CERIAS Weekly Security Seminar - Purdue University

Brian Peretti, Symposium Closing Keynote: AI, Cybersecurity, and the Path Forward

Wed, 8 Apr 2026 16:30:00 EDT

Annual Security Symposium. Visit: https://ceri.as/2026 Artificial intelligence is rapidly transforming both the opportunities and risks within cybersecurity, creating a new landscape that today's students and researchers will soon inherit and shape. This keynote explores how AI is evolving from a supporting tool to a decision-making system, fundamentally changing how cyber threats are created, detected, and managed. It will examine emerging risks such as deepfakes, model manipulation, and systemic dependencies on shared technologies, while also addressing the growing role of regulation and the challenges of governing systems that are powerful yet often opaque. Most importantly, the session will highlight where the greatest opportunities lie—at the intersection of AI, cybersecurity, and policy—and how the next generation of professionals can play a defining role in building secure, resilient, and trustworthy systems for the future. About the speaker: Brian J. Peretti is a career member of the Senior Executive Service at the United States Department of the Treasury. In his final position, he served as Treasury's Chief Technology Officer and Deputy Chief Artificial Intelligence (AI) Officer in the Office of Chief Information Officer.As Treasury's Chief Technology Officer, Mr. Peretti establishes, leads, and manages a comprehensive, multi-year strategic and long-range planning process that promotes the vision for IT and ensures consistent progress toward accomplishing the CIO's vision, while identifying and leveraging common technology solutions to support business processes and work methods and/or to improve effectiveness of current technologies while also developing appropriate policy for emerging technology such as Artificial Intelligence, Machine Learning, Biometrics and Quantum Computing. As Treasury's Deputy Chief AI Officer, Mr. Peretti supported Treasury's Chief AI Officer in advancing the Department's deployment of this emerging technology. In this capacity, he oversaw the publication of Treasury's report, Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, and directed the subsequent lines of effort. Additionally, serving in this position has seen him designated as the Executive Officer for the Department's AI Governance Board as well as the Department's representative to the Office of the Director of National Intelligence's CAIO Council. In addition, Mr. Peretti leads the development of domestic and international operational resilience policy, including cyber, as part of Treasury's Sector Risk Management Agency responsibility for the financial services sector. In this role, he spearheads Treasury's efforts to increase multi-directional sharing of cyber threat and vulnerability information. He also serves as the United States's designated subject matter expert at the Group of 7 Cyber Expert Group (G-7 CEG). Mr. Peretti has served at the Treasury for over 22 years with increasing levels of responsibility, including being named the Senior Career Official Executing the Duties of the Assistant Secretary for Financial Institutions during the transition from the Obama to the Trump Administration. Based on his expertise in critical infrastructure protection and operational resilience, he was detailed to the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency's National Risk Management Center during the intial response to the COVID-19 pandemic and served as the first Senior Advisor for Security and the Economy. He also speadheaded DHS response to the SolarWinds cyber incident. A sought-after speaker and presenter, Mr. Peretti has been the recipient of numerous awards and honors throughout his career. Most recently, he received the 12th Annual Billington CyberSecurity Leadership Award at the 2023 Annual Billington CyberSecurity Summit. Prior to joining the Treasury, Mr. Peretti was an associate in Shook, Hardy & Bacon's Corporate Banking and Finance Section in Washington, D.C., and was the General Counsel for the Wright Patman Congressional Federal Credit Union. He has authored numerous publications related to financial sector operations, including payment systems. Mr. Peretti received his bachelor's degree from Rider University (cum laude) in 1989, and his law degree from American University's Washington College of Law (cum laude) in 1992.

Jen Sims, Analyzing Supply Chain Risk in Mobile Applications for Home Energy Storage Systems

Wed, 1 Apr 2026 16:30:00 EDT

The rapid adoption of mobile applications for managing consumer whole-house battery and energy systems has introduced new questions about software supply chain security. While these applications are not currently integrated with critical infrastructure, their growing role in connected energy environments highlights the importance of understanding the dependencies,permissions, and external services that support their operation. Many of these applications rely on shared third-party libraries, analytics frameworks, and messaging services, creating overlapping software ecosystems across vendors.In this talk, I will present an analysis of several battery-management mobile applications using static and dynamic analysis techniques. The study examines third-party dependencies, Android permission usage, and outbound network activity to identify common software components and shared external infrastructure. The results reveal significant overlap in libraries and permissions across applications, suggesting that vulnerabilities in widely used components could introduce shared risk pathways across multiple vendors. This work highlights the need for stronger dependency governance,permission minimization, and ongoing monitoring as mobile energy applications continue to evolve. About the speaker: Jen Sims is a cybersecurity technical professional in the Cyber Resilience and Intelligence Division at Oak Ridge National Laboratory (ORNL). Her research focuses on resilient cyber-physical systems and vulnerability assessment of technologies used within the electric grid, with particular emphasis on supply chain risk. She also conducts research in cybersecurity for manufacturing and is actively involved in cyber education outreach, engaging students from grade school through graduate programs.Jen earned a Master of Software Engineering and a Bachelor of Computer Science with a concentration in Secure Cyber Systems from the University of Texas at El Paso (UTEP). During her time at UTEP, she founded the Women in Cybersecurity (WiCyS) student chapter and helped launch the university's summer cybersecurity camps.Outside of her research, Jen is passionate about workforce development and cybersecurity education, volunteering with Oak Ridge Computer Science Girls (ORCsGirls) and creating hands-on cybersecurity activities to inspire the next generation of students.

Kelechi Kalu, Software Signing in Practice: Lessons from Adoption and Usability Toward Broader Supply Chain Trust

Wed, 25 Mar 2026 16:30:00 EDT

Software signing is a foundational mechanism for improving software supply-chain security because it helps establish artifact provenance, integrity, and authenticity across organizational boundaries. Yet the security value of software signing depends not only on cryptographic design, but also on whether signing is adopted, integrated, and used correctly in practice. This research examines these questions across multiple empirical settings, from industry deployment to modern open-source signing tools (ecosystems).In this talk, I synthesize findings from a set of studies on software signing in practice. I first discuss how organizations adopt and operationalize signing, then turn to identity-based signing using Sigstore as a case study of next-generation signing usability. I next present longitudinal evidence across five identity-based signing ecosystems showing that newer designs reduce some historical burdens, especially around key management, but do not eliminate usability challenges. Instead, friction shifts toward verification workflows, policy and configuration surfaces, and deployment integration boundaries. These lessons point beyond artifact signing alone: building trustworthy software supply chains will require broader trust mechanisms, including actor-centred approaches such as ARMS as envisioned. About the speaker: Kelechi Kalu is a fourth-year Ph.D. student in Electrical and Computer Engineering at Purdue University and a member of the Duality Lab, where he is advised by Prof. James C. Davis. His research focuses on software and AI security, especially software supply-chain security, usability, and trust in open-source ecosystems. His recent work examines software signing adoption in practice, the usability of identity-based signing tools such as Sigstore, and broader actor-centered trust mechanisms for software ecosystems. His work has appeared at USENIX Security, IEEE S&P, and ESEC/FSE. He previously interned at Microsoft Research in 2024 and received the Best Poster Award at the 2025 CERIAS Annual Security Symposium.

Ashish Kundu, Quantum Secure Networks

Wed, 11 Mar 2026 16:30:00 EDT

Quantum threats to cryptography has been fueled by Shor's and Grover's quantum algorithms and their derivatives. That has led a decade-long development of post-quantum cryptography algorithms and standards. While there are question lies about when Cryptanalytically Relevant Quantum Computers (CRQC) will be realized practically, they're imminent threats. In the meantime, Quantum computers and networks are evolving faster to take us closer to their realization in a practical and scalable manner, which will also help advance the development of CRQCs. In this talk, I will present how evolution of cryptography is shaping up, how to achieve quantum resistant security in a holistic manner and the development of quantum secure networks. About the speaker: Ashish Kundu is currently Head of Cybersecurity Research at Cisco Research. Ashish is an IEEE Fellow. He has also worked as: Head of Cybersecurity at Nuro.ai. During 2011- 2019, he worked as Research Staff Member, and Master Inventor and at the IBM T J Watson Research Center, Yorktown Heights, New York. He has led the Research and Development efforts for Security and Compliance for IBM Watson Health Cloud, IBM Watson Education, and IBM Watson Genomic Analytics. Dr. Kundu served on the IBM Research AI Ethics committee during 2015 - 2016. Dr. Kundu received Ph.D. from Computer Science at Purdue University and then he joined IBM T J Watson Research Center after that. He has been affiliated with CERIAS. Ashish is an ACM Distinguished Member, an ex-ACM Distinguished Speaker, and a Master Inventor (at IBM Research).

Ruqi Zhang, Discovering and Controlling AI Safety Risks in Foundation Models: A Probabilistic Perspective

Wed, 4 Mar 2026 16:30:00 EST

As foundation models, including large language models and multimodal models, are increasingly deployed in complex and high-stakes settings, ensuring their safety has become more important than ever. In this talk, I present a probabilistic perspective on AI safety: safety risks are treated as structured distributions to be discovered and controlled, rather than isolated failures to be patched. I first introduce probabilistic red-teaming methods that characterize distributions of failures, revealing systematic safety risks that standard evaluation often misses. I then describe probabilistic defense methods that control model behavior during deployment by adaptively steering generation toward constraint-aligned distributions. By unifying failure discovery and behavior control under a probabilistic perspective, this talk highlights a distributional approach for understanding and managing safety risks in foundation models. About the speaker: Ruqi Zhang is an Assistant Professor in the Department of Computer Science at Purdue University. Her research focuses on probabilistic machine learning, generative modeling, and trustworthy AI. Prior to joining Purdue, she was a postdoctoral researcher at the Institute for Foundations of Machine Learning (IFML) at the University of Texas at Austin. She received her Ph.D. from Cornell University. Dr. Zhang has been a key organizer of the Symposium on Probabilistic Machine Learning. She has served as an Area Chair and Editor for ML conferences and journals, including ICML, NeurIPS, ICLR, AISTATS, UAI, and TMLR. Her contributions have been recognized with several honors, including AAAI New Faculty Highlights, Amazon Research Award, Spotlight Rising Star in Data Science, Seed for Success Acorn Award, and Ross-Lynn Research Scholar.

Danny Vukobratovich, ISO 27001 as the Engine, NIST CSF 2.0 as the Dashboard, A Practical Operating Model

Wed, 25 Feb 2026 16:30:00 EST

Many organizations adopt security frameworks but struggle to turn them into day-to-day operations that reduce risk without slowing delivery. This talk presents a practical operating model that pairs ISO/IEC 27001 (as the certifiable management system that runs governance, risk management, internal audit, and continual improvement) with NIST Cybersecurity Framework 2.0 (as the outcome-focused "dashboard" for aligning security priorities to business objectives and communicating posture to leaders). Attendees will see how to translate business goals into CSF 2.0 current and target profiles, convert those profiles into ISO 27001 objectives and control ownership, and design "evidence by default" workflows that reduce audit fire drills. The session will include real-world design patterns (paved roads, tiered decision rights, exception handling with expiry, and control health metrics) and highlight where assurance programs often drift into "control theater." The goal is a repeatable approach that both practitioners and researchers can critique, improve, and apply. About the speaker: Danny Vukobratovich is a Sr. IT Security Analyst at Purdue University, where he manages Purdue IT's ISO program spanning ISO/IEC 27001 (information security), ISO 9001 (quality management), and ISO/IEC 20000-1 (IT service management). He also oversees Purdue IT's business continuity and disaster recovery planning, with an emphasis on building resilient, auditable operating models that support research and administrative missions. Danny's professional focus is translating risk and governance into practical mechanisms, including clear decision rights, "evidence by design," and metrics that measure control health rather than control presence. His background includes security risk assessments, incident response, monitoring and logging, identity and access management, and standards-based audits across diverse environments. Danny holds the CISSP, ISO/IEC 27001:2022 Lead Implementer, and ITIL 4 Strategic Leader certifications, and an M.S. in Cybersecurity Management.

Thai Le, Towards Robust and Trustworthy AI Speech Models: What You Read Isn't What You Hear

Wed, 18 Feb 2026 16:30:00 EST

Deepfake voice technology is rapidly advancing, but how well do current detection systems handle differences in language and writing style? Most existing work focuses on robustness to acoustic variations such as background noise or compression, while largely overlooking how linguistic variation shapes both deepfake generation and detection. Yet language matters: psycholinguistic features such as sentence structure, complexity, and word choice influence how models synthesize speech, which in turn affects how detectors score and flag audio. In this talk, we will ask questions such as: "If we change the way a person writes, while keeping their voice the same, will a deepfake detector still reach the same decision?" and "Are some text-to-speech and voice cloning models more vulnerable to shifts in writing style than others?" We will then discuss implications for designing robust deepfake voice detectors and for advancing more trustworthy speech AI in an era of increasingly synthetic media. About the speaker: Thai Le is an Assistant Professor of Computer Science at the Indiana University's Luddy School of Informatics, Computing, and Engineering. He obtained his doctoral degree from the college of Information Science and Technology at the Pennsylvania State University with an Excellent Research Award and a DAAD Fellowship. His research focuses on the trustworthiness of AI/ML models, with a mission to enhance the robustness, safety, and transparency of AI technology in various sociotechnical contexts. Le has published nearly 50 peer-reviewed research works with two best paper presentation awards. He is a pioneer in collecting and investigating so-called text perturbations in the wild, which has been utilized by users and researchers worldwide to study and understand effects of humans' adversarial behaviors on their daily usage with AI/ML models. His works have also been featured in ScienceDaily, DefenseOne, and Engineering and Technology Magazine.

Bethanie Williams, AI-Assisted Cyber-Physical Attack Detection in Smart Manufacturing Systems

Wed, 11 Feb 2026 16:30:00 EST

The rise of Industry 4.0 has transformed manufacturing through the integration of cyber-physical systems, connectivity, and real-time data exchange into increasingly automated and intelligent platforms. While these advances improve productivity and efficiency, they also introduce vulnerabilities to cyber-physical attacks that can degrade product quality, damage equipment, and pose safety risks. Effective detection depends on understanding which data sources and levels of granularity provide sufficient visibility for accurate anomaly detection and attack identification. Replicated environments, such as digital twins (DTs), help address the challenges of collecting high-fidelity data and executing complex attack scenarios in live production systems.This talk presents an AI-assisted framework for detecting cyber-physical attacks in smart manufacturing using real machine experimentation complemented by DT–based replication. The framework evaluates multiple data sources, ranging from high-level operational data to low-level control and side-channel signals, to understand how data fidelity and context influence detection performance. A hardware-in-the-loop (HIL) DT is used to replicate machine behavior, safely execute attacks, and enable controlled experimentation that would be impractical in live production environments.Through experiments on a real CNC machining system and its corresponding HIL-based DT, multiple cyber-physical attack scenarios are evaluated using statistical, machine learning, and deep learning-based detection methods. Results demonstrate that detection effectiveness is highly dependent on attack type and data granularity, highlighting the need for domain-aware, multi-source monitoring strategies. The framework is further extended to additive manufacturing, illustrating how insights derived from CNC systems can guide attack detection in related manufacturing domains.Overall, this work demonstrates how combining AI-based detection with real-world experimentation and DT technologies enables more robust and practical security analysis for cyber-physical manufacturing systems. About the speaker: Dr. Bethanie Williams is an R&D, S&E Cybersecurity Engineer at Sandia National Laboratories, where she specializes in applying artificial intelligence (AI) to enhance the security and resilience of cyber-physical systems in critical infrastructure, including power grid systems, healthcare facilities, and advanced manufacturing. She is also actively involved in the Cybersecurity Manufacturing Innovation Institute (CyManII) through her work at Sandia. Bethanie earned her Bachelor of Arts degree as a triple major in Mathematics, Spanish, and Computer Science from Berea College in 2020. During her time at Berea, she was a Bonner Scholar and a member of the women's basketball team, earning All-American honors for her athletic achievements. She completed her Master of Science in Computer Science with a concentration in Cybersecurity at Tennessee Technological University in 2022, under the supervision of Dr. Ambareen Siraj, and earned her Ph.D. in Engineering with a major in Computer Science in 2025 under the guidance of Dr. Muhammad Ismail. Her dissertation, titled "Multi-Source Data Analysis and an Effective AI-Assisted Detection Framework for Cyber-Physical Attacks in Smart Manufacturing," focused on leveraging AI-driven approaches and analyzing various data sources to detect and mitigate cyber-physical attacks in manufacturing systems. Throughout her graduate studies, Bethanie received the College of Engineering Distinguished Fellowship and the National Science Foundation (NSF) Scholarship for Service (SFS). She was a year-round intern at Sandia National Laboratories as part of the Center for Cyber Defenders (CCD) program, where she contributed to national research initiatives under CyManII. Bethanie held several executive leadership roles at Tennessee Tech, including Vice President of Cyber Eagles and Graduate Student Club. She also served as a Ph.D. advisor for Women in Cybersecurity (WiCyS). Through these roles, she actively mentored students, organized outreach events, and fostered a supportive community for women in cybersecurity. Bethanie's current research interests include cyber-physical security, modeling and simulation of industrial control systems, and leveraging AI for advanced manufacturing. As an Early Career R&D, S&E Cybersecurity Engineer at Sandia, she is committed to bridging academic innovation and national security applications to protect critical infrastructure and ensure its resilience.

Mary Jean Amon, Parental Sharing ("Sharenting") Through the Lens of Interdependent Privacy

Wed, 4 Feb 2026 16:30:00 EST

Parental sharing, sometimes termed "sharenting," refers to ways that parents share information about their children online and is a common mechanism through which young children are exposed to social media. Parental sharing is controversial due to its significant benefits and risks, with researchers highlighting broader concerns regarding long-term implications for children's developing privacy standards. Yet, many parents report a high degree of acceptance for parental sharing, and parents exposing their young children to social media the most are often modeling risky online behaviors. This presentation examines parental sharing in association with privacy and security concepts, research, and interventions toward supporting safe and responsible parental sharing. About the speaker: Mary Jean Amon is a quantitative psychologist focused on human-computer interaction and an Assistant Professor in Indiana University Bloomington's Department of Informatics. Her interdisciplinary research program leverages sensing technologies and advanced analytics to understand and improve dynamic decision-making and performance in the context of complex sociotechnological systems. This includes identifying near-real-time team coordinative patterns that enhance teaming performance, as well as human factors in privacy and security. Amon's quality of work is recognized through publications in top venues, best paper awards, diverse research funding sources, and general dissemination through media outlets like Forbes, New York Times, and Washington Post.

Young Kim, Counterfeit Medical Devices and Medicines as a Fundamental Cyber-Physical Security Problem

Wed, 28 Jan 2026 16:30:00 EST

Hardware security is not a new problem, but it is rapidly expanding in both consumer and medical domains due to hyperconnectivity. Medical devices and counterfeit medicines represent a fundamental security challenge. In particular, although counterfeit medicines are not a new issue,the problem continues to worsen as counterfeiting practices become increasingly sophisticated. The counterfeiting of biomedical products poses a serious threat to patient safety, public health, and economic stability in both developed and developing countries, and many current countermeasures remain vulnerable because they provide limited security. In this talk, we will share our work on biomedical hardware security with a focus on pharmaceutical products. We present cyber-physical biomedical security technologies that encode dosage information and authentication into edible biomaterials, enabling serialization, track-and-trace, and authentication at the dosage level. This approach empowers patients to play an active role in combating counterfeit medicines. About the speaker: Young Kim is a professor in the Weldon School of Biomedical Engineering and holds the titles of University Faculty Scholar and Showalter Faculty Scholar at Purdue University. His research centers on co-creating hardware(devices) and software (models) for large-scale societal and healthcare applications. His lab develops hybrid machine learning by combining data analytics with models grounded in optical spectroscopy and light-matter interactions to move beyond big-data, compute-intensive AI and leverage engineers' domain expertise. His work spans optical imaging and spectroscopy, mesoscopic physics, meta materials, cancer research, hardware security, and global health,unified by machine learning and data analytics. His research has been funded by a diverse range of agencies, including NIH, CDC, VA, AFOSR, USAID and Gates Foundation. His primary applications are in global health and rural community health, which address large-scale societal and healthcare challenges in mutually reinforcing ways.

Vijayanth Tummala, Evaluating The Impact of Cyberattacks On AI-based Machine Vision Systems: A Case Study of Threaded Fasteners

Wed, 21 Jan 2026 16:30:00 EST

AI-driven machine vision systems are becoming essential in mechanical engineering applications such as fastener classification, yet their increasing connectivity exposes them to adversarial cyberattacks. Model evasion attacks like FGSM can subtly alter input images and cause misclassification, raising concerns about reliability in automated manufacturing.This talk focuses on the role of Explainable AI and human-in-the-loop strategies in detecting and mitigating such attacks. In the presented case study, an EfficientNet-B0 fastener classification model is examined using Grad-CAM visualizations to determine whether shifts inactivation patterns can reveal adversarial manipulation. The study evaluates how FGSM-generated images affect model accuracy and confidence while assessing the XAI system's ability to highlight abnormal regions of attention and the potential for human-in-the-loop approaches to be utilized with XAI techniques as a practical path to strengthening the resilience of AI-based machine vision systems in manufacturing. About the speaker: Dr. Vijayanth Tummala is a Researcher in Cybersecurity and Human-AI Interaction. His research spans artificial intelligence and cybersecurity across interdisciplinary areas, including AI and Cybersecurity leadership, AI literacy, and computer vision applications. He was one of only seven recipients to receive the Best Paper Award in the AI track at ASME's IMECE conference held in November 2024, which features over 2,400 submissions annually. Previously, he held key leadership roles, including leading the NSA CAE-CD designation, launching graduate programs as part of a $1.5 million EDA grant received by his previous employer, and partnering with the Allen County High-Tech Crimes Unit.

Rohan Paleja, Building Interpretability into Human-Aware Robots through Neural Tree-Based Models

Wed, 14 Jan 2026 16:30:00 EST

Collaborative robots and machine-learning-based virtual agents are increasingly entering the human workspace with the aim of increasing productivity, enhancing safety, and improving the quality of our lives. These agents will dynamically interact with a wide variety of people in dynamic and novel contexts, increasing the prevalence of human-machine teams in applications spanning from healthcare and manufacturing to household assistance. My research aims to create transparent embodied systems that can support users and interact with humans, pushing the frontier of real-world robotics systems towards those that understand human behavior, maintain interpretability, and coordinate with high performance. In this talk, I will cover a set of works that enable robots to 1) understand and learn from diverse human users, 2) learn interpretable, human-readable tree-based control policies directly via reinforcement learning, and 3) provide users with information online to improve situational awareness and facilitate effective human-robot collaboration. About the speaker: Dr. Rohan Paleja is an Assistant Professor in the Department of Computer Science at Purdue University. He directs the Strategies for Collaboration, Autonomy, Learning, and Exploration in Robotics Lab. The SCALE Robotics Lab focuses on advancing machine learning and artificial intelligence to improve robot learning, human-robot interaction, and multi-agent collaboration. Their goal is to equip autonomous agents with the ability to operate in the diverse, unstructured, and human-rich environments these agents will encounter in the real world.Dr. Paleja's research interests cover a broad range of topics, namely Explainable AI (xAI), Interactive Robot Learning, and Multi-Agent Collaboration. Prior to Purdue, Dr. Paleja was a Technical Staff Researcher in the Artificial Intelligence Technology group at MIT Lincoln Laboratory, where he collaborated with the Air Force Experimental Operations Unit and the Army Research Lab. Prior to that, he earned his Ph.D. in Robotics at the Georgia Institute of Technology in 2023.His work has received multiple awards, including a Best Paper Finalist Award at the Conference of Robot Learning (CoRL) and a Best Workshop Paper Award at the International Conference of Computer Vision (ICCV) Multi-Agent Relational Reasoning Workshop.

Peter Ukhanov, From MOVEit to EBS – a Look at Mass Exploitation Extortion Campaigns

Wed, 10 Dec 2025 16:30:00 EST

Over the past several years, CL0P has executed multiple mass exploitation campaigns using zero-day vulnerabilities in popular software products that resulted in mass data exfiltration. In this talk we'll take a look at the vulnerabilities that enabled their access, discuss ways defenders could have detected the exploits, and explore hardening recommendations to make public facing applications harder to compromise. About the speaker: Peter Ukhanov is a Principal Consultant with the Google Public Sector (Mandiant) IR team. Prior to joining Mandiant, Peter worked at Dragos focusing on OT/ICS environments. He started his career in incident response and digital forensics in 2014 at the Defense Information Systems Agency, spending almost 7 years supporting various Department of Defense entities.

Antonio Bianchi, Attacking and Defending Modern Software with LLMs

Wed, 3 Dec 2025 16:30:00 EST

In this talk, I will discuss recent research projects at the intersection of software security and automated reasoning. Specifically, I will present our work on assessing the exploitability of the Android kernel and developing complex exploits for it, as well as our efforts to uncover bugs in Rust's unsafe code through fuzzing.Throughout the talk, I will highlight how Large Language Models (LLMs) can support both attackers and defenders in analyzing complex software systems, and I will present key lessons on using LLMs effectively along with the practical challenges that arise when integrating them into software security workflows. About the speaker: Dr. Antonio Bianchi's research interest lies in the area of Computer Security. His primary focus is in the field of security of mobile devices. Most recently, he started exploring the security issues posed by IoT devices and their interaction with mobile applications. As a core member of the Shellphish and OOO teams, he played and organized many security competitions (CTFs), and won the third place at the DARPA Cyber Grand Challenge.

Stephen Flowerday, The Hidden Laundromat at Play: how illicit value moves through online games

Wed, 19 Nov 2025 16:30:00 EST

Online video games have evolved into vast financial ecosystems where real and virtual value mix at scale. This presentation shows how these spaces serve as efficient laundering channels, converting illicit funds from organized crime, sanctions evasion, terrorist financing, and digital fraud into assets that appear legitimate. Illicit value typically enters via card not present transactions, stolen digital wallets, and scam revenues before it is routed into platform marketplaces. From there, funds convert into tradeable virtual assets such as cosmetics, currencies, loot boxes, and content bundles, which can be divided into thousands of rapid microtransactions. Widely cited estimates place illicit financial flows at 2 to 5 percent of global GDP (roughly $800 billion to $2 trillion a year), while in game spending will reach $74.4 billion in 2025, providing liquidity, speed, and plausible deniability. About the speaker: Stephen Flowerday is a Professor in the School of Computer and Cyber Sciences at Augusta University. His research focuses on cybersecurity management, cybercrime, behavioral information security, and human-centric cybersecurity at the intersection of technology, processes, and people. His work has been supported by IBM, THRIP, the NRF, SASUF, Erasmus, and GMRDC. He serves as an associate editor and frequent reviewer for leading journals and conferences, and has reviewed grants for the Israeli NSF, the South African NRF, the U.S. NSF, and Bahrain's DHE.

Abulhair Saparov, Can/Will LLMs Learn to Reason?

Wed, 12 Nov 2025 16:30:00 EST

Reasoning—the process of drawing conclusions from prior knowledge—is a hallmark of intelligence. Large language models, and more recently, large reasoning models have demonstrated impressive results on many reasoning-intensive benchmarks. Careful studies over the past few years have revealed that LLMs may exhibit some reasoning behavior, and larger models tend to do better on reasoning tasks. However, even the largest current models still struggle on various kinds of reasoning problems. In this talk, we will try to address the question: Are the observed reasoning limitations of LLMs fundamental in nature? Or will they be resolved by further increasing the size and data of these models, or by better techniques for training them? I will describe recent work to tackle this question from several different angles. The answer to this question will help us to better understand the risks posed by future LLMs as vast resources continue to be invested in their development. About the speaker: Abulhair Saparov is an Assistant Professor of Computer Science at Purdue University. His research focuses on applications of statistical machine learning to natural language processing, natural language understanding, and reasoning. His recent work closely examines the reasoning capacity of large language models, identifying fundamental limitations, and developing new methods and tools to address or workaround those limitations. He has also explored the use of symbolic and neurosymbolic methods to both understand and improve the reasoning capabilities of AI models. He is also broadly interested in other applications of statistical machine learning, such as to the natural sciences.

Hanshen Xiao, When is Automatic Privacy Proof Possible for Black-Box Processing?

Wed, 5 Nov 2025 16:30:00 EST

Can we automatically and provably quantify and control the information leakage from a black-box processing? From a statistical inference standpoint, in this talk, I will start from a unified framework to summarize existing privacy definitions based on input-independent indistinguishability and unravel the fundamental challenges in crafting privacy proof for general data processing. Yet, the landscape shifts when we gain access to the (still possibly black-box) secret generation. By carefully leveraging its entropy, we unlock the black-box analysis. This breakthrough enables us to automatically "learn" the underlying inference hardness for an adversary to recover arbitrarily-selected sensitive features fully through end-to-end simulations without any algorithmic restrictions. Meanwhile, a set of new information-theoretical tools will be introduced to efficiently minimize additional noise perturbation assisted with sharpened adversarially adaptive composition. I will also unveil the win-win situation between the privacy and stability for simultaneous algorithm improvements. Concrete applications will be given in diverse domains, including privacy-preserving machine learning on image classification and large language models, side-channel leakage mitigation and formalizing long-standing heuristic data obfuscations. About the speaker: Hanshen Xiao is an Assistant Professor in the Department of Computer Science. He received his Ph.D. degree in computer science from MIT and B.S. degree in Mathematics from Tsinghua University. Before joining Purdue, he was a research scientist at NVIDIA Research. His research focuses on provable trustworthy machine learning and computation, with a particular focus on automated black-box privatization, differential trust with applications on backdoor defense and memorization mitigation, and trustworthiness evaluation.

Marcus Botacin, Malware Detection under Concept Drift: Science and Engineering

Wed, 29 Oct 2025 16:30:00 EDT

The current largest challenge in ML-based malware detection is maintaining high detection rates while samples evolve, causing classifiers to drift. What is the best way to solve this problem? In this talk, Dr. Botacin presents two views on the problem: the scientific and the engineering. In the first part of the talk, Dr. Botacin discusses how to make ML-based drift detectors explainable. The talk discusses how one can split the classifier knowledge into two: (1) the knowledge about the frontier between Malware (M) and Goodware (G); and (2) the knowledge about the concept of the (M and G) classes, to understand whether the concept or the classification frontier changed. The second part of the talk discusses how the experimental conditions in which the drift handling approaches are developed often mismatch the real deployment settings, causing the solutions to fail to achieve the desired results. Dr Botacin points out ideal assumptions that do not hold in reality, such as: (1) the amount of drifted data a system can handle, and (2) the immediate availability of oracle data for drift detection, when in practice, a scenario of label delays is much more frequent. The talk demonstrates a solution for these problems via a 5K+ experiment, which illustrates (1) how to explain every drift point in a malware detection pipeline and (2) how an explainable drift detector also makes online retraining to achieve higher detection rates and requires fewer retraining points than traditional approaches. About the speaker: Dr. Botacin is a Computer Science Assistant Professor at Texas A&M University (TAMU, USA) since 2022. Ph.D. in Computer Science (UFPR, Brazil), Master's in Computer Science and Computer Engineering (UNICAMP, Brazil). Malware Analyst since 2012. Specialist in AV engines and Sandbox Development. Dr. Botacin published research papers at major academic conferences and journals. Dr. Botacin also presented his work at major industry and hacking conferences, such as HackInTheBox and Hou.Sec.Con.Page: https://marcusbotacin.github.io/

Rajiv Khanna, The Shape of Trust: Structure, Stability, and the Science of Unlearning

Wed, 22 Oct 2025 16:30:00 EDT

Trust in modern AI systems hinges on understanding how they learn—and, increasingly, how they can forget. This talk develops a geometric view of trustworthiness that unifies structure-aware optimization, stability analysis, and the emerging science of unlearning. I will begin by revisiting the role of sharpness and flatness in shaping both generalization and sample sensitivity, showing how the geometry of the loss landscape governs what models remember. Building on these insights, I will present recent results on Sharpness-Aware Machine Unlearning, a framework that characterizes when and how learning algorithms can provably erase the influence of specific data points while preserving accuracy on the rest. The discussion connects theoretical guarantees with empirical findings on the role of data distribution and loss geometry in machine unlearning—ultimately suggesting that the shape of the optimization landscape is the shape of trust itself. About the speaker: Rajiv Khanna is an Assistant Professor in the Department of Computer Science. His research interests span various subfields of machine learning including optimization, theory and interpretability.Previously, he held positions of Visiting Faculty Researcher at Google, postdoctoral scholar at Foundations of Data Analystics Institute at University of California, Berkeley and a Research Fellow in the Foundations of Data Science program at the Simons Institute also at UC Berkeley. He graduated with his PhD from UT Austin.

Matthew Sharp, Securing Linux in a Heterogenous Enterprise Environment

Wed, 15 Oct 2025 16:30:00 EDT

This seminar examines the challenges of securing Linux (and legacy UNIX) systems in heterogenous enterprise environments, where cohabitant Windows infrastructure often dictates corporate security focus, resources, and tooling. Drawing on experiences across academia, large industry, and more modestly-sized startups, Sharp will highlight practical strategies, open source approaches, and mindset shifts needed to effectively protect Linux in a Windows-centric security landscape. About the speaker: Matthew Sharp has dedicated over two decades to securing UNIX and Linux servers across diverse environments of widely varying scale and complexity, in roles encompassing systems and network administration, red team contract work, and system and security engineering. Presently, he serves as a Principal Engineer at Toyota Motor North America with their Cyber Defensive Services group. His extensive experience has provided firsthand insights into the challenges associated with securing Linux systems in environments where Windows typically dominates both infrastructure and security investments. Sharp is particularly interested in advancing practical, open-source-driven approaches to Linux security and fostering a mindset that empowers practitioners to take proactive steps in addressing problems that mainstream security tools often overlook.

Stephen Kines, Four Deadly Sins of Cyber: Sloth, Gluttony, Greed & Pride

Wed, 8 Oct 2025 16:30:00 EDT

In the UK one of the great global car brands is on the verge of bankruptcy this month due to a single cyber-attack with the consequence of a potential loss of 130,000 jobs. Jaguar Land Rover is seeking a government bail-out to survive. In this first of a series of seminars delivered from the founder of a cybersecurity company in the same city where Jaguar Land Rover is reeling from this attack, we will cover Four Deadly Sins of Cyber with the other 3 sins in a follow-up seminar:1. Sloth: Bloated legacy architectures and slow patch cycles, run very real risks of seeing their progress as "good enough" up until the very moment some major event proves it wasn't. We will look at how to focus on compartmentalization, and containment.2. Gluttony: Exponential expansion of networks and devices to serve the AI-masters leading to the Skynet moment. Cyber threats leverage connectivity to spread; contagion control comes from knowing how to control that connectivity.3. Greed: Insatiable desire to acquire the latest and greatest security software, in the belief that newer is better, irrespective of how it fits and is to be used. Not so in OT networks where few of those are fit for purpose. The aim for simplicity benefits the most important questions "what is where?", "what exactly is the threat?" and "where can we exert control of threats accessing critical resources?".4. Pride: Overconfidence and self-assuredness in the status quo, doing more of the same will be fine. How's that working out so far? Humans-in-the-loop: some method of controlling contagion is essential. Minimizing the loss remains mandatory. The second half of the seminar will cover three perspectives of a founder of a hardware cybersecurity innovator : 1. The need to look at RoI when deploying solutions, 2. How to frame CNI cyber solutions within SDG/sustainability/impact, and 3. Moving beyond code-jockeys – cyber career perspectives requiring skills in humanities (psychology, philosophy, etc.) to think differently. About the speaker: Stephen is an international corporate lawyer with expertise in complex M&A and tax efficient commercial transactions in the US, UK and emerging markets. He has been a general counsel for ultra-high net worth individuals and families as well as international law firms. He is focused on emerging technologies, including blockchain and cybersecurity. A natural manager, Stephen also isn't afraid to do the work that needs to be done in an efficient bootstrapped startup. He is also know for his avid community engagement and commitment to sustainability at all levels. Also a former military officer, Stephen is the 2IC of Goldilock - keeping 'selection and maintenance of the aim' front of mind.

Sanket Naik, AI Agents for DevSecOps

Wed, 1 Oct 2025 16:30:00 EDT

AI is enabling developers and non-developers (product managers, solutions engineers) to write more lines of code than even before. Businesses are under pressure to ship these AI built products to stay competitive while still meeting regulatory requirements. Can AI solve this problem? In this talk, we will explore the opportunities and pitfalls to use AI agents for DevSecOps. About the speaker: Sanket Naik is the founder and CEO at Palosade, building a purpose-built AI platform enabling enterprises to automate their security program and unleash their business potential. He enjoys giving back to startups through investing and advisory roles. Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS in CS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

Richard Thieme, Thinking Like a Hacker in the Age of AI

Wed, 24 Sep 2025 16:30:00 EDT

We need to understand AI, what's here and what's coming, at a deep and ever-deepening level. This is a genuine inflection point for our society. It's like the internet squared except the rate of adoption is much higher. We don't have decades to figure this out. ... This is not a technical talk. The focus is on the approaches we need to adopt to work in tandem with AIs. It's about thinking differently. It's about thinking like hackers. About the speaker: Richard Thieme is an author and speaker who addresses the challenges posed by new technologies. He has published numerous articles, thirteen books, and delivered hundreds of speeches. His Mobius Trilogy illuminates the realities of intelligence work and was lauded by a CIA veteran as one of the best works of serious spy fiction ever. He spoke at Def Con this year for the 27th time and was named the first "uber contributor" of the conference. He has keynoted security conferences in 15 countries. Clients range from GE, Microsoft, Medtronic, and Bank of America, to NSA, FBI, Dept of the Treasury. Los Alamos, Pentagon Security Forum, and the Secret Service.

Rolf Oppliger, E2EE Messaging: State of the Art and Future Challenges

Wed, 17 Sep 2025 16:30:00 EDT

End-to-end encrypted (E2EE) messaging on the Internet allows encrypted messages to be sent from one sender to one or multiple recipients in a way that cannot be decrypted by anybody else - arguably not even the messaging service provider itself. The protocol of choice is Signal that invokes and puts in place several cryptographic primitives in new and ingenious ways. Besides the messenger of the same name, the Signal protocol is also used by WhatsApp, Facebook Messenger, Wire, and many more. As such, it marks the gold standard and state of the art when it comes to E2EE messaging on the Internet.To make it scalable and useful for large groups, the IETF has also standardized a complementary protocol named messaging layer security (MLS). In this talk, we outline the history of development and mode of operation of both the Signal and MLS protocols, and we elaborate on the next challenges for the future. About the speaker: Rolf Oppliger studied computer science, mathematics, and economics at the University of Bern, Switzerland, where he received M.Sc. (1991) and Ph.D. (1993) degrees in computer science. In 1994-95, he was a post-doctoral researcher at the International Computer Science Institute (ICSI) of UC Berkeley, USA. In 1999, he received the venia legendi for computer science from the University of Zurich, Switzerland, where he was appointed adjunct professor in 2007. The focus of his professional activities is on technical information security and privacy. In these areas, he has published 18 books and many scientific articles and papers, regularly participates at conferences and workshops, served on the editorial boards of some leading magazines and journals, and has been the editor of the Artech House information security and privacy book series since its beginning (in the year 2000). He's the founder and owner of eSECURITY Technologies Rolf Oppliger, works for the Swiss National Cyber Security Centre NCSC, and teaches at the University of Zurich. He was a senior member of the ACM and the IEEE, as well as a member of the IEEE Computer Society and the IACR. He also served as vice-chair of the IFIP TC 11 working group on network security.

Kris Lovejoy, The Converged Threat Landscape: What's Next in Cybersecurity

Wed, 10 Sep 2025 16:30:00 EDT

Cybersecurity stands at a historic inflection point, where converged forces are reshaping how we think about digital defense. In this discussion, Kyndryl's Global Security & Resiliency Leader Kris Lovejoy will share five key predictions for how AI-driven threats, workforce disruption, geopolitical fragmentation, quantum computing, and infrastructure vulnerabilities will redefine how we secure our digital future. These forces are not just trends, but urgent signals of what's to come. Kris will also provide a strategic framework for navigating this converged threat landscape, with insights into the emerging roles, governance models and resilience strategies that will shape cybersecurity in the years ahead. About the speaker: Kris Lovejoy is an internationally recognized leader in cybersecurity and cyber resilience. As Kyndryl's Global Practice Leader for Security and Resiliency, Kris leads more than 7,500 cyber resilience professionals across more than 60 countries. Before joining Kyndryl, Kris led EY's Global Consulting Cybersecurity practice. She also founded and led BluVector Inc., one of the first AI-powered Advanced Threat Detection products, which Comcast acquired in 2019. Kris was previously general manager of IBM Security Services. Kris serves on the boards of Dominion Energy (NYSE: D) and the International Security Alliance (ISA) and is also a member of the World Economic Forum's Cybersecurity Committee and Cybersecurity Coalition. She holds U.S. and EU patents in risk management and champions inclusion in cybersecurity as executive co-sponsor of Kyndryl's Women's Inclusion Network. Her cybersecurity industry contributions have earned multiple recognitions, including The Cyber Guild's Change-Maker Award (2022), "Top 50 Cybersecurity Leaders" by The Consulting Report (2021), and "Top Woman Technology Leader" by Consulting Magazine (2020).

Dave Schroeder, Utilization of National Guard Cyber Forces in Title 32 Status for National Cyber Missions

Wed, 3 Sep 2025 16:30:00 EDT

The U.S. military possesses a deep and extensive body of cyber expertise in uniform in the National Guard and Reserve force in particular. Leveraging this expertise effectively, both in a way that is productive for the military, and that is fulfilling and meaningful for the servicemember — which results in benefits for recruiting, retention, and continued development of this expertise — has been an ongoing challenge. This productive employment is even more challenging while in reserve status, resulting in attrition of this critical force. There is a national imperative, as well as clear statements from military cyber leadership, to effectively utilize all available resources to include the National Guard and Reserve force to meet the nation's cyber challenges. About the speaker: Dave Schroeder works to enable and advance intelligence and security research and partnerships at the University of Wisconsin–Madison. He is passionate about creating connections and bringing the rich and dynamic expertise at UW–Madison to the most pressing global security challenges. Dave serves as a Cyber Warfare Officer in the Wisconsin Army National Guard, and previously served a Navy Cryptologic Warfare Officer. He is also Research Director of the Wisconsin Security Research Consortium (WSRC), and manages UW-Madison's Cyber Programs and Designations. He holds graduate degrees in Cybersecurity Policy and Information Warfare, and is graduate of the Naval Postgraduate School, Naval War College, and Joint Forces Staff College.

