Tuesday, January 14, 2014

Internships for Summer 2014

The ICSI Networking and Security Group now accepts applications for summer interns for 2014. ICIR's internships are paid positions, and generally aimed at Ph.D. students actively engaged in network and/or security research and with research interests that have overlap with the general areas of research of one or more of the group's staff.

Please send your applications no later than Friday, January 31, 2014. We will notify applicants of our decisions by February 14, 2014.

You can find details regarding the application process here.

Thursday, April 18, 2013

Fathom is a Google Summer of Code Project

Fathom, our browser-based network measurement platform, is part of M-lab's list of Google Summer of Code Projects. If you're a great browser/JavaScript hacker and interested in working with us on this project in the summer, check out the Fathom website and the GSoC ideas page, and get in touch!

Friday, January 18, 2013

Internships for Summer 2013

The ICSI Networking and Security Group is accepting applications for summer interns for Summer 2013. ICIR's internships are paid positions, and generally aimed at Ph.D. students actively engaged in network and/or security research and with research interests that have overlap with the general areas of research of one or more of the group's staff.

The deadline for submissions is Friday February 8, 2013.
Applicants will be notified of decisions by February 22, 2013.

The application process is outlined here.

Friday, November 2, 2012

Announcing the ICSI Certificate Notary

We are happy to announce the ICSI Certificate Notary today. This service provides near real-time reputation information on a large number of TLS/SSL certificates seen in the wild, collected continuously from a set of partner network sites. The notary’s data includes the time when a certificate was first and last seen, and whether we can establish a valid chain to a root certificate from the Mozilla root store.

Since the beginning of this year we collaborate with operations at about ten large network sites to passively extract certificates from their upstream traffic using Bro. This has allowed us to build a certificate database that now comprises roughly half a million unique web certificates from over 8 billion connections, representing the activity of estimated 220,000 users. (In fact, we have collected 7 million unique certificates but the majority is non-web activity and hence excluded from the notary.)

You can use the service by sending a DNS request for an A or TXT record to:


The token <sha1> represents the SHA1 digest of the certificate to query, which you may find when consulting your browser for details about a certificate. For A record queries, the result comes back either as the address to indicate that our data providers have seen the certificate, as if we could recently validate the certificate against the Mozilla root store, or NXDOMAIN if we have not seen the certificate. For TXT record queries, the notary returns key-value pairs with more details. Here is an example reply:

"version=1 first_seen=15387 last_seen=15646 times_seen=260 validated=1"

For further details, usage instructions, and background reading, please visit the notary website at http://notary.icsi.berkeley.edu. We much appreciate your feedback at this early stage, both positive works-for-me notices as well as problems and suggestions for improvements.

Monday, February 6, 2012

Summer Internships

The Networking Group is now accepting applications for Summer 2012 internships. Applicants should be Ph.D. students with a solid research background in networking and/or security. To apply, send a resume to summer@icir.org, and arrange for a letter of reference to be sent to that address too. The deadline for applications is February 24, 2012.

Thursday, June 9, 2011

Oakland'11 papers

At this year's IEEE Symposium on Security and Privacy we presented two papers.

The first presents an extensive measurement study our team of 15 researchers, postdocs and graduate students at UCSD and ICSI has worked on for two years. It expands the analysis of the spam value chain into the financial domain, illuminates the affiliate program landscape for pharmaceuticals, replica goods, and software, and identifies three banks that together receive the credit card transactions of 95% of the spam we observe.

The second paper presents Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. The paper evaluates the fundamental challenges that arise due to the diversity of web service spam. Monarch could protect a service such as Twitter—which needs to process 15 million URLs/day—for a bit under $800/day.

Wednesday, June 8, 2011

SIGCOMM awards

ACM has awarded this year's SIGCOMM award to Vern Paxson, for his seminal contributions to the fields of Internet measurement and Internet security, and for distinguished leadership and service to the Internet community.

SIGCOMM's Test-Of-Time Award recognizes papers published at least ten years ago that have turned out to make significant contributions to the field of networking. This year one of the two papers chosen is "A Scalable Content-addressable Network" which appeared in SIGCOMM 2001 and is authored by current and past ICSI researchers Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp and Scott Shenker.