data (for instance, as they leave a database), information flow techniques additionally protect the results of any computations on sensitive data.

Information flow bugs are usually not the kinds of glamorous bugs that make headlines. Many of the data leaks that have been in the public consciousness, for instance the Target and Sony hacks, happened because the data was not protected properly at all. In these cases, having the appropriate access checks, or encrypting the data, should do the trick. But "why we need to protect data more better" is harder to explain. Up through my PhD thesis defense, I had such a difficult time finding headlines that were actually information flow bugs that I resorted to general software security motivations (cars! skateboards! rifles!) instead.

From the article.
Then along came "This Is Almost Certainly James Comey's Twitter Account," an article I have been waiting for since I started working on information flow in 2010. The basic idea behind the article is this: a journalist named Ashley Feinberg wanted to find FBI director James Comey's secret Twitter account, and so started digging around the Internet. Feinberg was able to be successful within four hours due to being clever and a key information leak in Instagram: when you request to follow an Instagram account, it makes algorithmic suggestions based on who to follow. And in the case of this article, the algorithmic suggestions for Comey's son Brien included several family members, including James Comey's wife--and the account that Feinberg deduced to be James Comey's. And it seems that Comey uses the same "anonymous" handle on Instagram as he does on Twitter. And so Instagram's failure to protect Brien Comey's protected "following" list led to the discovery of James Comey's Twitter account.

So what happened here? Instagram promises to protect secret accounts, which it (sometimes*) does. When one directly views the Instagram page of a protected user, they cannot access that person's photos, who that user is following, and who follows that user. This might lead a person to think that all of this information is protected all of the time. Wrong! It turns out the protected account information is visible to algorithms that suggest other users to follow, a feature that becomes--incorrectly--visible to all viewers once a follow is requested, because, presumably, whoever implemented this functionality forgot an access check. In this case the leak is particularly insidious because while the profile photos and names of the users shown are all already public, they are likely shown as a result of a computations on secret information: Brien Comey's protected follow information. (This is a subtle case to remember to check!) In information flow nomenclature, this is called an implicit flow. When someone is involved in a lot of Instagram activity, the implicit flow of the follow information may not be so apparent. But when many of the recommended follows are Comey family members, many of them who use their actual names, this leak becomes more serious!

Creepy Facebook search, from express.co.uk.
In the world of information flow, this article is a Big Deal because it so perfectly illustrates why information flow analyses are useful. For years, I had been jumping up and down and waving my arms (see here and here, for instance) about why we need to check data in more places than the point where it leaves the database. Applications aren't just showing sensitive values directly anymore, but the results of all kinds of computations on those values! (In this case it was a recommendations algorithm.) We don't always know where sensitive data is eventually going! (As was the case when Brien Comey's protected "following" list was handed over to the algorithm.) Policies might depend on sensitive data! We may even compute where sensitive data is going based on other sensitive data! In a world where we can search over anything, no data is safe!

Until recently, my explanations have seemed subtle and abstract to most, in direct contrast to the sexy flashy security work that people imagine after watching Hackers or reading Crypto. By now, though, we information flow researchers should have your attention. We have all kinds of computations over all kinds of data going to all kinds of people, and nobody has any clue what is going on in the code. Even though digital security should be one of the main concerns of the FBI, Comey is not able to avoid the problems that arise from the mess of policy spaghetti that is modern code.