Nick Selby, Build Things Properly

Wed, 27 Aug 2025 16:30:00 EDT

People talk quite a lot about things like 'shift left" that make it sound as if it is a new concept -- sold at your finer consultancies -- to build things properly in the first place. After two decades of incident response, smoke jumping and Tech Debt burndowns, I think it's time to talk about the way teams can build security not just into the product but into the company culture by examining some basic realities of the product development process. This is not just for tech companies; it's for any firm with a process by which they turn ideas into money. Because for all the SDLC tools, all the configuration platforms, the code scanners, and the security and code testing doodads out there, nothing in my experience works as well as starting with the basics: including security and legal experts as well as the people who manage the internal services that will be your upstream and downstream dependencies at the ideation stage. The amount of weapons-grade stupid, the mountain ranges of tech debt, and the broken business promises that this simple plan can avoid make it hard to believe that it's so rare to find these practices in mainstream companies. In this talk, I will describe the most common side effects of failing to do this, how those side effects manifest into cultural roadblocks, silos, and sadness, and most important: how you can break the cycle, slash through the Gordian knot of despair and missed deadlines, and return to cranking out product like a start up. About the speaker: Nick Selby is the founder of EPSD, Inc., and he has more than 20 years of experience advising organizations in highly targeted industries. Previously, he led professional services at Evertas and served as Interim Executive Director of the Cryptoasset Intelligence Sharing and Analysis Center. His executive roles have also included stints at Trail of Bits and Paxos Trust Company. He managed cyber incident response at TRM Partners and N4Struct, and in 2005 founded the information security practice at 451 Research (now S&P Global Intelligence), where he served as Vice President of Research Operations until 2009. As Director of Cyber Intelligence and Investigations at the NYPD (2018-2020), Selby led cybercrime investigations for America's largest police department. Selby serves on the Board of Directors of the non-profit National Child Protection Task Force and the advisory board of Sightline Security. While retired from law enforcement, he continues to serve as a reserve detective for a Dallas-Fort Worth area police agency, where he investigates crimes against children and the cyber aspects of real-world crimes.

Paul Vixie, Force Projection in the Information Domain: Implications of DNS Security

Wed, 30 Apr 2025 16:30:00 EDT

The DNS resolution path by which the world's internet content consumers locate the world's internet content producers has been under continuous attack since the earliest days of Internet commercialization and privatization. Much work has recently and is currently being invested to protect this vital source of Personally Identifiable Information -- but by whom, and why, and how? Let's discuss. About the speaker: Paul Vixie serves AWS Security as Deputy CISO, VP & Distinguished Engineer after a 29-year career as the founder and CEO of five startup companies covering the fields of DNS, anti-spam, Internet exchange, Internet carriage and hosting, and Internet security. Vixie earned his Ph.D. in Computer Science from Keio University in 2011 and was inducted into the Internet Hall of Fame in 2014. He has authored or co-authored several Internet RFC documents and open source software projects including Cron and BIND. https://en.wikipedia.org/wiki/Paul_Vixie

Tristen Mullins, Using Side-Channels for Critical Infrastructure Protection

Wed, 23 Apr 2025 16:30:00 EDT

About the speaker: Recorded: 04/23/2025 CERIAS Security Seminar at Purdue University Using Side-Channels for Critical Infrastructure Protection Tristen Mullins, ORNL Dr. Tristen Mullins is a cybersecurity professional specializing in side-channel analysis, cyber-physical systems security, and supply chain integrity. Currently an R&D Associate and Signal Processing Engineer at Oak Ridge National Laboratory (ORNL), she conducts innovative research at the intersection of hardware security and national security. Dr.Mullins earned her Ph.D. in Computing from the University of South Alabama in2022, where she focused on developing novel defense mechanisms against side-channel attacks and made significant contributions to adaptive security architectures. At ORNL, she leads initiatives in critical infrastructure protection and cyber resilience while actively mentoring students and promoting cybersecurity education. Additionally, Dr. Mullins plays a vital role in the National Security Sciences Academy and has founded the IEEE East Tennessee Section Young Professionals Affiliate Group to support emerging engineers.Honored with multiple awards for her contributions and leadership, she remains dedicated to enhancing the security of next-generation computing systems through collaboration with both federal agencies and industry leaders.

Richard Love, Russian Hacking: Why, How, Who, and to What End

Wed, 16 Apr 2025 16:30:00 EDT

The purpose of Russian hacking and their concept of cyber war is conceptually and practically different from Western strategies. This talk will focus on understanding why Russia uses cyber tools to further strategic interests, how they do it (by examining the 2016 interference in the U.S. presidential election and the NotPetya cases), and who does it. About the speaker: Dr. Richard Love is currently a professor at NDU's College of Information and Cyberspace and recently served as a professor of strategic studies at U.S. Army War College's (USAWC) School of Strategic Landpower and as assistant director of the Peacekeeping and Stability Operations Institute from 2016-2021. From 2002 to 2016, Dr. Love served as a professor and senior research fellow at NDU's Institute for National Strategic Studies / WMD Center. He is an adjunct professor teaching law, international relations, and public policy at Catholic University and has taught law and policy courses at Georgetown, the Army Command and General Staff College, the Marshall Center, and the Naval Academy, among others. He holds a Ph.D. in International Relations and Security Studies from the University of New South Wales in Australia (2017), an LLM from American University School of Law (2002), and a Juris Doctor in Corporate and Security Law from George Mason University School of Law. His graduate studies in East-West relations were conducted at the Jagellonian University in Krakow, Poland, and the University of Munich, in Germany. His undergraduate degree is from the University of Virginia.

Josiah Dykstra, Lessons for Cybersecurity from the American Public Health System

Wed, 9 Apr 2025 16:30:00 EDT

This talk explores how the principles and practices of the American public health system can inform and enhance modern cybersecurity strategies. Drawing on insights from our recent CRA Quad Paper, we examine the parallels between public health methodologies and the challenges faced in today's digital landscape. By analyzing historical responses to public health crises, we identify strategies for improving situational awareness, inter-organizational collaboration, and adaptive risk management in cybersecurity. The discussion highlights how lessons from public health can bridge the gap between technical cybersecurity teams and policymakers, fostering a more holistic and effective defense against emerging cyber threats. About the speaker: Josiah Dykstra is the Director of Strategic Initiatives at Trail of Bits. He previously served for 19 years as a senior technical leader at the National Security Agency (NSA). Dr. Dykstra is an experienced cyber practitioner and researcher whose focus has included the psychology and economics of cybersecurity. He received the CyberCorps® Scholarship for Service (SFS) fellowship and is one of ten people in the SFS Hall of Fame. In 2017, he received the Presidential Early Career Award for Scientists and Engineers (PECASE) from then President Barack Obama. Dr. Dykstra is a Fellow of the American Academy of Forensic Sciences (AAFS) and a Distinguished Member of the Association for Computing Machinery (ACM). He is the author of numerous research papers, the book Essential Cybersecurity Science (O'Reilly Media, 2016), and co-author of Cybersecurity Myths and Misconceptions (Pearson, 2023). Dr. Dykstra holds a Ph.D. in computer science from the University of Maryland, Baltimore County.

Michael Clothier, Annual CERIAS Security Symposium Closing Keynote IT, OT, IoT — It's Really Just the "T": An International and Historical Perspective

Wed, 2 Apr 2025 16:30:00 EDT

In today's rapidly evolving digital landscape, the lines between Information Technology (IT), Operational Technology (OT), and the Internet of Things (IoT) have become increasingly blurred. While these domains were once distinct, they now converge into a single, interconnected technology ecosystem—one that presents both unprecedented opportunities and critical security challenges. In this keynote, Michael Clothier, Chief Information Security Officer at Northrop Grumman, brings 30 years of global cybersecurity leadership to explore how organizations can rethink their approach to securing "technology" as a whole, rather than as separate silos. Drawing on his extensive experience across the U.S., Australia, Asia, and beyond—including securing mission-critical defense and aerospace systems, leading enterprise IT transformations, and integrating cybersecurity across diverse industries—Michael will examine the evolution of security challenges from historical, international, and cross-industry perspectives. Key discussion points include: From Air-Gapped to Always Connected – A historical view of how IT, OT, and IoT security challenges have evolved and what we can learn from past approaches.The Global Cybersecurity Landscape – Insights from securing critical infrastructure across Asia, Australia, and the U.S., and the lessons we can apply to today's interconnected world.Breaking Down the Silos – Why treating IT, OT, and IoT as distinct domains is outdated and how a unified security strategy strengthens resilience.National Security Meets Enterprise Security – Perspectives from both military and private-sector leadership on protecting sensitive data, intellectual property, and critical systems. As cybersecurity professionals, we must shift our mindset from securing individual components to securing the entire technology ecosystem. Whether you are safeguarding an industrial control system, an aircraft, or a corporate network, the fundamental security principles remain the same. By applying an integrated approach, we can better protect the critical systems that power modern society. Join Michael for this thought-provoking keynote as he challenges conventional thinking, shares real-world case studies, and provides actionable strategies to redefine cybersecurity in an era where everything is just "T." About the speaker: Chief Information Security Officer at Northrop Grumman

Tim Benedict, The Future of AI Depends on Guardrails

Wed, 26 Mar 2025 16:30:00 EDT

As companies expand AI adoption to accelerate business growth, they face an evolving landscape of security risks and regulatory uncertainty. With guidelines and policies still taking shape, organizations must balance innovation with responsibility, ensuring AI is both secure and aligned with emerging standards.This session will explore the challenges and risks organizations encounter on their AI journey, along with new approaches to mitigating threats and strengthening governance. We'll discuss how companies can navigate this shifting environment and implement guardrails that enable AI to drive business success—safely and responsibly. About the speaker: Tim Benedict is a seasoned technology executive with over two decades of experience spanning IT, cybersecurity, AI governance, and digital transformation. As the Chief Technology Officer at COMPLiQ, he leads the development of AI-driven compliance and security solutions, helping organizations navigate regulatory requirements, mitigate risks, and adopt AI securely. His work focuses on building resilient, scalable platforms that empower enterprises to integrate AI while maintaining transparency, security, and operational control.With a strong background in enterprise IT, cloud computing, and security architecture, Tim has worked across multiple industries, including finance, government, and technology. He has led large-scale cloud and cybersecurity initiatives, developed enterprise compliance strategies, and driven business-focused technology solutions that bridge innovation with regulatory and operational needs.Tim's expertise spans strategic leadership, technical innovation, and cross-functional collaboration. He has shaped security-first approaches for AI governance, developed scalable frameworks for risk mitigation, and helped businesses align technology investments with long-term growth strategies. Based in Indiana, he remains actively engaged in fostering industry advancements and driving innovation in AI security and compliance.

Amir Sadovnik, What do we mean when we talk about AI Safety and Security?

Wed, 12 Mar 2025 16:30:00 EDT

In February 2024, Gladstone AI produced a report for the Department of State, which opens by stating that "The recent explosion of progress in advanced artificial intelligence … is creating entirely new categories of weapons of mass destruction-like and weapons of mass destruction-enabling catastrophic risk." To clarify further, they define catastrophic risk as "catastrophic events up to and including events that would lead to human extinction." This strong yet controversial statement has caused much debate in the AI research community and in public discourse. One can imagine scenarios in which this may be true, perhaps in some national security-related scenarios, but how can we judge the merit of these types of statements? It is clear that to do so, it is essential to first truly understand the different risks AI adaptation poses and how those risks are novel. That is, when we talk about AI safety and security, do we truly have a clarity about the meaning of these terms? In this talk, we will examine the characteristics that make AI vulnerable to attacks and misuse in different ways and how they introduce novel risks. These risks may be to the system in which AI is employed, the environment around it, or even to society as a whole. Gaining a better understanding of AI characteristics and vulnerabilities will allow us to evaluate how realistic and pressing the different AI risks are, and better realize the current state of AI, its limitations, and what breakthroughs are still needed to advance its capabilities and safety. About the speaker: Dr. Sadovnik is a senior research scientist and the Research Lead for Center for AI Security Research (CAISER) at Oak Ridge National Lab. As part of this role, Dr. Sadovnik leads multiple research projects related to AI risk, adversarial AI, and large language model vulnerabilities. As one of the founders of CAISER, he's helping to shape its strategy and operations through program leadership, partnership development, workshop organization, teaching, and outreach.Prior to joining the lab, he served as an assistant professor in the department of electrical engineering and computer science at the University of Tennessee, Knoxville and as an assistant professor in the department of computer science at Lafayette College. He received his PhD from the School of Electrical and Computer Engineering at Cornell University, advised by Prof. Tsuhan Chen as member of the Advanced Multimedia Processing Lab. Prior to arriving at Cornell he received his bachelor's in electrical and computer engineering from The Cooper Union. In addition to his work and publications in AI and AI security, Dr. Sadovnik has a deep interest in workforce development and computer science education. He continues to teach graduate courses related to machine leaning and artificial intelligence at the University of Tennessee, Knoxville.

Hisham Zahid & David Haddad, Decrypting the Impact of Professional Certifications in Cybersecurity Careers

Wed, 5 Mar 2025 16:30:00 EST

Professional certifications have become a defining feature of the cybersecurity industry, promising enhanced career prospects, higher salaries, and professional credibility. But do they truly deliver on these promises, or are there hidden drawbacks to pursuing them? This presentation takes a deep dive into the dual-edged nature of certifications like CISSP, CISM, CEH, and CompTIA Security+, analyzing their benefits and potential limitations. Drawing on data-driven research, industry insights, and real-world case studies, we explore how certifications influence hiring trends, professional growth, and skills development in cybersecurity. Attendees will gain a balanced perspective on the role of certifications, uncovering whether they are a gateway to career success or an overrated credential. Whether you are an aspiring professional or a seasoned practitioner, this session equips you with the knowledge to decide if certifications are the key to unlocking your cybersecurity potential—or if other paths may hold the answers. About the speaker: Hisham Zahid is a seasoned cybersecurity professional and researcher with over 15 years of combined technical and leadership experience. Currently serving under the CISO as a Security Compliance Manager at a FinTech startup, he has held roles spanning engineering, risk management, audit, and compliance. This breadth of experience gives him unique insight into the complex security challenges organizations face and the strategies needed to overcome them.Hisham holds an MBA and an MS, as well as industry-leading certifications including CISSP, CCSP, CISM, and CDPSE. He is also an active member of the National Society of Leadership and Success (NSLS) and the Open Web Application Security Project (OWASP), reflecting his commitment to professional development and community engagement. As the co-author of The Phantom CISO, Hisham remains dedicated to advancing cybersecurity knowledge, strengthening security awareness, and guiding organizations through an ever-evolving threat landscape.David Haddad is a technology enthusiast and optimist committed to making technology and data more secure and resilient.David serves as an Assistant Director in EY's Technology Risk Management practice, focusing on helping EY member firms comply with internal and external security, data, and regulatory requirements. In this role, David supports firms in enhancing technology governance and oversight through technical reviews, consultations, and assessments. Additionally, David contributes to global AI governance, risk, and control initiatives, ensuring AI products and services align with the firm's strategic technology risk management processes.David is in the fourth year of doctoral studies at Purdue University, specializing in AI and information security. David's experience includes various technology and cybersecurity roles at the Federal Reserve Bank of Chicago and other organizations. David also served as an adjunct instructor and lecturer, teaching undergraduate courses at Purdue University Northwest.A strong advocate for continuous learning, David actively pursues professional growth in cybersecurity and IT through academic degrees, certifications, and speaking engagements worldwide. He holds an MBA with a concentration in Management Information Systems from Purdue University and multiple industry-recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA).His research interests include AI security and risk management, information management security controls, emerging technologies, cybersecurity compliance, and data protection.

Ali Al-Haj, Zero Trust Architectures and Digital Trust Frameworks: A Complementary or Contradictory Relationship?

Wed, 26 Feb 2025 16:30:00 EST

This session explores the foundational concepts and practical applications of Zero Trust Architectures (ZTA) and Digital Trust Frameworks (DTF), two paradigms gaining traction in cybersecurity. While Zero Trust challenges the traditional notion of trust by enforcing strict access controls and authentication measures, Digital Trust seeks to build confidence through data integrity, privacy, and ethical considerations. Through this talk, we will investigate whether these approaches intersect, complement, or diverge, and what this means for the future of cybersecurity. Attendees will gain insights into implementing these frameworks to enhance both security and user confidence in digital environments. In addition to a practical overview, this talk will highlight emerging research areas in both domains. About the speaker: Dr. Ali Al-Haj received his undergraduate degree in Electrical Engineering from Yarmouk University, Jordan, in 1985, followed by an M.Sc. degree in Electronics Engineering from Tottori University, Japan, in 1988 and a Ph.D. degree in Computer Engineering from Osaka University, Japan, in 1993. He then worked as a research associate at ATR Advanced Telecommunications Research Laboratories in Kyoto, Japan, until 1995. Prof. Al-Haj joined Princess Sumaya University for Technology, Jordan, in October 1995, where he currently serves as a Full Professor. He has published papers in dataflow computing, information retrieval, VLSI digital signal processing, neural networks, information security, and digital multimedia watermarking.

Adam Shostack, Risk is Not Axiomatic

Wed, 12 Feb 2025 16:30:00 EST

This talk will look at how systems are secured at a practical engineering level and the science of risk. As we try to engineer secure systems, what are we trying to achieve and how can we do that? Modern threat modeling offers some practical approaches we can apply today. The limits of those approaches are important, and we'll look at how risk management seems to be treated as an axiom, some history of risk as a discipline, and how we might use that history to build better risk management processes. About the speaker: Adam is the author of Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He's a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.His accomplishments include:Helped create the CVE. Now an Emeritus member of the Advisory Board.Fixed Autorun for hundreds of millions of systemsLed the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)Created the Elevation of Privilege threat modeling gameCo-authored The New School of Information SecurityBeyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Mustafa Abdallah, Effects of Behavioral Decision-Making in Proactive Security Frameworks in Networked Systems

Wed, 5 Feb 2025 16:30:00 EST

Facing increasingly sophisticated attacks from external adversaries, networked systems owners have to judiciously allocate their limited security budget to reduce their cyber risks. However, when modeling human decision-making, behavioral economics has shown that humans consistently deviate from classical models of decision-making. Most notably, prospect theory, for which Kahneman and Tversky won the 2002 Nobel memorial prize in economics, argues that humans perceive gains, losses and probabilities in a skewed manner. Furthermore, bounded rationality and imperfect best-response behavior has been frequently observed in human decision-making within the domains of behavioral economics and psychology. While there is a rich literature on these human decision-making factors in economics and psychology, most of the existing work studying security of networked systems does not take into account these biases and noises. In this talk, we show our proposed novel behavioral security game models for the study of human decision-making in networked systems modeled by attack graphs. We show that behavioral biases lead to suboptimal resource allocation patterns. We also analyze the outcomes of protecting multiple isolated assets with heterogeneous valuations via decision- and game-theoretic frameworks. We show that behavioral defenders over-invest in higher-valued assets compared to rational defenders. We then propose different learning-based techniques and adapt two different tax-based mechanisms for guiding behavioral decision-makers towards optimal security investment decisions. In particular, we show the outcomes of such learning and mechanisms on different realistic networked systems. In total, our research establishes rigorous frameworks to analyze the security of both large-scale networked systems and heterogeneous isolated assets managed by human decision makers and provides new and important insights into security vulnerabilities that arise in such settings. About the speaker: Dr. Mustafa Abdallah is a tenure-track Assistant Professor in the Computer and Information Technology (CIT) Department at Purdue University in Indianapolis, with a courtesy appointment at Purdue Polytechnic Institute. He earned his Ph.D. from the Elmore Family School of Electrical and Computer Engineering at Purdue University in 2022 and previously served as a tenure-track faculty member at IUPUI. His research focuses on game theory, behavioral decision-making, explainable AI, meta-learning, and deep learning, with applications in proactive security of networked systems, IoT anomaly detection, and intrusion detection. His work has been published in top security and AI venues, includingIEEE S&P, ACM AsiaCCS, IEEE TCNS, IEEE IoT-J, Computers & Security, and ACM TKDD. He has received the Bilsland Fellowship, multiple IEEE travel grants, and internal research funding from IUPUI. Dr. Abdallah has extensive industrial research experience, including internships at Adobe Research (meta-learning for time-series forecasting), Principal Financial Group (Kalman filter modeling for financial predictions), and RDI (deep learning for speech technology applications), which led to a U.S. patent and multiple publications. He holds B.Sc. and M.Sc. degrees from Cairo University, with a focus on electrical engineering and engineering mathematics, respectively.

D. Richard Kuhn, How Can We Provide Assured Autonomy?

Wed, 29 Jan 2025 16:30:00 EST

Safety and security-critical systems require extensive test and evaluation, but existing high assurance test methods are based on structural coverage criteria that do not apply to many black box AI and machine learning components. AI/ML systems make decisions based on training data rather than conventionally programmed functions. Autonomous systems that rely on these components therefore require assurance methods that evaluate input data to ensure that they can function correctly in their environments with inputs they will encounter. Combinatorial test methods can provide added assurance for these systems and complement conventional verification and test for AI/ML.This talk reviews some combinatorial methods that can be used to provide assured autonomy, including:Background on combinatorial test methodsWhy conventional test methods are not sufficient for many or most autonomous systemsWhere combinatorial methods applyAssurance based on input space coverageExplainable AI as part of validation About the speaker: Rick Kuhn is a computer scientist in the Computer Security Division at NIST, and is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE). He co-developed the role based access control (RBAC) model that is the dominant form of access control today. His current research focuses on combinatorial methods for assured autonomy and hardware security/functional verification. He has authored three books and more than 200 conference or journal publications on cybersecurity, software failure, and software verification and testing.

Nick Harrell, Mechanisms of Virality in Online Discourse

Wed, 22 Jan 2025 16:30:00 EST

Information virality is an increasingly important topic in modern media environments, but it often remains overlooked in discussions about information security. This presentation will explain why information virality is a cybersecurity concern and how it can be exploited to manipulate public discourse. By utilizing theories from prominent cultural psychologists and employing natural language processing techniques, we will demonstrate methods for capturing viral discourse and identifying additional features linked to behavioral patterns that may motivate participation in discussions. This talk will focus solely on the methodology and our preliminary findings, as the research is still ongoing. About the speaker: Nick Harrell has served in the military for 18 years. Currently, he works as a data systems engineer, where he designs, builds, and maintains complex data systems that help Army leaders make informed decisions. He is on a fellowship at Purdue University, pursuing a Ph.D. in Information Security. Nick is a member of the International Information System Security Certification Consortium (ISC2) and the Project Management Institute (PMI). His research interests focus on Natural Language Processing (NLP) for Information Assurance, specifically on mechanisms that enhance user engagement in online public discourse.

Stanislav Kruglik, Querying Twice: How to Ensure We Obtain the Correct File in a Private Information Retrieval Protocol

Wed, 15 Jan 2025 16:30:00 EST

Private Information Retrieval (PIR) is a cryptographic primitive that enables a client to retrieve a record from a database hosted by one or more untrusted servers without revealing which record was accessed. It has a wide range of applications, including private web search, private DNS, lightweight cryptocurrency clients, and more. While many existing PIR protocols assume that servers are honest but curious, we explore the scenario where dishonest servers provide incorrect answers to mislead clients into retrieving the wrong results.We begin by presenting a unified classification of protocols that address incorrect server behavior, focusing on the lowest level of resistance—verifiability—which allows the client to detect if the retrieved file is incorrect. Despite this relaxed security notion, verifiability is sufficient for several practical applications, such as private media browsing.Later on, we propose a unified framework for polynomial PIR protocols, encompassing various existing protocols that optimize download rate or total communication cost. We introduce a method to transform a polynomial PIR into a verifiable one without increasing the number of servers. This is achieved by doubling the queries and linking the responses using a secret parameter held by the client. About the speaker: Stanislav Kruglik has been a Research Fellow at the School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, since April 2022. He earned a Ph.D. in the theoretical foundations of computer science from the Moscow Institute of Physics and Technology, Russia, in February 2022. He is an IEEE Senior Member and a recipient of the Simons Foundation Scholarship. With over 40 scientific publications, his work has appeared in top-tier venues, including IEEE Transactions on Information Forensics and Security and the European Symposium on Research in Computer Security. His research interests focus on information theory and its applications, particularly in data storage and security.

Christopher Yeomans, Fairness as Equal Concession: Critical Remarks on Fair AI

Wed, 4 Dec 2024 16:30:00 EST

Although existing work draws attention to a range of obstacles in realizing fair AI, the field lacks an account that emphasizes how these worries hang together in a systematic way. Furthermore, a review of the fair AI and philosophical literature demonstrates the unsuitability of ‘treat like cases alike' and other intuitive notions as conceptions of fairness. That review then generates three desiderata for a replacement conception of fairness valuable to AI research: (1) It must provide a metatheory for understanding tradeoffs, entailing that it must be flexible enough to capture diverse species of objection to decisions. (2) It must not appeal to an impartial perspective (neutral data, objective data, or final arbiter.) (3) It must foreground the way in which judgments of fairness are sensitive to context, i.e., to historical and institutional states of affairs. We argue that a conception of fairness as appropriate concession in the historical iteration of institutional decisions meets these three desiderata. About the speaker: DR. CHRIS YEOMANS is Professor and Head of the Department of Philosophy at Purdue University. He earned his PhD at the University of California, Riverside in 2005 before joining the Purdue faculty in 2009. He is the author of three monographs, Freedom and Reflection: Hegel and the Logic of Agency, The Expansion of Autonomy: Hegel's Pluralistic Philosophy of Action, and The Politics of German Idealism: Law & Social Change at the Turn of the 19th Century (all from Oxford University Press). His work has been supported by the Purdue Provost's Faculty Fellowship for Study in a Second Discipline (history), the Alexander von Humboldt Foundation, and the National Science Foundation.

Mason Rice, Adversarial C2 inside OT Networks

Wed, 20 Nov 2024 16:30:00 EST

This presentation outlines adversarial command and control attacks in OT networks. Focusing on the electrical grid, this presentation highlights current gaps in critical infrastructure protection research. After discussing real-world examples, a fictional electrical grid is used to explore cyber-physical threats and mitigations to OT systems. About the speaker: Dr. Mason Rice is the director of the Cyber Resilience and Intelligence Division at Oak Ridge National Laboratory. In this role, he is responsible for an R&D portfolio focused on advanced intelligent systems and resilient cyber-physical systems, including research into (1) AI for national security, (2) cybersecurity for critical systems, (3) machine-augmented intelligence, (4) vulnerability science, and (5) identity science.Following retirement from the Army, Dr. Rice joined ORNL in 2017 as the Cyber-Physical R&D Manager and was soon appointed as the first Group Leader for Resilient Cyber-Physical Systems at ORNL. He ultimately grew the group into four focused research groups, at which point he was selected to be the first Section Head of the new Resilient Cyber-Physical Systems Section.

Yanxue Jia, HomeRun: High-efficiency Oblivious Message Retrieval, Unrestricted

Wed, 6 Nov 2024 16:30:00 EST

Oblivious Message Retrieval is designed to protect the privacy of users who retrieve messages from a bulletin board. Our work, HomeRun, stands out by providing unlinkability across multiple requests for the same recipient's address. Moreover, it does not impose a limit on the number of pertinent messages that can be received by a recipient, which thwarts "message balance exhaustion" attacks and enhances system usability. HomeRun also empowers servers to regularly delete the retrieved messages and the associated auxiliary data, which mitigates the constantly increasing computation costs and storage costs incurred by servers. Remarkably, none of the existing solutions offer all of these features collectively. About the speaker: Yanxue Jia is currently a post-doctoral researcher in the Department of Computer Science at Purdue University. In 2022, she obtained her Ph.D. in Computer Science from Shanghai Jiao Tong University. Her research mainly focuses on applied cryptography, especially secure computation, blockchain, and provable security. She is dedicated to designing efficient and secure cryptographic protocols that enhance collaboration while ensuring privacy protection. Her work has been published at top-tier conferences, such as USENIX Security, CCS, and Asiacrypt. For more detailed information about her academic and research background, please refer to her homepage https://yanxue820.github.io/

Roger Grimes, Many Ways to Hack MFA

Wed, 30 Oct 2024 16:30:00 EDT

Students: this is a hybrid event. You are strongly encouraged to attend in-person. Location: STEW G52 (Suite 050B) WL Campus. Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't! I can send you a regular phishing email and completely take control of your account even if you use a super-duper MFA token or smartphone app. I can hack ANY MFA solution at least a handful of different ways, although some forms of MFA are more resilient than others. Attend this presentation and learn the 12+ ways hackers can and do get around your favorite MFA solution. The presentation will include a (pre-filmed) hacking demo and real-life successful examples of every attack type. It will end by telling you how to better defend your MFA solution so that you get maximum benefit and security. About the speaker: Roger A. Grimes, CPA, CISSP, CEH, MCSE, CISA, CISM, CNE, yada, yada, Data-Driven Defense Evangelist for KnowBe4, Inc., is the author of 14 books and over 1400 articles on computer security, specializing in host security and preventing hacker and malware attacks. Roger is a frequent speaker at national computer security conferences and was the weekly security columnist at InfoWorld and CSO magazines between 2005 - 2019. He has worked at some of the world's largest computer security companies, including, Foundstone, McAfee, and Microsoft. Roger is frequently interviewed and quoted in the media including Newsweek, CNN, NPR, and WSJ. His presentations are fast-paced and filled with useful facts and recommendations.

Alessandro Acquisti, Behavioral Advertising and Consumer Welfare

Wed, 23 Oct 2024 16:30:00 EDT

Online behavioral advertising has raised privacy concerns due to its dependence on extensive tracking of individuals' behaviors and its potential to influence them. Those concerns have been often juxtaposed with the economic value consumers are expected to gain from receiving behaviorally targeted ads. Those purported economic benefits, however, have been more frequently hypothesized than empirically demonstrated. We present the results of two online experiments designed to assess some of the consumer welfare implications of behaviorally targeted advertising using a counterfactual approach. Study 1 finds that products in ads targeted to a sample of online participants were more relevant to them than randomly picked products but were also more likely to be associated with lower quality vendors and higher product prices compared to competing alternatives found among search results. Study 2 replicates the results of Study 1. Additionally, Study 2 finds the higher product relevance of products in targeted ads relative to randomly picked products to be driven by participants having previously searched for the advertised products. The results help evaluate claims about the direct economic benefits consumers may gain from behavioral advertising. About the speaker: Alessandro Acquisti is the Trustees Professor of Information Technology and Public Policy at Carnegie Mellon University's Heinz College. His research combines economics, behavioral research, and data mining to investigate the role of privacy in a digital society. His studies have promoted the revival of the economics of privacy, advanced the application of behavioral economics to the understanding of consumer privacy valuations and decision-making, and spearheaded the investigation of privacy and disclosures in social media.Alessandro has been the recipient of the PET Award for Outstanding Research in Privacy Enhancing Technologies, the IBM Best Academic Privacy Faculty Award, the IEEE Cybersecurity Award for Innovation, the Heinz College School of Information's Teaching Excellence Award, and numerous Best Paper awards. His studies have been published in journals across multiple disciplines, including Science, Proceedings of the National Academy of Science, Journal of Economic Literature, Management Science, Marketing Science, and Journal of Consumer Research. His research has been featured in global media outlets including the Economist, the New York Times, the Wall Street Journal, NPR, CNN, and 60 Minutes. His TED talks on privacy and human behaviour have been viewed over 1.5 million times.Alessandro is the director of the Privacy Economics Experiments (PeeX) Lab, the Chair of CMU Institutional Review Board (IRB), and the former faculty director of the CMU Digital Transformation and Innovation Center. He is an Andrew Carnegie Fellow (inaugural class), and has been a member of the Board of Regents of the National Library of Medicine and a member of the National Academies' Committee on public response to alerts and warnings using social media and associated privacy considerations. He has testified before the U.S. Senate and House committees and has consulted on issues related to privacy policy and consumer behavior with numerous agencies and organizations, including the White House's Office of Science and Technology Policy (OSTP), the US Federal Trade Commission (FTC), and the European Commission.He has received a PhD from UC Berkeley and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist).His research interests include privacy, artificial intelligence, and Nutella. In a previous life, he has been a soundtrack composer and a motorcycle racer (USGPRU).

Xiaoqi Chen, SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

Wed, 16 Oct 2024 16:30:00 EDT

Despite decades of mitigation efforts, SYN flooding attacks continue to increase in frequency and scale, and adaptive adversaries continue to evolve. In this talk, I will briefly introduce some background on the SYN flooding attack, existing defenses via SYN cookies and challenges to scale them to very high line rate (100Gbps+), and then present our latest work SmartCookie (USENIX Security '24). SmartCookie's innovative split-proxy defense design leverages high-speed programmable switches for fast and secure SYN cookie generation and verification, while implementing a server-side agent using eBPF to enable scalability for serving benign traffic. SmartCookie can defend against attack rate up to 130+ million packet per second with no packet loss, while also achieving 2x-6.5x lower end-to-end latency for benign traffic compared to existing switch-based hardware defenses. About the speaker: Xiaoqi Chen recently joined as an assistant professor at the School of Electrical and Computer Engineering, Purdue University. His research focuses on utilizing algorithm design for high-speed network data planes to improve network measurement and telemetry, implement closed-loop optimization for intelligent resource allocation and congestion control, as well as to enable novel approaches for enhancing network security and privacy.

Zhou Li, The Road Towards Accurate, Scalable and Robust Graph-based Security Analytics: Where Are We Now?

Wed, 9 Oct 2024 16:30:00 EDT

Graph learning has gained prominent traction from the academia and industry as a solution to detect complex cyber-attack campaigns. By constructing a graph that connects various network/host entities and modeling the benign/malicious patterns, threat-hunting tasks like data provenance and entity classification can be automated. We term the systems under this theme as Graph-based Security Analytics (GSAs). In this talk, we first provide a cursory view of GSA research in the recent decade, focusing on the academic side. Then, we elaborate a few GSAs developed in our lab, which are designed for edge-level intrusion detection (Argus), subgraph-level attack reconstruction (ProGrapher) and storage reduction (SEAL). In the end of the talk, we will review the progress and pitfalls along the development of GSA research, and highlight some research opportunities. About the speaker: Zhou Li is an Assistant Professor at UC Irvine, EECS department, leading the Data-driven Security and Privacy Lab. Before joining UC Irvine, he worked as Principal Research Scientist at RSA Labs from 2014 to 2018. His research interests include Internet Security, Organizational network security, Privacy Enhancement Technologies, and Security and privacy for machine learning. He received the NSF CAREER award, Amazon Research Award, Microsoft Security AI award and IRTF Applied Networking Research Prize.

Michail Maniatakos, Dissecting the Software Supply Chain of Modern Industrial Control Systems

Wed, 2 Oct 2024 16:30:00 EDT

Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS. The evolution of ICS abstracting the control logic to a purely software level hosted on a generic OS, combined with hyperconnectivity and the integration of popular open source libraries providing advanced features, have expanded the ICS attack surface by increasing the entry points and by allowing traditional software vulnerabilities to be repurposed to the ICS domain. In this seminar, we will shed light to the security landscape of modern ICS, dissecting firmware from the dominant vendors and motivating the need of employing appropriate vulnerability assessment tools. We will present methodologies for blackbox fuzzing of modern ICS, both directly using the device and by using the development software. We will then proceed with methodologies on hotpatching, since ICS cannot be easily restarted in order to patch any discovered vulnerabilities. We will demonstrate our proposed methodologies on various critical infrastructure testbeds. About the speaker: Michail (Mihalis) Maniatakos is an Associate Professor of Electrical and Computer Engineering at New York University (NYU) Abu Dhabi, UAE, and a Research Associate Professor at the NYU Tandon School of Engineering, New York, USA. He is the Director of the MoMA Laboratory (nyuad.nyu.edu/momalab), NYU Abu Dhabi. He received his Ph.D. in Electrical Engineering, as well as M.Sc., M.Phil. degrees from Yale University. He also received the B.Sc. and M.Sc. degrees in Computer Science and Embedded Systems, respectively, from the University of Piraeus, Greece. His research interests, funded by industrial partners, the US government, and the UAE government include privacy-preserving computation and industrial control systems security.

Chance Younkin, Shamrock Cyber – When Luck Just Isn't Enough

Wed, 25 Sep 2024 16:30:00 EDT

In the past 30 years, the world has experienced a booming IoT market, advances in automation and OT systems, and an ever-increasing dependence on cyber in every aspect of modern life. This target rich environment is ideal for cyber adversaries seeking access to systems and devices for financial gain, espionage, digital harassment, or outright cyber-warfare. Naturally, this leads to expanded attack surfaces, increased risk, and a complex and costly cyber arms race.By combining consequences, threats, and vulnerabilities and mapping them to mission risk, Shamrock Cyber significantly reduces the effort to prioritize, communicate, and mitigate risk. The Shamrock approach enables defenders to focus on their domains and yet understand and operate based on the domains of others. Through 4 kinds of analysis—Consequence, Threat, Vulnerability, and Risk, there are multiple approaches to suit the needs of many missions. Shamrock Cyber uniquely blends traditionally effective activities with innovative mission focused analyses that unite the equities of executives, managers, cyber practitioners, and system developers.Shamrock Cyber does not depend on leprechauns and luck to find cybersecurity gold at the end of the rainbow. Instead, it focuses on combining consequences, threats, and vulnerabilities, to communicate and reduce mission risk along with explaining the WHY to all involved. About the speaker: Born in Indiana and growing up in Butte, Montana from the age of 4, Chance received a BS in Computer Science at Montana Tech in Butte in 1988. He then pursued an MS in computer science concentrating on visualization at Montana State in Bozeman, Montana. Following graduation at MSU, Chance joined Pacific Northwest National Laboratory in July of 1991. He's been there ever since and has worked as a software developer, architect, project manager, and task lead on projects ranging from Air Force cockpit software to molecular visualization, to atmospheric science, to text visualization, to data quality, and for the last 15 years, cybersecurity. Chance leads software and system security analysis projects ranging from building technology, nuclear, and radiation monitoring systems. He is passionate about building bridges between researchers, engineers, and operations in the cybersecurity domain.

Ashok Vardhan Raja, Exploiting Vulnerabilities in AI-Enabled UAV: Attacks and Defense Mechanisms

Wed, 18 Sep 2024 16:30:00 EDT

Recorded: 09/18/2024 CERIAS Security Seminar at Purdue University Exploiting Vulnerabilities in AI-Enabled UAV: Attacks and Defense Mechanisms Ashok Vardhan Raja, Purdue University Northwest In recent years, UAVs have seen significant growth in both military and civilian applications, thanks to their high mobility and advanced sensing capabilities. This expansion has been further accelerated by rapid advancements in AI algorithms and hardware. While AI integration enhances the intelligence and efficiency of UAVs, it also introduces new security and safety concerns due to potential vulnerabilities in the underlying AI models. These vulnerabilities can be exploited by malicious actors, leading to severe security risks and operational failures. This talk will focus on securing the integration of AI into UAVs to ensure their resilience in adversarial environments. We will begin by analyzing the data sensing and processing pipeline of key sensors used in AI-enabled UAV operations,identifying areas where vulnerabilities may exist. Following this, we will explore how to develop defense mechanisms to strengthen the robustness of these AI-driven UAV systems against potential threats. AI-enabled anomaly detection. AI-enabled anomaly detection and AI-enabled UAV infrastructure inspection will be leveraged as case studies in this talk. The talk will also cover the use of Large Language Models to improve this integration's security About the speaker: Ashok Vardhan Raja is an Assistant Professor of Cybersecurity in the department of Computer Information Technology and Graphics for the College of Technology at Purdue University Northwest. His research is on secure integration of Artificial Intelligence (AI) and Cyber Physical Systems (CPS)such as UAVs for robust operations. He is expanding his current work by using Swarm of UAVs to address security issues and to other domains in the integration of AI and CPS.

Russel Waymire, IDART (Information Design Assurance Red Team): A Red Team Assessment Methodology

Wed, 11 Sep 2024 16:30:00 EDT

The Information Design Assurance Red(IDART) methodology is optimized to evaluate system designs and identify vulnerabilities by adopting, in detail, the varying perspectives of a system's most likely adversaries. The results provide system owners with an attacker's-eye view of their system's strengths and weaknesses.IDART can be applied to a diversity of complex networks, systems, and applications, including those that mix cyber technology with industrial machinery or other equipment. The methodology can be used throughout a system's lifecycle but the assessments are less expensive and more beneficial during design and development, when weaknesses can be found and mitigated more easily.Developed at Sandia National Laboratories in the mid-1990s and updated frequently, the IDART framework is NIST-recognized and designed for repeatability and measurable results. Atypical assessment includes the following high-level activities:Characterizing the target system and its architectureIdentifying nightmare consequencesAnalyzing the system for security strengths and weaknessesIdentifying potential vulnerabilities that could lead to nightmare consequencesDocumenting results and providing prioritized mitigation strategiesIDART assessors think like adversaries. To do this, they first develop a range of categorical profiles or"models" of a system's most likely attackers. Factors include an adversary's specific capabilities (i.e., domain knowledge, access, resources) as well as intangibles such as motivation and risk tolerance. The assessment team then uses this adversarial lens to measure the risks posed by system weaknesses and to prioritize mitigations.For efficiency and thoroughness, IDART relies on a free exchange of information. System personnel share documentation and participate in discussions that help assessors efficiently find as many attack paths as possible. In turn, the IDART team is transparent in conducting its assessment activities, giving system owners greater confidence in the work and the resulting analysis.All of these traits combine to make IDART a highly flexible tool. The methodology helps system owners identify critical vulnerabilities, understand adversary threats, and weigh appropriate strategies for delivering components, systems, and plans that are botheffective and secure. About the speaker: Russel Waymire is a manager at Sandia National Laboratories in the area of Cyber-Physical Security. Mr. Waymire has over 25 years of experience in the design, implementation, testing, reverse engineering, and securing of software and hardware systems in IT and OT environments. Mr. Waymire began his career as a software developer at Honeywell Defense Avionic Systems in Albuquerque New Mexico, where he developed the requirements, design, implementation, and testing of software for a variety of platforms that included the F-15, C-27J, KC-10, C-130, and the C5 aircraft. He then went on to Sandia National Laboratories in Albuquerque New Mexico where he has had an opportunity to work on a wide range of projects including algorithms in combinatorial optimization, software development for mod-sim force-on-force interactions and cognition/AI development, satellite software for operational systems in orbit, cyber vulnerability assessments for various US government agencies, and cyber physical assessments for numerous foreign partners that included physical and cyber upgrades at nuclear power plants and research reactors worldwide. Russel currently uses his experience and insights to lead a team researching innovative ways to protect critical infrastructure, space systems, and other high-consequence operational technologies.

