Home Sweet Home (bsy's home page)

Bennet has left UCSD and is now a software engineer at Google. This is an archive of his pages written while at UCSD. Prospective students should contact other professors.

Bennet Yee's research focuses on issues in computer security. There are many inter-related areas that impact the security of systems: user-interfaces, software systems design, theorem proving, and cryptography all play important roles. Bennet's primary research interests are currently secure coprocessor applications, mobile agent security (or lack thereof), electronic commerce, and cryptographic protocol design. He is a member of the Cryptography and Security group.

If you want to contact Bennet, check his plan file on play.ucsd.edu for additional information.

Bennet's research summary is available, as is his curriculum vitae [PDF].

Bennet is currently working on the Sanctuary project, in which Bennet and his team are building a secure mobile agent system. Here is a discussion on why remote execution is desirable. A white paper written for the DARPA Workshop on Foundations for Secure Mobile Code is available, as is a more recent version (CS97-537) (also in PDF), where the idea of Perfect Forward Integrity is defined. (This is a bit of a misnomer, following the convention of ``Perfect Forward Secrecy''; technically, ``perfect'' usually refers to information-theoretic security, so is inappropriate. The usual ``PFS'' scheme is Diffie-Hellman based, and provides only computational forward secrecy.) The focus of the project are on the mutual distrust and remote execution problems in agent-based computing: not only do servers fear that agents bring in viruses or attempt to subvert the server, but the agent's user needs to be able to trust that the agent not be subverted when visiting a malicious server. [Note: to attempt to rationalize the nomenclature, I will refer to the PFI security property as simply Forward Integrity. The other flavors of Forward Security are Forward Privacy, Forward Non-repudiation, etc.]

An simple example of how such a subversion might occur will make this problem clearer. Let's look at the standard air-fare agent scenario: you send a software agent to visit servers at various airlines to determine the cheapest fare from San Diego to Washington D.C. to go to a meeting, with various timing / seat preference / routing constraints. One of the airlines runs a server, flybynight.com, where your agent's code is automatically recognized and brainwashed: its memory of what other airlines it has visited and what prices it had seen is modified, so that it ends up recommending flybynight.com.

How can this be prevented? This is a critical security problem to be solved if we are to have faith in agent-based computing. One approach is via legal/contractual means, which is not entirely satisfactory, since for this to work the ability to detect breaches will still be critical. The Sanctuary project is examining many mechanisms, from the use of secure coprocessors to ensure trustworthiness to cryptographic mechanisms to prevent agent tampering.

Another application of forward integrity is in securing audit log data. See the paper Forward Integrity for Secure Audit Logs (joint work with Mihir Bellare) for an exact analysis of the security of a forward integrity MAC scheme. A paper on Forward-Security in Private-Key Cryptography with Mihir Bellare is available; it gives precise definitions of forward security and general constructions of forward security scheme.

In addition to the more central security issues, Bennet is also working on systems and programming language issues in mobile code. See the paper How To Migrate Agents (with Matthew Hohlfeld) to see how programs can be automatically transformed to implement state capture and release algorithms by extracting local continuations. This is a novel way to implement migration primitives, allowing standard software components such as Java virtual machines to be used to support truly migrating agents. This is now implemented, and an beta release version is available for use with our agent server. See the project web page for sample transformed agents and for how to get the software.

Migrating agents can be used for Intellectual Property Protection, where a natural information theoretic measure is used for billing. The paper Mobile Agents and Intellectual Property Protection (with Stephane Belmon) discusses this application of mobile agents. (This paper appeared in Mobile Agents 98. The online proceedings as well as the printed proceedings are available from Springer.)

This work is funded by an ONR Award N00014-01-1-0981, NSF CAREER Award CCR-9734243, an equipment grant from Intel Corp, a Faculty Development Award from National Semiconductor Corp, equipment support from IBM Corp, and a gift from Microsoft Corp.

You may also want to see a description of Bennet's other recent research, and the recent Internet Tickets demo.


Bennet maintains a list of Web resources relating to computer security, ranging from cryptography resources, system security testing tools, to word compilations useful in eliminating easy-to-guess passwords. In addition to looking at the World Wide Web from the security and internet commerce point of view, Bennet also indulges plain old fun hacks and Web-based link collecting. (See also his web links page).
Some of Bennet's papers are online, as well as some of his software. His public keys are available: PGP2.6.3, PGP5, GPG1.0.0. Whew!

Bennet is teaching CSE291: Secure Hardware, TCPA, and Palladium in spring of 2003.

Bennet taught CSE227: Computer Security and CSE127: Introduction to Computer Security in winter of 2003, CSE227: Computer Security and CSE127: Introduction to Computer Security in winter of 2002, CSE 291: intrusion detection and computer security vulnerability analysis in fall of 2001, CSE 221 in winter of 2001, CSE 121 in the fall of 2000, CSE 190 in spring of 2000, CSE 30 in the fall of 1999, CSE 221 in fall quarter of 1999, CSE227 CSE190A in the spring quarter of 1999, CSE 30 and CSE 221 in fall quarter of 1998, CSE 190A and CSE 221 in spring 1998, CSE 30 in fall 1997, CSE 80 in winter 1997, and CSE 30 in fall 1996 (the links go to archived class web pages). He organized the Faculty Research Seminar for the fall 99, winter 99, and fall 98 quarters. He also provide links to information about fellowships. If you are a graduate student, you should check out what're available.


Current Sanctuary Project Members

  • Bennet Yee
  • Sanjeev Bansal
  • Genevieve Bartlett
  • Matthew Hohlfeld
  • Robert Miller
  • Aditya Ojha
  • Scott O'Neil
  • Rahul Lahoti
  • Poorna Udupi
  • Vivek Manpuria
  • Yekaterina Tsipenyuk
  • Juliana Wong
  • Collaborators

    Bennet has worked with or is currently working with these graduate students/visiting scientists at UCSD:
  • JeeHea An
  • Sanjeev Bansal
  • André Barroso
  • Genevieve Bartlett
  • Stephane Belmon
  • Edward Elliott
  • Matthew Hohlfeld
  • Robert Miller
  • Aditya Ojha
  • Daein Chung
  • Rahul Lahoti
  • Poorna Udupi
  • Vivek Manpuria
  • Fakhruddin Rashid
  • Yekaterina Tsipenyuk
  • Eugene Tsyrklevich
  • Juliana Wong
  • James Zhu
  • and researchers elsewhere:
  • Jean Camp
  • Michael Harkavy
  • Nevin Heintze
  • Sean Smith
  • Doug Tygar
  • Noriya Kobayashi

  • [ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver | geourl's meatspace ]
    picture of bsy

    bsy+www@bennetyee.org, last updated Mon Dec 13 23:22:08 PST 2004. Copyright 2004 Bennet Yee.
    email bsy.


    Don't make me hand over my privacy keys!