Fortunately, information flow researchers have been working for years on preventing precisely this kind of Comey leak**. In fashionable BuzzFeed style, I will list exactly five research ideas Instagram could adapt to prevent such leaks in the future:
  1. Static label-based type-checking. In most programming languages, program values have types. Type usually tell you simple things like whether something is a number or a list, but they can be arbitrarily fancy. Types may be checked at compile time, before the program runs, or at run time, while the program is running. There has been a line of work on static (compile time) label-based information flow type systems (starting with Jif for Java, with a survey paper here describing more of this work) that allows programmers to label data values with security levels (for instance, secret or not) as types, and that propagate the type of a program that makes sure sensitive information does not flow places that are less sensitive. These type systems give guarantees about any program that runs. The beauty of these type systems is that while they look simple, they are clever enough to be able to capture the kind of implicit flow that we saw with algorithms leaking Brien Comey's follow information. (We'd label the follow lists as sensitive, and then any values computed from them couldn't be leaked!)
  2. Static verification. Label-based type-checking is a light-weight way of proving the correctness of programs according to some logical specification. There are also heavier-weight ways of doing it, using systems that translate programs automatically into logical representations, and check them against the specification. Various directions of work using refinement types, super fancy types that depend on program values could be used for information flow. An example of a refinement type is {int x | canSee(alice, x)}, the type of a value that exists as an integer x that can only exist if user "alice" is allowed to see it according to the "canSee" function/predicate) Researchers have also demonstrated ways of proving information flow properties in systems like IronClad and mKertiKOS. These efforts are pretty hardcore and require a lot of programmer effort, but they allow people to prove all sorts of boutique guarantees on boutique systems (as opposed to the generic type system guarantees using the subset of a language that is supported).
  3. Label-based dynamic information flow tracking. Static label-based type-checking, while useful, often requires the programmer to put labels all over programs. Systems such as HiStar, Flume (the specific motivation of which was the OKCupid web server), and Hails allow labeling of data in a way similar to static label-based type systems, but track the flow of information dynamically, while the program is running. The run-time tracking, while it makes it so that programmers don't have to put labels everywhere, comes at a cost. First, it introduces performance slowdowns. Second, we can't know if a program is going to give us some kind of "access denied" error before it runs, so there could be accesses denied all over the place. Many of these systems handle these problems by doing things at the process level: if there is an unintended leak anywhere in the process, the whole process aborts. (Those who haven't heard of processes can think of the process as encapsulating a whole big task, rather than an individual action, like doing a single arithmetic operation.)
  4. Secure multi-execution. Secure multi-execution is a nice trick for running black-box code (code that you don't want to--or can't--change) in a way that is secure with respect to information flow. The trick is this: every time you reach a sensitive value, you execute the sensitive value in one process, and you spawn another process using a secure default input. The process separation guarantees that sensitive values won't leak into the process containing the default value, so you know you should always be allowed to show the result of that one. As you might guess, secure multi-execution can slow down the program quite a bit, as it needs to spawn a new process every time it sees a sensitive value. To mitigate this, my collaborators Tom Austin and Cormac Flanagan developed a faceted execution semantics for programs that lets you execute a program on multiple values at the same time, with all of the security guarantees of secure multi-execution.
  5. Policy-agnostic programming. While all of these other approaches can prevent sensitive values from leaking information, if we want programs to run most of the time, somebody needs to make sure that programs are written not to leak information in the first place. It turns out this is pretty difficult, so I have been working on programming model that factors information flow policies out of the rest of the program. (If I'm going to write a whole essay about information flow, of course I'm going to write about my own research too!) Instead of having to implement information flow policies as checks across the program, where any missing check can lead to a bug, type error, or runtime "access denied," programmers can now specify each policy once, associated with the data, along with a default value, and rely on the language runtime and/or compiler to make the code execute according to the policies. In the policy-agnostic system, the programmer can say that Brien Comey's follows should only be visible to followers, and the machine becomes responsible for making sure this policy is enforced everywhere, including the code implementing the recommendations algorithm. That policies can depend on sensitive values, that sensitive values may be shown to viewers whose identities are computed from sensitive values, and that enforcing policies usually implementing access checks across the code are all challenges. Our semantics for the Jeeves programming language (paper here) addresses all of these issues using a dynamic faceted execution approach, and we have also extended this programming model to handle applications with a SQL database backend (paper here). We are also working on a static type-driven repair approach (draft here).
I don't know how much this Twitter account leak upset the Comeys, but reading this article was pretty much the most exciting thing that I have ever done. Up until now, most people have thought about security in terms of protecting individual data items, rather than in terms of a complex and subtle interaction with the programs that use them. This has started to change in the last few years as people have been realizing just how much of our data is online, and just how unreliable the code is that we trust with this data. I hope that this Comey leak will cause even more people to realize how important it is to reason deeply about what our software is doing. (And to fund and use our research. :))