Chris Kubecka de Medina, Empowering the Next Generation of Digital Defenders: Ethics in Cybersecurity and Emerging Technologies

Wed, 4 Sep 2024 16:30:00 EDT

At Purdue University, Ms. Kubecka will discuss how technologists, especially the next generation of digital defenders, can be empowered to consider ethics in cybersecurity, privacy, and emerging technologies, and how they can use their power for good in tech. About the speaker: Ms. Chris Kubecka is a globally recognized cybersecurity expert with over two decades of experience, known for her pivotal role in digital defense and her commitment to ethical technology practices. She has established a formidable reputation for protecting both national and international cybersecurity interests, often at the highest levels of government and industry.Ms. Kubecka's career began with a strong technical foundation, rapidly advancing into leadership roles that demand both tactical acumen and strategic foresight. Her expertise spans cyber warfare, digital intelligence, artificial intelligence, and the development of robust cybersecurity frameworks, including those addressing the challenges of post-quantum computing.A thought leader in cybersecurity, Ms. Kubecka frequently contributes to international conferences, policy discussions, and academic forums. She is the author of several influential books, including Hack The World With OSINT, and has published numerous research papers on platforms like ResearchGate. Her work often explores the ethical implications of emerging technologies and the critical role of privacy in cybersecurity.Ms. Kubecka serves as the CEO and Founder of HypaSec NL, Senior Cybersecurity Advisor for Elemental Concept, and Chief Hacktress for Unit6 Technologies. Her significant contributions to the field have been recognized with numerous awards, including The Order of Thor. She is also a former Distinguished Chair for the Middle East Institute's Cyber Security and Emerging Technology Program.Throughout her career, Ms. Kubecka has led critical operations that highlight the intersection of cybersecurity and human rights. During the conflict in Ukraine, she used her expertise to facilitate the evacuation of civilians, applying digital intelligence to support these missions. In Venezuela, her investigations uncovered the weaponization of government-backed applications, such as the Ven App and Patrica App, which are used for surveillance and repression of dissent. Her research revealed how these apps are being exploited to target citizens, leading to arrests, disappearances, and even deaths, underscoring the dire consequences of unethical technology use.Ms. Kubecka's background as a USAF aviator and former member of the USAF Space Command highlights her extensive commitment to defense in both the physical and digital realms. Her journey began at a young age, with her early technical skills leading to her first major hacking achievement at age ten.

David Haddad, AI's Security Maze: Navigating AI's Top Cybersecurity Risks Through Strategic Planning and Resilient Operations

Wed, 28 Aug 2024 16:30:00 EDT

Students: this is a hybrid event. You are strongly encouraged to attend in-person. Location: STEW G52 (Suite 050B) WL Campus. The rapid commercialization of GenAI products and services has significantly broadened the landscape of potential attack vectors targeting enterprise infrastructure, operations, and processes. This evolution poses substantial risks to enterprise assets and operations, requiring continuous risk, attack, and threat surface analysis. This exploratory study delineates critical findings across three key dimensions:An analysis of current market trends related to AI-driven cyber and information security risks;An overview of emerging regulatory requirements and compliance efforts specific to AI technologies and;Strategic initiatives for identifying and mitigating these risks, informed by insights from both industry and academia.The presentation provides a roadmap for technology practitioners navigating the complex intersection of AI innovation and cybersecurity. About the speaker: David is an Assistant Director in Ernst & Young's Americas Technology Risk Management practice. He focuses on Americas and Global technology risk assessments, supports IT and data regulatory efforts, and coordinates IT risk management processes for member firms. He brings over eight years of external and internal experience in information security consulting, technology, IT audit, and GRC across public and private industries. He previously served as an adjunct instructor and lecturer for undergraduate programs at Purdue University Northwest.David is pivotal in supporting EY's strategic technology, information security, and compliance projects. His specialties include continuous risk identification & analysis, GRC strategy development, security control testing analysis (e.g., NIST, ISO), and solutions development to manage enterprise risks across various IT domains and emerging technologies (e.g., AI).David is a passionate and dedicated professional who embodies the mindset of a continuous learner in IT, information security, emerging technologies, and data privacy. He proactively expands his knowledge and skillsets by pursuing advanced degrees, obtaining professional certifications, and conducting domestic & international speaking engagements.

Shagufta Mehnaz, Privacy and Security in ML: A Priority, not an Afterthought

Wed, 21 Aug 2024 16:30:00 EDT

The increased use of machine learning (ML) technologies on proprietary and sensitive datasets has led to increased privacy breaches in many sectors, including healthcare and personalized medicine. Although federated learning (FL) systems allow multiple parties to train ML models collaboratively without sharing their raw data with third-party entities, security concerns arise from the involvement of potentially malicious FL clients aiming to disrupt the learning process. In this talk, I will present how my research addresses these challenges by developing frameworks to analyze and improve the privacy and security aspects of ML. First, I will talk about model inversion attacks that allow an adversary to infer part of the sensitive training data with only black-box access to a vulnerable classification model. I will then present FLShield, a novel FL framework that utilizes benign data from FL participants to validate the local models before taking them into account for generating the global model. I will conclude with a discussion of challenges in building practical data-driven systems that take into account data privacy and security while keeping the intended functionality of the system unimpaired. About the speaker: Shagufta Mehnaz is an Assistant Professor of the Computer Science and Engineering department at The Pennsylvania State University. She is broadly interested in the areas of privacy, security, and machine learning. Her research focuses on enhancing the privacy and security of machine learning techniques and models themselves, as well as developing novel machine learning techniques to protect data security and privacy. She directs the PRIvacy, Security, and Machine Learning lab (PRISMLab) at Penn State. She obtained her Ph.D. in Computer Science from Purdue University in 2020. She also received the Bilsland Dissertation Fellowship at Purdue. She was one of the 100 Computer Science Young Researchers selected worldwide for the Heidelberg Laureate Forum (HLF) in 2018.

David Stracuzzi, Defining Trusted Artificial Intelligence for the National Security Space

Wed, 24 Apr 2024 16:30:00 EDT

For the past four years, Sandia National Laboratories has been conducting a focused research effort on Trusted AI for national security problems. The goal is to develop the fundamental insights required to use AI methods in high-consequence national security applications while also improving the practical deployment of AI. This talk looks at key properties of many national security problems along with Sandia's ongoing effort to develop a certification process for AI-based solutions. Along the way, we will examine several recent and ongoing research projects, including how they contribute to the larger goals of Trusted AI. The talk concludes with a forward-looking discussion of remaining research gaps. About the speaker: David manages the Machine Intelligence and Visualization department, which conducts cutting-edge research in machine learning and artificial intelligence for national security applications, including the advanced visualization of data and results. David has been studying machine learning in the broader context of artificial intelligence for over 15 years. His research focuses on applying machine learning methods to a wide variety of domains with an emphasis on estimating the uncertainty in model predictions to support decision making. He also leads the Trusted AI Strategic Initiative at Sandia, which seeks to develop fundamental insights into AI algorithms, their performance and reliability, and how people use them in national security contexts. Prior to joining Sandia, David spent three years as research faculty at Arizona State University and one year as a postdoc at Stanford University developing intelligent agent architectures. He received his doctorate in 2006 and MS in 2002 from the University of Massachusetts at Amherst for his work in machine learning. David earned his Bachelor of Science from Clarkson University in 1998.Sandia National Laboratories is a multimission laboratory managed and operated by National Technology & Engineering Solutions of Sandia, LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-NA0003525.

Evan Sultanik, In Pursuit of Silent Flaws: Dataflow Analysis for Bugfinding and Triage

Wed, 10 Apr 2024 16:30:00 EDT

In this presentation, I provide a thorough exploration of how dataflow analysis serves as a formidable method for discovering and addressing cybersecurity threats across a wide spectrum of vulnerability types. For instance, I'll illustrate how we can employ dynamic information flow tracking to automatically detect "blind spots"—sections of a program's input that can be changed without influencing its output. These blind spots are almost always indicative of an underlying bug. Furthermore, I will demonstrate how the use of hybrid control- and dataflow information in differential analysis can aid in uncovering variability bugs, commonly known as "heisenbugs." By delving into these practical applications of dataflow analysis and introducing open-source tools designed to implement these strategies, the goal is to present practical steps for pinpointing, debugging, and managing a diverse array of software bugs. About the speaker: Dr. Evan Sultanik is a principal computer security researcher at Trail of Bits. His recent research covers language-theoretic security, program analysis, detecting variability bugs via taint analysis, dependency analysis via program instrumentation, and consensus protocols for distributed ledgers. He is an editor of and frequent contributor to the offensive computer security journal "Proof of Concept or GTFO." Prior to joining Trail of Bits, Dr. Sultanik was the Chief Scientist at Digital Operatives and, prior to that, a Senior Research Scientist at The Johns Hopkins Applied Physics Laboratory. His dissertation was on the discovery of a family of combinatorial optimization problems the solutions for which can be approximated constant factor of optimal in polylogarithmic time on a parallel computer or distributed system. This was a surprising result since many of the problems in the family are NP-Hard. In a life prior to academia, Evan was a professional software engineer.

Daniel Shoemaker, Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Wed, 27 Mar 2024 16:30:00 EDT

The aim of this discussion is to publicize both the challenge and potential solution for the integration of secure supply chain risk management content into conventional software engineering programs. The discipline of software engineering typically does not teach students how to ensure that the code produced and sold in commercial off-the-shelf (COTS) products hasn't been compromised during the sourcing process. We propose a comprehensive and standard process based on established best practice principles that can provide the basis to address the secure sourcing of COTS products. About the speaker: Dr. Dan Shoemaker received a doctorate from the University of Michigan in 1978. He taught at Michigan State University and then moved to the Business School at the University of Detroit Mercy to Chair their Department of Computer Information Systems (CIS). He attended the organizational roll-out of the discipline of software engineering at the Carnegie-Mellon University Software Engineering Institute in the fall of 1987. From that, he developed and taught a SEI-based software engineering curriculum as a separate degree program to the MBA within the College. During that time, Dr. Shoemaker's specific areas of scholarship, publication, and teaching centered on the processes of the SWEBOK, specifically specification, SQA, and SCM/sustainment. Dr. Shoemaker's transition into cybersecurity came after UDM was designated the 39th Center of Academic Excellence by the NSA/DHS at West Point in 2004. His research concentrated on the strategic architectural aspects of cybersecurity system design and implementation, as well as software assurance. He was the Chair of Workforce Training and Education for the DHS/DoD Software Assurance initiative (2007-2010), and he was one of the three authors of the Common Body of Knowledge to Produce, Acquire, and Sustain Software (2006). He was also a subject matter expert for NICE (2009 and NICE II – 2010-11). Dr. Shoemaker was also an SME for the CSEC 2017 (Human Security).This exposure led to a grant to develop curricula for software assurance and the founding of the Center for Cybersecurity and Intelligence Studies, where he currently resides. Dr. Shoemaker's final significant grant was from the DoD to develop a curriculum and teaching and course material for Secure Acquisition (in conjunction with the Institute for Defense Analysis and the National Defense University). He has published 14 books in the field, ranging from Cyber Resilience (CRC Press) to the CSSLP All-In-One (McGraw-Hill). His latest book, "Teaching Cyber Security" (Taylor and Francis), is aimed at K-12 teachers.

Douglas Huelsbeck, The Importance of Security by Design & The Importance of Including Cybersecurity Experts in Your Business Decisions

Wed, 20 Mar 2024 16:30:00 EDT

How Cybersecurity relates to various fields of business/ industries – how it works in these fields, different risks and vulnerabilities that are out there, which explains why manufacturing cybersecurity into the design of a product or service is so imperative. In companies today Budget Managers and Business Managers and Engineers are making decisions on their cybersecurity options without including cybersecurity experts in that process. Without the input from the cybersecurity experts, some cybersecurity decisions are made with cost savings as the primary goal, and cutting corners in cybersecurity can actually be a bad idea.

Alejandro Cuevas, The Fault in Our Stars: How Reputation Systems Fail in Practice

Wed, 6 Mar 2024 16:30:00 EST

Reputation systems are crucial to online platforms' health. They are prevalent across online marketplaces and social media platforms either visibly (e.g., as star ratings and badges) or invisibly as signals that feed into recommendation engines. In theory, good behavior (e.g., honest, accurate, high-quality) begets high reputation, while poor behavior is deterred and pushed off the platform. In this talk, I will discuss how these systems seem to fulfill this mission only coarsely. On one platform, we were able to predict 2 times more suspensions than the reputation system in place using other public signals. On another study, we found that users with high reputation signals were suspended at significantly lower rates (up to 3 times less) for the same number of offenses and behavior as regular users, which suggests they may be impairing content moderation efforts. I will provide some hypotheses to explain these results and offer preliminary findings from current work. About the speaker: Alejandro is a 5th year PhD student at Carnegie Mellon University in Societal Computing, advised by Prof. Nicolas Christin. He is interested in measuring social influence in online communities adjacent to underground economies. His recent work focuses on how reputation is leveraged in anonymous marketplaces, p2p marketplaces, and cryptocurrency communities. He is a recipient of a CMU Cylab Presidential Fellowship, as well as a IEEE S&P Distinguished Paper Award. Prior to CMU, he obtained a B.S. from The Pennsylvania State University, where he worked with Prof. Peng Liu and Prof. Xinyu Xing on a variety of systems security projects. A Paraguayan native, Alejandro has been invited to talk about his work at the Paraguayan Central Bank and the Paraguayan National Police.

Sanket Naik, Modern Enterprise Cybersecurity: A CISO perspective

Wed, 28 Feb 2024 16:30:00 EST

The frequency, materiality, and impact of cybersecurity incidents is at a level that the business world has never seen before. CISOs are at the forefront of this. The speaker has experience with developing cybersecurity products and managing IT infrastructure and security from startup to massive scale. The talk will go through the roles, responsibilities, rewards, and perils, of being a CISO in a modern enterprise software company in these turbulent times. We will explore some hard problems that need to be solved for the good guys to continue winning. About the speaker: Sanket Naik is the founder and CEO at Palosade, building modern AI-powered cyber threatintelligence solutions to defend companies from AI-weaponized adversaries. Heenjoys giving back to startups through investing and advisory roles.Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS inCS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

Jennifer Bayuk, Stepping Through Cybersecurity Risk Management A Systems Thinking Approach

Wed, 21 Feb 2024 16:30:00 EST

In the realm of risk, cybersecurity is a fairly new idea. Most people currently entering the cybersecurity profession do not remember a time when cybersecurity was not a major concern. Yet at the time of this writing, reliance on computers to run business operations is less than a century old. Prior to this time, operational risk was more concerned with natural disasters than man-made ones. Fraud and staff mistakes are also part of operational risk, so as dependency on computers steadily increased from the 1960s through the 1980s, a then-new joke surfaced: To err is human, but if you really want to screw things up, use a computer.Foundational technology risk management concepts have been in place since the 1970s, but the tuning and the application of these concepts to cybersecurity were slow to evolve. Yet there is no doubt that cybersecurity risk management tools and techniques have continuously improved.. Although the consequences of cybersecurity incidents have become dramatically more profound over the decades, available controls have also become more comprehensive, more ubiquitous, and more effective. This seminar is intended to make the fundamentals of cybersecurity risk management visible to those who are contributing to it, and comprehensible to those looking in from the outside. Like any effort to increasing visibility, increasing transparency in cybersecurity requires clearing out some clouds first. That is, in the tradition of Spaf's recent book on the topic*, busting some cybersecurity management myths that currently cloud management thinking about cybersecurity and replacing them with risk management methodologies that work.*Spafford, G., Metcalf, L. and Dykstra, J. (2022). Cybersecurity Myths and Misconceptions, Avoiding the Hazards and Pitfalls that Derail Us. Addison-Wesley. About the speaker: Dr. Jennifer L. Bayuk, Ph.D. is experienced in a wide variety of cybersecurity positions, including Wall Street Chief Information Security Officer, Global Bank Operational Risk Management, Financial Services Internal Audit, Big 4 Information Systems Risk Management, Bell Labs Security Software Engineer, Risk Management Software Company Founder, and Expert Witness.Author of multiple textbooks and articles on a variety of cybersecurity topics and is a frequent contributor to Cybersecurity Conferences, Boards, Committees, and educational forums.Jennifer has created curriculum on numerous information security, cybersecurity, and technology risk topics for conferences, seminars, corporate training, and graduate-level programs. Adjunct Professor at Quinnipiac University, Kean University, and Stevens Institute of Technology.She has a BS in Computer Science and Philosophy from Rutgers University, MS (1992) in Computer Science and a PhD (2012) in Systems Engineering from Stevens Institute of Technology.

Jonathan (Jono) Spring, On Security Operations for AI Systems

Wed, 14 Feb 2024 16:30:00 EST

We must be methodical and intentional about how Artificial Intelligence (AI) systems are designed, developed, deployed, and operationalized, particularly in critical infrastructure contexts. CISA, the UK-NCSC, and our partners advocate a secure by design approach where security is a core requirement and integral to the development of AI systems from the outset, and throughout their lifecycle, to build wider trust that AI is safe and secure to use. This talk will focus on challenges and opportunities in the secure deployment, operation, and maintenance of AI software systems. The talk will use publications on the practice of coordinated vulnerability disclosure as a motivating example. About the speaker: Dr. Jonathan Spring is a cybersecurity specialist in the Cybersecurity and Infrastructure Security Agency. Working within the Cybersecurity Division's Vulnerability Management Office, his area of focus includes researching and producing reliable evidence to support effective cybersecurity policies at various levels of vulnerability management, machine learning, and threat intelligence.Prior to joining CISA, Jonathan held positions in the Computer Emergency Response Team (CERT) division of the Software Engineering Institute (SEI) at Carnegie Mellon University and was adjunct professor at the University of Pittsburgh's School of Information Sciences.

Maksim Eren, Tensor Decomposition Methods for Cybersecurity

Wed, 7 Feb 2024 16:30:00 EST

Tensor decomposition is a powerful unsupervised machine learning method used to extract hidden patterns from large datasets. This presentation aims to illuminate the extensive applications and capabilities of tensors within the realm of cybersecurity. We offer a comprehensive overview by encapsulating a diverse array of capabilities, showcasing the cutting-edge employment of tensors in the detection of network and power grid anomalies,identification of SPAM e-mails, mitigation of credit card fraud, and detection of malware. Additionally, we delve into the utility of tensors for classifying malware families, pinpointing novel forms of malware, analyzing user behavior,and utilizing tensors for data privacy through federated learning techniques. About the speaker: Maksim E. Eren is an early career scientist in A-4, Los Alamos National Laboratory (LANL) Advance Research in Cyber Systems division. He graduated Summa Cum Laude with a Computer Science Bachelor's at University of Maryland Baltimore County (UMBC) in 2020 and Master's in 2022. He is currently pursuing his Ph.D. at UMBC's DREAM Lab, and he is a Scholarship for Service CyberCorps alumnus. His interdisciplinary research interests lie at the intersection of machine learning and cybersecurity, with a concentration in tensor decomposition. His tensor decomposition-based research projects include large-scale malware detection and characterization, cyber anomaly detection,data privacy, text mining, and high performance computing. Maksim has developed and published state-of-the-art solutions in anomaly detection and malware characterization. He has also worked on various other machine learning research projects such as detecting malicious hidden code, adversarial analysis of malware classifiers, and federated learning. At LANL, Maksim was a member of the 2021 R&D 100 winning project SmartTensors, where he has released a fast tensor decomposition and anomaly detection software, contributed to the design and development of various other tensor decomposition libraries, and developed state-of-the-art text mining tools.

William Malik, Multifactor Authentication - The Problem, Recommendations, and Future Concerns

Wed, 31 Jan 2024 16:30:00 EST

In the course of the talk I'll discuss current authentication challenges, the looming problem with cracking public key encryption, and short and medium term recommendations to help folks stay secure. About the speaker: Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things. This involves technology, policy, and procedures, and impacts acquisition/development through deployment, operations, maintenance, and replacement or retirement. During his five-decade IT career, Bill has worked as an application programmer with the John Hancock Insurance company; an OS developer, tester, and planner with IBM; a research director and manager at Gartner for the Information Security Strategies service and the Application Integration and Middleware service, and served as CTO of Waveset, an identity management vendor acquired by Sun. At Trend Micro, Bill provided research and analysis of the current state and future trends in information security. He participates in the ISO/IEC 62443 standards body and the CISA ICSJWG on ICT security. He runs his own consulting business providing information security, disaster recovery, identity management, and enterprise solution architecture services. Bill has over 180 publications and has spoken at numerous events worldwide. Bill attended MIT, majoring in Mathematics. He is a member of CT InfraGard and ISACA.

Solomon Sonya, Enhancing Cybersecurity via Lessons Learned from the Evolution of Malware

Wed, 24 Jan 2024 16:30:00 EST

Exploitations in cybersecurity continue to increase in sophistication and prevalence. The purpose of this talk is to discuss how the evolution of malware has led to increased exploitation and then discuss ways to enhance the cybersecurity paradigm. About the speaker: Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master's Degrees in Computer Science, Information Systems Engineering, and Operational Art and Strategy. Solomon routinely develops new cyber security tools and presents his research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy and Research Scholar at the University of Southern California, Los Angeles. Solomon's previous keynote and conference engagements include: DEFCON and BlackHat USA in Las Vegas, NV, SecTor Canada, Hack in Paris and LeHack, France, HackCon Norway, ICSIS – Toronto, ICORES Italy, BruCon Belgium, CyberCentral – Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf - France, CyberSecuritySummit Texas, SANS Digital Forensics Summit, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, TakeDownCon Connecticut, Maryland, and Alabama, and AFCEA – Colorado Springs and Indianapolis.

Leigh Metcalf, Grep for Evil

Wed, 17 Jan 2024 16:30:00 EST

Evil has been lurking in the Internet since its inception. The IETF recognized this, releasing RFC 3514 on the evil bit. Unfortunately it isn't widely adopted, so we have to find our evil in other ways. Grepping is a time honored way of finding needles in haystacks, so let's see how much evil we can find in the DNS haystack...And can we answer the question of "Why is it so easy?" About the speaker: Leigh Metcalf is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity (CERT) division. CERT is composed of a diverse group of researchers, software engineers, and security analysts who are developing cutting-edge information and training to improve the practice of cybersecurity. Before joining CERT, Leigh spent more than 10 years in industry working as a systems engineer, architect, and security specialist.

Sandhya Aneja, Invisible Signatures: Device Fingerprinting in a Connected World

Wed, 10 Jan 2024 16:30:00 EST

The field of cybersecurity is constantly evolving, and Device Fingerprinting (DFP) has emerged as a crucial technique for identifying network devices based on their unique traffic data.This is necessary to protect against sophisticated cyber-attacks. However,automating device classification is complex, as it involves a vast and diverse feature space derived from various network layers, such as application,transport, and physical. With the advances in machine learning and deep learning, DFP has become more accurate and adaptable, integrating multi-layered data and emphasizing the need to balance robust security measures. The study of DFP, especially in the context of emerging protocols like HTTP/2 and HTTP/3,remains a critical area of research in cybersecurity. This talk focuses on enhancing real-time threat detection while navigating the challenges of scalability. About the speaker: Dr. Sandhya Aneja is a researcher, inventor, and computer scientist with a strong passion for teaching. She is an Assistant Professor at Marist College in Poughkeepsie, NY,and was a Visiting Research Scholar at the Department of Computer Science, Purdue University. She has over 15 years of experience teaching computer science to undergraduate and graduate students at the University of Delhi and the University of Brunei.As a researcher, she contributed to developing a mobile application to facilitate the matching of interests on available mobile devices and allow exchanging of messages and files. The application allows broadcasting names and a limited number of keywords representing users' interests without any connection in a nearby region. The broadcasting region creates a mobile wireless network limited by the Wi-Fi region that is around 200 meters. She also received a US Patent on this technology.As a computer scientist, she has received project funding from the University of Delhi as PI and the Universityof Brunei as co-PI. She has extensively worked on Brunei government-funded projects with IBM Researchers. She is also a contributor to Sandia and DARPA-funded projects at Purdue University.

Mu Zhang, Backtracking Intrusions in Modern Industrial Internet of Things

Wed, 6 Dec 2023 16:30:00 EST

Advanced Persistent Threat (APT) attacks are increasingly targeting modern factory floors. Recovery from a cyberattack is a complex task that involves identifying the root causes of the attack in order to thoroughly cleanse the compromised systems and remedy all vulnerabilities. As a result, the provenance analysis, which can correlate individual attack footprints and thus "connect the dots", is very much desired. Provenance analysis has been well studied in traditional IT systems, yet the OS-level attack model, prior work employs, cannot effectively capture application semantics in physical control systems. Recent efforts have been made to develop custom provenance models that uniquely represent physical attacks in cyber-physical systems. Nevertheless, existing techniques still fall short due to their unreliable semantic recovery, inability to reconstruct process contexts, and lack of cross-domain causality tracking. In this talk, we present ICSTracker, which aims to enable provenance analysis in the new setting of industrial IoT. To recover the physical semantics of controller routines, we utilize data mining to identify function call sequences that align with specific physical actions. To establish the process contexts, we resort to the data access patterns in controller code to discover and keep track of critical state variables that are shared among multiple iterations of control logic. To uncover the methods attackers employ in exploiting digital vulnerabilities to cause physical damage, we perform a cross-domain causality analysis, associating controller operations with OS-level events through their mutual access to shared digital assets. We have implemented and tested ICSTracker in a FischerTechnic testbed. Our preliminary results are promising, demonstrating that ICSTracker can precisely capture cross-domain cyber-physical attacks in a semantics and context-aware fashion. About the speaker: Mu Zhang is an Assistant Professor with the Kahlert School of Computing at the University of Utah. Zhang works at the unique intersection between systems security and cyber-physical systems. He is the lead PI of the DARPA HACCS project Semantics-Aware Discovery of Advanced Persistent Threats in Cyber-Physical Systems, which aims to detect advanced attacks in CPS settings. He has also been key personnel on the NSF CPS Frontiers project, Software Defined Control for Smart Manufacturing Systems, and has led the technical effort to develop a security vetting system for controller programs. Zhang has extensively published in top-tier security venues (S&P, CCS, NDSS), and received an ACM SIGSOFT Distinguished Paper Award at ISSTA 2023, an ACM SIGPLAN Distinguished Paper Award at OOPSLA 2019, and a Best Paper Honorable Mention at CCS 2022.

Robert Denz, Mind the Gap: Vulnerabilities and Opportunities for Cyber R&D at the Edge

Wed, 29 Nov 2023 16:30:00 EST

This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B) Commercial or defense systems are often developed first to meet a mission or customer need. Security of many of these systems is often developed at a component level by each components product team. The product teams often maintain robust security for their component within the system, but security gaps begin to form when the complete system is assembled. Adversaries will seek to exploit these gaps in the overall system design as they look for the path of least resistance to achieve their goals. These adversaries do not limit themselves to one exploitation domain and will often pivot across domains in their execution of an attack. To guard against these multi-domain threats, we as security practitioners and researchers need to work together to adjust our world view on the larger system of system security challenge that we face. This presentation begins the process of enumerating some of these gaps, how gaps came into existence, and provides potential research avenues to address them. About the speaker: Dr. Robert Denz serves as the Director of the Secure and Resilient Systems group at Riverside Research. In this role, he leads a team of researchers who ensure software provenance, security, reliability, and resilience in systems. To achieve these objectives, the Secure and Resilient Systems group conducts innovative research in formal methods, AI-driven secure waveform design, and secure operating system implementations for the Department of Defense (DoD) and Intelligence Community (IC).Dr. Denz has over 15 years of experience working on and leading cybersecurity and anti-tamper research programs for DARPA and the DoD. He was recently the Principal Investigator for DARPA Dispersed Computing, where he oversaw a multi-disciplinary team that delivered distributed resilient mesh routing protocols to the tactical edge. Dr. Denz also served as a research lead for DARPA Mission Resilient Clouds (MRC), contributed to the DARPA Clean-slate design of Resilient, Adaptive Secure Hosts (CRASH), and was an original designer of the Air Force Cross-Domain Access SecureView Hypervisor. Through these efforts, he gained extensive knowledge of x86 processor internals and secure operating systems. Dr. Denz received his PhD in secure hypervisor and kernel design from the Thayer School of Engineering at Dartmouth College in 2016.

Andy Ellis, How to Build and Measure a Corporate Security Program

Wed, 15 Nov 2023 16:30:00 EST

The challenge of building a security program is that there are too many things you could be doing, and that creates a challenge for security leaders to decide on which things they should do next.All too often companies pivot from fighting one fire to another fire. They end up cobbling together a security program with duct tape, bailing wire, and a handful of solutions implemented as a reaction to our own incidents and major headlines about other companies' breaches. How should a CISO evaluate building their security program?In this talk, I will be exploring a mental model that CISOs can use - that I used in my 20 years as a CISO - to evaluate the state of their security program, and to identify where there are gaps in coverage. At a high level, the framework is four dimensional, covering width (asset coverage), height (control comprehensiveness), depth (risk context), and time (maturity continuity). I will use case studies to highlight ways the security programs often fail on one of these axes, as a means for participants to connect the programs they work on to the shortcomings others have already experienced.Most ways to evaluate a security program become frameworks with an overly strong focus on detail, but which lose the holistic view of the health of a security program, and even the "known unknowns" (we're pretty sure there is a risk, but don't have specifics) become forgotten as the focus narrows to the "known knowns" (we've documented the risk). The "unknown unknowns," of course, almost never get visibility.Combining a mental model for assessing the overall maturity of the program, with a high level risk comparison system (the "Pyramid of Pain") allows a CISO to identify areas for improvement to mitigate risk in the future.Case studies from my time at Akamai will be shared (demonstrating not only how to quickly assess risk, but how to understand risk areas that may take years to mitigate), including the risk areas whose mitigation helped propel Akamai into the security leviathan it is today. About the speaker: Andy Ellis is a seasoned technology and business executive with deep expertise in cybersecurity, managing risk, and leading an inclusive culture. He is the founder and CEO of Duha, a boutique advisory firm focused on providing strategic consulting in the areas of Leadership, Management, Cybersecurity, Technology Risk, and Enterprise Risk Management. He is the author of 1% Leadership, Operating Partner at YL Ventures, Advisory CISO at Orca Security, and is an advisor to cyber security startups. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making. Ellis previously served as the Chief Security Officer of Akamai Technologies, where he was responsible for the company's cybersecurity strategy, including leading its initial forays into the cybersecurity market. In his twenty-year tenure at Akamai, Andy led the information security organization from a single individual to a 90+ person team, over 40% of whom were women. Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), the SANS DMA Podcast of the Year (for Cloud Security Reinvented), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

Wen Masters, Cyber Risk Analysis for Critical Infrastructure

Wed, 8 Nov 2023 16:30:00 EST

This is a hybrid event. Students are encouraged to attend in person: STEW 209. Operational technology (OT) and industrial control systems (ICS) need innovative cybersecurity solutions that go beyond compliance-based security controls in order to be more resilient against increasing cyber threats. This talk describes MITRE Infrastructure Susceptibility Analysis (ISA) that helps ICS/OT organizations to effectively assess risk and prioritize mitigations. About the speaker: As a science and technology leader and strategist, Dr. Wen Masters' career has spanned 30+years with government, academia, R&D centers, and not-for-profit organizations, leading impactful science and technology research and development. Currently, Wen is Vice President for Cyber Technologies at the MITRE Corporation, a not-for-profit organization that manages six federally funded research and development centers with a mission to solve problems for a safer world. In this role, Wen drives MITRE's cybersecurity strategy, champions for MITRE's cybersecurity capabilities, and oversees MITRE's innovation centers with a team of 1,200 professionals developing innovative technologies that address the nation's toughest cyber challenges to deliver capabilities for sponsors and public.Before joining MITRE, Wen was Deputy Director of Research at Georgia Tech Research Institute.She oversaw research in data science, information science, communications, computational science and engineering, quantum information science, and cybersecurity.Prior to Georgia Tech, Wen spent more than two decades as a federal government civilian and a member of the Senior Executive Service of America at the Office of Naval Research (ONR) and the National Science Foundation (NSF). At NSF, she served as the Lead Program Director for the Math Priority Area and a Managing Director for two Mathematical Sciences Institutes. At ONR,she led the Navy's Integrated Science and Technology research and development portfolio in applied mathematics, computer science and engineering, information science, communications,machine learning and artificial intelligence, electronics, and electrical engineering, as well as their applications for war fighting capabilities and national security. For the impact of her efforts, the Navy honored Wen with many awards, including the Distinguished Civilian Service Medal, the highest honorary award given by the Secretary of the Navy. Before her long career in the federal government, Wen worked at the Jet Propulsion Laboratory in Pasadena, California where she was responsible for orbit determination for NASA's deep space exploration missions, including Magellan, Galileo, and Cassini. Wen is a member of the National Academy of Sciences Naval Studies Board, Board of Trustees of the UCLA Institute for Pure and Applied Mathematics, and External Advisory Board of the Texas A&M University Global Cyber Research Institute.

Steve Lipner, Thinking About the Future of Encryption

Wed, 1 Nov 2023 16:30:00 EDT

During the last several years, there has been growing concern that the development of quantum computers could undermine the public-key cryptography that is a fundamental pillar of security on the Internet. Recently, the U.S. Government's National Institute of Standards and Technology has released draft standards for post-quantum encryption algorithms that can replace the existing, and potentially vulnerable public-key encryption. But while the future of encryption will depend on new algorithms,there are many other factors that will influence security in the decades to come. In 2022, the National Academies of Sciences, Engineering, and Medicine released a report on "The Future of Encryption" that examines factors including technical aspects of cryptography, societal and policy considerations, and product engineering. The report presents a series of findings that apply broadly, and paints three alternative future scenarios for the future of encryption. This presentation, based largely on the Academies report, will provide researchers, engineers, and policy professionals with context in which to view future developments and concepts for prioritizing future actions. About the speaker: Steve Lipner is the executive director of SAFECode, an industry nonprofit focused on software security assurance. He was previously partner director of software security at Microsoft where he was the creator and long-time leader of the Security Development Lifecycle (SDL) and was responsible for software integrity policies and government security evaluations. Steve also serves as the chair of the U.S.Government's Information Security and Privacy Advisory Board. He has more than a half century of experience in cybersecurity as researcher, engineer, and development manager and is named as coinventor on twelve U.S. patents. He is a member of the National Academy of Engineering and chaired the Academies' Committee on the Future of Encryption. Steve's CV is available at www.stevelipner.org.

Courtney Falk, The Bride of the Pod People

Wed, 25 Oct 2023 16:30:00 EDT

Courtney Falk will discuss his ongoing research into Pod People, the ongoing search-engine optimization spam campaign. This talk combines threat hunting and threat intelligence with real-world applications including insights into how cybercriminals work and how organizations can collaborate. All publicly-accessible indicators collected by this project are published online to contribute to the good of the commons. About the speaker: Dr. Courtney Falk is an information security professional with over fifteen years of experience in the government, academic, and public sectors. He earned his doctorate of philosophy from Purdue University in the interdisciplinary information security program. When Courtney is not researching critical infrastructure for Purdue, he enjoys painting miniature figures and playing tabletop war games.

Derek Dervishian, Fuzzing: Understanding the Landscape

Wed, 18 Oct 2023 16:30:00 EDT

The number of software vulnerabilities found in modern computing systems has been on the rise for some time now. As more and more software is being developed, software testing is increasingly becoming an important part of the software development cycle, with the goal of rooting out any and all vulnerabilities before public release. However, finding software vulnerabilities is not a trivial task, especially in complex software systems with thousands of lines of code and complicated system interactions. Just a single vulnerability making its way into a software product/service can have devastating consequences, if not discovered and patched in good time.Luckily, there is a plethora of available software testing tools and techniques. One such software testing approach is called fuzzing. Fuzzing is an automated program testing technique introduced in the late-1980s, and has become a critical tool in a software tester's toolkit. Fuzzing is based on the simple idea of feeding software lots of mutated inputs and monitoring the program state for any anomalous behavior. Fuzzers have had a long and successful track record of finding software vulnerabilities. This success brought forth new and innovative approaches to improve the overall fuzzing process in all aspects. However, despite its success and widespread use, fuzzing is not a "one size fits all" approach. Software testers still have to tailor their fuzzing methodology to the software under test. Therefore, understanding the inner workings of fuzzers is absolutely vital in order to determine when and how to use them most effectively. About the speaker: Derek Dervishian works as a cybersecurity research engineer at Lockheed Martin - Advanced Technology Laboratories, an advanced applied R&D division of the Lockheed Martin corporation, specializing in cyber, autonomy, data analytics and much more. In this role, Derek has worked on several R&D projects across multiple technical areas, including vulnerability research and binary analysis.Derek graduated from Purdue University with a Bachelor's degree in Computer Engineering in December 2020. Derek is currently pursuing a Master's degree in Computer Science from the Georgia Institute of Technology.

Rebecca Herold, Sorting Surveillance Benefits from Harms

Wed, 11 Oct 2023 16:30:00 EDT

Tracking technologies are proliferating at an increasingly high rate in apps, IoT devices, websites, and in a wide range of files. They are not only impacting privacy in wider and more harmful ways, but they have also extended far beyond the digital world and are also impacting physical safety. Such tools can certainly be very beneficial, when used responsibly and with informed awareness of the cybersecurity and privacy risks. However, when they are used without establishing technical and non-technical boundaries, and without taking risk mitigation actions, the associated surveillance activities can, and have, brought physical harms. I was an expert witness for a case a couple of years ago involving a stalker's use of his victim's smart car to find and almost fatally assault her. I'm currently an expert witness for two separate cases involving the use of Meta Pixels, Conversion APIs, cookies, and other types of tracking tech for surveillance of online activities. Virtually daily there are news articles reporting privacy invasions by digital trackers, drones, security cameras, and more. I will provide several real-life use cases, and provide discussion for the technical and non-technical capabilities that possibly could have been identified through risk assessment activities prior to making such products publicly available and informed the needed associated security and privacy capabilities, that would have supported privacy and cybersecurity protections and physical safety. About the speaker: Rebecca Herold has over 30 years of security, privacy and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: 7 ½ years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; 2 years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and 3 years as a SME team member, and co-author of the internet of things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking app and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for 9 ½ years for the Norwich University MSISA program. Since early 2018 Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

Khaled Serag, Vulnerability Identification and Defense Construction in Cyber-Physical Systems

Wed, 4 Oct 2023 16:30:00 EDT

With the ever-accelerating computerization process of once strictly mechanical systems, information security threats are only expected to increase. This rapidly unfolding process calls into question whether we could promptly cope with the security threats it entails. Unfortunately, a commonly observed trend is for the computerization process to steadily advance while paying little attention to the security aspect until a security vulnerability is discovered, often by an external actor. Only then, a quest for a suitable security measure begins. In sum, security is considered only in reaction to manifest breaches. This comes at a high price, as the fix is not often found speedily after the breach. In this talk, I will explain how to take a proactive vulnerability identification and defense construction approach to better secure cyber-physical systems. I will discuss two main themes of my research: 1) vulnerability identification and 2) defense construction with a focus on the context of Controller Area Network (CAN) systems. About the speaker: Dr. Khaled Serag is a post-doctoral research assistant at Purdue University. He finished his Ph.D. at Purdue in August 2023. His broad research area is Information Security. Since he joined Purdue, he has been working closely with Dr. Dongyan Xu and Dr. Z. Berkay Celik on several Automotive and ICS Security projects. He also has industrial research experience through working with Boeing as a Cyber Security Researcher, where he was involved in several security research projects pertaining to avionic networks, mesh networks, IoT devices, and other areas.

Scott Sage, Erin Miller, How the Cyberspace Domain has Changed the Game for the Space Domain

Wed, 27 Sep 2023 16:30:00 EDT

This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B)As the commercial and international space community grows to reach the projected $1T for the global economy, the vast domain of space becomes increasingly congested and contested. In this Seminar the Space Information Sharing and Analysis Center (Space ISAC) and the National Cybersecurity Center (NCC) team up to share their perspectives and insights on the intersection of cyber and space, how the game is changing, and what effect this will have on government, industry and academia. This talk will discuss the technology trends in the industry, threats to space systems, and make recommendations to students and faculty about how to navigate the landscape of space domain cybersecurity over the next five years. About the speaker: Mr. Scott Sage is the Chief Operating Officer of the National Cybersecurity Center, a national-level nonprofit organization that provides collaborative cybersecurity knowledge and services to the United States. He encourages, engages, and equips others to solve worthwhile hard problems like his most recent assignment to develop a new space cybersecurity market for Peraton Inc. He also recently developed a complicated IR sensor development from a blank sheet of paper to launch and operation in under 24 months, and his prior conception and execution of an Insider Threat and Information Warfare Behavior Based Analytics R&D project that generated 2 patents and increased interest from DoD and Intelligence Community customers. Past accomplishments include: · Automated Mission Impact Assessment of Network Disruptions - Patent 8347145 · Concept to Low Earth Orbit IR Sensor for Space Development Agency < 2 years · Northrop Grumman Sector Cyber and Information Operations Strategy Development · Industry-leading technology development for scalability in satellite C2 automation · Increased worldwide frequency access for Low Earth Orbit satellite communications · House Armed Services Committee praise for highly classified space advocacy plan · Conceptualized, researched and constructed unique DoD Space Order of Battle Annex · Highly praised Master of Science thesis addressing satellite radiation effects Before devoting his work full time to visionary growth development for Peraton, Scott managed counter- hypersonics development for Northrop Grumman, advanced cyber defense systems development for AT&T, and advanced space operations programs for aerospace companies and the US Navy. Scott has published international export material on cybersecurity issues associated with virtualization and cloud computing and developed a nation-wide R&D network for Northrop Grumman that allowed critical technologies to be brought online for use on high priority captures worth over $8.6B in future revenue. Scott has also been a Certified Information Systems Security Professional (CISSP) and Homeland Security Expert since going to work after completing 15 years of US Navy service as a Commander. Scott volunteered as the co-chair of the Space ISAC Information Sharing Working Group and co-chair for the DHS CISA Future of Space Working Group and has volunteered at Penrose hospital and the Colorado Springs Rescue Mission, along with being a leader at his church. Formal degrees include a M.S., Space Systems Electrical Engineering from the Naval Postgraduate School in Monterey, B.S., Nuclear Engineering & B.A., Journalism & Mass Communication from Iowa State University, Ames, IA. Ms. Erin M. Miller is the Executive Director of the Space Information Sharing and Analysis Center (Space ISAC). Space ISAC serves as the primary focal point for the global space industry for "all threats and all hazards." Stood up at the direction of the White House in 2019, Erin led the Space ISAC to open its operational Watch Center, alongside its Cyber Malware and Analysis Vulnerability Laboratory in Colorado Springs, CO, USA. Under Erin's leadership, Space ISAC's headquarters facility is already serving several countries to achieve its mission of security and resilience for the global space industry. Each year Space ISAC puts on the Value of Space Summit (VOSS), co-hosted with The Aerospace Corporation at the University of Colorado Colorado Springs. Erin has over a decade of experience building meaningful tech collaborations and has formed hundreds of formal partnerships between government, industry and academia to solve problems for war fighters and national security. As a serial entrepreneur in the non-profit space, she thrives in launching new programs and new organizations from stand up through building and scaling operations. Erin was the Managing Director of the Center for Technology, Research and Commercialization(C-TRAC) and brought three USAF-funded programs to bear at the Catalyst Campus for Technology & Innovation (www.catalystcampus.org). Her expertise in brokering unique partnerships using non-FAR type agreements led to the standup of the Air Force's first cyber focused (#securebydesign) design studio,AFCyberWorx at the USAF Academy, and the first space accelerator, Catalyst Accelerator, at Catalyst Campus in Colorado Springs - in partnership with Air Force Research Laboratory and AFWERX. In 2020 Erin was a recipient of the Woman of Influence award. In 2018 Erin was recognized by the Mayor of Colorado Springs as Mayor's Young Leader (MYL) of the Year Award for Technology. She is also the recipient of Southern Colorado Women's Chamber of Commerce Award for Young Female Leader in 2018. In her previous roles she developed and managed intellectual property portfolios, technology transfer strategies, export control/ITAR, secure facilities, and rapid prototyping collaborations. Erin serves on the advisory board of CyberSatGov, CyberLEO and is a board member for the Colorado Springs Chamber of Commerce & EDC. She has guest lectured at Georgetown University, United States Air Force Academy, University of Colorado at Boulder, and Johns Hopkins University. She is frequently found public speaking at notable events like, Defense Security Institute's Summits, CyberSatGov, State of the Space Industrial Base, and other forum focused on security and space resiliency and critical infrastructure.