* A student in my spring software security course (basically, programming languages applied to security), Scott, had noticed earlier this semester that emails from Instagram allowed previews of protected accounts he was not following. He reported this to Facebook's bug bounty program and made $1000. I told him to please write in the course reviews that the course helped him make money.
** Note that a lot of other things are going on in this Comey story. The reporter used facts about Comey to figure out the setup, and also some clever inference. But this clever inference exploited a specific information leak from the secret follows list to the recommendations list, and this post focuses on this kind of leak.

66 comments:

Anonymous said...

These are interesting, but data security is seldom so binary. An algorithm might return an aggregate value which is typed as public, not secret, but might still end up inadvertently leaking secure data. The type checker won't save you from incorrect or outdated assessments of the security of derived data.

The cost of a leak is also not binary. A security failure might look like "we leaked inconsequential information about the users, but saved the lives of thousands of people", or it might look like "we compromised the safety of our users, but made record profits". You'll have trouble capturing that with a type system.

Anonymous said...

@Anonymous, Yes you're correct that information can be leaked at a finer granularity than all or none, and that policies can change over time. Luckily, a number of the researchers in this area have already started tackling those issues. Those five bullet points are nowhere near the state of the art in this field; the first few are the bare minimum ideas, and are covered in any introductory course on the topic.

Kristopher Micinski said...

I agree with Wren that there are many good further research directions that have followed up to allow the declassification policy to be more flexible. But I worry that there is a more fundamental issue at play that might be harder to address: no matter what happens, I suspect any information flow policy that protects users will necessarily produce worse results to ensure fairness and security. This is going to be a political problem as much as it is a technical one: we'll have to convince companies that they need to integrate transparent machine learning algorithms into their pipelines. On the technical end, we have to make it as easy as possible for real companies to be able to accomplish this, and provide auditing mechanisms so that users can understand what is happening with their data and why results of machine learning algorithms leak information.

kongponleu88 said...


Thank you for sharing valuable information. Nice post. I enjoyed watching this post.
online baccarat
บาคาร่า
baccarat

rithkhmer said...

I have read your article, it is very informative and helpful for me.I admire the valuable information you offer in your articles. Thanks for posting it..ดูหนัง

Blogger said...

Find out how THOUSAND of individuals like YOU are making a LIVING online and are living their dreams right NOW.
GET FREE ACCESS INSTANLY

Blogger said...

BlueHost is ultimately one of the best hosting provider with plans for all of your hosting needs.

Blogger said...

Do you need free Google+ Circles?
Did you know that you can get them ON AUTOPILOT AND TOTALLY FOR FREE by registering on Like 4 Like?

Blogger said...

Trying to find the Ultimate Dating Website? Create an account and find your perfect date.

Subarna Akter said...


Great and very easy to understand. Thanks

Cloud Phone Systems Austin
Network Cabling Austin

Mst Shahida said...


Parking Management Software
online parking software
Cloud based parking solutions