Christopher Nuland, Enhancing Software Supply Chain Security in Distributed Systems

Wed, 20 Sep 2023 16:30:00 EDT

Recorded: 09/20/2023 CERIAS Security Seminar at Purdue University Enhancing Software Supply Chain Security in Distributed Systems Christopher Nuland, Red Hat In the aftermath of the transformative 2020Solarwinds breach, securing software supply chains has surged to the forefront of modern software development concerns. This incident underscored the imperative for innovative approaches to ensure software artifacts' integrity and authenticity. The Supply Chain Level for Software Artifacts (SLSA)framework emerged as a response, emphasizing secure software development processes for supply chains. As compliance standards, notably enforced by the National Institute of Standards and Technology (NIST), intensify the call for robust security measures, the convergence of open-source technologies presents a compelling solution.In the contemporary landscape of distributed systems, like Kubernetes, the significance of signing critical artifacts, such as container images and builds, cannot be overstated. These signatures substantiate the origin and unaltered state of the artifacts, rendering them resistant to tampering or unauthorized access. Yet, with the escalating complexity of software supply chains, bolstered by the proliferation of distributed technologies, ensuring trustworthy artifact provenance becomes more formidable.This challenge is where SigStore, an innovative technology solution, steps in. SigStore enables cryptographic signing and verification of software artifacts, offering a robust mechanism to establish the authenticity of these components. By leveraging transparency log technologies, SigStore enhances the trustworthiness of the supply chain,creating a formidable barrier against malicious alterations.This talk will discuss the popular technologies in the industry that are utilizing a zero trust software supply chain. Why this type of supply chain is important, and outline the different technologies used in conjunction with SigStore to create zero-trust supply chains within the software development and deployment lifecycle.Christopher Nuland has been involved with container technology since 2010, when he worked with Oak Ridge Labs and Purdue's CdmHub on containerizing their simulations with OpenVZ. He joined RedHat in 2018 as a container specialist in the infrastructure and application development space for primarily Fortune 100 companies across the U.S. His work has focused mainly on cloud-native migrations into k8s-based platforms, and developing secure cloud-native zero-trust supply chains for the healthcare,life sciences, and defense sectors. About the speaker: Christopher Nuland has been involved with container technology since 2010, when he worked with Oak Ridge Labs and Purdue's CdmHub on containerizing their simulations with OpenVZ. He joined RedHat in 2018 as a container specialist in the infrastructure and application development space for primarily Fortune 100 companies across the U.S. His work has focused mainly on cloud-native migrations into k8s-based platforms, and developing secure cloud-native zero-trust supply chains for the healthcare,life sciences, and defense sectors.

Stuart Shapiro, MITRE PANOPTIC™ Privacy Threat Model

Wed, 13 Sep 2023 16:30:00 EDT

As privacy moves from a predominantly compliance-oriented approach to one that is risk-based, privacy risk modeling has taken on increased importance. While a variety of innovative pre-existing options are available for privacy consequences and a few for vulnerabilities, privacy threat models, particularly ones focused on attacks (as opposed to threat actors) remain relatively scarce. To address this gap and facilitate more sophisticated privacy risk management of increasingly complex systems, MITRE has developed the Pattern and Action Nomenclature Of Privacy Threats In Context (PANOPTIC™). By providing an empirically-driven taxonomy of privacy threat activities and actions – as well as contextual elements – to support environmental and system-specific threat modeling, PANOPTIC is intended to do for privacy practitioners what MITRE ATT&CK® has done for security practitioners. This presentation discusses the underpinnings and provides an overview of PANOPTIC and its use. About the speaker: Stuart S. Shapiro is a Principal Cyber Security and Privacy Engineer and a co-leader of the Privacy Capability in the MITRE Labs Cyber Solutions Innovation Center at the MITRE Corporation. At MITRE he has led multiple research and operational efforts in the areas of privacy engineering, privacy risk management, and privacy enhancing technologies (PETs), including projects focused on connected vehicles and on de-identification. He has also held academic positions and has taught courses on the history, politics, and ethics of information and communication technologies. His professional affiliations include the International Association of Privacy Professionals (IAPP) and the Association for Computing Machinery (ACM).

Rita Foster, Cyber defender's plead - If it's not codified – Please go away

Wed, 6 Sep 2023 16:30:00 EDT

Problem: Cyber threat information is rarely codified and never connected to actual infrastructure that needs cyber protections since infrastructure is also not codified.Solution: Infrastructure Expression (IX) – Five use cases for the IX tools with methods using graph theoretics and machine learning will be presented. A full scenario on recent malware binary analysis will be presented highlighting applicability to infrastructure, creation of context specific indicators, cyber observables, and courses of actions for better cyber defenses. Background: The Idaho National Laboratory (INL) has been creating tools, methods and cyber defense capabilities using Structured Threat Information Expression (STIX) and graph database technology since 2015. INL's internal Laboratory Directed Research and Development (LDRD) project – IX - created the first codified infrastructure models in STIX. INL has open sourced these tools and uses advanced graph and machine learning methods and techniques to support critical infrastructure cyber defenses for many USG sponsors and stakeholders. About the speaker: Rita Foster is recognized nationally for research leadership in control system cyber security, briefing numerous committees in the United States Senate and House, appointed by cabinet level secretaries to serve on advisory councils and is frequently requested to provide analysis on emerging threats and impacts to critical infrastructure. She currently leads the innovation development for the infrastructure security areas: identifying research gaps that align to our agile and resilient strategies, creating partnerships, building proposals, and analyzing risk components for cyber-physical infrastructure security. These partnerships include asset owner utilities, technology providers, DOE, DHS, DOD and other government entities. Her efforts resulted in research proposals awarded ranging from creation of automated response mitigating cyber threats, applying machine learning to firmware and malware binary code, impact analysis with physics-based modeling, asset owner consumable threat analysis and characterizations of vulnerabilities and exploits in various control systems and components. She has over 33 years of experience in computer integration focusing on control systems applications, real-time simulations and for critical life safety related applications.Her current role at INL includes over 18 years of experience in cyber security of critical infrastructure identifying research gaps aligned with strategic direction, creating partnerships,providing capstone analysis, and thought leadership in areas of protection and defense in the energy sector. She has mentored over 50 interns ranging from high schoolers to Ph.D. candidates using her project data and tools for dissertations. She provides outreach and education to a wide range of stakeholders and has participated in numerous exercises to identify gaps in roles and responsibilities between private industry and government. She has managed multi-discipline teams bringing together controls system engineers, network engineers, cyber security researchers and subject matter experts for infrastructure security. She has served as the technical lead providing initial direction and requirements for programs essential to INL's success. Her early career at INL included over 15 years of experience in independent verification and validation of large military networks for performance and security, validating of physics-based code for nuclear repositories, programming real time training simulators for nuclear operations, programming life safety systems for nuclear repositories, validated energy transmission and distribution systems and integrated divergent control systems creating supervisory control and data acquisition platforms. Prior to INL, she obtained over 8 years of experience in computer operations,programming, and data networking.

Dr. Anand Singh, The State of Software Supply Chain Security

Wed, 30 Aug 2023 16:30:00 EDT

Software Supply Chain is emerging as one of the biggest issues that enterprises are facing these days. SolarWinds, Kaseya, 3CX, the examples are way too many. These attacks rapidly multiplied in 2022.In this presentation, we will discuss the trending of software supply chain issues, the federal mandates in the form of executive orders that are impacting this space, emerging best practices and what is the fundamental tech stack to manage these issues, and lastly, what does a good supply chain security program looks like.Dr. Singh will also briefly discuss his journey from being a student at Purdue (MS, Computer Science) to his current role as Chief Information Security Officer of Alkami Technology. About the speaker: Anand is a seasoned cybersecurity executive with over 25 years of experience managing technology, security, privacy, and risk teams in a variety of verticals. His career spans Financial Services, Retail, Healthcare, Manufacturing, eCommerce, Cloud, and SaaS companies. These include UnitedHealth Group, Target Corporation, Alkami Technology, Caliber Home Loans, and PTC.He is currently the Chief Information Security Officer (CISO) at Alkami Technology. Alkami's solutions enable financial institutions to outsmart the competition by providing the nation's best Cloud, SaaS, and PI centric digital banking platform. Alkami's mission is to be the gold standard in digital banking. More than 400 FIs and 15 million end users use Alkami's solutions. Anand is also a seasoned Board director with tenures at DaVinci Academy, CISO XC, and Dallas CISO Summit. Anand holds NACD.DC, CISM, and CISSP certifications. He has a PhD in Computer Science from University of Minnesota, MS in Computer Science from Purdue University, and B.Tech. in Computer Science and Engineering from Indian Institute of Technology. Anand is a proud boilermaker and is deeply attached to Purdue's mission and its goals.

Marina Gavrilova, Advancements and New Developments in Biometric Privacy, Security and Ethics

Wed, 19 Apr 2023 16:30:00 EDT

Human identity recognition is one of the key mechanisms of ensuring proper asset and information access to individuals. It became an established authentication practice for government, consumer, financial and recreational institutions in modern society. Biometrics are also increasingly used in a cybersecurity context to mitigate vulnerabilities and to ensure protection against an unauthorized access. However, with the rise of the technological advancements, such as AI and deep learning, more and more capabilities exist to infer private information of individuals and to use aggregate data mining for commercial or other purposes. This lecture will discuss how deep learning methods can enhance biometric recognition accuracy in a variety of settings: unimodal and multi-modal systems, social behavioral biometrics, and risk assessment. The lecture will further focus on risks of privacy and ethical considerations, with discussing cancellability and de-identification as two of the mechanisms to mitigate the privacy concerns. About the speaker: Prof. Gavrilova holds Full Professor with Tenure appointment at the Department of Computer Science, University of Calgary, Canada. Prof. Gavrilova research interests lie in the areas of machine intelligence, biometric recognition, image processing and GIS. Prof. Gavrilova publication list includes over 150 journal and conference papers, edited special issues, books and book chapters, including World Scientific Bestseller of the Month (2007) – "Image Pattern Recognition: Synthesis and Analysis in Biometric," Springer book (2009) "Computational Intelligence: A Geometry-Based Approach" and IGI book (2013) "Multimodal Biometrics and Intelligent Image Processing for Security Systems". She has received support from CFI, NSERC, GEOIDE, MITACS, PIMS, Alberta Ingenuity, NATO and other funding agencies. She is an Editor-in-Chief of Transactions on Computational Sciences Springer Verlag Journal series and on Editorial board of seven journals.

Kelly FitzGerald, Don't Copy That Floppy!: A History of Anti-cracking Controls in Early Video Games and Its Economic Impact

Wed, 12 Apr 2023 16:30:00 EDT

The roots of software piracy were propelled by the fledgling game market of the 1980's where the PC game supply chains were brittle and copying floppy disks was really easy. This talk will walk through the history and evolution anti-cracking controls as video games moved from bedroom game development to a 220 billion dollar industry. About the speaker: Kelly FitzGerald is an Product Security Architect at the RTX CODE Center where she focuses on factory and supply chain cybersecurity and threat intelligence. Kelly comes to RTX after 15 years at Symantec/Veritas where she worked in Product Security Vulnerability Management while doing research in medical device vulnerabilities. Kelly lives with her husband, kind golden retriever and sassy black cat in San Diego, CA. In her spare time she creates bad art, manipulates the memory of single player games and watches way too much educational YouTube.

Sayak Ray, Pre-Silicon Hardware Security Analysis through Information Flow Tracking - Current Industry Applications and Research Questions

Wed, 5 Apr 2023 16:30:00 EDT

Information Flow Tracking (IFT) is a useful tool to reason about security of a system. It can be applied at different levels of abstraction - starting from operating system all the way to gate-level circuits through various representations of software and hardware. In this talk, we will focus on IFT at the register transfer level (RTL) representation of hardware and discuss how IFT can be applied to find various types of RTL security vulnerabilities. We will discuss an inductive formulation of the problem based on leakage alert and propagation alert that offers a scalable solution and micro-architecture-level design insights compared to more traditional formulations. We will end the talk by outlining some of the research challenges that we need to address to push the boundary further. About the speaker: Dr. Sayak Ray is a Security Researcher at Intel Corporation. His area of research includes tools and automation for security validation, security challenges in FPGA, heterogeneous computing and data center networking. Dr. Ray regularly publishes at design automation conferences and journals. He has served on technical program committees of various conferences such as DAC and ICCAD. Before joining Intel in 2016, he was a Post-doctoral Research Associate at Princeton University. Dr. Ray obtained his PhD from UC Berkeley in 2013.

Wendy Nather, CERIAS Security Symposium Closing Keynote

Wed, 29 Mar 2023 16:30:00 EDT

"What Do We Owe One Another In Cybersecurity?" As the cybersecurity ecosystem evolves, we understand more about how interconnected we are: the ripple effects from breaches, the fact that supply chains aren't discrete lines but rather a web, and that mapping our vulnerabilities is harder than we thought. In this session, Wendy Nather will talk about the concept of civic duty on the Internet — not just sporadic charity efforts or "nice to have" information sharing, but the social norms and obligations we should face together if we want a sustainable world of technology. Shared risk requires shared defense. About the speaker: Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security. She is a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative, as well as a Senior Cybersecurity Fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

Steve Bellovin, 35 Years of Protecting the Internet

Wed, 22 Mar 2023 16:30:00 EDT

For 35 years, the Internet has been bedeviled by attackers. For about as long, defenders have tried deploying various defenses; these have often been of limited utility. We look back at what has happened, focusing on the explicit or (more often) implicit assumptions behind the defenses, and why these assumptions were or were not correct. About the speaker: Steven M. Bellovin is the Percy K. and Vida L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity and Privacy Center of the university's Data Science Institute, and an affiliate faculty member at Columbia Law School. Bellovin does research on security and privacy and on related public policy issues. In his copious spare professional time, he does some work on the history of cryptography. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to the Cybersecurity Hall of Fame. Bellovin has served as Chief Technologist of the Federal Trade Commission and as the Technology Scholar at the Privacy and Civil Liberties Oversight Board. He is a member of the National Academy of Engineering and has served on the Computer Science and Telecommunications Board of the National Academies of Sciences, Engineering, and Medicine. In the past, he has been a member of the Department of Homeland Security's Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission.Bellovin is the author of Thinking Security and the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number of patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996-2002; he was co-director of the Security Area of the IETF from 2002 through 2004.More details may be found at http://www.cs.columbia.edu/~smb/informal-bio.html.

Patrick Schlapfer, Using Endpoint Isolation to Track Malware Trends

Wed, 8 Mar 2023 16:30:00 EST

Endpoint security controls have traditionally relied on detecting malicious activity to protect devices from intrusions. But attackers often change their techniques so quickly that detection patterns must be adapted, resulting in a detection lag. Some of this limitation can be solved by using hardware-based process isolation, which isolates risky endpoint tasks from the user's data and critical parts of the operating system. One of the most interesting data sources the HP Threat Research team uses to track malware trends and behaviors are isolation traces, since they can give us an insight into techniques that have bypassed detection controls. In this presentation, we provide an overview of captured attack techniques that are currently seen in the wild. We will elaborate how attackers try to bypass email security and how users are lured to infected websites to download malware. Finally, we will share advice on how to protect against such attacks and what to look out for. About the speaker: Patrick is a malware analyst at HP with interests in a wide range of security areas. He already focused on cyber security during his studies, where he developed a particular interest in malware analysis. After graduation, he worked on a scientific project at the university and built a dynamic malware analysis system for code similarity clustering. He gained further experience in incident response and threat intelligence at a Swiss bank. Since 2021, Patrick works as a malware analayst on HP's Threat Research team. He conducts analyses of new threats, using the results to improve HP's security products and shares them with the community.

Albert Cheng, Elements of Robust Real-Time Systems: Regularity-Based Virtualization and Functional Reactive Programming

Wed, 1 Mar 2023 16:30:00 EST

The use of sophisticated digital systems to control complex physical components in real-time has grown at a rapid pace. These applications range from traditional stand-alone systems to highly-networked cyber-physical systems (CPS), spanning a diverse array of software architectures and control models. Examples include city-wide traffic control, robotics, medical systems, autonomous vehicular travel, green buildings, physical manipulation of nano-structures, and space exploration. Since all these applications interact directly with the physical world and often have humans in the loop, we must ensure their robustness, security, and physical safety. Obviously, the correctness of these real-time systems and CPS depends not only on the effects or results they produce, but also on the time at which these results are produced. For instance, in a CPS consisting of a multitude of vehicles and communication components with the goal to avoid collisions and reduce traffic congestions, formal safety verification and response time analysis are essential to the certification and use of such systems. This seminar introduces two key elements for building robust real-time systems: regularity-based virtualization and functional reactive programming.Real-time resource partitioning (RP) divides hardware resources (processors, cores, and other components) into temporal partitions and allocates these partitions as virtual resources (physical resources at a fraction of their service rates) to application tasks. RP can be a layer in the OS or firmware directly interfacing the hardware, and is a key enabling technology for virtualization and cloud computing. Open, virtualized real-time systems make it easy to securely add and remove software applications as well as to increase resource utilization and reduce implementation cost when compared to systems which physically assign distinct computing resources to run different applications. The first part of this talk will describe ways based on the Regularity-based Resource Partition Model (RRP) to maintain the schedulability of real-time tasks as if they were scheduled on dedicated physical resources and increase the utilization of the physical multi-resources.The benefits of using the functional (reactive) programming (FRP) over the imperative programming style found in languages such as C/C++ and Java for implementing embedded and real-time software are several. The functional programming paradigm allows the programmer to intuitively describe safety-critical behaviors of the system and connect its components, thus lowering the chance of introducing bugs in the design phase, resulting in a robust and secure implementation. Its stateless nature of execution does not require the use of synchronization primitives like mutexes and semaphores, thus reducing the complexity in programming on parallel and multi-core platforms. Hence, FRP can potentially transform the way we implement next-generation real-time systems and CPS. However, accurate response time analysis of FRP-based controllers remains a largely unexplored problem. The second part of this talk will explore a framework for accurate response time analysis, scheduling, and verification of embedded controllers implemented in FRP. About the speaker: Dr. Albert Cheng, a U.S. Department of State Fulbright Specialist (2019-2024), is a full professor and former interim associate chair of computer science and a full professor of electrical and computer engineering at the University of Houston in Houston, Texas. He was a visiting professor at Rice University and the City University of Hong Kong. He received the B.A. degree with highest honors in computer science, graduating Phi Beta Kappa, the M.S. degree in computer science with a minor in electrical engineering, and the Ph.D. degree in computer science, all from The University of Texas at Austin, Austin, Texas.Prof. Cheng is a Distinguished Member and Speaker of the ACM, an Honorary Member of the Institute for Systems and Technologies of Information, Control and Communication, and a Fellow of the Institute of Physics. An author of over 270 publications, Prof. Cheng is an Associate Editor of the IEEE Transactions on Knowledge and Data Engineering (TKDE) and the ACM Computing Surveys (CSUR). His research interests center on the design, specification, analysis, optimization, formal verification, scheduling, and implementation of embedded and real-time systems, real-time virtualization, cyber-physical systems/Internet of things, real-time machine learning, knowledge-based systems, functional reactive systems, and security.He received the 2015 University of Houston's Lifetime Faculty Award for Mentoring Undergraduate Research. He implemented in C the first model checker, co-invented by ACM Turing Award winner E. Allen Emerson, augmented with semantics-based analysis for rule-based expert systems. He authored the popular textbook Real-Time Systems: Scheduling, Analysis, and Verification. Prof. Cheng is the Founder and CEO of AMKC Informatics, LLC.Speaker's website:Professor Albert M. K. Cheng's Homepage (uh.edu)

Arjan Durresi, Trust Engineering – from Developing Resilient Systems to Artificial Conscience

Wed, 22 Feb 2023 16:30:00 EST

This talk will discuss how we engineer trust among agents, humans, and algorithms to develop solutions to significant practical problems, including Trustworthy AI in multiple applications, Resilience in systems, and a framework for Artificial Conscience to control AI, which we extend to system security. Trustworthiness of AI solutions is emerging as a must for the best use of AI. Using our trust system, we have developed metrics for acceptance, explainability, and fairness of AI solutions having humans in the loop. Furthermore, we introduce the concept of Trustability, which captures the probability of a system keeping the required QoS performance under a specific attack tree. Finally, we present our framework for Artificial Conscience, where AI algorithms are controlled by agents who negotiate with each other using our trust engine to output a solution with maximum" Artificial Feeling." This framework can be easily implemented in any AI system where multiple metrics are involved, including system security scenarios. About the speaker: Arjan Durresi is a Professor of Computer Science at Indiana University Purdue University in Indianapolis, Indiana. He has published over 100 papers in journals, over 220 articles in conference proceedings, and twelve book chapters. His research interests include Trust Engineering, System Security, Trustworthy Artificial Intelligence, AI Control, Network Architectures and Protocols, and Quantum Computing. NSF, USD, states, universities, and industry sources funded his research. He was named among the top 2% of scientists on Stanford's list in September 2021and updated in October 2022.

Dean Cheng, Chinese Views of Information and Future Warfare

Wed, 15 Feb 2023 16:30:00 EST

Examines Chinese views on the importance of information as the new currency of international power, and discusses how the PLA's restructuring supports PLA efforts at planning for future "informationized local wars." About the speaker: Dean Cheng is a non-resident Senior Fellow with the Potomac Institute for Policy Studies and a Senior Advisor with the US Institute of Peace. He recently retired from the Heritage Foundation as the Senior Research Fellow for Chinese political and security affairs. He specializes in Chinese military and foreign policy, and has written extensively on Chinese military doctrine, technological implications of its space program, and "dual use" issues associated with China's industrial and scientific infrastructure. He is the author of "Cyber Dragon: Inside China's Information Warfare and Cyber Operations."

Ronald Keen, Increasing Dependency; Increasing Threat

Wed, 8 Feb 2023 16:30:00 EST

Increasingly, the United States is becoming more and more dependent on Space-based technologies and systems. Our adversaries are well aware of this and have become much more aggressive in their attempts to understand, infiltrate and interfere with Space-based operations, while watching the corresponding impacts to ground-based critical infrastructure. Mr. Keen will discuss that increasing dependency and the associated cyber aspect, then extrapolate that into the upstream and downstream impacts to terrestrial critical infrastructure that occur as a result of Space-based events. Finally, he will discuss how the expanding presence of Space-based operations presents an increasing and dangerous cyber threat to both the Space-based and terrestrial-based critical infrastructure systems as they become even more co-dependent moving forward. About the speaker: Currently a Senior Advisor on Space and Cybersecurity within the National Risk Management Center, Cybersecurity and Infrastructure Security Agency (CISA) at the U.S. Department of Homeland Security, Ronald Keen is a retired Air Force officer with an extensive background in intelligence and space systems operations, as well as critical infrastructure protection. Concluding a distinguished military career, Ron accepted the position as a Division Director in the Indiana State government directing research and testifying on issues within the utility regulatory environment with an emphasis on energy, cybersecurity and critical infrastructure. He accepted his current position with the Department after retiring from State government service. Ron earned his Bachelors at Southwest Texas State University and is a graduate of Embry Riddle Aeronautical University with a Masters in Aeronautical Science. A published author, Ron and his wife, Susan,have five children.

Jason Ortiz, Securing Your Software Supply Chain

Wed, 1 Feb 2023 16:30:00 EST

To secure connected products, developers and manufacturers must use tools and processes that are purpose built to analyze the complex binaries found within connected devices and embedded systems. Beyond the capabilities of traditional security tooling, dedicated product security (software supply chain security) tools must run in the specialized languages, systems, and deployment cycles for these connected devices. In this talk hosted by Finite State's Jason Ortiz, we will examine where traditional security falls short in analyzing the composition of a device, detecting its vulnerabilities, assessing the severity of those vulnerabilities, prioritizing and conducting response actions. In this session, you will learn how traditional tools can't always see the opaque threats that live inside connected devices, explore Software Bill of Materials (SBOMs) and how to generate them, and discover how to build a product security strategy that leads to more secure products and software supply chains. About the speaker: Jason Ortiz is Engineering Manager at Finite State and has over 10 years of experience in the US Intel Community and more than five years in commercial cyber security services. In his role, Jason leads the team that develops necessary interfaces between the Finite State Platform and data for use by customers and partners in their business context. Jason is also President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector that facilitates public-private collaboration and information sharing, and a proud Boiler alum!

Aurobindo Sundaram, Our Journey in Phishing Mitigation

Wed, 25 Jan 2023 16:30:00 EST

For 5 years, we have experimented with technology, people, and process controls at RELX, all designed to create an integrated framework for phishing mitigation. I'll speak about technology we've adopted (and that we haven't). I'll speak about failures in industry efforts (e.g., digital signatures). I'll speak about behavioral science and how we have adopted its concepts to drive behavior change. I'll speak about the "human is the weakest link/humans are our strongest link" debate raging in the industry today. I'll tell you where we still struggle as a company and as an industry. This topic will drive conversation, because everyone gets phishing emails; and everyone thinks they have a solution. About the speaker: Aurobindo Sundaram is the Head of Information Assurance & Data Protection at RELX, a global provider of information and analytics for professional and business customers across industries. He works closely with the company's Board of Directors, Group & division CEOs and functional heads, Chief Technology Officers, and Chief Information Security Officers to articulate and implement RELX's global information security program. His remit extends across 30,000+ employees, offices in 40+ countries, and customers in 180+ countries. Aurobindo has graduate degrees in computer science and management and is a CISSP.

Mummoorthy Murugesan, Problems and Challenges in Data Security Posture Management

Wed, 18 Jan 2023 16:30:00 EST

The rise of enterprise cloud computing has brought an even greater emphasis on data. According to an analysis compiled by Statista, two zettabytes of data were created, captured, copied, and consumed globally in 2010. That figure will reach 97 zettabytes this year and 181 zettabytes by 2025. As the adoption of cloud computing continued to evolve, so did how enterprises approached securing their data. Today, enterprises find their data scattered throughout their various cloud systems, and they have lost visibility into where their sensitive data resides. The problems are about whether there are any shadow data stores that developers left abandoned? Who can access all of the enterprise data on these clouds, and are there excessive privileges? What data is at risk of being breached and falling out of regulatory compliance? Moreover, the growing complexity of cloud computing is a big part of why breached data records have risen (according to the Identity Theft Resource Center) from 16 million in 2010 to more than 155 million today. A recent survey from IDC found that 98% of organizations they queried reported at least one cloud data breach in the past 18 months. With all these challenges, cybersecurity professionals are faced with the daunting task of understanding where their organization's critical or regulated data exists across cloud platforms. The process of identifying and securing cloud data is called the Data Security Posture Management. In this talk, we will go over certain techniques for discovering, analyzing and securing data in various cloud platforms. We will then look at challenging problems that are opening up more avenues for further investigation, and research. About the speaker: Dr. Mummoorthy Murugesan is currently the founding Director of Engineering at Normalyze Inc. Earlier, he worked at Teradata R&D where he developed the incremental planning and execution of queries. He has worked in start-ups such as Netskope, and Turn to build highly scalable systems. At Netskope, he built the data management platform for the CASB (cloud access security broker) product. Before Normalyze, he led the cloud infrastructure initiatives for Workday's Prism analytics. Dr. Murugesan's interests span data, analytics, security and cloud infrastructure. He received his Ph.D. in Computer Science from Purdue University, and Masters degree from Syracuse University.

Ambrose Kam, Applying Multi-Agent Reinforcement Learning (MARL) in a Cyber Wargame Engine

Wed, 11 Jan 2023 16:30:00 EST

Cybersecurity is inherently complicated due to the dynamic nature of the threats andever-expanding attack surfaces. Ironically,this challenge is exacerbated by the rapid advancement of many new technologieslike Internet of Things (IoT) devices, 5G infrastructure, cloud-basedcomputing, etc. This is where artificialintelligence (AI) and machine learning (ML) techniques can be called intoservice, and provide potential solutions in terms of threat detection andmitigation responses in a rapidly changing environment. On contrary, humans are often limited by theirinnate inability to process information and fail to recognize/respond to attackpatterns in the multi-dimensional, multi-faceted world. The recent DARPA AlphaDogFight has proven AIpilots can defeat even the best human pilot in air-to-air combat. This prompted our engineers to develop aminimum viable product (MVP) that demonstrates the value of a multi-agent reinforcementlearning (MARL) architecture in a simulated cyber wargaming environment. By using our simulation framework, we essentially"trained" the learning agents to produce the optimum combination/permutation ofcyber attack vectors in a given scenario. This cyber wargaming engine allows our analysts to examine tactics,techniques and procedures (TTPs) potentially employed by our adversaries. Once these vulnerabilities are analyzed, ourcyber protection team (CPT) can close security gaps in the system. About the speaker: Ambrose Kam is a Lockheed Martin Fellow with over 25 years of experience in the Department of Defense (DoD) industry. He is one of the earliest pioneers at applying modeling, simulation, and operations analysis techniques to threat modeling and cyber resiliency assessment. He regularly gives lectures at MIT, Georgia Tech, and industry consortiums like the Military Operations Research Society (MORS) and National Defense Industry Association (NDIA). Ambrose has been quoted in major publications including Forbes, The Economist, etc, and has co-authored a book in Simulation and Wargames. As a subject matter expert, he represents Lockheed Martin in industry standards organizations like ISO, LOTAR, and INCITS. His most recent efforts in wargaming, Machine Learning/Deep Learning, Cyber Digital Twin, and Blockchain earned him patents and trade secret awards. In 2017, Ambrose won the prestigious Asian American Engineer of the Year (AAEOY) award for his technical leadership and innovations. He holds several advanced degrees from MIT and Cornell University as well as a Bachelor of Science degree from the University at Buffalo.

Julie Haney, Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned

Wed, 7 Dec 2022 16:30:00 EST

Whether you're implementing security policy or developing products, considering the human element is critical. Yet security professionals often fall victim to misconceptions and pitfalls that undermine users' ability to reach their full security potential. Grounded in real-world examples and human-centered research, this talk will explore how to recognize and overcome these pitfalls towards improving security through user empowerment. About the speaker: Julie Haney is a computer scientist and lead for the Usable Cybersecurity program at the National Institute of Standards and Technology (NIST). She conducts research about the human element of cybersecurity, including the usability and adoption of security solutions, work practices of security professionals, and people's perceptions of privacy and security. Previously, Julie spent over 20 years working in the U.S. Department of Defense as a security professional and technical director primarily in the cyber defense mission. She has a PhD and M.S. in Human-Centered Computing from University of Maryland, Baltimore County, an M.S. in Computer Science from University of Maryland, and a B.S. in Computer Science from Loyola University Maryland.

Meng Xu, Fast and Reliable Formal Verification of Smart Contracts with the Move Prover

Wed, 30 Nov 2022 16:30:00 EST

The Move Prover (MVP) is a formal verifier for smart contracts written In the Move programming language. MVP has an expressive specification language, and is fast and reliable enough that it can be run routinely by developers and in integration testing. Besides the simplicity of smart contracts and the Move language, three implementation approaches are responsible for the practicality of MVP: (1) an alias-free memory model, (2)fine-grained invariant checking, and (3) monomorphization. The entirety of the Move code for the Diem blockchain has been extensively specified and can be completely verified by MVP in a few minutes. Changes in the Diem framework must be successfully verified before being integrated into the open source repository on GitHub. About the speaker: Dr. Meng Xu is an Assistant Professor in the Cheriton School of Computer Science at the University of Waterloo, Canada. His research is in the area of system and software security, with a focus on delivering high-quality solutions to practical security programs, especially in finding and patching vulnerabilities in critical computer systems. This usually includes research and development of automated program analysis/ testing / verification tools that facilitate the security reasoning of critical programs.

Brian Barnier & Prachee Kale, Making Cybersecurity Reliable and Cybersecurity Careers Rewarding

Wed, 16 Nov 2022 16:30:00 EST

People face increasing dangers from cyber enemies. At the same time, cyber pros are suffering from stress, burnout and "hamster wheel"syndrome. They experience many difficulties every day in easily protecting people and companies from danger.There is a different option. Cyber pros have the opportunity of better work-life balance, more rewarding careers and achieving their personal missions to better protect people and companies – by making cybersecurity as reliable as electricity. How? The same way as other business functions do – with curiosity,critical thinking, system thinking and industrial-strength design thinking. The same way business innovation created products that delight us in daily life.The same way music, sports and cooking bring us joy. The same way military battles are won. It takes learning to think counter intuitively and to change. But there's a twist, business innovators have education,method and coaching at the individual, team and organizational levels.Compared to other business functions, cyber pros are setup to fail. The support system for cyber pros is missing!The good news is, it's readily fixable! That starts with putting people in the center of cybersecurity – empowering cyber pros to more easily protect people from danger, accelerating authentic Zero Trust and making cybersecurity as reliable as electricity. Join us to learn and map-out your action plan. About the speaker: Brian Barnier is the co-founder of Think.Design.Cyber and the think-tank, CyberTheory Institute that bridges the gap between boards,business leaders, cybersecurity leaders and compliance.Brian has pioneered critical, systems and industrial design thinking in the cybersecurity discipline and the use of life-like scenario analysis to address critical issues of evolving threats/attacks, eliminate bad methods that cause breaches, waste money and resources and burnout cyber pros,affecting culture and retention.He is the author of The Operational Risk Handbook (Harriman House, Great Britain, 2011) used as a textbook by the London Institute of Banking & Finance. In 2020, Brian's paper with expert Prachee Kale,"Cybersecurity: The Endgame -- Part 1" was honored as the 2020 Article of the Year in the Taylor and Francis EDPACs journal. Brian has earned coveted achievement awards from two of ISACA's most significant chapters. In 2021, he earned the highly distinguished Joseph J. Wasserman Award presented by ISACA New York Metro Chapter. In 2015, he received the V. Lee Conyers Award from ISACA Greater Washington DC.Deep in professional guidance, he is a co-author of ISACA's Risk IT and COBIT, and the Shared Assessments Program. ISACA's IT Audit Framework 2020 points to his work in risk assessment. He is one of the first three "Fellows" of OCEG -- the Open Compliance & Ethics Group – the organization that created "Governance, Risk and Compliance." Prachee Kale is the co-founder of Think.Design.Cyber, a Founding Executive Fellow of CyberTheory Institute and a multi-disciplinary professional with a 17 year, "4D" career spanning: Cybersecurity& Tech, Business Strategy, Diversity & Inclusion and Executive Coaching.Prachee's current work is focused on 1) coaching introverted cyber professionals (who account for 60%+ of cyber workforce) to build their brand and become strong leaders without changing their personalities and, 2)bringing critical, systems and design thinking to cybersecurity organizations so they can accelerate Zero Trust implementation, drive demonstrable business outcomes and cost savings, improve culture and reduce burnout.Her article "Cybersecurity: The End Game Part 1" in the Taylor and Francis EDPACs journal was honored as "2020 Article of the Year."In cybersecurity, she has managed strategic investments of over $150 million, reduced spend by 20+%, eliminated antagonistic culture and demonstrated 90% retention rate for more than 3 years Prachee's business strategy experience comes from working on business and ops/tech transformations, enterprise risk and regulatory mandates, in management consulting and the World Bank.As a leader in the DEI dept., she is accelerating diversity and ESG initiatives. Prachee is the Executive Sponsor for the Women Leaders program focused on increasing representation of women of all backgrounds.She earned an M.S. in Bioinformatics from George Washington University, which is about building tech for biological research. She wrote code, conducted scientific experiments on HIV viruses, and did PCR tests (yep,those). Think invasive viruses, the pandemic and cybersecurity!

Christine Task, Data, Privacy---and the Interactions Between Them

Wed, 9 Nov 2022 16:30:00 EST

Data deidentification aims to provide data owners with edible cake: to allow them to freely use, share, store and publicly release sensitive record data without risking the privacy of any of the individuals in the data set. And, surprisingly, given some constraints, that's not impossible to do. However, the behavior of a deidentification algorithm depends on the distribution of the data itself. Privacy research often treats data as a black box---omitting formal data-dependent utility analysis, evaluating over simple homogeneous test data, and using simple aggregate performance metrics. As a result, there's less work formally exploring detailed algorithm interactions with realistic data contexts. This can result in tangible equity and bias harms when these technologies are deployed; this is true even of deidentification techniques such as cell-suppression which have been in widespread use for decades. At worst, diverse subpopulations can be unintentionally erased from the deidentified data. Successful engineering requires understanding both the properties of the machine and how it responds to its running environment. In this talk I'll provide a basic outline of distribution properties such as feature correlations, diverse subpopulations, deterministic edit constraints, and feature space qualities (cardinality, ordinality), that may impact algorithm behavior in real world contexts. I'll then use new (publicly available) tools from the National Institute of Standards and Technology to show unprecedentedly detailed performance analysis for a spectrum of recent and historic deidentification techniques on diverse community benchmark data. We'll combine the two and consider a few basic rules that help explain the behavior of different techniques in terms of data distribution properties. But we're very far from explaining everything—I'll describe some potential next steps on the path to well-engineered data privacy technology that I hope future research will explore. A path I hope some CERIAS members might join us on later this year. This talk will be accessible to anyone who's interested—no background in statistics, data, or recognition of any of the above jargon is required. About the speaker: Christine Task is a CERIAS alumna, who earned her PhD in Computer Science at Purdue University in 2015, and joined Knexus Research Corporation later that year. Since then she has led the first National Challenges in Differential Privacy for the National Institute of Standards and Technology, contributed to 2020 Census Differentially Private Disclosure Avoidance System, served as technical lead for non-DP Synthetic Data projects for the US Census Bureau's American Community Survey, American Housing Survey and American Business Survey, been co-lead on the United Nation's UNECE Synthetic Data Working Group, and led the development of the SDNist data deidentification benchmarking library. Back in 2012, as a doctoral student at Purdue, she gave a CERIAS seminar titled "Practical Beginner's Guide to Differential Privacy", whose success was very valuable to her career. Having begun a decade ago, she was thrilled to be invited back to present what amounts to an update on that work.

Ning Zhang, Security and Privacy in the Cyber-physical World

Wed, 26 Oct 2022 16:30:00 EDT

Students: This is a hybrid event. You are encouraged to attend in-person in STEW G-52As computing advances are making profound changes in our society, they also expose us to new security threats. While the impact of cyber attacks was often in our digital life in the past, our cyber world is increasingly intertwined with the physical world. Compromised safety-critical systems or critical infrastructures can have life and death implications. In this talk, I will highlight two research directions within my research group. First, on the system security front, I will discuss our efforts to ensure system availability on safety-critical embedded systems. Second, on the cyber-physical security front, I will present our recent work on IoT security. Finally, I will discuss our ongoing work and future directions. About the speaker: Dr. Ning Zhang leads the Computer Security and Privacy Laboratory (CSPL) at Washington University in St. Louis. Before joining Washington University, he was previously a principal cyber engineer/researcher and technical lead at Raytheon from 2007 to 2018. Ning's research focus is system security and cyber-physical security. Ning received his PhD degree from Virginia Polytechnic Institute and State University and MS/BS from the University of Massachusetts - Amherst.

Florian Kerschbaum, On Using Differential Privacy

Wed, 19 Oct 2022 16:30:00 EDT

Differential Privacy has become a widely used tool to protect privacy in data science applications. In this talk, I will present two use cases for differential privacy: a) in collection of key-value statistics and b) as a protection against membership inference attacks. Key-value statistics are commonly used to gather information about the use of software products. Yet, the collector may be untrusted, and the data of each user should be protected. There exist a number of differentially private collection methods that perturb the data at the client's site. However, these are very inaccurate. In theory it would also be possible to collect these statistics using secure computations. However, that is too inefficient to even test. We show that a new combination of differentially privacy and secure computation achieves both high accuracy and high efficiency. In the second application, we investigate the theoretical protection of differential privacy against membership inference attacks on neural network models. There exist proofs of theoretical upper bounds that scale with the privacy parameter. We show theoretically and empirically that those bounds do not hold against existing membership inference attacks in a natural deployment. We show that when using existing data sets from different sources on the Internet (instead of the same data set as in lab experiments) and unmodified existing, even no longer state-of-the-art membership inference attacks, the bound does not hold. We provide a theoretical explanation using a model that removes an unrealistic assumption about the training that, namely that it is iid. About the speaker: Florian Kerschbaum is a professor in the David R. Cheriton School of Computer Science at the University of Waterloo (joined in 2017), a member of the CrySP group, and NSERC/RBC chair in data security (since 2019). Before he worked as chief research expert at SAP in Karlsruhe (2005 – 2016) and as a software architect at Arxan Technologies in San Francisco (2002 – 2004). He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology (2010) and a master's degree from Purdue University (2001). He served as the inaugural director of the Waterloo Cybersecurity and Privacy Institute (2018 – 2021). He is an ACM Distinguished Scientist (2019). He is interested in security and privacy in the entire data science lifecycle. He extends real-world systems with cryptographic security mechanisms to achieve (some) provable security guarantees. His work is used in several business applications.