Explore the Web Based Software of Web Parking Software:
For those people who are in search for the best web based software that are creatively developed, designed and intended for solving parking problems, you don’t need to look any further since Web Parking Software is the ideal choice that you should take into account. In addition to this, the company strives hard and work together to make their parking related services quickly accessible from the Internet. Web Parking Software has a professional, dependable and competent management team with in-depth expertise in the field of parking management, business management and IT computer software.
The well trained and fully skilled engineers of Web Parking Software spent almost two years with their parking management team to create their first parking management and permit system. Apart from this, the company took daily procedures on snail mail, fax, phone and paper for almost a decade and at the same time applied a cloud based internet delivery system to enhance the reliability, organization and method. On the other hand, the web based software of Web Parking Software has an excellent deal of programming complex code and man hours.
The entire interface was built to look simple and with a few mouse clicks, you will have a full control of your own building. They also include other non parking components that have the ability to facilitate management that include CRM components, email blasts and a lot more. Moreover, Web Parking Software together with their sister company Callbeforetow are part of CBT software that is fully operated by CBT Inc. The company wants to take the dissatisfaction out of parking management for townhouses, condominiums, home owners associations, apartments and other parking areas. This is one of the reasons why Web Parking Software has reinvented how the parking management should be done.
The web based software of Web Parking Software was built for commercial property, board members, apartment managers, property managers and anyone involved in overseeing a managed parking environment. With the existence and help of Web Parking Software, you can be sure that all your parking problems will be completely solved by simply using the web based parking software of Web Parking Software. The web based parking software of Web Parking Software is a great system that will allow you to have a full control over your buildings whether onsite, by using your phone and even at your office. Most people who already tried and avail the services of Web Parking Software are all astounded and satisfied with the quality of their web based parking software.
Once you decided to use their service, you are assured that you can able to eliminate about 75 percent of your paper work. Web Parking Software will guarantee their valued clients that they will never be disappointed with their services and most especially their web based parking software. If you want to learn and know more about the web based parking software of Web Parking Software, just feel free to visit their website at http://webparkingsoftware.com and see it for yourself.

Unknown said...

Sometime few educational blogs become very helpful while getting relevant and new information related to your targeted area. As I found this blog and appreciate the information delivered to my database. cyber security firm

Unknown said...

Buy instagram Followers Affordable Package
Buy Instagram Followers, Buy Instagram Likes, Facebook Likes, YouTube Views,
SoundCloud Plays, Twitter and Vine Followers. Super fast delivery! starting at $0.99 only!.

emily adwartson said...

An individual can profitably sell a prosperous page with a lot of subscribers. Learn about Insta Expansion - Instagram Growth Made Easy on instaexpansion.com.

Goodman12 said...

Thank you for sharing valuable information.

SCR888

ACE333

จรัญ ประสงค์ทรัพย์ said...

Nice article thank you for sharing valuable information.
สมัคร Sbobet

Lsm99

Narayana Satya said...

Thanks for posting the useful information to my vision. This is excellent information,.
revolving glass turnstiles
electromagnetic locks suppliers

Tech Cloud ERP said...

Nice blog, very interesting to read
cloud pos software in india
cloud pos software in hyderabad
erp hyderabad

charlos john said...

I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. see crovu's followers packages

Juliana Kho said...

[url=http://www.youtube.com/]http://www.youtube.com/[/url]

http://www.youtube.com/

http://www.youtube.com/

william frost said...
This comment has been removed by the author.
alina jones said...

In print media, regardless of what the whole circulation, customers have to find the page your ad is situated on, and spend the action specified in your ad. More information on accountsdaddy visit at this site.

william frost said...

To receive the best possible results from your social networking accounts, you will need to ensure you aren't making one of these 7 mistakes. Visit here for more details evoig.

คนสวย2019 said...

ฟิลเลอร์เป็นอย่างไร





?
สารเติมเต็มผิวหรือที่เรียกด้านการแพทย์





ว่า เดอร์มอล ฟิลเลอร์ เป็น



สารไฮยารูโรนิก แอติด





หรือ HA เป็นสารที่ยืนยัน







มาตรฐานความปลอดภัยทั้งโลก





แล้ว เป็นสารสกัดที่ได้มาจากธรรมชาติ









ที่มีส่วนประกอบ



ของคลอลาเจน มีส่วนประกอบ





ประกอบกันเป็นร่างแหด้วยแนวทาง



ทางเคมี ซึ่งมีอยู่แล้วในเซลล์ผิว มีความปลอดภัยสูงฉีดฟิลเลอร์
ฉีดฟิลเลอร์ใต้ตา
ฉีดฟิลเลอร์ร่องแก้ม

Nina Athena said...

Thank you for sharing your tips! This is very helpful and informative! I’m looking forward to seeing more updates from you.

Social Media Services

Subarna Akter said...


Thank you for sharing such as great & deep information..

Custom Logo Design Austin
Graphic Design Austin

Pavel Co Ebele said...

Great Article
Cloud & Information Security Final Year Projects for CSE
Project Centers in Chennai

Unknown said...