David C. Benson, Stop Selling Cybersecurity Short!: Cybersecurity as a Component of National Power

Wed, 12 Oct 2022 16:30:00 EDT

Often, policy makers and cybersecurity professionals talk about cybersecurity as if cybersecurity is only important insofar as it benefits or protects other assets or values. For example, it is common to hear people argue that cybersecurity is important because of its role in economic growth, or potential damage military operations. Those arguments are not wrong, but they fail to understand national power, and consequently grossly understate cybersecurity's importance in international politics. Information is a component of national power all on its own, and cybersecurity is an important part of that component. Properly situating information as a component of national power, and cybersecurity in its appropriate place within information will better inform policy and practice. Informational considerations should hold equal weight in national policy, and not be subordinated military or economic concerns. As a component of information power, cybersecurity operates alongside other components of information power, and should cooperate with, and learn from those components of informational power. About the speaker: David Benson is currently a Professor of Security and Strategic Studies at the School of Advanced Air and Space Studies (SAASS) at Air University, Montgomery, AL. His research and instruction focuses on international relations and information, especially how the internet and information technology affects great power politics. His publications include "Why the Internet is not Increasing Terrorism," "Cyber-balancing not Cyber-War," and "Mahan and Corbett will not Inform War with China." David graduated from the University of Chicago, and held a post-doctoral appointment at Southern Methodist University. David served six years in the US Army, first as a Chinese-Mandarin linguist and then as an infantry officer. After completing a tour in Iraq, David worked with JIEDDO-COIC to develop and teach counter-insurgency strategy.

Maggie MacAlpine, Ransomware and the Future of Cyberwarfare

Wed, 5 Oct 2022 16:30:00 EDT

Use of Ransomware as a class of malware has exploded in recent years, causing millions in damages to organizations across the world. The damage isn't slowing down. On the contrary, ransomware as a tool is being adopted by a wide array of perpetrators. This includes nation-states, for cash, and to use the demand for cash to obfuscate activities like espionage and sabotage. Ransomware has become a powerful tool of asset seizure and extortion, being used by criminals, activists, and even sanctioned governments for multiple purposes including use as a weapon of war. The use of ransomware and its close cousin, wiperware, is only accelerating. In this talk, we will examine how the proliferation of ransomware brought us to this point, what it means for current global conflicts, and for the future of cyberwarfare. About the speaker: Maggie MacAlpine is the Cyber Engagement Lead for MITRE's Center for Threat Informed Defense. Prior to this appointment she served as a security strategist for Cybereason and, during her decade-long career focused on cybersecurity, Ms. MacAlpine also co-founded the DEF CON Voting Village, served as a contributing researcher on the "Security Analysis of the Estonian Internet Voting System" (in partnership with the University of Michigan), and appeared in the HBO documentary, "Kill Chain". She has discussed cybersecurity threats at numerous conferences including DEF CON, the Diana Initiative, ShmooCon Hacker Conference, PacSec Tokyo, as well as in presentations to Capitol Hill and the US Naval War College.

Dipankar Dasgupta, Adaptive Multi-Factor Authentication & Cyber Identity

Wed, 28 Sep 2022 16:30:00 EDT

Authentication is a critical part to ensure the identity of a legitimate user. During authentication, an individual's credential is validated with a specific computational technique to determine the association of the user with his/her claimed identity. In this talk, I will discuss an adaptive multi-factor authentication (A-MFA) framework which uses adaptive selection of multiple modalities at different operating environment so to make authentication strategy unpredictable to hackers. This methodology incorporates a novel approach of calculating trustworthy values of different authentication factors while the computing device being used under different environmental settings. Accordingly, a subset of authentication factors is determined (at triggering events) on the fly thereby leaving no exploitable a priori pattern or clue for adversaries. Such a methodology of adaptive authentication selection can provide legitimacy to user transactions with an added layer of access protection that is not rely on a fixed set of authentication modalities. Robustness of the system is assured by designing the framework in such a way that if any modality data get compromised, the system can still perform flawlessly using other non-compromised modalities. Scalability can also be achieved by adding new and/or improved modalities with existing set of modalities and integrating the operating/configuration parameters for the added modality.I will highlight what type of evaluation be required for such identity management software to detect possible deep fakes and other forms of faking biometrics. Other attacks on current means of identity validation may become possible. What would be what good figures of merit to be used as response variables? What are good factors over which we would need to test for next-generation identity eco-systems.References:· Advances in User Authentication. Dipankar Dasgupta,Arunava Roy, Abhijit Nag. Publisher: Springer-Verlag, Inc., August 2017.· US Patent #9,912,657: Adaptive Multi-Factor Authentication, Dasgupta, et al., March6, 2018. About the speaker: Dipankar Dasgupta is a Full Professor of Computer Science at the University of Memphis and has been in different faculty positions since 1997. He is at the forefront in applying bio-inspired approaches to cyber defense, served as a program co-chair at the National Cyber Leap Year Summit organized at the request of the White House Office of Science and Technology Directorate (2009). Some of his groundbreaking works, like digital immunity, negative authentication, and cloud insurance model, put his name in Computer World Magazine and other News media.Dr. Dasgupta received external funding from different federal agencies including NSF, DARPA, IARPA, NSA, NAVY, ONR DoD and DHS/FEMA. Dr. Dasgupta has more than 300 publications with about 20,000 citations and having h-index of 62 as per Google scholar. Prof. Dasgupta received the 2014ACM SIGEVO Impact Award, became Fellow of IEEE in 2015, ACM Distinguished Speaker from 2015-2020, and currently IEEE Distinguished Lecturer. In addition to Prof. Dasgupta's research and creative activities, he also spearheads the University of Memphis's education, training and outreach activities on Information Assurance (IA). He is the founding Director of the Center for Information Assurance (CfIA) which is a National Center for Academic Excellence in Information Assurance Education (CAE-IAE) and in Research(CAE-R). Because of the center's wide range of activities, the University of Memphis is in the forefront of information security research, education, and outreach in the state as well as in the region.

Abhilasha Bhargav-Spantzel & Sonnie Ebikwo, "With great power comes great responsibility" – Responsible Cybersecurity Innovations and Investments for Cloud Computing

Wed, 21 Sep 2022 16:30:00 EDT

There is no one bigger game changer in the world than technology and its uptake in every aspect of our lives including our collective future. Cybersecurity has become the top priority across the board. There is need for informed cybersecurity investments that consider sustainability, responsible data usage, being prepared for any crisis and being resilient. We have to enable a culture of responsible innovation that takes holistic considerations for the people, process and technologies and drive a responsible mindset. We will talk about boundary considerations when it comes to data use, adversary threats, impact on environment, user behaviors and how we can help as cybersecurity professionals. The goal is to build the highways for the future with a holistic approach and principles that enables fearless harnessing of the global compute platform, enabling profound technological growth for the next generation. About the speaker: Abhilasha Bhargav-Spantzel is a Partner Security Architect at Microsoft. She is responsible for monitoring and coverage architecture for Microsoft Security Response Center (MSRC). MSRC is the front-line defense for millions of customers around the world who use Microsoft platforms and products. Previously she was at Intel for 14 years, focusing on hardware-based security product architecture. She completed her doctorate from Purdue University, which focused on identity and privacy protection using cryptography and biometrics. Abhilasha drives thought leadership and the future evolution of cybersecurity platforms through innovation, architecture, and education. She has given numerous talks at conferences and universities as part of distinguished lecture series and workshops. She has written 5 book chapters and 30+ ACM and IEEE articles and has 35+ patents. Abhilasha leads multiple D&I and actively drives the retention and development of women in technology. She is passionate about STEM K-12 cybersecurity education initiatives, as well as co-organizes regular camps and workshops for the same. Sonnie Ebikwo is a Principal Program Manager at Microsoft where he works on strategies to deliver a high bar of security capabilities and productivity for Microsoft and Stakeholders. He is a highly knowledgeable professional, credited with over 27-years of progressive experiences in both the private and public sectors where he developed strong functional background in various industries ranging from Cybersecurity, Telecom, US Government, Real Estate, Transportation and the Service Industry. Prior to joining Microsoft, he served as a Senior Technical Program Manager and Availability Zone Owner of the largest cluster of Data Centers with the largest customer base within the AWS Data Center Supply Delivery Infrastructure. In this role, he led complex cross functional teams to deliver data center supply through shell, room and infill opportunities including direct responsibility for overall short- and longer-term health of the AZ. Sonnie holds a distinguished formal and extensive education with a master's in planning from the University of Texas at Arlington and completed the senior executive leadership development training at the UChicago Booth School of Business in 2013. He is a certified Project Management Professional (PMP-2003), Certified Scrum Master and a Certified Scrum Product Owner.

James Huffaker, Cyber Security in Aviation

Wed, 14 Sep 2022 16:30:00 EDT

Students: This is a hybrid event. You are encouraged to attend in person in STEW 050B (G52)Common IT based Cyber techniques do not apply to many parts of the aviation industry. The aviation industry has to meet a number of Federal Aviation Regulations and using Industry provided standards show compliance to those regulations, perhaps for the life of the airplane after initial certification. Most all updates to airplanes require a certification activity, thus it takes considerable time to make any system changes. This certification process has been time tested and proved to have the right rigor leading to continued improved safety as the number of flights per day worldwide increases each year. Cyber security being an evolving threat must be considered in all system designs. About the speaker: Jim Huffaker is a Senior Manager with Boeing Commercial Airplanes. A 30+ year veteran of Boeing,he leads a team that installs the Onboard Network Server (ONS) and/or Airplane Interface Device (AID) used by flight, maintenance, and cabin crews in all phases of flight. In addition, this team is working to offer a safe and secure wired and/or wireless connection to portable Electronic Flight Bags (EFBs) from the airplane installed server for real time data and off-board communications. His management experiences include leader of the Electromagnetic Effects design team on the 787, and leader of a team of engineers responsible for Electrical and Environmental Controls systems and Avionics systems in the Customer Aviation Services Organization for the 737, 747, 767, and 777 models. His work experience also includes leader of Avionics design for the 747-400 Onboard Maintenance System (OMS) Central Maintenance Computer (CMC) and the 777 OMS Central Maintenance Computing Function (CMCF), a component of the Airplane Information Management System(AIMS). Additionally, he remains an industry focal, and has served as the Boeing representative on the FAA Flight Data Recording (FDR) Aviation Rule making Advisory Committee (ARAC), as the Company's representative for Loadable Software and other AEEC/ARINC document creation teams, and as the Boeing Customer Services representative for Y2K.Mr. Huffaker is a graduate of Purdue University with a BSEE,and was a Commissioned Officer in the USAF. In addition to his Space Systems Defense assignments while in the military, his responsibilities included Avionics design on the B-2, prior to joining Boeing.

Cuihua (Cindy) Shen, A Fake Image is Worth a Thousand Lies

Wed, 7 Sep 2022 16:30:00 EDT

Visual misinformation, including fake, manipulated or out-of-context images and videos, is increasingly common on the Internet and social media platforms. Because of visuals' superior impression, retention, virality and persuasiveness, visual misinformation poses a significant threat to national security, social cohesion, and public health. Yet, we know very little about how users process and judge the authenticity of visuals, and the ways in which platforms and fact-checking agencies could effectively detect and fight against visual misinformation. In this talk, I will report findings from several recent experiments that reveal the characteristics of users most susceptible to visual misinformation, and a few effective technical and social interventions to counter visual misinformation. About the speaker: Cuihua (Cindy) Shen is a professor of communication at UC Davis and the co-director of the Computational Communication Research lab. Her research focuses on understanding visual misinformation and designing effective interventions. From 2017 to 2022, she served as the chair of the Computational Methods Division of the International Communication Association. She is also the founding associate editor of the journal Computational Communication Research, as well as the associate editor of Journal of Computer-Mediated Communication.

Chris Jenkins, Moving Target Defense for Space Systems

Wed, 31 Aug 2022 16:30:00 EDT

Students: This is a hybrid event. You are encouraged to attend in person in STEW 050B (G52)Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Space Policy Directive-5 Cybersecurity Principles for Space Systems describes both the cyber threat to space systems and the need for these systems to be secure and resilient against cyber-attacks. Most cyber defenses for space systems rely on the ability to detect the adversary. Reliance on detection is a risky proposition, given that anomaly and threat detection remains an open research challenge for both terrestrial and space systems. Furthermore, cyber defenses for space systems must be implemented in size, weight, and power (SWAP)-constrained, real-time operating environments that cannot tolerate increased latency and other common detrimental side-effects of cyber defenses. To overcome these challenges, we have been researching the use to moving target defenses (MTD) to protect space systems against cyber-attacks. MTDs create dynamic, uncertain environments on space systems and can be used to defeat cyber threats against these systems. Furthermore, MTDs do not require detection of an adversary to mitigate the effects of an attack. Our multi-stage-stage research approach is as follows:Development of a generalized MTD algorithm: though conceptually simple, implementation of MTD can be complex. The first research phase focused on the development of a generalized MTD algorithm that implements randomization schemes with limited impact to nominal operations and failsafe commands to re-sync devices, if needed. Application of the MTD algorithms to an exemplar: we demonstrated the MTD algorithm on real MIL-STD-1553 hardware using 4 MTD commandsFunctional experiments: we evaluated the reliability of the MTD algorithms and whether the use of MTD added unacceptable operational overhead.Cyber resilience experimentation and validation: we exposed the hardware and MTD to cyber-attacks to determine the effectiveness of the MTD algorithms at thwarting attacks and thereby increasing resilience to the attacks.Machine learning experiments: we used machine learning models to analyze whether the MTD algorithm introduced vulnerabilities and if the machine learning models could "crack" the MTD algorithm and predict randomization sequences. The MTD performed well in each of the experiments. Most notably, the cyber resilience experiments showed a 97% reduction in adversarial knowledge. Furthermore, small changes in the MTD algorithm substantially decreased the ability of the machine learning model to decipher randomization sequences. About the speaker: Chris is a principal member of technical staff in the Systems Security Research Department as part of Sandia's Information Operations Center. Chris supports Sandia's mission in three key areas: cyber-physical cybersecurity research, high-performance computing, and provides cybersecurity expertise outside the lab. Chris regularly publishes in the open literature, is responsible for multiple technical advances and granted patents, and actively seeks opportunities to transition technology outside of Sandia. Chris leads a team researching innovative ways to protect critical infrastructure and other high-consequence operational technology. His work utilizes a technology called moving target defense to protect these systems from adversary attack. He has partnered with Purdue University over the last 2 years to determine the strength of the innovative, patent-awarded MTD algorithm he has created. His work has explored adapting communication security primitives to utilize his algorithm for space systems and other national security relevant communications architectures. He current research represents Sandia's national commitment to space systems and Sandia's strategic investment in the Science and Technology Advancing Resilience for Contested Space Mission Campaign. Chris has a long history of mentoring, whether through work with Sandia interns and the Center for Cyber Defenders, invited lectures and presentations to university students, and professional conferences. Chris also stewards early career Sandia staff. Chris participates in the Black Leadership Committee and also contributed to the Division 5000 Workplace Enhancement Team for several years—one year as co-chair. Chris actively seeks training opportunities to broaden and strengthen his technical skills and is a participant in the Strategic Engagement Training program at Sandia. Lastly, he was awarded the 2022 Black Engineer of the Year Award for Research Leadership.

Kevin Kornegay, IoT Device Security in a Zero Trust Environment

Wed, 24 Aug 2022 16:30:00 EDT

The mission of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University is to provide the defense and intelligence community with the knowledge, methodology, solutions, and highly skilled cybersecurity professionals to mitigate penetration and manipulation of our nation's cyber-physical infrastructure. Internet of Things (IoT) devices permeate all areas of life and work, with unprecedented economic effects. Critical infrastructures in transportation, smart grid, manufacturing, health care, and many others depend on embedded systems for distributed control, tracking, and data collection. While protecting these systems from hacking, intrusion, and physical tampering is paramount, current solutions rely on unsustainable patchwork solutions. Transformative solutions are required to protect systems where the ubiquity of connectivity and heterogeneity of IoT devices exacerbate the attack surface. Our research focuses on the convergence of IoT, 5G, and artificial intelligence in the context of the Zero Trust networks. We will present our security-in-depth approach to provide secure and resilient operation. About the speaker: Dr. Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is currently the Eugene Deloatch IoT Security Endowed Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center for Academic Excellence in the Electrical and Computer Engineering Department at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded systems, side-‐channel analysis, and differential fault analysis. Dr. Kornegay serves or has served on the technical program committees of several international conferences, including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), USENIX Security, the IEEE Physical Assurance and Inspection of Electronics (PAINE), and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He is the recipient of numerous awards, including He is the recipient of multiple awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is currently a senior member of the IEEE, and Eta Kappa Nu, Sigma Xi, and Tau Beta Pi engineering honor societies.

Máire O'Neill, Securing Connected Devices – Challenge and Opportunities

Wed, 27 Apr 2022 16:30:00 EDT

With the rapidproliferation of pervasive electronic devices in our lives, the internet ofthings (IoT) has become a reality and its influence on our day to dayactivities is set to further increase with a projected 125 Billion connecteddevices by 2030. However, this poses serious security and privacy issues as wewill no longer have direct control over with whom and what our devicescommunicate. Counterfeit, hacked, or cloned devices acting on a network are asignificant threat. In addition, IoT devices are often low-cost in area,low-power and typically are restricted in both memory and computing power. This talk will outlinethe challenges in addressing security for resource-constrained IoT devices and discussthe opportunities offered by research solutions proposed at the Centre forSecure Information Technologies (CSIT), Queen's University Belfast, inproviding effective security for IoT devices. The talk will detail our researchin Physical Unclonable Functions (PUFs), Hardware Trojan detection, Side-channelanalysis and post-quantum cryptography. About the speaker: Professor Máire O'Neill has a stronginternational reputation for her research in hardware security and appliedcryptography. She is Regius Professor in Electronics and Computer Engineeringand Director of the Centre for Secure Information Technologies (CSIT) atQueen's. She is also Director of the £5M UK Research Institute in SecureHardware and Embedded Systems (RISE: www.ukrise.org) and is a member of the UKAI Council. She has received numerous awards which include a BlavatnikEngineering and Physical Sciences medal, 2019 and a Royal Academy ofEngineering Silver Medal. She has authored two research books and over 175peer-reviewed conference and journal publications. She is a Fellow of the RoyalAcademy of Engineering, a member of the Royal Irish Academy and Fellow of theIrish Academy of Engineering.

Dr. Guan-Hua (Scott) Tu, Enabling a Practically Secure Mobile Networked System

Wed, 20 Apr 2022 16:30:00 EDT

The mobile network (e.g., 4G LTE and 5G NR), the only large-scale wireless network infrastructure on par with the Internet, plays a critical role in interconnecting various mobile devices (e.g., smartphones, massive/critical IoT devices) and providing them with ubiquitous network services. In recent years, more users are accessing the Internet through mobile networks; since the first quarter of 2021, mobile devices (excluding tablets) have generated more than 54% of global website traffic. However, the security of the nowadays mobile networked systems is still far from being satisfactory. Unprecedented malicious attacks against mobile devices and the mobile network infrastructure cannot be effectively defended by the current complicated and error-prone design and pose real threats to a large number of users. In this talk, I would like to share with you my research experience in identifying various security vulnerabilities in essential mobile network services using formal and/or empirical approaches and securing billions of mobile users and the infrastructure. About the speaker: Dr. Guan-Hua Tu is an assistant professor in the department of computer science and engineering at Michigan State University. He is the director of the Security, Networking, and Mobile Systems Research (SNMS) laboratory. He received his Ph.D. degree in Computer Science from the University of California, Los Angeles. Prior to that, he worked at MediaTek as a wireless communication software engineer, project manager, and researcher (invented eight U.S. patents). His research interests are in the broad areas of security, IoT, mobile systems, and wireless networking, with a recent focus on innovating 5G/4G mobile network architecture/protocol/technologies, cellular/Wi-Fi IoT, secure cloud computing/services, blockchain technologies. He and his research group have identified a large number of security vulnerabilities in operational 4G/5G mobile ecosystems. The research results have been published in the most prestigious networking and security conferences and journals, e.g., ACM CCS, MobiCom, MobiSys, ACM/IEEE Transactions on Networking, IEEE Transactions on Mobile Computing, etc. The solutions they proposed have been adopted by tier-one industrial partners, e.g., AT&T, T-Mobile, Verizon, and Facebook. He was a recipient of the Facebook security award, Google security rewards, best paper award at IEEE CNS'18, UCLA dissertation year fellowship award, and the IBM Ph.D. fellowship award.https://www.cse.msu.edu/~ghtu

Paul Rosenzweig, Crowd Forecasting to Enhance Cybersecurity

Wed, 13 Apr 2022 16:30:00 EDT

For at least two decades, the U.S. intelligence community and special projects agencies have been exploring the potential of prediction markets and crowd-forecasting platforms to better forecast geopolitical and technical trends. Similarly, a number of prominent corporations, including Google, Ford, Yahoo, Hewlett-Packard, and Eli Lilly, have likewise turned to these tools to predict everything from which product lines will be most profitable to whether a deadline is likely to be met. Yet despite this seeming opportunity, there remains a significant gap: almost nobody has deployed the tools for crowd-forecasting to cybersecurity problems. We propose to change that paradigm. We believe that a cybersecurity-focused forecasting market can create useful value-added information for decision-makers. To test this hypothesis we have begun a small beta test applying the principles of crowd-forecasting directly to a set of cybersecurity questions.This talk will provide background on the use of crowd-forecasting for policy and discuss some interim results of the ongoing beta test. About the speaker: Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company. He is also a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, and a Senior Fellow in the Tech, Law &Security Program at the American University, Washington College of Law. He serves as an advisor to and former member of the American Bar Association Standing Committee on Law and National Security,and a Contributing Editor of the Lawfare blog. He is a member of the ABA Cybersecurity Legal Task Force and of the United States Court of Appeals for the District of Columbia Circuit Advisory Committee on Admissions and Grievances. He serves, as well, as a Hearing Committee Member of the District of Columbia Board of Professional Responsibility. In 2011 he was a Carnegie Fellow in National Security Journalism at the Medill School of Journalism, Northwestern University.Mr. Rosenzweig is a cum laude graduate of the University of Chicago Law School. He has an M.S. in Chemical Oceanography from the Scripps Institution of Oceanography, University of California at San Diego and a B.A from Haverford College. Following graduation from law school he served as a law clerk to the Honorable R. Lanier Anderson, III of the United States Court of Appeals for the Eleventh Circuit. He is the author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World and of three video lecture series from The Great Courses, Thinking About Cybersecurity: From Cyber Crime to Cyber Warfare; The Surveillance State: Big Data, Freedom,and You; and Investigating American Presidents. He is the co-author (with James Jay Carafano) of Winning the Long War: Lessons from the Cold War for Defeating Terrorism and Preserving Freedom and co-editor (with Jill D. Rhodes and Robert S. Litt) of the Cybersecurity Handbook (3rd ed.). He is also co-editor (with Timothy McNulty and Ellen Shearer) of two books, Whistleblowers, Leaks and the Media: The First Amendment and National Security, and National Security Law in the News: A Guide for Journalists, Scholars,and Policymakers. Mr. Rosenzweig is a member of the Literary Society of Washington.

Jim Alves-Foss, Automated Function Boundary Detection in Stripped Binaries

Wed, 6 Apr 2022 16:30:00 EDT

Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically patch or mitigate those vulnerabilities. The insertion of security mechanisms that operate at function boundaries (e.g, control flow mitigation, stack guards)require automated detection of those boundaries. This talk discusses the problem, related research and a new technique that is more accurate than other reported approaches. The presentation also discusses some of the limitations and ramifications of typical approaches compare and present these types of experimental results. About the speaker: Dr. Jim Alves-Foss joined the University of Idaho (UI) in Fall of 1991 after receiving his PhD in Computer Science at the University of California, Davis. He taught UIs first cybersecurity course in Spring of 1992. He is Director of the University of Idaho's Center for Secure and Dependable Systems. During his tenure he has published over 125 peer reviewed conference and journal papers, primarily in the cybersecurity area. He has mentored 22 PhD students, over 40 MS students and numerous undergraduates to completion. His research has been sponsored by federal agencies including NSF, DoD, and industry. In 2014-2015 he led UIs2-person team in a DARPA sponsored cybersecurity competition, as the smallest team they placed 2nd in the qualification round, outperforming 100 teams including larger teams from defense contractors and other notable universities.For his efforts he was named a Distinguished Professor, the university's highest faculty rank.

Richard Clarke, Now That We're in a Hybrid War…

Wed, 30 Mar 2022 16:30:00 EDT

The war Russia has waged on Ukraine has seemed largely kinetic, but the most effective weapons weilded thus far have been consumer technologies. Putin has pursued a hybrid warfare strategy, yet the Ukrainians have fought his mendacious claims with the realities of conflict captured by mobile devices and social media. Bogged down by guerilla fighting in Ukrainian cities, Putin will view offensive cyber action and aggressive information warfare as increasingly appealing options. Richard Clarke, former U.S. National Coordinator for Security, Infrastructure Protection and Counterterrorism, and the nation's first "Cyber Czar," will give us an inside look at what the world has learned about the spillover of warfare in an era of advanced cyber threats.In his latest book, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats, Clarke delves deep into the political and economic calculations of cyber conflict. He also provides concrete steps that can be taken to achieve cyber resilience, during peacetime and amidst international conflict, including building more resistant systems and raising the costs for escalations in cyberspace. About the speaker: Richard A. Clarke served for thirty years in national security policy roles in the US Government, first in the Pentagon, then the State Department, and finally for an unprecedented decade of continuous service for three Presidents in the White House.In the White House National Security Council for President Bush (41), Clinton, and Bush (43) he served as Special Assistant to the President for Global Affairs, National Coordinator for Security and Counter-terrorism ("Terrorism Czar'), and Special Advisor for Cyberspace (the first "Cyber Czar"). Earlier, in the State Department he had been appointed as Deputy Assistant Secretary for Intelligence in the Reagan Administration and was confirmed by the Senate as Assistant Secretary of State for Politico-Military Affairs in the Bush (41) Administration. In the latter capacity, he coordinated elements in support of the First Gulf War. In the Pentagon and the State Department, he participated in a series of multilateral and bilateral nuclear arms control negotiations.Following his government career, Dick Clarke was an on-air analyst for ABC News for fifteen years, taught at the Harvard Kennedy School for five years, lead a security risk management consulting firm (Good Harbor), and served on corporate advisory boards and Boards of Directors, as well as chairing or serving on state and federal advisory boards on cybersecurity (including President Obama's Advisory Group on Technology and Intelligence, the "NSA Review Group"). He is the Chair of the Board of Governors of the Middle East Institute, an eight decade old educational institution based in Washington. He was a member of President Obama's 2008 Transition team.Clarke's books include both non-fiction (5) and fiction (4). His seminal work on terrorism and al qaeda, Against All Enemies, was a number one NY Times best seller. His 2010 volume Cyber War, co-authored with Rob Knake, was a Washington Post bestseller and acknowledged as an early and foundational book in the field. Its sequel, the Fifth Domain; Defending our Country, our Corporations and Ourselves in the Age of Cyber Threats, also written with Knake, was published in 2019.Clarke is the host of the FUTURE STATE podcast. He is the recipient of membership in the Cybersecurity Hall of Fame, the RSA Lifetime Achievement Award, and the Champion of Freedom Award from the Electronic Privacy Information Center. A graduate of Boston Latin School, the University of Pennsylvania, and MIT, Dick Clarke is a resident of Virginia.

Bill Newhouse, Challenges at the NIST National Cybersecurity Center of Excellence

Wed, 23 Mar 2022 16:30:00 EDT

What kind of projects does one get to lead at an applied cybersecurity center within the National Institute of Standards and Technology (NIST)?This talk will offer insight on the cybersecurity challenges being addressed by projects led by the speaker since he began working at the National Cybersecurity Center of Excellence in 2016. The talk will touch upon the establishment of collaborative team made up of industry, academic, and government members for each project, and discuss how each project leverages a cybersecurity standard or best practice in the functional reference designs built for each project. Throughout each phase of each project, we seek to collaborate, share (document in NIST Special Publication 1800 series practice guides), and advocate for the adoption of our work. This talk will offer some insight into the evolving series of NIST Special Publications known as practice guides (or 1800 series documents) and how these publications connect with the foundational NIST Special Publications in the 800series that are often used to set Federal government standards in computer security, information security, and cybersecurity while often being voluntarily adopted as guidance and standards by industry. This talk aims to leave enough time to address questions and explore whether the audience has new challenges that should become an NCCoE project in the future. At some point during the lecture, the following terms or phrases will be used: cybersecurity framework (functions, categories, subcategories), privacy framework, risk management framework, security and privacy controls, mitigating cybersecurity and privacy risk. About the speaker: Bill Newhouse is a cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) in the Applied Cybersecurity Division in the Information Technology Laboratory at the National Institute of Standards and Technology(NIST). His work pushes for the adoption of functional cybersecurity reference designs built from commercially available technologies in the NCCoE lab. These projects rely on establishing communities of interest with members from industry,academia, and government to gain insight and passion about the areas of cybersecurity risk that need to be addressed and result in publications known as practice guides. Mr. Newhouse has completed practices guides focused on the hospitality, retail, and Federal sectors. In October 2020, he began a cybersecurity collaboration with the U.S.Department of Energy to research and develop cybersecurity risk management tools for the storage, transportation, and handling of energy resources within the ports of our maritime transportation system. His responsibilities also include identifying ways to include financial services sector use case scenarios in NCCoE projects/practice guides.Mr. Newhouse held the position of deputy director for NIST's National Initiative for Cybersecurity Education (NICE) where he promoted the use of the NICE Framework in education, training, and workforce development activities that grow the number of people who are prepared to mitigate cybersecurity risk. Mr. Newhouse began his Federal career over 35 years ago at NSA as a cooperative education student. During his 23 years at NSA, his work shifted from telecommunication systems to information assurance. His final five years at NSA were spent in the Office of the Secretary of Defense initially with the Assistant Secretary of Defense for Research and Engineering and then with the Office of the Chief Information Officer for Identity and Information Assurance focused on cybersecurity R&D oversight and technology discovery. For over a decade, he represented OSD and then NIST at Federal cybersecurity focused R&D working groups and contributed to three different Federal cybersecurity R&D Strategic Plans.Mr. Newhouse received a Bachelor of Science in Electrical Engineering from the Georgia Institute of Technology and a Master of Science in the Field of Telecommunications Engineering from the George Washington University.

Andy Klein, What You Don't Know About Hard Drives!

Wed, 9 Mar 2022 16:30:00 EST

More than half the stored data in the world resides on hard drives. Yes, a 50+ year old technology is storing our photos, music, research, taxes, and more— and nobody blinks an eye. Given that over one zettabyte of hard drive storage shipped in 2020, this storage media is not going away anytime soon. We at Backblaze manage over 200,000 hard drives to store over 1.3 Exabytes of data. Since 2013 we have tracked every hard drive we've used and each day we record their SMART stats, giving us a unique trove of data that we have regularly analyzed over nearly a decade to learn about hard drives from the inside out. We know how often they fail by model, manufacturer, and size. We can answer the question, do hard drives failure rates follow the bathtub curve? We know how temperature affects hard drives. We can show you how machine learning capabilities could be used to predict hard drive failure. We can even provide a life expectancy forecast for all our hard drives. One more thing, we've open-sourced the data so you can do all of this yourself, just for fun. About the speaker: Andy Klein has 25 years of experience in the cloud storage, email security, and network security fields. At Backblaze he dives into terabytes of hard drive SMART data to deliver quarterly and annual Drive Stats reports detailing hard drive failure rates and other unique facts, figures, and insights. Prior to Backblaze Andy has worked at Symantec, Checkpoint, PGP, and PeopleSoft, as well as startups throughout Silicon Valley. He has presented at the Federal Trade Commission, RSA, MSST, SNIA/SDC, and other security and cloud storage events in the US and Europe.

Samuel Visner, The Evolution of Cybersecurity and its Role in the International System

Wed, 2 Mar 2022 16:30:00 EST

Precis: The United States encountered digital cyberspace with the gradual rise of digital technology, treating cyberspace as an electromagnetic domain. China encountered cyberspace more swiftly, surpassing several years ago the United States in the number of people connected in cyberspace (now approximately one billion people), treating cyberspace as a domain of human behavior. For the United States, cybersecurity pertains to the protection of information and the systems that depend on information technology. For China, cybersecurity reflects a need to impose acceptable human behavior on this new cyberspace domain. How is China attempting to reshape the international system through this new domain and its own understanding of cybersecurity? This talk will describe the rise of cyberspace and discuss the implications for the United States, its allies, and its partners as they attempt to defend their values and interests in an evolving international system. About the speaker: Samuel Sanders Visner is the Vice Chair of the Board Directors of the Space Information Sharing and Analysis Center (Space ISAC). He is also a Technical Fellow at the MITRE Corporation, serving as one of the Corporation's thought leaders for cybersecurity, space systems, and national security. Sam served previously as the Director of the National Cybersecurity Federally Funded Research and Development Center (MITRE), sponsored by the National Institute of Science and Technology. Sam was appointed in 2020 as a member of the Board of Directors of the Oak Ridge Associated Universities. Sam is an adjunct professor of Science and Technology in International Affairs at Georgetown University, where he teaches a course on cybersecurity policy, operations, and technology.Sam is a member of the Council on Foreign Relations and the Atlantic Council and is a member of the Intelligence Community Studies Board of the National Academy of Sciences, serving the Office of the Director of National Intelligence. Sam served previously as a member of the Army Science Board. Sam also served previously as Senior Vice President at ICF (General Manager, Cybersecurity and Resilience), Vice President at CSC (General Manager, CSC Global Cybersecurity), Senior Vice President at SAIC, and as Chief of Signals Intelligence Programs at theNational Security Agency, from which he received the Agency's highest award for civilian service in recognition of work done to transform the Agency's signals intelligence infrastructure following 9/11. Sam also served as a member of the Board of Directors, CVG/Avtec (2008-2010). Sam holds a bachelor's degree in International Politics from Georgetown University and a master's degree in Telecommunications from George Washington University. Sam served twice on the Intelligence, Surveillance, and Reconnaissance Task Force of the Defense Science Board, and has published articles on national and cybersecurity in World Politics Review, the Georgetown Journal of International Affairs, and the Defense Intelligence Journal. Sam is cleared TS/SCI.

Chen-Ching Liu, Cyber-Physical System Security of the Power Grid

Wed, 23 Feb 2022 16:30:00 EST

The electric power grid is a complex cyber-physical system that forms the lifeline of a modern society. Its reliable and secure operation is of paramount importance to national security and economic well-being. The power grid today is a highly automated network, wherein a variety of communication networks and information systems are interconnected to the physical grid for the purpose of monitoring, protection, control, and market functions. The increased reliance on information and communications technology in the smart gird significantly increases the vulnerabilities, which further underscores the importance of cyber security. As a result, cyber-physical system security of the power grid is a critical area encompassing vulnerability assessment, anomaly detection, and mitigation for substations and the Supervisory Control and Data Acquisition systems. The purpose of this presentation is to provide new concepts and testbed-based methodologies for the integrated cyber-power systems. Future research directions will be discussed. About the speaker: Chen-Ching Liu is American Electric Power Professor and Director, Power and Energy Center, at Virginia Tech. During 1983-2017, he was on the faculty of University of Washington, Iowa State University, University College Dublin (Ireland), and Washington State University. Professor Liu received an IEEE Third Millennium Medal in 2000 and the Power and Energy Society Outstanding Power Engineering Educator Award in 2004. In 2013, Dr. Liu received a Doctor Honoris Causa from Polytechnic University of Bucharest, Romania. He chaired the IEEE Power and Energy Society Fellow Committee, Technical Committee on Power System Analysis, Computing and Economics, and Outstanding Power Engineering Educator Award Committee. Chen-Ching is the U.S. Representative on the CIGRE Study Committee D2, Information Systems and Telecommunication. Professor Liu is a Fellow of the IEEE, Member of Virginia Academy of Science, Engineering, and Medicine, and Member of the U.S. National Academy of Engineering.

Bob Gourley, The Metaverse: Infinite attack surface and boundless risk

Wed, 16 Feb 2022 16:30:00 EST

The Metaverse is coming. What is the Metaverse? A massive, infinitely scalable, shared virtual world where land, buildings, bots, avatars and other property can be bought sold and persist. Think of it as the future convergence of all of today's virtual worlds, interconnected with a single settlement layer for totally interoperable transactions.The Metaverse will be accessible by billions via any web browser, mobile device or virtual reality system. All indications are that the metaverse is destined to become a driving force in how humanity interacts with each other. It will influence education, healthcare, government, commerce, and entertainment. How big will the Metaverse be? One indicator is the recent announcement by Mark Zuckerberg that he is shifting Facebook to be a Metaverse company. With all the other major players in delivering Metaverse capabilities today this will very quickly become a trillion dollar market. It will also be an incredibly enticing target for the criminal element.The Metaverse needs the involvement of the security community in ways few are conceptualizing today. This presentation will provide security practitioners with foundational knowledge that will help accelerate the contributions of security professionals to this rapidly developing shared virtual space. About the speaker: Bob Gourley is an experienced enterprise CTO with extensive past performance in optimizing technology in support of global businesses. As CTO of OODA he leads engagements focused on improving the security and functionality of enterprise IT. He also advises clients on technology due diligence and leads the technology research and reporting activities at OODAloop.com Bob is the former CTO for the Defense Intelligence Agency. Bob has received the Infoworld top CTO award and was named one of the top 100 "Tech Titans" in DC by Washingtonian magazine.

Dr. Chris C. Demchak, Robust Collective Cyber Power across Consolidated Democracies

Wed, 9 Feb 2022 16:30:00 EST

The complexities of and losses from a shoddily created cyberspace substrate continue to hollow the economies and national power of consolidated democracies. As China rises as a strategically focused and digitally aggressive authoritarian giant, it is critical that democratic leaders both understand the reality they face and how an institutional alternative may be created to avoid being weak cyber powers in the future. This presentation offers two models: the ‘Cybered Conflict' model to lay the foundation explanation for the weakness in national cyber power of democracies, and the ‘Cyber Operational Resilience Alliance (CORA) model to explain how this existentially threatening trend may be turned around through allied action to jointly ensure cyber resilience. Finally the talk will outline very briefly how the CORA model may be used analytically to improve the cyber resilience alliance potential of national cyber strategies, and to identify organizations capable of contributing to more robust collective cyber defenses across sectors and allied democratic nations. About the speaker: With engineering, economics, and comparative complex organization theory/political science degrees, Dr. Chris C. Demchak is the RDML Grace M. Hopper Professor of Cyber Security and a member of the Cyber and Innovation Policy Institute, U.S. Naval War College. In her research on cyberspace as a globally shared insecure complex ‘substrate', Demchak takes a systemic approach to emergent structures, comparative institutional evolution, adversaries' use of systemic cybered tools, virtual worlds/gaming for operationalized organizational learning, and designing systemic resilience against imposed surprise.

Alyssa Miller, Threat Modeling in the World of DevOps

Wed, 2 Feb 2022 16:30:00 EST

Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit with modern DevOps and CI/CD development.In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can be implemented in development pipelines and make them more efficient while improving overall security of software. See practical examples of how the manifesto serves as a guide to design a methodology that fits your needs and avoid common pitfalls that often derail this critical activity. About the speaker: Alyssa Miller, Business Information Security Officer (BISO) for S&P Global, directs the security strategy for the Ratings division, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 15 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and other media appearances.

Dr. David Mussington, Critical Infrastructure Resilience Hinges on Cyber-Physical Convergence

Wed, 26 Jan 2022 16:30:00 EST

Cyber-physical systems are delivering an increasing portion of the infrastructure services at the heart of our economy and national security, and you don't have to look far for examples of technology-enabled, industrial control, and the internet-of-things in the core operations of healthcare, food and agriculture, energy, transportation, or manufacturing. Further, one has only to look at the contemporary examples of our systems under stress, such as the JBS and Colonial Pipeline cyber attacks, to understand the fragile risk ecosystem confronting infrastructure owners and operators of cyber-physical systems.In fact, the title of this talk is purposely a catch-22, meaning that just as infrastructure resilience is inherently dependent on safe and secure cyber-physical systems, so too is the collective work to see cyber and physical security achieve resilience. About the speaker: Dr. David Mussington serves as the Executive Assistant Director (EAD) for the Infrastructure Security Division (ISD) at the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) as of February 2021. As EAD, he helps lead CISA's efforts to secure the nation's critical infrastructure in coordination with government and the private sector. His priorities for ISD include vulnerability and risk assessments; securing soft targets and crowded places; training and exercises; and securing high-risk chemical facilities.Prior to joining CISA, Dr. Mussington was Professor of the Practice and Director for the Center for Public Policy and Private Enterprise at the School of Public Policy for the University of Maryland. At RAND Corporation he led counter terrorism and cyber security studies for the Department of Defense, the Department of Transportation, and Amtrak. He later took on the role of Chief of Corporate Security for Amtrak where he was the senior official overseeing infrastructure protection, counter terrorism, and emergency response programs.Later at the Institute for Defense Analyses (IDA), he was assistant director of the Information Technology and Systems Division (ITSD), and directed cybersecurity studies for DHS, the Office of the Director of National Intelligence, the Federal Communications Commission, and the North Atlantic Treaty Organization. Moreover in 2010, Dr. Mussington was senior adviser for cyber policy in the U.S. Department of Defense (DOD), later serving on the Obama administration's National Security Council staff as Director for surface transportation security policy. In the former role, he led preparation and release of the 2011 Defense Strategy for Operating in Cyberspace, which was DOD's first enterprise-wide cyber strategy document.Dr. Mussington has a Doctorate in Political Science from Canada's Carleton University. He also received a Bachelor of Arts and a Master of Arts degree in Economics and Political Science from the University of Toronto. He undertook post-doctoral work at Harvard's Belfer Center where he was a MacArthur Scholar, and at the U.K.'s International Institute for Strategic Studies (IISS).