To prevent spam you must attempt going with https://spamguardapp.com/dashboard and see however that sorcerous factor merely removes all that filthy spam factor type your journal or forum, you'll be able to tune it as you wish to, however it comes with machine settings and works simply fine buy followers on instagram.

Ramila Hurting Khadiya said...

Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site. I found it very informative and interesting too. I have bookmarked your blog and will return in the future. I want to encourage you to continue that marvelous work, have a great daytime!

 Ramila Hurting Khadiya Kushalgarh



google buy hacklink sex porno said...

dadassdasdasdasadsasadsaasdsdasad

lira remme said...

Obviously, the collection of a writer must be a bundle of creativity. New ideas of writing become the reason of success. It makes your work worthwhile. Everyone wants to praise your writing because they bound by creativity.
ไฮไลท์บอล

Evelin Harriet said...

The blog you have shared really worth for me.Thanks for Sharing..
SAP Hana in Chennai | SAP B1 Support in Chennai | SAP R3 Support in Chennai | ERP in Chennai | HRMS Software Chennai

Poshe Solutions said...

Hats off to your presence of mind. I really enjoyed reading your blog. I really appreciate your information which you shared with us.

If you’re looking for a safety training institute in Chennai, it doesn’t get better than POSHE Solutions.
NEBOSH Course in Chennai
Fire and safety course in vizag
Nebosh Igc In Pondicherry

SMMWorld said...

Great article for my research, this is the only one that I found for my topic of Instagram marketing and environmental protection. SMViews offer high-quality social media services as an buy Instagram follower, Instagram Likes, buy Instagram saves worldwide,Twitter followers, Facebook likes, YouTube views ...etc.

George Wick said...

Very important and useful information. Keep Sharing...
If you want to make gain more user on yoour blog or website with th help of instagram then you should buy instagram followers from trusted online store "Smcrazy.com". Visit- https://smcrazy.com

Instagram Followers said...

The post is very nice. I just shared on my Facebook Account.

Brayn Mills said...
This comment has been removed by the author.
Brayn Mills said...

Thanks for sharing this great content, I really enjoyed the insign you bring to the topic, awesome stuff! If you want to make your brand popular and want to increase your credibility and increase your sales. So that buy pva yahoo accounts from Smmshopy.com and make your brand famous all over the world. Visit- http://smmshopy.com/buy-yahoo-accounts/

Zumi Embiado said...

Nice article, it was well written and the content is very helpful. Big thanks.

gowthunan said...

Your new valuable key points imply much a person like me and extremely more to my office workers. With thanks; from every one of us
nebosh course in chennai

amsa leka said...

Nice blog..! I really loved reading through this article. Thanks for sharing such a amazing post with us and keep blogging... best angularjs training institute in chennai | angularjs training in omr | angular 4 training in chennai | angularjs training in omr

Richard ALLAN said...

Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading.
Instagram begeni hilesi

Kayal m said...

Great blog!!! This is a very different and unique content. I am waiting for your another post...

Social Media Marketing Courses in Chennai
Social Media Marketing Training in Chennai
Embedded System Course Chennai
Linux Training in Chennai
Tableau Training in Chennai
Spark Training in Chennai
Oracle Training in Chennai
Oracle DBA Training in Chennai
Social Media Marketing Courses in Chennai
Social Media Marketing Training in Chennai

Alan said...

IPVA 2019 consulte agora.

arusha said...

You truly did more than visitors’ expectations. Thank you for rendering these helpful, trusted, edifying and also cool thoughts on the topic to Kate.
nebosh course in chennai
offshore safety course in chennai

Unknown said...

Excellent post. I want to thank you for this informative read, I really appreciate sharing this great post. Keep up your work…Home cleaning

Anonymous said...

Hello guys!
Are you using the social media platform?
Are you grow your social media platforms like Facebook, Instagram, and Youtube?
If you want to grow your business so you should Buy Facebook Page Likes Cheap price
, and much more which help grow your business.

anvianu said...