Chuck Brooks, Leading Trends and Emerging Technologies for Cybersecurity in 2022

Wed, 19 Jan 2022 16:30:00 EST

As we begin 2022, the cost, sophistication, and lethality of cyber-breaches continues to rise. Threat actors, especially state-sponsored, and criminal enterprises are taking advantage of the expanding cyber-attack surface by using their resources to employ more sophisticated means for discovering target vulnerabilities, automating phishing, and finding new deceptive paths for infiltrating malware. This presentation will explore some of the more compelling trends and threats in the cybers ecosystem, the impact of emerging technologies, and potential strategies for mitigation. About the speaker: Chuck Brooks is President of Brooks Consulting International, and Adjunct Faculty at Georgetown University, is a Technology Evangelist, Corporate Executive, Speaker, Writer, Government Relations, Business Development, and Marketing Executive. LinkedIn named Chuck as one of "The Top 5 Tech People to Follow on LinkedIn." He was named as one of the world's "10 Best Cyber Security and Technology Experts" by Best Rated, as a "Top 50 Global Influencer in Risk, Compliance," by Thomson Reuters, "Best of The Word in Security" by CISO Platform, and by IFSEC as the "#2 Global Cybersecurity Influencer." He was featured in the 2020 and 2021 Onalytica "Who's Who in Cybersecurity" – as one of the top Influencers for cybersecurity issues and in Risk management. He was also named "Best in The World in Security" by CISO Platform, one of the "Top 5 Executives to Follow on Cybersecurity" by Executive Mosaic, and as a "Top Leader in Cybersecurity and Emerging Technologies" by Thinkers360. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Melissa Dark, Building the Next Generation Cybersecurity Workforce: Progress and Challenges

Wed, 12 Jan 2022 16:30:00 EST

This talk explores over 20 years of building the cybersecurity workforce in the United States with a focus on the evolution, progress made, and challenges ahead. About the speaker: Dr. Melissa Dark has worked in cybersecurity education and workforce development for the past 20 years. Her early work in cybersecurity education focused on the graduate level and has progressively grown down to community college, and now high school, in response to two needs: robust cybersecurity literacy among all cybercitizens and closing the cybersecurity workforce gap. In 2015, she founded DARK Enterprises, Inc., a non-profit which advances the mission of developing, supporting, and stewarding cybersecurity education initiatives in the United States.

Melissa Hathaway & Francesca Spidalieri, Integrating Cybersecurity into Digital Development

Wed, 8 Dec 2021 16:30:00 EST

In June 2021, the GFCE and the World Bank came together to identify pathways to bridge the development community to the cybersecurity capacity building community and create mechanisms by which digital development could see the benefits of incorporating cyber security into their projects and initiatives to achieve more resilient outcomes. This report, Integrating Cyber Security into the Digital Development Agenda, highlights some of the key challenges and benefits of incorporating cybersecurity, digital resilience, and cyber capacity building into the broader development agenda. The report also features several best practices and bridging venues and activities that could facilitate tighter alignment and collaboration between the digital development and cybersecurity capacity building communities and among initiative donors and implementors.https://thegfce.org/wp-content/uploads/2021/11/Integrating-Cybersecurity-into-Digital-Development_compressed.pdf About the speaker: Melissa Hathaway is globally recognized as a thought leader in the fields of cybersecurity and digital risk management and has relationships with thehighest levels of governments and international institutions. She served in two U.S. presidential administrations, spearheading the Cyberspace Policy Review for President Barack Obama and leading the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush. As President of Hathaway Global Strategies, Melissa brings a unique combination of policy and technical expertise, as well as board room experience that allows her to help clients better understand the inter-section of government policy, developing technological and industry trends, and economic drivers that impact acquisition and business development strategies. Ms. Hathaway has a B.A. degree from The American University in Washington, D.C. She has completed graduate studies in international economics and technology transfer policy, and is a graduate of the US Armed Forces Staff College, with a special certificate in Information Operations. She publishes regularly on cybersecurity matters affecting companies and countries; these articles can be found here: https://www.belfercenter.org/person/melissa-hathaway Francesca Spidalieri is a Cybersecurity Consultant for Hathaway Global Strategies and an Adjunct Professor for Cyber Policy at the University of Maryland's School of Public Policy and at Salve Regina University. She is also the co-principal investigator for the Cyber Readiness Index 2.0 project at the Potomac Institute for Policy Studies, and the Senior Fellow for Cyber Leadership at the Pell Center for International Relations and Public Policy. In addition, Francesca serves as a cybersecurity subject-matter expert for the World Bank, the UN International Telecommunications Union, the Global Forum on Cyber Expertise, the EU CyberNet, and other research institutes in Europe and the U.S. Her academic research and publications have focused on cyber leadership development, cyber risk management, digital transformation, and national cyber preparedness and resilience. Francesca holds an M.A. in International Affairs and Security Studies from The Fletcher School at Tufts University, a B.A. in Political Science and International Relations from the University of Milan, and has completed additional cybersecurity coursework at the U.S. Naval War College's Center for Cyber Conflict Studies. She lectures regularly at cyber-related events in the U.S. and Europe and contributes to journal articles and other publications on cyber policy matters affecting countries and organizations worldwide.

Kacper Gradon, Future Trends in Cyber Crime and Hybrid Warfare

Wed, 1 Dec 2021 16:30:00 EST

"Do Criminals Dream of Electric Sheep?" Such issue is no longer a domain of futurologists and science-fiction writers, but a serious question asked by the EUROPOL alarmed by how emerging Information Technologies shape the future of crime and law-enforcement. Apart from its obviously positive effects, the technology also impacts and affects the way criminal offenders, terrorists and rogue governments operate at the stages of know-how gathering, planning, preparation and execution of their attacks. The progress in the development of IT and its accessibility is so unprecedentedly high, that– in order not to lag behind – the law-enforcement and intelligence communities need to research and analyze the further and potential advances (and design the potential preventive measures) promptly. The presentation addresses the problem of a lack of forecasting/analytical approach to the study of an impact of emerging and disruptive technologies on the criminal, terrorist and information warfare landscape. The author aims to deliver the most up-to-date analysis of the threats to come, together with a set of plausible solutions on how to deter and mitigate the risk. The presentation will characterize the dangers posed by the potential abuse of Information Technologies by the criminal/terrorist/state actors. The author will deliver an analysis articulating the key factors implicated in events related to the technology abuse, across all stages of the event. The presentation will cover such areas as e.g.: 1) abuse of the open source information for planning, preparation & execution of the attack; 2) hazards associated with the abuse of wearable devices; 3) use of mobile technologies to profile, select and groom potential activists or extremists or to enable human trafficking and sexual exploitation of children; 4) attacks on Internet of Things networks for targeting specific individual/entity or to create mass-level disruption incl. attacks on critical national infrastructure; 5)hijacking of autonomous vehicles; 6) use of drones (aerial, ground operating, hydroid) for surveillance, as weapons, for drugs delivery, as burglary bots, as tools to disrupt civil aviation or military systems; 7) attacks on IP-enabled medical devices; 8) the use of (semi)autonomous robots; 9) the use of the Artificial Intelligence, machine-learning, deep-learning and reinforcement learning techniques for various criminal/terrorist objectives; 10) abuse of blockchain technologies and crypto-currencies (financing of terrorism, money laundering, bribery, financing of illegal activities, extortion/ransomware); 11)abuse of 3D printing technologies; 12) risk associated with Quantum Computing and 5G telecom networks (increased capabilities of criminal/terrorist/cyber-warfare operations). A special focus will be put on Information Warfare (hybrid and asymmetric threats), where disinformation, misinformation and propaganda are used by nation states in a general scheme of malign foreign influence to disrupt the situation abroad. About the speaker: ]Dr. hab. Kacper Gradon, Ph.D. is the Visiting Fulbright Professor at University of Colorado Boulder and the University College London Honorary Senior Research Fellow at UCL Department of Security and Crime Science. His research expertise includes Future Crimes, cyber crime,criminal analysis and counter-terrorism. His current research is focused on designing the methods for preventing and combating disinformation, misinformation and malign foreign influence. He's a member of the World Health Organization (WHO) working group on infodemiology and the WHO-trained Infodemics Manager. His research interests include the application of Open Source Intelligence and digital & Internet forensics and analysis to forecasting and combating criminal and terrorist acts. He has over 20 years of experience of consultancy and cooperation with Police and Intelligence services in Poland, UK, US and Canada. Graduate of the London Metropolitan Police Specialist Operations Training of Hostage Negotiations, the NCFTA/FBI Dark Web Investigations and the IALEIA Open Source Intelligence courses. Lectured and held visiting professorship positions in the UK, USA, Canada, India, Australia and New Zealand. Participated in over 200 academic and Police conferences and events worldwide. He was the UoW Primary Investigator in the 2014-2017 European Commission FP7 project PRIME (Preventing, Interdicting and Mitigating Extremist Events) dealing with lone-actor extremism and terrorism. He can be reached at k.gradon@ucl.ac.uk and kacper.gradon@colorado.edu

Lesley Carhart, You Are The Future of Industrial Cybersecurity

Wed, 17 Nov 2021 16:30:00 EST

Securing industrial networks has never been more crucial, but it's not as simple as just patching legacy computers or installing commercial tools. Responding to cybersecurity incidents in critical infrastructure environments poses unique challenges and requires a very unusual set of skills. This lecture will cover key terminology, operational differences, and technology differences between industrial and enterprise environments. Attendees will leave with an essential understanding of the challenges in the space and the skills they will need to develop to make a difference. About the speaker: Lesley Carhart is a Principal Industrial Incident Responder at the industrial cybersecurity company Dragos, Inc. She has spent more than a decade of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. She is recognized as a subject matter expert in the field of cybersecurity incident response and digital forensics.

Helen Patton, Navigating the Cybersecurity Profession: Essential Elements for a Satisfying Career

Wed, 3 Nov 2021 16:30:00 EDT

Having a satisfying cybersecurity career can feel elusive, even for a seasoned cybersecurity professional. In this session, we'll talk about things that all security professionals, of all levels and backgrounds, need to know and do, in order to achieve professional success. We will cover:The importance of networking, and how to leverage them to achieve your career goalsContinuous learning - when, how, and when is it too much?Self-awareness, and why this is the basis for everything you doManaging yourself vs. managing others - when to be a single contributor and when to run a teamHandling Security Stress - why does it happen, and what can be done about itLeaving a legacy, what to do if you want to be remembered for more than the immediate job About the speaker: Helen Patton is an Advisory CISO at Cisco, where she shares security strategies with the security community. Previously she spent eight years as the CISO at The Ohio State University where she was awarded the 2018 ISE North American Academic/Public Sector Executive of the Year. Before joining Ohio State she spent ten years in risk and resiliency at JPMorganChase.Helen actively encourages collaboration across and within industries, to enable better information security and privacy practices. She believes in improving diversity and inclusion in the workforce, and mentors people interested in pursuing careers in security, privacy and risk management. She advocates for more naps, less Sun Tzu, and is anti-bagpipes.Helen has a Master's degree in Public Policy and has earned various industry certifications. She serves on the State of Ohio CyberOhio Advisory Board, the Manufacturing and Digital USA Cybersecurity Advisory Board, and the Ohio State University College of Electrical and Computer Engineering Industry Advisory Board. She is a faculty member for the Digital Director's Network, and the Educause Leadership Institute.

Jeremiah Blocki, Password Strength Signaling: A Counter-Intuitive Defense Against Password Cracking

Wed, 27 Oct 2021 16:30:00 EDT

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password cracking attacks. An offline attacker can quickly check millions (or sometimes billions/trillions) of password guesses by comparing their hash value with the stolen hash from a breached authentication server. The attacker is limited only by the resources he is willing to invest. Our key idea is to have the authentication server store a (noisy) signal about the strength of each user password for an offline attacker to find. Surprisingly, we show that the noise distribution for the signal can often be tuned so that a rational (profit-maximizing) attacker will crack fewer passwords. The signaling scheme exploits the fact that password cracking is not a zero-sum game i.e., the attacker's profit is given by the value of the cracked passwords minus the total guessing cost. Thus, a well-defined signaling strategy will encourage the attacker to reduce his guessing costs by cracking fewer passwords. We use an evolutionary algorithm to compute the optimal signaling scheme for the defender. As a proof-of-concept, we evaluate our mechanism on several password datasets and show that it can reduce the total number of cracked passwords by up to 12% (resp. 5%) of all users in defending against offline (resp. online) attacks. Joint work with Wenjie Bai and Ben Harsha About the speaker: I am an Assistant Professor in Computer Science at Purdue University. Broadly, my research interests include cryptography, data privacy and security. I like to describe myself as a theoretical computer scientist who is interested in applying fundamental ideas from computer science to address practical problems in usable privacy and security. I am especially interested in developing usable and secure authentication protocols for humans. Are there easy ways for humans to create and remember multiple strong passwords? Can we design secure cryptographic protocols that are so simple that can be run by a human? Prior to joining Purdue I completed my PhD on Usable Human Authentication at Carnegie Mellon University where I was fortunate to be advised by Manuel Blum and Anupam Datta. I also spent a year at Microsoft Research New England as a postdoc.

Amit Yoran, Symposium Closing Keynote

Wed, 20 Oct 2021 16:30:00 EDT

About the speaker: Amit Yoran is Chairman and Chief Executive Officer of Tenable, overseeing the company's strategic vision and direction. As the threat landscape expands, Amit is leading Tenable into a new era of security solutions, empowering organizations to meet the challenges of evolving threats with innovative technologies and a vision of transformative vulnerability management. Prior to joining Tenable, Amit was President of RSA, one of the most successful security companies in the world, where he led their growth and strategy since 2014. Amit came to RSA through the acquisition of his high-growth company, NetWitness, where he was founder and CEO for the market-leading network forensic product provider. Previously, he served as Founding Director of the United States Computer Emergency Readiness Team (US-CERT) program in the U.S. Department of Homeland Security. Amit also founded Riptech in Virginia, one of the first managed security service providers (MSSP) and which was acquired by Symantec in 2002. Amit currently serves as a board member and adviser to several security startups. Amit is an esteemed influencer and leader in the security industry. He is often sought out as a keynote speaker or media spokesperson. His unique blend of public service and private enterprise experience informs his insights, thought leadership, and engaging presentations.

Jordan Mauriello, Understanding Attackers and Motivations

Wed, 13 Oct 2021 16:30:00 EDT

Understanding the evolution of attacker motivations, and the impact to managing risk in enterprise environments is a key to successfully building cyber security programs in today's IT enterprise. Over the last decade both attacks, and attacker motivations have evolved dramatically. From Hacktivism to Nation State Actors, from Identity Theft Rings to Ransomware-as-a-Service, the motivations, timing, determination, and discipline of attackers has changed dramatically. This presentation will discuss this evolution from early cyber espionage and hacktivism to evolving nation state threats and how motivations drive behavior and risk decision making in enterprise cyber security programs. About the speaker: Jordan Mauriello is a Cyber Security Executive leader currently serving as the Chief Security Officer at Critical Start leading the Managed Detection and Response Business, as well as serving on Critical Start's Board of Directors. With a diverse background ranging from penetration testing and malware reverse engineering to physical security, executive protection and training, Jordan possesses a unique understanding of the impact of information security. His deep technical expertise includes over two decades of experience in Security Operations, Cyber Threat Intelligence and Detection Engineering with a heavy focus on Malware Research and Reverse Engineering.Jordan is a proud U.S. Navy veteran who deployed as a part of Operation Iraqi Freedom, Enduring Freedom, and Joint Task Force Liberia. Additionally he spent time as a communications security and cyber advisor working for the Department of Defense and deployed to the middle east again in support of ongoing operations. After his time in the military and government Jordan moved to the commercial enterprise helping to build and mature Experian's Global Security Operations Center. Since then Jordan has served as CTO at Advanced Threat Analytics, and CSO at Critical Start building an industry leading global Managed Service offering focused on Threat Detection and Response capabilities for enterprise customers.

Yoon Auh, NUTS: The Beta Demo

Wed, 6 Oct 2021 16:30:00 EDT

Beyond End-to-End Encryption (BE2EE) technology can protect your data in-transit and at-rest in a consistent way: NUTS may help define this new category. Last year, we presented the technology of NUTS (https://ceri.as/nuts2020). This year, we demonstrate NUTS in action with our Beta version. See secure objects move around in cyberspace without a central reference monitor in a transport agnostic way. The demo will show practical use cases that NUTS enables. The global pandemic drastically altered our way of life and Work-From-Home presents technical challenges that reveal the structural weaknesses of our largest systems. Adversarial threats are now more common place and large outages are frequent. We believe NUTS shows a new path towards a more resilient operating environment for our data. We strongly recommend viewing last year's presentation (https://ceri.as/nuts2020)to better understand the background and approach of the tech.Joining us for this session will be COL (Ret) Robert Banks, USA, PhD. who served as Deputy Director, Current Operations of U.S. Cyber Command with his insights and comments on this technology. Dr. Banks retired from the U.S. Army after a distinguished 37-yearcareer. His previous services include Chief of Operations of the Army Global Network Operation & Security Center, Command of the largest Army Helicopter Battalion of 64 Chinooks covering 8 states, and providing significant contributions at the Joint Staff Cyberspace Division, National Counterintelligence Security Center, Army Defense Industrial Base, Asymmetric Warfare Office - Electronic Warfare, National Guard Bureau, and Co-Chaired the Smart Grid Interoperability Panel, while supporting the Tri-County Electric Cooperative. He holds numerous advanced degrees including a PhD in Information Technology from George Mason University specializing in Hybrid Security Risk Assessment Models. Additionally, he holds the following certifications: CISSP, PSDGP, ITILv3, AWS-CCP, AZURE-AI. About the speaker: Yoon Auh, CISSP, is the founder and CEO of NUTS Technologies Inc., a midwestern deep infrastructure technology startup. He holds multiple US patents around structured security, structured cryptography and secure data management. His firm is breaking new grounds in applying security at the data layer in a portable form to achieve full BE2EE. He graduated from Columbia College in NYC with a BA in Physics and a BS in Engineering Mechanics from Columbia School of Engineering. Yoon's prior career was in finance and technology culminating to a successful career as Head Trader for several world class financial firms. NUTS was created to fill the gaps in technology that don't get addressed in the way it ought to be.

Jennifer Bayuk, The History of Cybersecurity Metrics

Wed, 29 Sep 2021 16:30:00 EDT

This talk covers the state of the Art and Practice in Cybersecurity Metrics. The history ranges from the 1970s through the present. Topics include, but are not limited to: Control Objectives, the Orange Book, the Common Criteria, Systems Security Engineering Capability Maturity Model, Common Vulnerability Enumeration, National Vulnerability Database, NIST Pubs such as the Performance Measurement Guide for Information Security, Threat Intelligence Protocols, Exemplar studies such as the Verizon Data Breach Incident Report, Industry Best Practice and Regulatory Assessments, Security Incident and Event Management, Security Analytics, Security Scorecards. About the speaker: Jennifer L. Bayuk,Ph.D., is an Independent Cybersecurity Consultant. She also teaches Cybersecurity Risk Management in multiple academic and professional forums and serves as a Private Cybersecurity Investigator and Expert Witness. She has previously been a Wall Street Chief Information Security Officer, a Global Financial Services Cybersecurity Risk Management Officer, a Global Financial Services Technology Risk Management Officer, a Big 4 Information Risk Management Auditor/Consultant,a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering. In all of these positions, governance using security metrics has been a core component of her job function. Her numerous books, articles, and presentations cover a wide variety of topics in Cybersecurity Management and Engineering. She earned a Ph.D. in Systems Engineering with a dissertation on security metrics: Security as a Theoretical Attribute Construct and is frequently a member of the Metricon program committee(securitymetrics.org)

Paula deWitte, The Need for Legal Education within a Cybersecurity Curriculum

Wed, 22 Sep 2021 16:30:00 EDT

Anecdotally, most cybersecurity curricula is based on the technical aspects of protecting, defending, and responding to cyber attacks. While these courses establish a solid foundation in the technical aspects of cybersecurity, what is often missing is establishing a foundation in cybersecurity law. Every individual who puts their hands on a keyboard operates within an uncertain ethical and legal framework. What we do not need is the type of education to produce more lawyers, but rather the type of education to produce more legal-savvy technical workers. Today's tech workers are exposed to more personal information as well as intellectual property – both targets in cyber attacks. They are expected to protect critical infrastructure and design with security "built in." Yet, we do a poor job teaching the legal requirements as well as limitations imposed by law on building in privacy protections.For the past four years, the speaker has taught Cybersecurity Law & Policy to several hundred computer science and engineering students as well as those from business, architecture, technology management, and government policy. I began this course by conducting a data analytics exercise on the NIST NICE Framework to determine what work roles require legal training. The results were quite surprising as even very technical roles such as Threat Analysis and System Architecture require knowledge of laws, policies,and ethics as they relate to cybersecurity and privacy as well as knowledge of investigations. The feedback from graduating students who take on cybersecurity roles is that they are uniquely qualified to understand the necessity of compliance within their respective roles. This presentation will discuss the basis for legal education as well as a roadmap for how to incorporate such legal education within a cybersecurity curriculum to build the workforce necessary for the current cybersecurity environment. About the speaker: Paula S. deWitte, J.D., Ph.D,. P.E., is an Associate Professor of Practice in the Computer Science and Engineering Department at Texas A&M University, College Station and the Maritime Business Administration Department at Texas A&M University, Galveston where she is building the maritime cybersecurity program. As well, she is an Adjunct Professor of Law at the Texas A&M University Law School, Fort Worth. She is a licensed attorney (Texas) and a registered patent attorney (USPTO). She holds a Bachelors and Masters from Purdue University where in 2015 she was honored as the Distinguished Alumna in the Department of Mathematics, School of Science. She obtained her Ph.D. in Computer Science from Texas A&M University (1989) and a law degree from St. Mary's University (2008). She holds a patent on drilling fluids optimization [US Patent US 8812236 B1]. She teaches Cybersecurity Law, Cybersecurity Risk, and Marine Insurance Law. Her research interests are in those areas as well as in building resilient systems especially in the supply chain.

Aaron Shafer, Securing SaaS, a Practitioner's Guide

Wed, 15 Sep 2021 16:30:00 EDT

In this session we will talk about applying appropriate security controls to Software as a Service (SaaS) offerings. While it may seem like the SaaS vendors have most of the responsibility for securing these platforms, there are still a number of threats that customers need to worry about themselves. During the session we will walk through various types of SaaS solutions, including a few new surprising categories, and will then talk about the nuances of the Shared Responsibility Model (SRM). We will dive into how to assess the threats to our data, users, and connected systems related to the deployment of SaaS solutions by taking a Threat Modeling approach to the problem. Once we've compiled our list of risks we will then talk through practical counter measures that can be implemented to mitigate or reduce risk. The session will then wrap up with a discussion of some existing security tooling that can be considered to further strengthen the defenses around these SaaS solutions today. About the speaker: Aaron is Vice President & Information Security Officer for NBCUniversal's Direct-to-Consumer business unit which includes Fandango, Vudu and the company's new streaming service Peacock.Aaron has over 20 years of extensive experience in software engineering, architecture, design, network and application security. He has spent the past 12 years in various Cyber Security roles where he has led projects in industries including media, defense, energy, and financial services. He has a bachelor of science from Monmouth University where he studied Computer Science and a Masters in Software Engineering from Penn State.

Jeremy Rasmussen, The Changing Cybersecurity Threatscape

Wed, 25 Aug 2021 16:30:00 EDT

During the height of the pandemic, it's estimated that digital transformation advanced by as much as seven years, opening the door for hybrid and remote working solutions to thrive. But, the increase in remote work also revealed new threats to devices and applications. In this session, we will discuss:• The post-COVID world and "Zero Trust"• Trusted software becoming less trustworthy• The surprising ways ransomware launches• Identifying Web/SSL VPN vulnerabilities in firewalls• Application of AI and ML in cybersecurity• Countermeasures used to combat these issues About the speaker: Jeremy Rasmussen is a Cybersecurity Expert (Military, Defense, and Private Sector) with 24+ years of experience in developing secure communications systems and providing cybersecurity consulting services throughout the world. Jeremy graduated from college with a Bachelor of Science degree in Computer Science, and holds a Master's Degree in Engineering Management, both from the University of South Florida. Jeremy is also a certified CISSP and White-Hat Ethical Hacker.

Nasir Memon, AI, Computational Imaging and the Battle for Media Integrity

Wed, 28 Jul 2021 13:30:00 EDT

Rapid progress in machine learning, computer vision and graphics leads to successive democratization of media manipulation capabilities. While convincing photo and video manipulation used to require substantial time and skill, modern editors bring (semi-) automated tools that can be used by everyone. Some of the most recent examples include manipulation of human faces, e.g., by their replacement or semantic manipulation (expression, age, etc.). At the same time, dissemination of fake news and misinformation campaigns are picking up speed which challenges trust in the society. Our media distribution platforms lack content integrity features as they were designed and optimized for the quality of (human) experience with strict bandwidth / storage constraints. Such an approach fails to recognize an increasing role of automated analysis by machine learning models, e.g, strong lossy compression applied to media assets removes imperceptible statistical traces indicative of content manipulation and is often referred to as media "laundering" process. In this talk, we explore end-to-end optimization of photo acquisition and distribution pipelines for media authentication. We show that feedback from forensic analysis can be used to optimize upstream components like the camera ISP or lossy compression codecs to support media authentication on the receiving end. Modern machine learning tools allow us to discover new approaches to the problem with surprising connections to other fields like information hiding, computational photography, lossy compression and machine learning security. To enable this line of work, we are currently developing a Tensorflow-based open source toolbox for modeling and optimization of various imaging applications (https://github.com/pkorus/neural-imaging). About the speaker: Nasir Memon is a professor in the Departmentof Computer Science and Engineering at NYU Tandon. He is an affiliatefaculty at the computer science department in the Courant Institute ofMathematical Sciences at NYU. He introduced cyber security studiesto New York University Tandon School of Engineering ands is a founding directorof the Center for Cyber Security, New York University,and the Center for Cyber Security at New York University AbuDhabi. He is the founder of OSIRIS and CSAW, the worlds largest student run cybersecurity event. As the Associate Dean for Online Learning, helaunched the Bridge to Tandon program thatprovides pathways to Non-STEM students to Computer Science and Cyber Security Cyber Fellows program thatprovides a highly affordable, industry partnered online MS in cybersecurity to domestic students and the MS in Cyber Risk and Strategy in collaborationwith NYU Law. He has published more than 300 papers andreceived several best paper awards and awards for excellence in teaching. Hehas been on the editorial boards of several journals, and was theEditor-In-Chief of the IEEE Transactions on Information Security and Forensics.He is an IEEE, IAPR and SPIE Fellow for his contributions to image compressionand media security and forensics. His research interests include digitalforensics, biometrics, data compression, network security and security andhuman behavior.

David Dill, A Formal Verifier for the Diem Blockchain Move Language

Wed, 21 Jul 2021 13:30:00 EDT

The Diem blockchain, which was initiated in 2018 by Facebook, includes a novel programming language called Move for implementingsmart contracts. The correctness of Move programs is especially important because the blockchain will host large amounts of assets, those assets are managed by smart contracts, and because there is a history of large losses on other blockchains because of bugs in smart contracts. The Move language is designed to be as safe as we can make it, and it is accompanied by a formal specification and automatic verification tool, called the Move Prover. A project to specify and formally verify as many important properties of the Move standard library is now well underway. This talk will be about the goals of the project and the most interesting insights we've had as of the time of the presentation. The entire blockchain implementation, including the Move language, virtual machine, the Move Prover, and near-final various Move modules are available on http://github.com/libra About the speaker: David L. Dill is a Lead Researcher at Facebook, working on the Libra blockchain project. He is also Donald E. Knuth Professor, Emeritus, in the School of Engineering at Stanford University. He was on the faculty in the Department of Computer Science at Stanford from 1987 until going emeritus in 2017. Prof. Dill's research interests include formal verification of software, hardware, and protocols, with a focus on automated techniques, as well as voting technology and computational biology. For his research contributions, he has received a CAV award and Alonzo Church award. He is an IEEE Fellow, an ACM Fellow and a member of the National Academy of Engineering and the American Academy of Arts and Sciences. He also received an EFF Pioneer Award for his work in voting technology and is the founder of VerifiedVoting.org, an organization that champions trustworthy elections.

Dave Henthorn, Educating the Next Generation on the Challenges of Securing Critical Infrastructure

Wed, 14 Jul 2021 13:30:00 EDT

Cyberattacks on critical infrastructure such as power plants, dams, and chemical facilities are increasing in both intensity and sophistication, with attackers actively exploiting the cultural divide between the engineers who design and run these facilities and the cybersecurity people who protect them. At Rose-Hulman, we are building a multidisciplinary Critical Infrastructure Laboratory to bring these groups together with the goal of educating the next generation on the difficulties of designing and securing facilities vital to our national and economic security. About the speaker: Dr. David Henthorn is an expert in biomaterials, biosensors, and polymers in medical application. His research focuses on 3D printing of biomaterials, and he is working with two fellow faculty members on a project to develop an electronic badge system to document student professional development. Dr. Henthorn also does research in the modernization of industrial control systems, including the major push to enhance the cybersecurity of our critical infrastructure

Winn Schwartau, Security is Probabilistic, Not Deterministic: Get Over It

Wed, 7 Jul 2021 13:30:00 EDT

Since the inception of computer/data/cyber/network securitysome fifty years ago, one recurring question has beset our industry: "How do wesecure it?" By its very nature, that question has propagated as a harmful meme,by implying that a binary deterministic answer is available, or even possible. This talk examines security through a non-deterministiclens, applying probabilistic and analogue functions to discover new approachesto defending anthro-cyber-kinetic systems. About the speaker: Winn has lived Cyber Security since 1983, and now says, "I think, maybe, I'm just starting to understand it." His predictions about the internet & security have been scarily spot on. He coined the term "Electronic Pearl Harbor" while testifying before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. He was named the "Civilian Architect of Information Warfare," by Admiral Tyrrell of the British MoD. His new book, "Analogue Network Security" is a mathematical, time-based and probabilistic approach to justifiable security. His goal is to provide a first set of tools and methods to "fix security and the internet", including fake news, spam, phishing, DDoS and more. It will twist your mind.

Neil Daswani, Big Breaches: Cybersecurity Lessons For Everyone

Wed, 30 Jun 2021 13:30:00 EDT

This talk covers the key lessons learned and root causes from the biggest mega-breaches and the 9,000+ reported breaches over the past 15 years. By analyzing the histories, stories, and deep dives of breaches such as those at Target, JPMorganChase, OPM, Yahoo, Equifax, Facebook, Marriott, Capital One, and the SolarWinds hack, I will also lay the groundwork for a roadmap to recovery based on the root causes. About the speaker: Dr. Neil Daswani is Co-Director of the Stanford Advanced Security Certification program and is President of Daswani Enterprises, his security consulting and training firm. He has served in a variety of research, development, teaching, and executive management roles at Symantec, LifeLock, Twitter, Dasient, Google, Stanford University, NTT DoCoMo USA Labs, Yodlee, and Telcordia Technologies (formerly Bellcore). At Symantec, he was Chief Information Security Officer (CISO) for the Consumer Business Unit, and at LifeLock he was the company-wide CISO. Neil is also a co-author of two books Big Breaches: Cybersecurity Lessons for Everyone (Apress ISBN 978-1484266540) and Foundations of Security: What Every Programmer Needs to Know (Apress ISBN 978-1590597842). Neil's DNA is deeply rooted in security research and development, he has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen US patents. He frequently gives talks at industry and academic conferences, and has been quoted by publications such as The New York Times, USA Today, and CSO Magazine. He earned PhD and MS degrees in computer science at Stanford University, and he holds a BS in computer science with honors with distinction from Columbia University.

Laura Thomas, National Security Implications of Quantum Technology

Wed, 23 Jun 2021 13:30:00 EDT

Quantum technology will be transformational. When applied, quantum has the power to dramatically improve our society, as well as cause major disruptions on the national security and economic security fronts. This presentation will provide an overview of the fundamentals of quantum technology, to include the three major branches of quantum technology development: quantum computing, quantum sensing, and quantum networking. We will discuss use cases for each and explore where the technology stands today, its commercialization and hardware engineering challenges, and potential pathways for a quantum future. About the speaker: Laura Thomas is the Senior Director of National Security Solutions at ColdQuanta, a quantum sensing and computing company. She is a former U.S. Central Intelligence Agency (CIA) case officer and Chief of Base who led sensitive programs at CIA Headquarters and abroad in multiple, international assignments. She is a subject matter expert on the intersection of emerging technology and national security. She has served over 15 years in national security and leadership roles, working extensively across the U.S. intelligence community, National Security Council, U.S. Department of State, U.S. Department of Defense, U.S. Congress, and with foreign partners.

Ida Ngambeki, Understanding the Human Hacker

Wed, 16 Jun 2021 13:30:00 EDT

Social Engineering is employed in 97% of cybersecurity attacks. This makes social engineering penetration testing an important aspect of cybersecurity. Social engineering penetration testing is a specialized area requiring skills and abilities substantially different from other types of penetration testing. Training for social engineering penetration testing as well as understanding what skills, abilities, and personalities make for good social engineers is not well developed. This mixed methods study uses surveys and interviews conducted with social engineering pen testers to examine their pathways into the field, what personality traits contribute to success, what skills and abilities are necessary and what challenges these professionals commonly face. The results are used to make recommendations for training. About the speaker: Dr. Ida Ngambeki is an Assistant Professor of Computer and Information Technology at Purdue University. She is the Executive Director of the Purdue Cybersecurity Education Training Network and Resources and Director of the Cybersecure Behavior Lab. Dr. Ngambeki graduated from Smith College with a B.S. in Engineering and from Purdue University with a PhD in Engineering Education. Dr. Ngambeki's key areas of research interest include: cybersecure behavior, social engineering, cybersecurity education, cybersecurity policy, and cybersecurity workforce development. Dr. Ngambeki's current research projects include: developing of curriculum guidance documents and a hub and spoke infrastructure for Industrial Control Systems Security, developing a self-directed learning platform for secure programming, developing a cybersecurity apprenticeship program, and developing an AI based humor integrated social engineering training tool. Dr. Ngambeki has developed courses in Social Engineering, Cyber Law and Cyber Ethics.

Neil Gong, Secure Federated Learning

Wed, 9 Jun 2021 13:30:00 EDT

Federated learning is an emerging machine learning paradigm to enable many clients (e.g., smartphones, IoT devices, and edge devices) to collaboratively learn a model, with help of a server, without sharing their raw local data. Due to its communication efficiency and potential promise of protecting private or proprietary user data, and in light of emerging privacy regulations such as GDPR, federated learning has become a central playground for innovation. However, due to its distributed nature, federated learning is vulnerable to malicious clients. In this talk, we will discuss local model poisoning attacks to federated learning, in which malicious clients send carefully crafted local models or their updates to the server to corrupt the global model. Moreover, we will discuss our work on building federated learning methods that are secure against a bounded number of malicious clients. About the speaker: Neil Gong is an Assistant Professor in the Department of Electrical and Computer Engineering and Department of Computer Science (secondary appointment) at Duke University. He is broadly interested in cybersecurity with a recent focus on the intersections between security, privacy, and machine learning. He received a B.E. from the University of Science and Technology of China (USTC) in 2010 and a Ph.D in Computer Science from the University of California at Berkeley in 2015. He has received an NSF CAREER Award, an Army Research Office (ARO) Young Investigator Award, Rising Star Award from the Association of Chinese Scholars in Computing, an IBM Faculty Award, and multiple best paper or best paper honorable mention awards.

Leigh Metcalf, The Gauntlet of Cybersecurity Research

Wed, 2 Jun 2021 13:30:00 EDT

Good research has scientific principles driving it. Analysts begin research with a goal in mind and at the same time, they need their research to have a solid foundation. This talk will cover common goals in cybersecurity research and also discuss common pitfalls that can undermine the results of the research. The talk will include many examples illustrating the principles. About the speaker: Leigh Metcalf has 30 years of experience in STEM where she is an expert in not just one, but two completely different fields, Mathematics and Cybersecurity. In Mathematics, she has a PhD specializing in Algebraic Topology. She also spent many years working at technology companies, including startups, at established businesses, and now, she uses all that she learned at those companies to work for a Federally Funded Research and Development Center located at Carnegie Mellon University as a researcher in Cybersecurity. She the primary author of a book (Cybersecurity and Applied Mathematics, Elsevier), the co-author on a second book in preparation on Science and Cybersecurity. Leigh is also the co-Editor-in-Chief of a new academic journal (ACM Digital Threats: Research and Practice, https://dtrap.acm.org).

Gary McGraw, Security Engineering for Machine Learning

Wed, 26 May 2021 13:30:00 EDT

Machine Learning appears to have made impressive progress on many tasks including image classification, machine translation, autonomous vehicle control, playing complex games including chess, Go, and Atari video games, and more. This has led to much breathless popular press coverage of Artificial Intelligence, and has elevated deep learning to an almost magical status in the eyes of the public. ML, especially of the deep learning sort, is not magic, however. ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. In my view, this is not necessarily a good thing. I am concerned with the systematic risk invoked by adopting ML in a haphazard fashion. Our research at the Berryville Institute of Machine Learning (BIIML) is focused on understanding and categorizing security engineering risks introduced by ML at the design level. Though the idea of addressing security risk in ML is not a new one, most previous work has focused on either particular attacks against running ML systems (a kind of dynamic analysis) or on operational security issues surrounding ML. This talk focuses on the results of an architectural risk analysis (sometimes called a threat model) of ML systems in general. A list of the top five (of 78 known) ML security risks will be presented. About the speaker: Gary McGraw is co-founder of the Berryville Institute of Machine Learning. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications. Gary serves on the Advisory Boards of Code DX, Maxmyinterest, Runsafe Security, and Secure Code Warrior. He has also served as a Board member of Cigital and Codiscope (acquired by Synopsys) and as Advisor to Black Duck (acquired by Synopsys), Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). Gary produced the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine for thirteen years. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the Luddy School of Informatics, Computing, and Engineering.

Steven Furnell, Cybersecurity Skills – Easy to say, harder to recognise?

Wed, 28 Apr 2021 16:30:00 EDT

There is no doubt that cybersecurity has risen up the agenda in terms of visibility and importance. Everybody wants it. But do they really know what they want? What does cybersecurity include, and to what extent do qualifications and certifications that claim to cover it actually do so? This talk examines what cybersecurity means in terms of the contributing topics, and in particular how these topics can end up looking substantially different depending upon what source we use as our reference point. The discussion then proceeds to examine how this has knock-on impacts in terms of the qualifications and certifications that may be held by our current and future workforce. All are labelled as ‘cybersecurity', but to what extent are they covering it, and how can those that need support tell the difference? About the speaker: Steven Furnell is a professor of cyber security at the University of Nottingham in the United Kingdom. He is also an Adjunct Professor with Edith Cowan University in Western Australia and an Honorary Professor with Nelson Mandela University in South Africa. His research interests include usability of security and privacy, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 330 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society and Computer Insecurity: Risking the System. Prof. Furnell is the current Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a member of related working groups on security management, security education, and human aspects of security. He is the editor-in-chief of Information and Computer Security, as well as an associate editor for various other journals including Computers & Security and The Computer Journal. His activities also include extensive contributions to international conferences in the security field, including keynote talks, event chairing, and programme committee memberships. In terms of professional affiliations, Prof. Furnell is a senior member of the IEEE and the ACM, and a fellow of BCS, the Chartered Institute for IT. He is also a Fellow and board member of the Chartered Institute of Information Security and chairs the academic partnership committee.

Ira Winkler, You Can Stop Stupid: Human Security Engineering

Wed, 21 Apr 2021 16:30:00 EDT

While users are responsible for initiating 90%+ of losses, it is not their fault. The entire system is what enables the losses, and the entire system must be designed to prevent them. Drawing lessons from safety science, counterterrorism, and accounting, this presentation details how to expect and stop user initiated loss. About the speaker: Ira Winkler, CISSP, is the President of Secure Mentem and Author of the forthcoming books You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world's most influential security professionals and was named "The Awareness Crusader" by CSO magazine in receiving their CSO COMPASS Award.

Yimin Chen, Delving into differential privacy and anomaly detection: a meta-learning perspective

Wed, 14 Apr 2021 16:30:00 EDT

In this talk, we explore security and privacy related to meta-learning, a learning paradigm aiming to learn 'cross-task' knowledge instead of 'single-task' knowledge. For privacy perspective, we conjecture that meta-learning plays an important role in future federated learning and look into federated meta-learning systems with differential privacy design for task privacy protection. For security perspective, we explore anomaly detection for machine learning models. Particularly, we explore poisoning attacks on machine learning models in which poisoning training samples are the anomaly. Inspired from that poisoning samples degrade trained models through overfitting, we exploit meta-training to counteract overfitting, thus enhancing model robustness. About the speaker: Yimin Chen is now a postdoctoral researcher in Computer Science department in Virginia Tech. Currently his research mainly focuses on differential privacy, anomaly detection, adversarial example, and private learning. Before he worked on security and privacy of mobile computing systems for his PhD study. He obtained a PhD degree from Arizona State University in 2018, a MPhil degree from Chinese University of Hong Kong in 2013, and a BS degree from Peking University in 2010.

Tawei (David) Wang, The Invisible Risks: An Empirical Analysis on Data Sharing Activities and Systemic Risk among the Data Brokers

Wed, 7 Apr 2021 16:30:00 EDT

Data brokers are the major players in the market of collecting, selling, and sharing online user information. Although their practices have raised tremendous privacy concerns, their data collection and sharing activities are still under the veil. The growth of adverse cybersecurity incidents toward the data brokers has led the regulators, including California and Vermont, to require the data brokers to register and disclose their activities. This paper analyzes the leaked information on the dark web to analyze the data sharing and collection activities among the data brokers. In specific, we cluster the data brokers based on their data collection activities given by their product description to quantify the activity proximity. Next, we empirically examine how activity proximity leads to co-occurrence on the leaked information in the dark web. We further discuss the deterrence effect of the data broker registration on information leakage. Our study contributes to cybersecurity assurance and risk assessment literature by unveiling the shadowy data-collecting and data-sharing market. About the speaker: Tawei (David) Wang is currently an Associate Professor and Driehaus Fellow at DePaul University. He received his Ph.D. from Krannert Graduate School of Management, Purdue University in 2009. His research interests are information security management and IT management. His papers have appeared in several leading journals, including Information Systems Research, Decision Support Systems, European Journal of Information Systems, Information and Management, Information Systems Journal, Journal of Accounting and Public Policy, Journal of Banking and Finance, Journal of Information Systems, among others. His articles have been downloaded more than 40,000 times through Science Direct. He was a speaker at events hosted by the Institute of Internal Auditors and Institute of Management Accountants, and a panelist in a cyber risk workshop hosted by the Federal Reserve Bank Charlotte. He was selected to be the KPMG James Marwick Professor in Residence in 2018.

Frederick Scholl, Cybercrime: A Proposed Solution

Wed, 31 Mar 2021 16:30:00 EDT

Modern cybercrimes are responsible for $400B dollars of losses on an annual basis. Headlines appear regularly announcing major breaches. Yet few people and businesses understand what happened in such incidents and how to avoid being a victim themselves. The security industry does provide analyses of breach statistics, but effective preventative measures can be lost in the numbers. Virtually all breaches result from technology failure combined with people failure.This presentation will look at actual recent cybercrimes in order to document what happened and what could have prevented that incident. Who carried out the breach? What did they do? What was taken? How could it have been stopped? What was the story behind the breach? Attack types include ransomware, business email compromise, intellectual property theft and breach of Personally Identifiable Information. By being more familiar with current successful threats and breaches you will:· Be able to avoid high risk activities, if possible· Be able to be better prepared to stop such an attack against you or your organization· Be able to optimize security spending and resources for actual attack patternsThis presentation is designed for both security professionals and business professionals who want to better secure their assets and processes against the increasing number of cyber criminals. About the speaker: Frederick W.Scholl is an accomplished global information security risk manager with a unique record of accomplishment in business and technology. He is one of the few people in the cybersecurity industry with business experience from start-up to board member, and security experience from practitioner to manager. He is now Cybersecurity Program Manager and Associate Teaching Professor at Quinnipiac University. He started the online Cybersecurity Master's degree program there in 2018. Dr. Scholl earned a BS and Ph.D. in Electrical Engineering from Cornell University. He completed an Internet Law Program from Harvard and holds CISM, CISSP, ITIL and CHP security certifications. He is listed in 2020 "Who's Who in America".

Jack Daniel, The Shoulders of InfoSec

Wed, 24 Mar 2021 16:30:00 EDT

The nature of cybersecurity and modern life is such that we feel pressured to run just to keep up, this leaves us no time to look back and reflect on how we got where we are as an industry and field of study, nor to learn about the people who led the way.In this presentation we will dig into the stories of some of the people who were foundational in the field we know call cybersecurity, some well-known, others obscure. About the speaker: Jack Daniel is the Community Advocate for Tenable, is a co-founder of Security BSides, a community builder, storyteller, technologist, historian, mentor, and security professional. He has over 20 years' experience in network and system administration and security, and has worked in a variety of practitioner and management positions. Jack is a technology community activist, a podcaster, and a frequent speaker at technology and security events.

Santiago Torres-Arias, Practical software Supply Chain Security and Transparency

Wed, 17 Mar 2021 16:30:00 EDT

The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe. About the speaker: Dr. Torres-Arias' current research focuses on securing the software development life-cycle. Previously, his research focused on secure password storage mechanisms and update systems. He is the team lead of in-toto, a framework to secure the software development life-cycle, as well as PolyPasswordHasher, a password storage mechanism that's incredibly resilient to offline password cracking. He also contributes to The Update Framework (TUF), which is the software update system being integrated on a variety of projects like Docker, CPAN, and others.

Greg Akers, SDN/NFV in the ICS, SCADA and Manufacturing World as a Cyber Security Tool

Wed, 10 Mar 2021 16:30:00 EST

A discussion about where we are in the commercial SDN/NFV world today and where we are headed. What are the next generation threats beyond where we are today and how software definability may be a asset in the defender's toolkit. Also looking at the intersection point between SDN/NFV and AI/ML. How this changes the defense calculus and alters the attack surface. What capabilities we need to develop in the practitioner, consumer and defender worlds. About the speaker: Greg Akers was the Senior Vice President & CTO of Advanced Security Research & Government and Chief Technology Officer within the Security & Trust Organization (STO) group at Cisco. With more than two decades of executive experience, Akers brought a wide range of technical and security knowledge to this role. A major focus of his group was to expand security awareness and launch product resiliency initiatives throughout Cisco's development organization to deliver high-quality and secure products to customers. He also served as executive sponsor of the Cisco Disability Awareness Network.Akers joined Cisco in 1993. He held a variety of technical, managerial and executive roles at Cisco. These have included networking engineer,Vice President for the Worldwide Technical Assistance Center, Senior Vice President-CTO Services and Senior Vice President-Global Governments Solutions Group. He also holds the CCIE certification. In addition, Akers is an Internet security and critical infrastructure protection advisor to Cisco customers and to the U.S. government. He regularly advises and directs activities relative to technology and security matters of domestic and international importance. Akers has also advised the U.S. Department of Defense and the federal intelligence community for more than fifteen years. Before joining Cisco, Akers' career included more than 15 years of designing, building, and running large networks for Fortune 100 companies. He has held senior technical and leadership roles at Fechheimer Brothers, a holding of Berkshire Hathaway, and Procter and Gamble. Akers holds a bachelor of science degree in chemical engineering from the University of Akron.

Randall Brooks, Cyber Supply Chain Risk Management (SCRM) and its impact on information and Operational Technology (IT/OT)

Wed, 3 Mar 2021 16:30:00 EST

In a growing interdependent market place,it is nearly impossible to develop every part or component in house. Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality. Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget. Cyber aspects focus on the trustworthiness of the product that was delivered. Those vendor that they themselves are procuring products, such as test systems,subtractive or additive manufacturing, are now concerned that the products they are producing are affected by Cyber Supply Chain Risk Management (C-SCRM). About the speaker: Mr. Randall Brooks is a Principal Engineering Fellow for Raytheon Technologies (NYSE: RTX). He is the Director of the Raytheon Cyber Center of Excellence. Brooks represents the company within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1) and the Cloud Security Alliance (CSA). He has more than20 years of experience in Cybersecurity with a recognized expertise in software assurance (SwA) and secure development life cycles (SDLCs). In addition to holding eight patents, Mr.Brooks is a CISSP, CSSLP, ISSEP, ISSAP, ISSMP, and CCSK. He graduated from Purdue University with a Bachelor's of Science from the School of Computer Science.

Caroline Wong, Security Industry Context

Wed, 24 Feb 2021 16:30:00 EST

Join Caroline Wong, Cobalt.io's head of Security and People, for a unique perspective on the role of humans in cybersecurity. About the speaker: Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong's close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager and day-to-day leadership roles at eBay and Zynga. She teaches cybersecurity courses on LinkedIn Learning and is a member of the Forbes Technology Council. Wong was named 2019 Cyber Educator of the Year in the 6th Annual Cyberjutsu Awards. She authored the popular textbook Security Metrics: A Beginner's Guide, published by McGraw-Hill. Wong graduated from U.C. Berkeley with a BS in electrical engineering and computer sciences and holds a certificate in finance and accounting from Stanford University Graduate School of Business.

Cory Doctorow, Technology, Self-Determination, and the Future of the Future

Wed, 17 Feb 2021 16:30:00 EST

Self-determination is the key to human thriving; it's also the enemy of both dictatorships and monopolies. It's no coincidence that commercial imperatives of tech monopolies create the infrastructure for political oppression. The public-private-partnership from hell looks like this: companies install surveillance and other system of control to extract higher rents from their customers and ward off competitors. Then states seize that surveillance and control apparatus to gain and consolidate power.That's the bad news. The good news is that it means that those of us fighting dictatorships have natural allegiances with those fighting monopolies -- and vice versa. About the speaker: Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN'T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina's School of Library and Information Science and co-founded the UK Open Rights Group.Born in Toronto, Canada, he now lives in Los Angeles.Photo source: https://en.wikipedia.org/wiki/Cory_Doctorow#/media/File:Cory_Doctorow_portrait_by_Jonathan_Worth_2.jpg" by Jonathan Worth

Levi Lloyd, Securing the Software Supply Chain

Wed, 10 Feb 2021 16:30:00 EST

In December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system. The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain. At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in their environments. In this presentation, I will describe this effort, talk about some of our tools, and discuss ways to mitigate future supply chain attacks. About the speaker: Levi Lloyd is a cybersecurity researcher at Lawrence Livermore National Laboratory where he works in the Cyber and Infrastructure Resilience program. His interests include software assurance, binary analysis and reverse engineering, malware analysis, and network traffic analysis and defense. He has been involved in the creation of several frameworks aimed at doing cybersecurity analyses at scale.

Steve Lipner, Lessons Learned – Fifty Years of Mistakes in Cybersecurity

Wed, 3 Feb 2021 16:30:00 EST

Over fifty years, I've led a lot of security projects that I thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were some common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off. About the speaker: Steve Lipner is the executive director of SAFECode, a nonprofit focused on software assurance. He was the creator of theWindows Security Push and the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Steve has more than a half century of experience in computer and network security as a researcher, engineer, and development manager, He is chair of the United States Government's Information Security and Privacy Advisory Board, and a member of the National Academy of Engineering and the National Cybersecurity Hall of Fame.

Scott Shackelford, The Internet of Things: What Everyone Needs to Know

Wed, 27 Jan 2021 16:30:00 EST

The Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 25 billion in coming years. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should go about regulating smart devices, and still less about how cybersecurity should be enhanced. Similarly, now that everything from refrigerators to stock exchanges can be connected to a ubiquitous Internet, how can we better safeguard privacy across networks and borders? This talk will explore these issues by pulling from the recently published book, ‘The Internet of Things: What Everyone Needs to Know.' Our discussion will also be couched by the findings of a recent report for the Indiana Executive Council on Cybersecurity entitled, ‘State of Hoosier Cybersecurity 2020.' About the speaker: Professor Scott J. Shackelford serves on the faculty of Indiana University where he is Cybersecurity Program Chair along with being the Executive Director of the Ostrom Workshop. He is also an Affiliated Scholar at both the Harvard Kennedy School's Belfer Center for Science and International Affairs and Stanford's Center for Internet and Society, as well as a Senior Fellow at the Center for Applied Cybersecurity Research, and a Term Member at the Council on Foreign Relations. Professor Shackelford has written more than 100 articles, book chapters, essays, and op-eds for diverse publications. Similarly, Professor Shackelford's research has been covered by an array of outlets, including Politico, NPR, CNN, Forbes, Time, the Washington Post, and the LA Times. He is also the author of The Internet of Things: What Everyone Needs to Know (Oxford University Press, 2020), Governing New Frontiers in the Information Age: Toward Cyber Peace (Cambridge University Press, 2020), and Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace (Cambridge University Press, 2014). Both Professor Shackelford's academic work and teaching have been recognized with numerous awards, including a Harvard University Research Fellowship, a Stanford University Hoover Institution National Fellowship, a Notre Dame Institute for Advanced Study Distinguished Fellowship, the 2014 Indiana University Outstanding Junior Faculty Award, and the 2015 Elinor Ostrom Award.

Adwait Nadkarni, Building Practical Security Systems for the Post-App Smart Home

Wed, 20 Jan 2021 16:30:00 EST

Modern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or apps. Thus, for the last decade, designing security systems to analyze apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well into the smart home, with researchers developing systems inspired by lessons from Android security to inspect IoT apps developed for popular platforms such as SmartThings. However, emerging characteristics of smart home ecosystems indicate that IoTapps may not represent automation in real homes, and may even be unavailable in the near future. That is, while API misuse by third-party developers is an important problem, the approach of analyzing/instrumenting IoT apps may not offer an effective or sustainable solution.In this talk, I will describe the challenges for research in the backdrop of the unsuitability of IoTapps for practical security analysis, and motivate three alternate research directions. First, I will describe the need to develop an alternative artifact for security analysis that is representative of automation usage in the wild. To this end, I will introduce Helion, a system that uses statistical language modeling to generate natural home automation scenarios, i.e., realistic event sequences that are closely aligned with the real home automation usage in end-user homes,which can be used for security or safety analysis. Second, I will illustrate the need to improve the security of mobile companion apps, which often form the weakest link in smart home deployments, and the important position of security analysis/compliance tools in ensuring the development of secure companion apps. To this end, I will present the mSE framework, which automatically and rigorously evaluates static program analysis-based security systems using mutation testing. Our work on mSE (and its successor, MASC) culminated in the discovery of critical security flaws in popular tools such as FlowDroid, CryptoGuard, Argus, and Coverity that affect the reliability and soundness of their analysis. Finally, I will conclude the talk by describing our current efforts to build system-level defenses into IoT platforms that are agnostic to IoTapps, i.e., independent of their visibility or mutability, thereby potentially providing a lasting solution to API misuse by third-party developers. About the speaker: Adwait Nadkarni is an Assistant Professor in the Department of Computer Science, and director of the Secure Platforms Lab (SPL) at William & Mary. Prof. Nadkarni's primary research domain is security and privacy, with a focus on emerging platforms, and the areas of operating systems and software security. Prior to joining William & Mary, Prof. Nadkarni earned his Bachelor of Engineering (BE) in Computer Engineering from the University of Mumbai in July 2011, followed by his Ph.D. and M.S. in Computer Science from the Computer Science Department at the North Carolina State University in May 2017 and December 2012respectively, both with Dr. William Enck. At NC State, Prof. Nadkarni was a founding member of the Wolfpack Security and Privacy Research (WSPR) Lab, and served as its Lead Graduate Student until May 2017.

Lorrie Cranor, Security and Privacy for Humans

Wed, 9 Dec 2020 16:30:00 EST

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the lessons learned from the past 20 years of usable privacy and security research, and explore where the field might be headed. About the speaker: Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint. She has authored over 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, and the Aspen Institute Cybersecurity Group. In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three teenagers.

Kimberly Ferguson-Walter, Maximizing Cyber Deception to Improve Security: An Empirical Analysis

Wed, 2 Dec 2020 16:30:00 EST

The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques that leverage the defender's "home field advantage". We designed the Tularosa Study to understand how defensive deception, both cyber and psychological, affects cyber attackers. Over 130 professional red teamers participated in a network penetration test over two days in which both the presence of and explicit mention of deceptive defensive techniques were controlled. To our knowledge, this represents the largest study of its kind ever conducted on a skilled red team population. The design was conducted with a battery of questionnaires (e.g., experience, personality, etc.) and cognitive tasks (e.g., fluid intelligence, working memory, etc.), allowing for the characterization of a "typical" red teamer, as well as physiological measures (e.g., galvanic skin response, heart rate, etc.) to be correlated with the cyber events. Preliminary results support a new finding that the combination of the presence of deception and the true information that deception is present has the greatest effect on cyber attackers, when compared to a control condition in which no deception was used.Special PanelImmediately following Dr. Ferguson-Walter's seminar, join CERIAS for a unique opportunity to hear six professionals from NSA -- including two Purdue alumni -- who will share their careers and experiences as cybersecurity researchers and practitioners. The panelists will describe opportunities for students and graduates, and answer questions from the audience about their work and life at NSA.[Note: Only US citizens are able to work at the NSA.]Topic: What is it like to work at the National Security Agency (NSA)Register in advance for this webinar:https://purdue-edu.zoom.us/webinar/register/WN_mRCKeiU9TbqNJNxcogddsAAfter registering, you will receive a confirmation email containing information about joining the webinar.Eric Bryant is currently serving as a Director of Cybersecurity Operations in the NSA/CSS Cybersecurity Operations Center (NCSOC). In this capacity, he is responsible for leading a diverse team working around the clock to prevent and eradicate cybersecurity threats to the nation. He also serves as NSA's Academic Liaison to Purdue University, where he graduated with a degree in computer science and is an alumni of CERIAS. Dr. Josiah Dykstra is a Technical Fellow and Senior Executive in the Cybersecurity Collaboration Center of the National Security Agency. He holds a Ph.D. in computer science and previously served at NSA as a cyber operator and researcher. Dr. Dykstra is interested in cybersecurity science and how humans intersect with technology. He is the author of numerous peer-reviewed research papers and one book.Dr. Kimberly Ferguson-Walter is a Senior Research Scientist with NSA's Laboratory for Advanced Cybersecurity Research where her research focuses on the intersection of computer security, artificial intelligence, and human behavior. She has been focused on adaptive cybersecurity at the NSA for the past ten years and is the lead for the Research Directorate's deception for cyber-defense effort. She has a Ph.D. in computer science and is currently on joint-duty assignment to the Naval Information Warfare Center Pacific to perform collaborative research and facilitate strategic alignment and technology transfers.Natalie Janiszewski is a Higher Education Outreach Advocate with NSA's office of Academic Engagement. Natalie brings over 25 years of educational experience to her role at NSA. She is responsible for maintaining strong relationships with academic institutions to influence curriculum and encourage activities in NSA's mission-critical areas: science, technology. engineering, math, intelligence analysis, language and cybersecurity. Natalie taught classes in a graduate program for educational technology. Her passion lies in designing environments that facilitate durable, actionable learning for students. Joel Klasa graduated from Purdue in May 2020 with a degree in computer science and participated in the NSA co-op program throughout his time at Purdue. Upon graduation, he was hired into a development program at the agency and has a current focus of machine learning and artificial intelligence in cybersecurity.Dr. Celeste Lyn Paul is a senior researcher and technical leader at the National Security Agency. Her work has focused on a broad range of topics including emerging technologies, human factors in security, and more recently, securing cyberspace in outer space.5:30pm EDT: About the speaker: Dr Kimberly Ferguson-Walter is a Senior Research Scientist for the Laboratory for Advanced Cybersecurity Research. She earned a BS in Information and Computer Science from the University of California Irvine, cum laude, with a specialization in artificial intelligence and her MS and PhD in Computer Science from the University of Massachusetts Amherst. Her research interests are focused on the intersection of computer security, artificial intelligence, and human behavior. She has been focused on adaptive cybersecurity for the past ten years and is the lead for the Research Directorate's deception for cyber-defense effort. Her research background also includes reinforcement learning, transfer learning, representation learning, and intelligent tutoring systems. She is currently on joint-duty assignment to the Naval Information Warfare Center Pacific to perform collaborative research and facilitate strategic alignment and technology transfers. She has organized multiple international workshops on cyber deception, autonomous cyber operations, and cognitive security. Dr Ferguson-Walter is a founding member of the Cybersecurity Technical Group of the Human Factors and Ergonomics Society (HFES) and co-chairs a mini-track at the Hawaiian International Conference on System Science (HICSS) on Cyber Deception and Cyber Psychology for Defense.

Sivaram Ramanathan, Improving the Accuracy of Blocklists by Aggregation and Address Reuse Detection

Wed, 18 Nov 2020 16:30:00 EST

IP address blocklists are a useful source of information about repeat attackers. Such information can be used to prioritize which traffic to divert for deeper inspection (e.g., repeat offender traffic), or which traffic to serve first (e.g., traffic from sources that are not blocklisted). But blocklists also suffer from overspecialization -- each list is geared towards a specific purpose -- and they may be inaccurate due to misclassification or stale information. We propose BLAG, a system that evaluates and aggregates multiple blocklists feeds, producing a more useful, accurate and timely master blocklist, tailored to the specific customer network. BLAG uses a sample of the legitimate sources of the customer network's inbound traffic to evaluate the accuracy of each blocklist over regions of address space. It then leverages recommendation systems to select the most accurate information to aggregate into its master blocklist. Finally, BLAG identifies portions of the master blocklist that can be expanded into larger address regions (e.g. /24 prefixes) to uncover more malicious addresses with minimum collateral damage. Our evaluation of blocklists of various attack types and three ground-truth datasets shows that BLAG achieves high specificity up to 99%, improves recall by up to 114 times compared to competing approaches, and detects attacks up to 13.7 days faster, which makes it a promising approach for blocklist generation. Although performance of blocklists can be improved, they need to be used carefully. Blocklists can potentially lead to unjust blocking to legitimate users due to IP address reuse, where more users could be blocked than intended. IP addresses can be reused either at the same time (Network Address Translation) or over time (dynamic addressing). We present two new techniques to identify reused addresses. We built a crawler using the BitTorrent Distributed Hash Table to detect NATed addresses and use the RIPE Atlas measurement logs to detect dynamically allocated address spaces. We then analyze 151 publicly available IPv4 blocklists to show the implications of reused addresses and find that 53--60% of blocklists contain reused addresses having about 30.6K--45.1K listings of reused addresses. We also find that reused addresses can potentially affect as many as 78 legitimate users for as many as 44 days. About the speaker: Sivaram is a fifth-year Ph.D. student at the University of Southern California. His research focuses on developing systems to improve internet security and providing better measurements in the network.

Abhilasha Bhargav-Spantzel, Fearless Computing

Wed, 11 Nov 2020 16:30:00 EST

"Wouldn't it be great if we could download anything, explore anything and build anything without the annoying feeling that you are going to get hacked?" This was a question from my kids, who are currently in elementary school. Have you experienced similar questions from kids and adults alike? Computing is becoming such an integral part of our lives, wouldn't it be great to use compute resources fully for all aspects of our lives. This includes work, education, healthcare and finance; be creative and innovate without the constant fear of backlash? This is what we mean by fearless computing: where we investigate how the very design of compute has security and privacy features built into the design of the platform. We will also explore how through education and awareness we can help nurture the freedom of thought and innovation to not only protect ourselves but create a cyber talent that builds the next generation systems and solutions. Join us for a discussion on the technology and solutions that helps us work towards our vision for fearless computing. About the speaker: Abhilasha Bhargav-Spantzel is a Principal Engineer at Intel, focusing on hardware-based security product architecture. She has 15+ years of experience in security and privacy. She completed her doctorate from Purdue University, which focused on identity and privacy protection using cryptography and biometrics. Abhilasha drives thought leadership and the future evolution of cybersecurity platforms through innovation, architecture, and education. She has given numerous talks at conferences and universities as part of distinguished lecture series and workshops. She has written 5 book chapters and 30+ ACM and IEEE articles and has 25+ patents. Abhilasha leads multiple D&I and actively drives the retention and development of women in technology. She is passionate about STEM K-12 cybersecurity education initiatives, as well as co-organizes regular camps and workshops for the same.

Kelley Misata, Results from the Field: Cybersecurity in Nonprofits and Why it Matters

Wed, 4 Nov 2020 16:30:00 EST

The last time you gave to a favorite charity, did you think about their cybersecurity? Do you sit on the board of a nonprofit? Are nonprofits using your cybersecurity solutions? The "wild" of the Internet and continually evolving threat landscape force nonprofits to defend themselves against intrusion and cyber-attacks. Breaking down the myths and assumptions about nonprofits' cybersecurity, this session spotlights approaches and exciting results from local nonprofit organizations of all sizes. Join us with your favorite nonprofit in mind and walk away with new information about this overlook business sector and why it matters. About the speaker: Dr. Kelley Misata is a cyber and information security executive with 15+ years of experience in strategic initiatives, business development, community and customer growth, marketing, and communications. Today, Dr. Misata is the Founder and CEO of Sightline Security, a security start-up missioned to helping underserved enterprises and community sectors. She is also the President and Executive Director of The Open Information Security Foundation (OISF), a nonprofit organization that owns and manages the open-source network security technology, Suricata. Her leadership experience with both Sightline and OISF, combined with her past role as Communications Director at The Tor Project, allows Dr. Misata to use her expertise in bringing complex cyber and information security principles to a wide array of business sectors and audiences. A business-minded researcher with a groundbreaking dissertation in nonprofits' information security, she continually draws on current trends and conversations in information security and privacy to create strategies that intersect people, process, and technology. Dr. Misata holds a Ph.D. in Information Security from Purdue University, a Masters Degree in Business Administration and Marketing from Bentley University, and a Bachelor of Science in Marketing from Westfield University.

Yoon Auh, NUTS: eNcrypted Userdata Transit & Storage; Viewing Data as an Endpoint™ (DaaE) using Structured Cryptography

Wed, 28 Oct 2020 16:30:00 EDT

Can objects be truly secured independently without resorting to a massive central reference monitor? It's a great question and we will discuss a solution to it called NUTS. During this talk, we'll take data structures, message protocols and applied cryptography and toss them into the cauldron of reality, sprinkle in some DNA and data management to brew up some Security at the Data Perimeter towards crafting Data as the Endpoint. It sounds like a bad witch's brew of epic proportions but once we cast the spell, you will see the integration of many CS/CISSP concepts you've learned over the years and new ways to use it. Our goal is to make sure that the private individual has the best applied cryptographic technologies at their disposal for free in an unobtrusive way. By the way, a nut is the only secure data structure we know of that can help mitigate insider threats in a purely cryptographic way independent of reference monitors. We'll also show you how the NUTS Ecosystem can provide Alice with a ransom-ware resistant ‘hot' system at home using just 2 computers. About the speaker: Yoon Auh, CISSP, is the founder and CEO of NUTS Technologies® Inc., a midwestern cybersecurity startup. He holds multiple US patents around structured security and structured cryptography. His firm is breaking new grounds in applying structured security and cryptography at the data layer. He graduated from Columbia College in NYC with a BA in Physics and a BS in Engineering Mechanics from Columbia School of Engineering. Yoon's prior career was in finance and technology culminating to a successful career as Head Trader for several world class financial firms. A little NUTS history; Tired of poor personal data protection tools and even worse data management methods for the average Joe, Yoon created the eNcrypted Userdata Transit & Storage (NUTS) ecosystem which relies on viewing Data as the Endpoint™. To this end, a secure cryptographic data structure was created called a nut which is a complex structured cryptographic data structure featuring built-in multi-layered, multi-model pure cryptographic access controls requiring no reference monitors (if you understood this sentence, you are in for a real treat) - essentially, a nut allows the security perimeter to be brought down to the data layer so that it can travel with it.

Jeff Man, Why Attack When You Can Defend

Wed, 21 Oct 2020 16:30:00 EDT

MITRE ATT&CK® seems to be the"next big thing". Every time I hear about it I can't help but wonder, "how doyou prevent all these attacks in the first place? Shouldn't that be the endgame?" To that end, I set out to map all the recommended "Mitigations" for allthe "Techniques" detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing andhopefully generate a discussion about what to do with the results. About the speaker: Respected Information Security advocate, advisor, evangelist, international speaker, keynoter, host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers, TOH Red Team, TOHSecurity Leaders, TOH Blue Team, and currently serving in a Consulting/Advisory role for Online Business Systems. Nearly 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified NSA Cryptanalyst. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty-five years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.

Courtney Falk, The Pod People Campaign: Driving User Traffic via Social Networks

Wed, 14 Oct 2020 16:30:00 EDT

Users of social networks are having their accounts subverted. Threat actors are gaining unauthorized access to large numbers of accounts and inserting links to suspicious websites. Shared command-and-control infrastructure is used across 70+ different social networks, suggesting a coordinated campaign to drive user traffic. The actors behind this campaign, and the end goal for driving user traffic, remains uncertain. The campaign remains active with changing indicators. The fact that this campaign spans so many different social networks makes determining the scope of the overall problem difficult. Using Goodreads as an example, we detail how the attack is constructed. About the speaker: Dr. Courtney Falk is an information security professional with over fifteen years of experience in the government, academic, and public sectors. He earned his doctorate of philosophy from Purdue University in the interdisciplinary information security program. When Courtney is not building systems as a principal software engineer, he enjoys painting miniature figures and playing war games.

Michael Clark, From Machine Learning Threats to Machine Learning Protection Requirements

Wed, 7 Oct 2020 16:30:00 EDT

Researchers from academia and industry have identifiedinteresting threat vectors against machine learning systems. These threatsexploit intrinsic vulnerabilities in the system, or vulnerabilities that arisenaturally from how the system works rather than being the result of a specificimplementation flaw. In this talk, I present recent results in threats tomachine learning systems from academia and industry, including some of our ownresearch at Riverside Research. Knowing about these threats is only half thebattle, however. We must determine how to transition both the understandinggained by developing attacks and specific defenses into practice to ensure thesecurity of fielded systems. In this talk I leverage my experience working onstandards committees to present an approach for leveraging machine learningprotection requirements on systems that use machine learning. About the speaker: Dr. Mike Clark is a computer scientist at Riverside Researchand currently leads their Trusted and Resilient Systems research group. Heconducts research in the areas of security of distributed and cyber-physicalsystems, cryptographic secure computation, and security and privacy issues ofmachine learning and artificial intelligence. Dr. Clark also co-leads thecybersecurity subcommittee for the Sensor Open Systems Architecture (SOSA™)consortium, where he is developing security requirements and standards forsensor systems of the future.

, Global Challenges in Security and Privacy Policy: elections, pandemics, and biometric technologies

Wed, 30 Sep 2020 16:30:00 EDT

CERIAS 2020 Annual Security Symposium Virtual Event https://ceri.as/sympClosing Keynote Panel Discussion - "Global Challenges in Security and Privacy Policy:elections, pandemics, and biometric technologies"Panelists:- Michel Beaudouin-Lafon, Vice Chair, ACM Technology Policy Council; Member, ACM Europe Council, Professor of Computer Science, Université Paris-Sud- James Hendler, Chair, US Technology Policy Committee, Professor of Computer, Web and Cognitive Sciences, Rensselaer Polytechnic Institute- Barbara Simons, Past President, ACM and ACM 2019 Policy Award Winner, Board of Advisors, US Election Assistance Commission, Chair, Board of Directors, Verified VotingModerated by: Lorraine Kisselburgh, Chair, ACM Technology Policy Council, AdvisoryBoard and 2018 Resident Scholar, Electronic Privacy Information Center, Purdue University About the speaker: Lorraine Kisselburgh is the inaugural Chair of ACM's new global Technology Policy Council, where she oversees technology policy engagement in the US, Europe, and other global regions. At Purdue University, she is a fellow in the Center for Educationand Research in Information Security (CERIAS), lecturer in the Discovery Park Center for Entrepreneurship, andformer professor of media, technology, and society. Her research focuses on thesocial implications of emerging technologies, including privacy, ethics, and collaboration;social interaction in technological contexts; and gender and leadership in STEMcareers. She has been funded by the National Science Foundation and theDepartment of Homeland Security, and with colleagues developed platforms forvirtual creative collaboration, and a framework to enhance ethical reasoningskills of STEM researchers (recognized by the National Academy of Engineering).In 2018 she was the Scholar-in-Residence at the Electronic Privacy InformationCenter (EPIC) in Washington, D.C., coordinating the development of theUniversity Guidelines for Artificial Intelligence, a framework grounded inhuman rights protection.Sheserved on the ACM Task Force on Code of Ethics and Professional Conduct from2017-2018, and ACM's US Technology Policy Committee (USTPC) from 2006-2019, andis a member of the Advisory Board for the Electronic Privacy InformationCenter. At Purdue she has also beenrecognized as the inaugural Faculty Scholar in the Butler Center forLeadership, CERIAS Faculty Fellow, a Service Learning Faculty Fellow and DiversityFaculty Fellow, and was the recipient of the Violet Haas Award for her effortson behalf of women.

Osman Ismael, TCB: From Assumption to Assurance

Wed, 23 Sep 2020 16:30:00 EDT

The TCB has been very precisely defined since 1979, but in practice its implementation and application in today modern software stack is very blurry. This talk describes a very common application and how to consider its associated TCB, after explosive the problems it will propose an alternative to better release and execute software with unbreakable guarantee. About the speaker: Osman Ismael is CTO and Co-founder of BedRock Systems Inc. Prior to his current role he served 12 years as a founding member and distinguished Engineer at FireEye. Osman helped lead and build projects at Sun Microsystems and Sun Microsystems Labs, where he spent 8+ years as staff engineer and Senior Staff Engineer. He served as a Senior Software Architect at Terraspring, acquired by Sun Microsystems in 2002. Osman has an extensive background in virtualization, cyber security, operating systems, networking and holds over 30 patents in these industries.

Warda Zahid Khan, Authentication: Behind The Scenes When You Click "Check Out"

Wed, 16 Sep 2020 16:30:00 EDT

The payments ecosystem is evolving fast and making sure the cardholder's digital payment experience is frictionless, smooth and secure has never been more important. With approval rates for digital payments at 82% compared to 97% for in-person payments, and globally digital transaction fraud currently four times higher than in-store expected to increase 68% by 2022, intelligence matters more than ever. As more transactions move to the digital world, particularly after COVID-19, on an ever-increasing array of devices, the need to keep up is vital.To help issuers' real-time decisioning, increasing approval quality, improving the cardholder experience and reducing fraud, Mastercard leverages the power of proprietary data, sophisticated modelling and machine learning, combined with Mastercard's global insights and analytics to process thousands of data points and delivers authentication assessment to the cardholder's bank real-time during the payment to help the bank make an informed and robust decision. About the speaker: Warda Khan is Director of Product at Mastercard, working in payments authentication space focusing on Smart Authentication, a machine learning based global service aimed at providing authentication intelligence to banks. She has been at Mastercard for 8 years and worked at the intersection of technology and business gaining experience across launching digital products to creating risk programs that help financial institutions mitigate payments risk. In her free time, Warda likes to spend time with her family, volunteer in the community, read books and, of course, watch Netflix.

Rich Banta, EMP Threat & Protection

Wed, 9 Sep 2020 16:30:00 EDT

Protection against HEMP (High-Altitude Electromagnetic Pulse) and GMD (Geomagnetic Disturbance in a CME/Coronal Mass Ejection context) is a nascent science. Until recently, these have only been the concern of Department of Defense insiders, over-the-top "preppers", and physics aficionados. Due to current events and an increasing reliance of all facets of 1st world civilization upon ICT (Information & Communications Technology), the discussion of EMP and GMD protections is moving into the mainstream. Lifeline Data Centers, LLC is nearing completion of an 84,000 square foot fully EMP & GMD-protected data center & SCIF facility in Ft. Wayne, Indiana. Mr. Banta will discuss the basic physics of HEMP and GMD, the threats posed by both, and the extreme and expensive challenges of mitigating the effects of both in a data center setting. Mr. Banta presents from the perspective of designer/architect, primary financier, constructor, and owner/operator of such a facility. About the speaker: Rich Banta - Rich is co-founder and co-owner of Lifeline Data Centers, LLC since 2001. He holds patents on data center power distribution, data center cooling, and EMP protection. Rich is a contributor to several international standards bodies and to NIST. Rich recently accepted the Chairmanship of the International Data Center Authority® Technical Standards Committee. He is a certified Data Center Authority (DCA)®️. Mr. Banta possesses decades of industry, standardization, and development experience, and is the former Chief Technology Officer of a large hospital system. He is also an ISACA Certified Information Systems Auditor (CISA), ISC Certified Cloud Security Professional (CCSP), and CISSP (Certified Information Systems Security Professional (CISSP). Rich is currently a member of the University of Texas San Antonio DEMSO (Domestic Electromagnetic Spectrum Operations) working group.

Roger Schell, Dramatically Reducing Attack Surface Using Integrity MAC Security Kernel

Wed, 2 Sep 2020 16:30:00 EDT

We face an existential threat of permanent damage to critical physical components in our national infrastructure as a result of their poor resilience against cybersecurity attack. A Programmable Logic Controller (PLC) commonly provides the control system for such components, e.g., bulk power generators. Our proof-of-concept implementation dramatically mitigates threats to such cyber-physical systems (CPS) by specifically leveraging what NIST 800-160 calls "highly assured, kernel-based operating systems in Programmable Logic Controllers".We dramatically reduce the attack surface visible to potential attackers to be ~1% of the total compared to competing approaches. Our demonstration refactors the common CPS architectural approach to data and cooperating processes into hierarchically ordered security domains using the widely available OpenPLC project code base. The GEMSOS security kernel verifiably enforces traditional integrity mandatory access control (MAC) policy on all cross-domain flows. GEMSOS is designed for wide-spread delivery as a Reusable Trusted Device, providing the reference monitor for secure single-board, multi-board, and System-on-a-Chip systems.Only a processing component in the highest integrity domain can directly send/receive control signals, enforcing "safe region" operating constraints to prevent physical damage. This very small attack surface protects the critical physical components, making the overall CPS resilient to skilled adversaries' attacks, even though much larger lower integrity software running in other domains on the same Trusted Device hardware and network infrastructure may be thoroughly compromised. We make available our restructured OpenPLC source to encourage control system manufacturers to deliver verifiable PLC products to, as NIST puts it, "achieve a high degree of system integrity and availability" for control systems. UC Davis is using our demonstration on GEMSOS in their Computer Security Lab, today. About the speaker: Roger R. Schell is internationally recognized for originating several key modern security design and evaluation techniques, and was awarded patents in cryptography, authentication and trusted workstation. His experience includes 20 years in US federal program management (computers), 30 years as a computer industry security product vendor, and 5 years as a graduate cybersecurity engineering faculty member.He is President and a founder of Aesec Corporation, a start-up providing a commercial verifiably secure operating system. Previously Dr. Schell was co-founder and vice president for Gemini Computers, Inc., now an Aesec subsidiary. At Gemini he directed development of their highly secure (what NSA called "Class A1") commercial product, the Gemini Multiprocessing Secure Operating System (GEMSOS). He was also the founding Deputy Director of NSA's National Computer Security Center. He has been referred to as the "father" of the Trusted Computer System Evaluation Criteria (the "Orange Book"). Dr. Schell is a retired USAF Colonel. He received a Ph.D. in Computer Science from the MIT, an M.S.E.E. from Washington State, and a B.S.E.E. from Montana State. The NIST and NSA have recognized Dr. Schell with the National Computer System Security Award. In 2012 he was inducted into the inaugural class of the National Cyber Security Hall of Fame.

Jeremiah Sahlberg, From Compliance in the Classroom to Compliance on the Street, Important Lessons That Every Cybersecurity Professional Must Know

Wed, 26 Aug 2020 16:30:00 EDT

From compliance in the classroom to compliance on the street, important lessons that every cybersecurity professional should know. We'll cover proven approaches for compliance and risk assessment for a variety of industries, and present specific scenarios and strategies for addressing real challenges facing organizations with PCI, HITRUST, FedRAMP, CMMC and Privacy. Below are some of the examples that we will cover. Scope creep (All)Setting deadlines and addressing missing evidence (All)Building out compensating controls (PCI)Conflict of Interest (FedRAMP)Internal Organizational Politics (Risk Assessment)Defensive Interviewees(All)Ethics and Responsible Reporting (All) About the speaker: Jeremiah Sahlberg is the Managing Director--Federal, Third Party Risk at Tevora and has more than 20 years of security experience. Sahlberg is an executive security consultant and advises clients on establishing security programs and compliance management. He holds CISSP, CISM, PCI QSA and HITRUST certifications. Previously, Sahlberg held theSenior Director of Protect Operations at NBC Universal and was the CISO for Tekmark Global Solutions. Sahlberg has presented at Evanta(2019), NCUA-ISAO (2018), NCTA (2017), SINET (2016), New York State Cyber Security Conference (2014 & 2012), and Nevada Digital Government Summit(2010). He guest lectures at NPower and sits on various Boards.

Elena Peterson, Flexible and Adaptive Malware Identification Using Techniques from Biology

Wed, 19 Aug 2020 13:00:00 EDT

Cyber security data in many ways mimics the behavior of organic systems. Individuals or groups compete for limited resources using a variety of strategies, the most effective of which are re-used and refined in later ‘generations'. Traditionally this behavior has made detection of malware very difficult because 1) recognition systems are often built on exact matching to a pattern that can only be ‘learned' after a malicious entity reveals itself and 2) the enormous volume and variation in benign code is an overwhelming source of previously unseen entities that often confound detectors. In addition, the enormous volume of malware artifacts is overwhelming anyone trying to categorize and characterize new additions to the many malware repositories as so much of the processing is done by hand.To turn the tables of complexity on the attackers, we have developed a method for mapping the sequence of behaviors that make up a malicious artifact to strings of text and analyze these strings using modified bioinformatics algorithms. Bioinformatics algorithms optimize the alignment between text strings even in the presence of mismatches, insertions or deletions and do not require an a priori definition of the patterns one is seeking. Nor do they require any type of exact matching. This allows the data itself to suggest meaningful patterns that are conserved between binaries. These patterns can be used to identify zero-day malware and can help to automate the curation and characterization of large quantities of suspected malware. I will talk about our MLSTONES capabilities as an innovative and effective way of detecting and characterizing most types of malware artifacts. I'll also discuss how these capabilities can be used on other types of cyber security data. About the speaker: Elena Peterson --Ms Peterson joined PNNL in 1990 after getting her BS in Computer and Information Sciences from the University of Oregon. She is currently a Senior Cyber Security Researcher in the Computation and Analytics Division. Ms. Peterson has led the research, development, and management of multiple cross-disciplinary, multi-laboratory projects focused in the fundamental sciences and national security sectors. Her work has included research and development of integrated computational environments for bioinformatics, physics, computational chemistry, and cyber security. She is currently the principal investigator for the MLSTONES and mMutant projects, which applies algorithms and tools from the biological sciences to create new and innovative solutions to relevant cyber security problems thus merging two of her main interests.

Shimon Modi, Value of Cyber Threat Intelligence in Modern Security Operations

Wed, 12 Aug 2020 13:00:00 EDT

The last 5 years have seen a marked shift inhow companies view cyber threat intelligence (CTI) as a building block of theirsecurity strategy, but there still is a lot of confusion about how to build aprogram that provides utility. At its core CTI aims to provide informationabout motivations, methods and characteristics of attackers. In today's rapidlyevolving threat landscape having timely access to CTI can be of significantvalue to security analysts. By looking beyond your own four walls organizationscan take faster mitigation action and also reduce their attack surface. AddingCTI to enterprise security programs can be an effective strategy to go from areactive to a proactive response. But the value of CTI is constrained by theability of enterprise security operations to contextualize, manage and actionupon it. This presentation will cover some fundamental CTI concepts, real worldchallenges in operationalizing it, and some easy ways to try it out foryourself. Takeaways for the audience:1. Overview of CTI concepts, frameworks,standards, and how they fit in the enterprise security model.2. Clearer understanding of CTI data modelsand how they integrate with detection, protection and incident responseprocesses. 3. Practical ways to accelerate securityoperations and heighten defenses using CTI. About the speaker: Shimon Modi is a seasonedcloud cybersecurity products and people leader with 10+ years experience andproven record of launching leading edge B2B SaaS solutions. Throughout his career Dr. Modi has worked in technical and leadershiproles on a wide range of cyber security initiatives in industry, government andacademia. Dr. Modi is currently a Principal ProductManager at Elastic focused on building security solutions. Previously he wasHead of Product at TruSTAR Technology where he led PM, Engineering and DataScience teams in building an innovative cyber intelligence management platform.He was also a member of Accenture Technology Labs where he led cybersecurity initiativesfocused on threat intelligence and the Internet of Things. Dr. Modi has also served as a technical experton US National standards and a delegate for the US National Body for ISObiometrics standards. He has authored a book, co-authored several book chaptersand published over 15 technical journal and conference articles. He has alsobeen invited to speak as subject matter expert at IEEE conferences and hackerconferences, including Black Hat & ShmooCon.