I simply wanted to thank you so much again. I am not sure the things that I might have gone through without the type of hints revealed by you regarding that situation.
safety course in chennai
nebosh course in chennai

sandeep saxena said...


This is an interesting blog that you have posted, you shares a lot of useful things about Technology.
SAS Training in Chennai
SAS Course in Chennai
SAS Training Institute in Chennai
clinical sas training in chennai
clinical sas training
SAS Analytics Training in Chennai
SAS Training Chennai

Jahangir Khatri said...

takipçi satın alma thanks for each certainly one of space informative web site. The vicinity else might also simply I accumulate that satisfactory of sponsorship written in such a perfect means? i've a challenge that Im simply now lively nearly, and i've been on the see out for such safety.

https://www.instafollowers.co/ said...

https://www.instafollowers.co/
Instagram, facebook, youtube, twitter likes and followers are available. You can contact our customer support team 24/7. Upgrade your social media account with quality and real accounts.

kiruthika said...

Thank you so much for providing information on this. It was very useful.
Aviation Courses in Chennai
air hostess course in Chennai
airport courses in Chennai
Ground staff training in Chennai
Aviation Academy in Chennai
air hostess training in Chennai
airport management courses in Chennai
ground staff training in Chennai

sandeep saxena said...

The above detailed information is very informative. Every points that you posted is very useful to me.
core java training in chennai
core java training institutes in chennai
core java Training in Tnagar
c c++ courses in chennai
javascript training in chennai
Drupal Training in Chennai
Photoshop Classes in Chennai
core java training in chennai

buy instagram followers said...

buy followers from trusted supplier only

Monalisha Biswal said...

Thanks for the informative article. This is one of the best resources I have found in quite some time. Nicely written and great info.
Server Management Company in Delhi

Unknown said...

Visit our website to purchase igtv service immediately buy instagram igtv

Ruby Ward said...

instagram is one of the top social photo sharing network which build brands overnight. Buy Instagram likes to build your engagement and target your business leads.

Realtekh Consulting said...

Great Article. This Blog Contain Good information about ERP Software. Thanks For sharing this blog. Can you please do more articles like this blog.

cloud erp in chennai
cloud based erp software in chennai
top erp software solutions in chennai
Robotic Process Automation Chennai

sheela rajesh said...

good work done and keep update more.i like your information's and that is very much useful for readers.
Hadoop Training in Chennai
Big data training in chennai
Big Data Course in Chennai
JAVA Training in Chennai
Python Training in Chennai
Selenium Training in Chennai
Hadoop training in chennai
Big data training in chennai
big data course in chennai

kavithasathish said...

A good blog for the people who really needs information about this.
Good work keep it up.
TOEFL Coaching in Chennai
TOEFL Classes in Chennai
German Language Classes in Chennai
IELTS Training in Chennai
Japanese Language Course in Chennai
spanish language course in chennai
TOEFL Coaching in Porur
TOEFL Coaching in Adyar

Kayal m said...


This content was very superb and I like this post. The author effort is too good and I appreciate for giving the unique updates. Keep posting...
Pega Training in Chennai
Pega Course in Chennai
Primavera Training in Chennai
Unix Training in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Embedded System Course Chennai
Linux Training in Chennai

Roy Gaines said...

this could be awesome, love to have more. You can also have a look to buy instagram followers from this source.

Infinite Creativity said...

I bookmarked this blog site, really good information
Thank you for posting. Have a look here also ERP Software in Saudi Arabia | Cloud Based ERP Software in Saudi Arabia
erp in Saudi Arabia | Cloud ERP Software in Saudi Arabia

buy Instagram followers said...

Let the most powerful account of social media be with you. Our Instagram follower sales operations are combined with the most cost effective and highest quality. We have other services like followers, likes and comments. World's most trusted follower sales site.

sunshineprofe said...

safety course in chennai
nebosh course in chennai
industrial safety course in chennai
offshore safety course in chennai
fire and safety course in chennai
nebosh course in chennai
industrial safety course in chennai

John Oneal said...

Avast Customer Service Number
Chat with Norton Customer Service
McAfee Phone Number Canada
Bitdefender Customer Service Chat