Carter Bullard, Network Awareness and Predictive Cyber Analytics

Wed, 29 Jul 2020 13:00:00 EDT

QoSient and a DHS independent SOC have been working together on an innovative pilot program called "Elimination of Unmonitored Space" (EUS) that strives to detect and respond to internal cyber threats through pervasive network sensing and sense-making in an enterprise network. Modeled after the NSA's Integrated Active Cyber Defense (IACD) architecture and the US DoD CENTAUR / Acropolis programs, the effort has developed a strategy for scalable development and deployment of new predictive cyber security analytics.In this presentation, we will present our approach to developing comprehensive network sensing at the endpoint and how centralized / regionalized analytic systems can manage the data and analytics needed to develop operational site-specific predictive analytics. We believe that the shift to remote computing will push the need for awareness and predictive analytics at the endpoint and a new approach for cyber defense. About the speaker: Carter is a recognized expert in cyber security and leader in the development of network security technology and practices for over 35 years. His professional experience includes: 1) research and development in cyber security at US National Laboratories, Federally Funded Research and Development Centers, and the telecommunications industry, 2) managing security products and services development at leading network vendors, FORE Systems, Bay Networks and Nortel, 3) leading network security standards for the ITU, ATM Forum and IETF, and 4) providing cyber security consulting to the NSA, DHS, US DoD, NSF and the FBI. Carter is the inventor of "netflow" and is a recognized Subject Matter Expert in network cyber security, active cyber defense, situational awareness, network measurement and monitoring analytics for cyber security and security control assurance. Carter holds a BS and MS in Pharmacology from The University of Georgia and has held Faculty Research Scientist positions at Carnegie Mellon University, and the Georgia Institute of Technology.

Sam Curry and Alon Kaufman, The Ghost in the Machine: Reconciling AI and Trust in the Connected World

Wed, 22 Jul 2020 13:00:00 EDT

The adoption of advanced data technologies is one of the defining characteristics of the connected world. From ML to AI, we are getting a smarter, more personal world. The dystopic view is that not only Big Brother but many parties can monitor, control and manipulate us. What are the implications for trust? The need for privacy-enforcing technologies is now, not after the ghost is in the machine.What will you learn from attending?· How machine learning & AI play into conversations around trust and privacy· A framework to bring us into the future when it comes to privacy· What each of us can do now to further protect our privacy About the speaker: Sam Curry, Chief Security Officer, is an IT security visionary with over 20 years of IT security industry experience. Sam served as Chief Technology and Security Officer at Arbor Networks, where he was responsible for the development and implementation of Arbor's technology, security and innovation roadmap. Previously, he spent more than seven years at RSA (the Security Division of EMC) in a variety of senior management positions, including Chief Strategy Officer and Chief Technologist and Senior Vice President of Product Management and Product Marketing. Sam has also held senior roles at Microstrategy, Computer Associates, and McAfee. Alon Kaufman, Co-Founder and CEO of Duality Technologies, has 20 years of experience in the hi-tech arena, commercializing data-science technologies, leading industrial research and corporate innovation teams. Prior to founding Duality he served as RSA's global director of Data Science, Research and Innovation. In addition to his leadership experience, he is accomplished in the fields of artificial intelligence, machine learning and how they interplay with security and privacy, with over 30 approved US patents in these fields. He holds a PhD. in Computational Neuroscience and machine learning from the Hebrew University and an MBA from Tel Aviv University.

Joe Weiss, Cyber Security of Control Systems: The Second Coming of the Maginot Line

Wed, 15 Jul 2020 13:00:00 EDT

Q & A: https://www.cerias.purdue.edu/site/blog/post/summary_of_july_15th_2020_purdue_seminar_on_control_system_cyber_security/Critical infrastructures such as electric power, oil/gas, water/wastewater,pipelines, transportation, and manufacturing utilize process control and safetysystems to monitor, control, and assure safe operating conditions. Controlsystems consist of Internet protocol (IP) networks and HMIs to provide operatorinput and big data analytics. These systems have been designed with cybersecurity and authentication. However, what makes control systems unique are thecontrol system devices such process sensors, actuators, drives, power supplies,etc. that have no cyber security or authentication and are a direct threat topersonnel and equipment safety. Control system cyber security impacts are real.There have been more than 1,250 actual control system cyber incidents with morethan 1,500 deaths and more than $70Billion in direct damage. There is a need toget the computer scientists/network engineers that understand networks and thedomain engineers that understand the physical processes to work together orthere is no hope in securing the critical infrastructures. About the speaker: Joseph Weiss is an industry expert on controlsystems and electronic security of control systems, with more than 40 years ofexperience in the energy industry. Mr. Weiss spent more than 14 years at theElectric Power Research Institute (EPRI), the first 5 years managing theNuclear Instrumentation and Diagnostics Program. He was responsible fordeveloping many utility industry security primers and implementationguidelines. He was also the EPRI Exploratory Research lead on instrumentation,controls, and communications. Mr. Weiss serves as a member of numerousorganizations related to control system security. He served as the Task ForceLead for review of information security impacts on IEEE standards. He is also aDirector on ISA's Standards and Practices Board. He has provided oral andwritten testimony to three House subcommittees, one Senate Committee, and aformal statement for the record to another House Committee. He has alsoresponded to numerous Government Accountability Office (GAO) information requestson cyber security and Smart Grid issues. He is also an invited speaker at manyindustry and vendor user group security conferences, has chaired numerous panelsessions on control system security, and is often quoted throughout theindustry. He has published over 80 papers on instrumentation, controls, anddiagnostics including chapters on cyber security for Electric PowerSubstations Engineering and Securing Water and Wastewater Systems.He coauthored Cyber Security Policy Guidebook and authored ProtectingIndustrial Control Systems from Electronic Threats. In February 2016, Mr.Weiss gave the keynote to the National Academy of Science, Engineering, andMedicine on control system cyber security. Mr. Weiss has conducted SCADA,substation, nuclear and fossil plant control system, and water systemsvulnerability and risk assessments and conducted short courses on controlsystem security. He has amassed a database of more than 1,100 actual controlsystem cyber incidents. He was a member of Transportation Safety Board Committeeon Cyber Security for Mass Transit. He was a subject matter expert to theInternational Atomic Energy Agency on nuclear plant control system cybersecurity. He started the annual Industrial Control System (ICS) Cyber Security Conferencein 2002. Mr. Weiss has received numerous industry awards, including the EPRIPresidents Award (2002) and is an ISA Fellow, Managing Director of ISA FossilPlant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation andControl System Security (ISA99), a Ponemon Institute Fellow, and an IEEE SeniorMember. He has been identified as a Smart Grid Pioneer by Smart Grid Today. Heis a Voting Member of the TC65 TAG and a US Expert to TC65 WG10,Security for industrial process measurement and control – network and systemsecurity and IEC TC45A Nuclear Plant Cyber Security. Mr. Weiss was featured inRichard Clarke and RP Eddy's book- Warning – Finding Cassandras to StopCatastrophes. He has patents on instrumentation, control systems,and OT networks. He is a registered professional engineer in the State ofCalifornia, a Certified Information Security Manager (CISM) and Certified inRisk and Information Systems Control (CRISC). Website: www.controlglobal.com/unfetteredBook: Protecting Industrial Control Systemsfrom Electronic Threats

Jim Richberg, Election Security in the Age of COVID-19: Risk Management in the face of a "Perfect Storm"

Wed, 1 Jul 2020 13:00:00 EDT

Digital Transformation has fundamentally affected the conduct of elections since 2000. This webinar shares the perspective of a former senior Federal official who worked to help secure US elections against foreign interference during a 30+ year career in the US Government and who now works as a Chief Information Security Officer for a leading global cyber and network security company. This presentation will provide both background knowledge applicable to a general audience as well as advice and recommendations for government officials and their partners who are charged with carrying out elections. Topics covered in this webinar include:· Identifying key challenges in electoral integrity, especially the importance of public perception and voter confidence.Explore why and how securing elections differs from classic' information security in its complexity and solutions.· Describing the "perfect storm" of colliding factors in the 2020 elections. We faceCOVID-19 related challenges ranging from public health concerns to added complexity and cost—and a pivot to mass mail-in voting is likely to both require process and technology changes and put stress on some of the most fragile parts of the existing election infrastructure. The expected surge of mail-in paper ballots in 2020 doesn't make cybersecurity irrelevant;if anything, it heightens its importance.Dealing with these challenges is a risk management problem; so the webinar will provide recommendations on ‘doing with less' – ranging from which parts of the problem to address first to how to harness the power of IT and leverage partnerships. About the speaker: Jim Richberg's role as a Fortinet CISO leverages his 30+ years' experience leading and driving innovation in cybersecurity, threat intelligence, and cyber strategy & policy for the US Government and international partners.Prior to joining Fortinet, he served as the National Intelligence Manager for Cyber, the senior Federal Executive focused on cyber intelligence within the $80B+/100,000employee US Intelligence Community (IC). He led creation and implementation of cyber strategy for the 17 departments and agencies of the IC, set integrated priorities on cyber threat, and served as Senior Advisor to the Director of National Intelligence (DNI) on cyber issues. He brings a broad enterprise-level approach to cybersecurity honed as a member of the Executive team which created and oversaw implementation of the multi-billion dollar whole-of-government Comprehensive National Cybersecurity Initiative(CNCI) that generated new Government cyber capability and enhanced cybersecurity in the private sector and critical infrastructure.Mr. Richberg's broad operational experience –including his 20 years at CIA-- gives him practical insight into difficult cyber problems ranging from advanced threat capabilities to supply chain integrity and election security. He has extensive experience engaging with audiences ranging from Heads of State and CEO's to analysts and IT staff. He brings a strong focus on strategic problem solving (identify and solve the key problem vs. the most visible one) and on framing complex problems in comprehensible terms that facilitate analysis and formulation of solutions.

Nandi Leslie, Using Machine Learning for Network Intrusion Detection

Wed, 24 Jun 2020 13:00:00 EDT

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies. About the speaker: Dr. Nandi Leslie is an Engineering Fellow at Raytheon Technologies, serving as an Applied Mathematician and Principal Investigator at the U.S. Combat Capabilities Development Command/Army Research Laboratory (ARL)customer, since 2015. She supports the Raytheon Intelligence and Space business area and ARL on research and development projects related to machine learning, and cyber and electromagnetic activities. Dr. Leslie has published over 40papers in journal, conference proceedings, magazines, and government technical reports on machine learning,cybersecurity, network resilience, submarine security, and mathematical biology with over 375 citations. She has given over 30 research talks at national and international conferences in both unclassified and classified settingsBefore joining Raytheon, Dr. Leslie led and contributed to multi-target tracking projects at Systems Planning and Analysis, Inc. from 2007 to 2015. In this role, she served as Program Manager and Senior Operations Research Analyst, and she developed modeling approaches for the U.S. Navy Submarine Security Program, Office of the Secretary of Defense (OSD), and Joint Program Offices, using stochastic processes, to understand various tactical problems in different domains; such as submarine search and detection in oceanographic and atmospheric environmental conditions for the Navy, and damage assessments and remediation of cyber attacks to the Defense Industrial Base for OSD. In addition, she spent two years as a Lecturer and Postdoctoral Researcher at the University of Maryland, College Park in Department of Mathematics from 2005 to 2007. She earned her Ph.D. in Applied and Computational Mathematics from Princeton University in 2005, where her research focused on developing and analyzingspatially-explicit stochastic models of deforestation in forest ecosystems of the Neotropics.

Sami Saydjari, A Principled Approach to Cybersecurity Engineering

Wed, 17 Jun 2020 13:00:00 EDT

Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. ** Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019. About the speaker: Sami is a senior security architect with over three decades of experience in every stage of cybersecurity including software development, deployments, operations, design, systems engineering, national policy, advanced research, and program management. He has been a thought leader at institutions such as the Defense Advanced Research Projects Agency and the National Security Agency. As a consultant, he guides a wide-variety of leadership in the national security community, federal government, and critical infrastructure providers in industry. He teaches Cybersecurity Engineering at Johns Hopkins University.

Corey Maypray, Proactive Endpoint and Network Security Operations. Detecting the Unknown Known

Wed, 29 Apr 2020 16:30:00 EDT

Cyber security resources remain limited. Organizations that attempt to broadly protect their data from all cyber threats tend to inefficiently invest these resources, making them slower to adapt to the changing trends and techniques of cyber threats. – Carnegie Mellon. This talk will discuss some of the basic principles of Cyber threat intelligence, and how proactive collection of information can enable an enterprise to protect its most critical assets. We will then dive into the main focus of this talk, operationalizing data in order to understand cyber criminals motivation and capabilities in order to tailor preventive controls meant to address threats your organization faces. "If you know the enemy and yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun TzuKnow yourself: Learn your environment (people, processes, technology).Know your adversary: Learn your adversaries motivations (motive and targeted data) and capabilities (attack methods, TTP'S and resources).Prioritize protection of your most critical assets and operations. About the speaker: Corey currently acts as an Advisor-Threat Intelligence and Detection for Eli Lilly and Company. In this role he is responsible for developing and maturing Lilly's Information Security Cyber Threat Intelligence program and driving the creation of better threat detection capabilities.Prior to joining Lilly, Corey served twelve years in the Army as an All Source Threat Analyst where he performed a variety of intelligence functions including collection management, threat/intelligence analysis, and operational assignments to support operations abroad. Corey has specialties in threat entity targeting, open source intelligence collection, and intelligence support to counter terrorism, weapons of mass destruction, geo-political tensions, and cyber based threats.

Bruce Coffing, Public Sector Cyber Security 2020: Challenges and Rewards

Wed, 22 Apr 2020 16:30:00 EDT

Work in the public sector differs from that in the private sector in ways that on the one hand present challenges unique to public sector work but also sometimes produce unexpected rewards also unique to public sector work. Mr. Coffing will share some of his experiences gained over the last eighteen months leading cybersecurity for the nation's third largest municipality as well as over the course of a 25+ year career in information technology and cyber security. About the speaker: Bruce Coffing is an information security professional with over twenty-five years industry experience in information technology and cyber security. He is currently the Chief Information Security Officer for the City of Chicago. Prior to joining the City of Chicago, Mr. Coffing held information security positions at Bank of America and at consulting firm Accenture. Mr. Coffing holds the Certified Information Systems Security Professional (CISSP) certification.

Leon Ravenna, Everyone Wants to Help You: Understanding the Issues and Surviving with a Multitude of Regulatory Authorities

Wed, 15 Apr 2020 16:30:00 EDT

As more Personally Identifiable Information is collected, stored or created, the specter of customer privacy issues are looming large. Privacy and Security methodologies are starting to be dictated by those in State houses, Congress and Supra-regional governments. Enterprises need to take a long hard look at the information they are capturing and how they secure it to determine whether the potential value outweighs the potential risk. - How do your current Security and Privacy practices match up against upcoming laws in Europe, US other parts of the world? - Are you prepared to deal with new laws with huge fines? What about Private Right of Action?- Are you anticipating what is coming down the road? Takeaways:- Understand the implications of new laws are as well as your risks- Understand how to comply with upcoming laws- Understand how contracts and data flow will be impacted- Ways to drive your organization to implement- How can this be beneficial for you personally About the speaker: Leon Ravenna, CISO - KAR Auction Services - Leon has over 30 years' experience in Healthcare, Financial Services and Technology companies. He leads Global Security Strategy, Execution, Privacy and Compliance services.Leon is currently CISO of a $2.5B multi-national company in the auto auction and financial services space. Providing Security, Privacy & Compliance expertise for over 15,000 employees. Leon has led nationwide support, Web & CRM development efforts, data center builds, heavy infrastructure for SaaS companies in the medical and financial space.Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST system builds and audits. In addition to holding a PMP. Leon holds a CISSP and PMP and is one of a very small group world-wide to hold 6 major Global Privacy certifications including CIPM, CIPP/ C and CIPP/ E, CIPP/ G, CIPP/ US and FIP.

Elliott Peterson, Mirai - DDoS and the Criminal Ecosystem

Wed, 8 Apr 2020 16:30:00 EDT

In late 2016, the Mirai Botnet launched the largest DDoSattacks ever recorded. Learn about the teams of researchers racing the stop theattacks, and the criminal groups who were competing to launch ever largerattacks. The presenter will discuss roles played by educational institutions aswell as the impact to the IoT landscape. About the speaker: Elliott Peterson is a Special Agent assigned to the FBI'sAnchorage Field Office. A member of Anchorage's Computer Intrusion Squad, he isresponsible for investigating complex botnets, high dollar account takeoverfraud, and Distributed Denial of Service attacks. Prior to joining the FBI,Elliott worked in Higher Education and served as an officer in the UnitedStates Marine Corps. He holds a Bachelor's Degree in Computer Science fromDickinson College and a Master's Degree in Crime Analysis from TiffinUniversity.

Neil Rowe, Empirical Digital Forensics

Wed, 1 Apr 2020 16:30:00 EDT

Empirical digital forensics examines real-world digital storage media to develop theories about it. We have built a library of real-world data from 4000 copies of secondary-storage devices including purchased ones. One project looked at patterns of malware to determine where they were most likely to appear. A recent project examined software versions, including malicious ones, and tried to distinguish normal software evolution from abnormal. Other projects rated the value of files and artifacts using novel criteria to enable focusing of investigations. They then used file and artifact similarities to build models of social networks from the data. About the speaker: Neil C. Rowe is Professor of Computer Science at the U.S. Naval Postgraduate School where he has been since 1983. He has a Ph.D. in Computer Science from Stanford University. His main research interests are in data mining, digital forensics, modeling of deception, and cyberwarfare. He has also worked on text processing, computational geometry, and intelligent tutoring systems.

Nick Sturgeon, Cyber Risk Management 101

Wed, 25 Mar 2020 16:30:00 EDT

How does an organization know which security controls, applications, or programs to implement, when everything is a threat and every system is vulnerable? Looking at cybersecurity through a risk management lens is one way of reducing the noise of the threat environment. This presentation will discuss why having a Cyber Risk Management (CRM) program is a critical piece to an effective cybersecurity program. This presentation discuss the various Cyber Risk Management frameworks, the building blocks of an effective CRM program, regulatory & standards bodies driving cyber-risk management, metrics, CRM life cycle, and finally, how CRM fits into the overall Enterprise Risk Management program. At the end of the presentation the attendees will have the building blocks to start building a Cyber Risk Management program in their organizations. Additionally, this presentation will look at a few case studies through the cyber risk lens and how a CRM program would have aided in identifying those issues and risks. About the speaker: Nick Sturgeon currently serves as a Director of Information Security for IU Health and IU School of Medicine. His responsibilities include supporting the IU School of Medicine cyber risk management program and leading IU Health's Security Research & Red Team. Nick has worked in Information Technology for over 15 years, with 10 years in Cybersecurity, nine years in Law Enforcement, and 10 years in State Government. Nick earned his Bachelor of Science in Management Information Systems from Indiana State in 2003 and a Master of Science in Cyber Forensics from Purdue 2015. Nick has extensive experience in incident response, digital investigations, criminal investigations, digital media recovery, criminal law, data governance, end point protection, network & log analysis, vulnerability management, security operations, incident management, project management, as an instructor, and service implementation of managed security services. Throughout his career he has supported multiple industries and sectors including, academia, State\Local\Tribal\Territorial (SLTT) Governments, healthcare, Information Technology and manufacturing. In addition to his current duties, Nick is a host on two podcasts, is a part time Information Security Instructor at UTSA and Adjunct Professor at the University of Southern Indiana. He also serves as a board member for the Cyber Resilience Institute, Ohio River valley Chapter of the Cloud Security Alliance, and the National Council of Registered ISAOs.

Vireshwar Kumar, Security and Privacy of Connected Autonomous Vehicles

Wed, 11 Mar 2020 16:30:00 EDT

The upcoming smart transportation systems which consist of connected autonomous vehicles, are poised to transform our everyday life. The sustainability and growth of these systemsto their full potential will significantly depend on the robustness of these systems against securityand privacy threats. Unfortunately, the communication protocols employed in these systems lackmainstream network security capabilities due to energy constraints of the deployed platforms andbandwidth constraints of the communication medium. In this talk, I will present the results of myefforts in anatomizing the two vital communication protocols employed in the smart transportation:(1) vehicle-to-everything (V2X) communication protocol which is utilized to facilitate wirelesscommunication among connected vehicles, and (2) controller area network (CAN) protocol whichis utilized within an autonomous vehicle to enable real-time control of critical automotivecomponents including brakes. For each of these two protocols, I will first describe the inquisitiveapproach which led to the discovery of the new security vulnerabilities. Then, through theexperiments on real-world systems, I will demonstrate how these vulnerabilities can be exploitedto launch malicious attacks which evade the state-of-the-art defense mechanisms employed inthese systems. I will conclude the talk by discussing novel countermeasures which are requiredto mitigate these fundamental vulnerabilities and prevent their exploitation. About the speaker: Dr. Vireshwar Kumar is a Postdoctoral Research Associate in the Department of Computer Science at Purdue University. Vireshwar earned his B.Tech. in Electrical Engineering at IndianInstitute of Technology Delhi in 2009, and Ph.D. degree in Computer Engineering at Virginia Techin 2016. He was the recipient of the outstanding Ph.D. student award by the Center for EmbeddedSystems for Critical Applications at Virginia Tech. He also had a short stint as a Project Assistantin the Department of Electrical Communication Engineering at Indian Institute of Science in 2010.His research interests include discovering and mitigating security vulnerabilities in thecommunication protocols employed in cyber-physical systems, e.g., smart home, smarttransportation and smart city. Vireshwar's research work has featured in top-tier security venuesincluding ACM Conference on Computer and Communications Security (CCS) and IEEETransactions on Information Forensics and Security (TIFS). He has also served on the TPC offlagship conferences including IEEE Conference on Communications and Network Security(CNS) and IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN).

Matt Mickelson, Physics-Based Approaches for creating Cyber Resilient Systems

Wed, 4 Mar 2020 16:30:00 EST

Our reliance on Cyber-Physical Systems (CPS) is growing. As CPS infrastructure becomes exposed to the contested world through networks, CPS security becomes much more important. In a CPS, the cyber components manage the physical components. We propose that the overall goal for CPS resiliency is to have the physical systems behave properly regardless of fault and disruption. Our approach to CPS resiliency focuses on the physical components. Specifically, the inertia of the physical components provide a natural but limited resilience, and is capable of tolerating short-term disruption without affecting the health and safety of the CPS. This and the fact CPS have a large difference between physical and cyber time scales, enables a unique approach to CPS resiliency. This talk will present our approach of engineering the cyber components to be brittle against attack, which consequently forces cyber attacks and related disruptions to be short-lived and within tolerance of the physical system's inertia. About the speaker: Mr. Mickelson is a Principal in MITRE's Naval Program Division. Matt has spent twenty years integrating emerging technologies, including cyber, AI, and autonomy, to improve some of the world's largest organizations. He has given invited talks in academia and industry. He was a keynote at last years IEEE ICTAI conference and recently an invited speaker for the National Cyber Security Alliance at the NASDAQ. As a child, he convinced his parents they needed a color TV, and ever since, he has had a passion for identifying and developing disruptive technology. Now, he actively coordinates advanced research programs in cybersecurity at the Office of Naval Research (ONR).

Yuhong Nan, Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps

Wed, 26 Feb 2020 16:30:00 EST

A long-standing challenge in analyzing information leaks within mobile apps is to automatically identify the codeoperating on sensitive data. With all existing solutions relying on System APIs (e.g., IMEI, GPS location) or features of user interfaces (UI), the content from app servers, like user's Facebook profile, payment history, fall through the crack. In this talk, I will introduce ClueFinder, a novel semantics-driven solution for automatic discovery of sensitive user data, including those from the server side. ClueFinder utilizes natural language processing (NLP) to automatically locate the program elements (variables, methods, etc.) of interest, and then performs a learning-based program structure analysis to accurately identify those indeed carrying sensitive content. Using this new technique, we analyzed over 400k popular apps, an unprecedented scale for this type of research. Our findings brings to light the pervasiveness of information leaks, and the channels through which the leaks happen, including unintentional over-sharing across libraries and aggressive data acquisition behaviors. About the speaker: Dr. Yuhong Nan is a Post-Doctoral Research Associate at Purdue University. He earned his Ph.D. in the School of Computer Science from Fudan University, China, with the honor of the 2018 ACM SIGSAC China Doctoral Dissertation Award. His research interests span privacy leakage detection in mobile and IoT platforms, security enhancement for IoT systems, as well as cyber-attack investigation with audit logs.

Doug Rapp, Security, Ethics and the End of the World as We Know It

Wed, 19 Feb 2020 16:30:00 EST

Imagine a world where data is currency. A world where the majority of the data is owned and traded by 6 international data barons who are constantly at war with each other. In this world, rogue AI persecutes whole segments of the population while nations become Petri dishes for mind control. Most people move about daily life oblivious to the knowledge that someone is controlling them, telling them where to go, what to buy, and even how to vote. If you object, millions of cameras track you and pick you out of a crowd where you are intercepted by the authorities and taken off to be reprogrammed. Sound like the Minority Report? The Matrix? Black Mirror? Welcome to 2020. The data revolution and convergence are making the industrial revolution look like a blip on the radar when it comes to change. Join me as we discuss complex issues surrounding ethics in a new world. Who gets to collect and control data? How is AI influenced by data reflecting undesirable human behavior? Should we influence that data to reflect the values we aspire to? If so, who gets to decide the value system? What is the line between advertising and social engineering and is it eroding the concepts of free will and democracy? Is anyone even thinking about this? These are the ethical questions that are being decided (or not decided) today that will shape your tomorrow. About the speaker: Douglas Rapp, CISM is a cybersecurity catalyst. Throughout his career, you will find him squarely at the center of countless firsts. These include writing the first State level cyber incident response plan, leading the Crit-Ex National Exercise, establishing the Region 5 Cyber Protection Team, and establishing Indiana's first Cyber Working Group which later evolved into both the Indiana Cybersecurity Executive Council and the Cyber Leadership Alliance. Doug has served as the Advisor to the State of Indiana for Cybersecurity and authored Indiana's Cybersecurity Economic Development Plan. He has started, scaled, and pivoted cybersecurity businesses and serves as a consultant and Entrepreneur in Residence for Purdue University. His most recent accomplishment was creating a statewide immersion cybersecurity workforce development program and raising $3M USD in commitments to student financial assistance. Doug is a published author, international speaker, and has testified before Congress on cybersecurity workforce development. A decorated combat Veteran, his greatest accomplishment is having raised two amazing children and having been trusted with America's sons and daughters.

Char Sample, The Role of Culture in Cybersecurity

Wed, 12 Feb 2020 16:30:00 EST

Distinguished social psychologist Geert Hofstede observed the "dominance of technology over culture is an illusion. The software of the machines may be globalized, but the software of the minds that use them is not." The role of culture in the thought process is so prevalent, yet unstated, that many cultural beliefs and biases are accepted as truths. These cultural beliefs and biases are commonly infused into behavioral norms identifying behaviors that can be observed. While historically,these observations have taken place in the physical realm, this talk discusses the findings of cultural markers in the cyber realm.Dr. Sample presents and discusses recent interdisciplinary, evidence-based research using culture-based models of various cyber actors (attackers, defenders and victims)to explain observations in cybersecurity behaviors. These studies were performed over the past several years using public data found in the Zone-H archives. The mining of the Zone-H archives with over 10 million records of raw data allowed for research into behaviors, choices and reasons. By using Hofstede's cultural framework to define culture along with some basic inferential statistics, specific digital identifiers were associated with cultural dimensions, allowing for more accurate modeling of cyber actors based on cultural values. The results supported Nisbett's observation that people "think the way they do because of the nature of the societies they live in".The discussion centers on the six dimensions of culture, the values associated with each dimension and examples of those values in cyber space. The six cultural dimensions measure views on values of self-determination, collectivism, aggression,nurturing, uncertain outcomes, holism, instant gratification, and levels of societal openness. The behavioral traits that associate with the cultural values are behavioral traits that are consistent with cyber behaviors. About the speaker: Dr. Char Sample is the Chief Cybersecurity Research Scientist for the Cybercore division at Idaho National Laboratory. Dr. Sample is a visiting academic at the University of Warwick, Coventry, UK and a guest lecturer at Bournemouth University, Rensselaer Polytechnic University and Royal Holloway University. Dr. Sample has over 20 years experience in the information security industry. Dr. Sample's research focuses on deception, and the role of cultural values in cybersecurity events. More recently she has begun researching the relationship between human cognition and machines. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are data resilience, cyber-physical systems and industrial control systems.

Syed Rafiul Hussain, Automated Reasoning of Security and Privacy of Cellular Networks

Wed, 5 Feb 2020 16:30:00 EST

Cellular technologies enable a wide array of critical services, from personal communication, autonomous vehicles and telemedicine to critical infrastructures, such as smart grid electricity distribution. Unfortunately, security and user privacy for such complex networks are often considered as afterthoughts. These lead to inadequate security evaluation early on the development cycle that fails to identify missing security and privacy guarantees in protocol designs. To make matters worse, unsafe practices and operational oversights stemming from poor input sanitization and unvetted simplification of complex protocol interactions further contribute to the deviation of deployments from designs. In this talk, I will highlight how my research addresses these problems by developing principled techniques for analyzing design specifications and deployments of complex cellular network protocols. I will first present a new adversarial reasoning technique combining the capabilities of a symbolic model checker and a cryptographic protocol verifier that enabled us to identify 20+ new vulnerabilities in 4G and 5G cellular network design specifications. I will then discuss three new side-channel attacks in 4G and 5G networks uncovered with our dedicated probabilistic reasoning technique. Next, I will talk about a fuzzing technique which is more effective than the state-of-the-art in reasoning about syntactic and semantic correctness of an implementation when binary instrumentation is not realizable and direct feedback on code coverage information is missing. Finally, I will conclude with a discussion on challenges in adapting and scaling our current approaches for a holistic analysis of 5G and next-generation cellular networks, and IoT systems. About the speaker: Syed Rafiul Hussain is a Postdoctoral Researcher in the Department of Computer Science at Purdue University from where he also received his Ph.D. in December 2018. His research interests broadly lie in network and system security with a focus on the fundamental improvement of security and privacy analysis of emerging networks and cyber-physical systems, including cellular networks and Internet-of-Things. His papers have received awards and nominations, including ACSAC'19 distinguished paper award, NDSS'19 distinguished paper award honorable mention, and ACM SIGBED EWSN'17 best paper award nomination. He has been inducted twice in the Hall of Fame Mobile Security Research by GSMA for his contribution in identifying 20+ new protocol flaws in 4G and 5G cellular networks. His findings led to several changes in the 4G and 5G cellular protocol designs and in operational networks. His work has been featured by mass media outlets worldwide, including the New York Times, Washington Post, Forbes, MIT Technology Review, and The Register.

Abe Baggili, Immersive Virtual Insanity: Exploring Immersive Virtual Reality Security and Forensics

Wed, 29 Jan 2020 16:30:00 EST

The Virtual Reality (VR) market could surpass $ 40 Billion by 2020. The U.S. Military recently closed a deal worth $ 480 Million for the Microsoft HoloLens Mixed Reality (MR) device. Oculus has already released the first immersive VR system that is mobile with no wires and no need for a high-end gaming PC for $399. While these are exciting times, an important question needs to be investigated: Are we ensuring the security and privacy of these systems? In this talk I will present various experiments and findings we conducted in our lab related to the security and forensics of consumer grade immersive VR systems. I will show you how we are able to move people in physical spaces without their knowledge or consent, as well as other attacks that we coined and implemented related to immersive VR. Furthermore, we will also explore the forensic artifacts these systems produce. About the speaker: Dr. Ibrahim(Abe) Baggili is the Elder Family Endowed Chair of Computer Science &Cybersecurity at the Tagliatela College of Engineering, Department of Computer &Electrical Engineering and Computer Science at the University of New Haven, CT, specializing in Cybersecurity& Forensics. He is also a European Alliance for Innovation Fellow, and a CT40 under 40. He serves as the Assistant Dean and is the founder of theUniversity of New Haven's Cyber Forensics Research and Education Group (UNHcFREG). Abeis also the former editor-in-chief of the Journal of Digital Forensics,Security and Law (JDFSL). He received his BSc, MSc and PhD all from PurdueUniversity where he worked as a researcher in CERIAS. He is the program lead onthe Center of Academic Excellence in Cyber Operations, designated by theNational Security Agency – one of only 21 programs nationally with thatprestigious designation, and is also the Principle Investigator for theCyberCorps Scholarship for Service program at the university. Abe is also theco-founder of the X Reality Safety Initiative (XRSI.ORG). Abe co-authoredover 70 publications including books, peer reviewed articles, and conferencepapers and has received millions of dollars in funding for his work from avariety of sources including the NSF, NSA, DHS and MITRE. Most recently, workwith his students showed security issues in mobile social messagingapplications that affect over 1 billion people worldwide. Most recently histeam also found major Virtual Reality exploits that affect people globally. Hisresearch interests include cybersecurity and forensics from technical, social,and psychological perspectives. He has worked closely with law enforcement andprivate sector and has published work on real challenges facing cybercriminalinvestigators and has presented at a number of conferences worldwide. Abe hasalso led the creation of the Artifact Genome Project (https://agp.newhaven.edu) which is used by government organizations and private sector byover 178 organizations in 27 countries.Abe's work hasalso been featured in news outlets and on TV worldwide in over 20 languages. To learn moreabout Abe and his work you can visit http://www.baggili.com and http://www.unhcfreg.com.

Morgan Princing, Identifying Security Risks Using Internet-Wide Scan Data

Wed, 22 Jan 2020 16:30:00 EST

In this talk, we'll explore how internet scan data layered with different open-source tools can start to make sense of what is publicly exposed and potentially a threat. Predominantly, we'll focus on three investigations: 1. how to find attacker infrastructure, using IOCs from MITRE and Web Application Logs2. how to identify trends in common misconfigurations and vulnerabilities3. how to find assets related to your organization Throughout the talk, we'll identify and use risk indicators to find relevant exposed devices. We'll also touch on historical trends that relate to different types of attacks, security risks that have surfaced in the past year, and what some of the challenges are in identifying rouge assets in the haystack of internet data. About the speaker: Morgan Princing is a solutions engineer at Censys, focused on identifying trends and tracking threat groups and vulnerabilities using Censys data. Her career in cybersecurity began in botnet detection, where she worked to protect websites, APIs and mobile apps from bots by detecting anomalies in web traffic and interrogating user-identification systems. Morgan holds a Bachelor of Arts in Economics, Urban Studies from University of Michigan. Morgan is a 2019 World IT Award Winner for Women in Security.

Sriharsha Etigowni, Contactless Control Flow Monitoring via Electromagnetic Emanations

Wed, 15 Jan 2020 16:30:00 EST

Trustworthy operation of industrial control systems depends on secure and real-time code execution on the embedded programmable logic controllers (PLCs). The controllers monitor and control the critical infrastructures, such as electric power grids and healthcare platforms,and continuously report back the system status to human operators. This talk is about Zeus, a contactless embedded controller security monitor solution that will ensure its execution control flow integrity. Zeus leverages the electromagnetic emission by the PLC circuitry during the execution of the controller programs. Zeus's contactless execution tracking enables non-intrusive monitoring of security-critical controllers with tight real-time constraints. Those devices often cannot tolerate the cost and performance overhead that comes with additional traditional hardware or software monitoring modules. Furthermore, Zeus provides an air gap between the monitor (trusted computing base) and the target (potentially compromised) PLC.This eliminates the possibility of the monitor infection by the same attack vectors.Zeus monitors for control low integrity of the PLC program execution. Zeus monitors the communications between the human- machine interface and the PLC and captures the control logic binary uploads to the PLC. Zeus exercises its feasible execution paths, and fingerprints their emissions using an external electromagnetic sensor. Zeus trains a neural network for legitimate PLC execution and uses it at runtime to identify the control flow based on PLC's electromagnetic emissions. Zeus was implemented on a commercial Allen Bradley PLC, which is widely used in industry, and evaluated it on real-world control program executions. Zeus was able to distinguish between different legitimate and malicious executions with 98.9% accuracy and with zero overhead on PLC execution by design. About the speaker: Sriharsha Etigowni is a Post-Doctoral Research Associate at Purdue University. He earned his PhD in Electrical and computer engineering from Rutgers University. His research mainly focuses on security of cyber physical systems. His research is to secure cyber physical systems by using physical and control in variants. His research interests involve IoT embedded system security, trusted computing, secure boot, runtime monitoring and detection, physical side channels, and applied cryptography.Apart from academic research he also has industrial experience working for Bosch on automotive embedded systems specifically on In-vehicle communication protocols and working for Siemens on intelligent automated systems in manufacturing domain. His work spans in different areas of cyber physical systems such as power grids, drones, automotive, and critical manufacturing.

Boyang Wang, Fingerprinting Encrypted Voice Commands on Smart Speakers

Wed, 4 Dec 2019 16:30:00 EST

Smartspeakers, such as Amazon Echo, have been adopted by millions of users. However,the privacy impacts of smart speakers have not been well examined. We investigatethe privacy leakage of smart speakers under an encrypted traffic analysisattack, referred to as voice command fingerprinting. In this attack, anadversary eavesdrops encrypted voice traffic from and to a smart speaker andinfers which voice command a user says without decrypting encrypted traffic. Wedesign our attacks based on neural networks and collect two large-scaledatasets on Amazon Echo and Google Home by using an automatic traffic crawler. Ourexperimental results show disturbing privacy concerns. Specifically, comparedto 1% accuracy with random guessing, an attacker can infer 92% voice commandscorrectly on Amazon Echo and 99% voice commands correctly on Google Home. Wealso propose a defense to preserve user privacy against this attack with minimallatency and bandwidth overhead. Our simulations show that the proposed defensecan reduce attack accuracy to 1% if an attacker trains neural networks withoriginal traffic and 32% if an attacker adapts and trains neural networks withobfuscated traffic. About the speaker: Boyang Wang is atenure-track Assistant Professor in the Department of Electrical Engineeringand Computer Science at the University of Cincinnati. He received his Ph.D. inElectrical and Computer Engineering from the University of Arizona in 2017, hisPh.D. in Cryptography and B.S. in Information Security from Xidian University,China, in 2014 and 2007, respectively. He worked for Bosch Research andTechnology Center as a research intern in 2015. He was a visiting student atUtah State University from 2012 to 2013 and a visiting student at theUniversity of Toronto from 2010 to 2012. His current research focus on datasecurity and privacy, adversarial machine learning, encrypted traffic analysis,blockchain and applied cryptography. He is a member of IEEE and ACM.

Mohsen Minaei, Forgetting the Forgotten: Conceal Content Deletions from Persistent Observers

Wed, 20 Nov 2019 16:30:00 EST

Most social platforms offer mechanisms allowing users to delete their posts, and a significant fraction of users exercise this right to be forgotten. However, ironically, users' attempt to reduce attention to sensitive posts via deletion, in practice, attracts unwanted attention from stalkers specifically to those (deleted) posts. Thus, deletions may leave users more vulnerable to attacks on their privacy in general. Users hoping to make their posts forgotten face a "damned if I do, damned if I don't" dilemma.In this talk, we will look into two new proposed deletion mechanisms that provide privacy for the deletion of users.In the first approach, in the form of intermittent withdrawals, we present, Lethe, a novel solution to this problem of (really) forgetting the forgotten. If the next-generation social platforms are willing to give up the uninterrupted availability of non-deleted posts by a very small fraction, Lethe provides privacy to the deleted posts over long durations. Furthermore, we introduce Deceptive Deletion, a new decoy mechanism that minimizes the adversarial advantage. Our mechanism creates a two-player min-max game between, an adversary that seeks to classify damaging content among the deleted posts, and a challenger that employs decoy deletions to masquerade real damaging deletions.We evaluate the systems using the Twitter data samples and show that in the presence of a strong adversary our systems protect the privacy of the users' deletions. About the speaker: Mohsen Minaei is a Ph.D. candidate at Purdue University working with Professor Aniket Kate. His research focuses on designing and implementing better privacy-enhancing mechanisms for content deletion and using cryptocurrencies as covert channels to bootstrap the censor circumvention tools. Prior to joining Purdue, he received his bachelor's degree from Sharif University in Tehran.He has completed three internships with the fraud detection and Xbox teams at Microsoft and one with the blockchain team at Visa Research.

Celeste Paul, Hacking Stressed: Frustration, burnout, and the pursuit of happiness

Wed, 13 Nov 2019 16:30:00 EST

Anyone in this business knows how fun and exciting hacking can be, but also the emotional and physical toll it can take. Mental health is a longstanding dirty secret in the infosec community, and we are just now learning how to talk about it. The wear and tear of everyday stress combined with an 'always on' aspect of an operational environment creates a perfect storm for burning out. While stress can have a negative impact on job performance, my primary concern is on the health and safety of infosec professionals themselves. Not only does stress have short term effects on cognitive abilities and performance, but recurrent acute stress can have long term effects on health (mental and physical) as well as burnout and turnover. There are many sources of stress in infosec operations, some of which can be managed while others are simply the nature of the job. Activities that require long periods of vigilance and creativity will deplete cognitive resources and increase fatigue. Some of these activities have unpredictable results that can increase frustration. Other times, external factors unrelated to the activity itself may introduce new sources of stress that are not normally present. A certain level of stress is to be expected in these operations because they are considerably difficult, have a high risk vs. reward trade-off, and require a significant amount of knowledge and skill. But, how much stress can you take on and still be a happy hacker? In this talk I will discuss why infosec is so stressful, how this stress affects you and your network, and some things you can do about it. I will also discuss lessons learned from my research study of tactical cyber operations that studied fatigue, frustration, and cognitive workload in operators. About the speaker: Dr. Celeste Lyn Paul is a senior researcher for the National Security Agency where she studies the impact of human factors on cybersecurity.

James Cole, Securing the Internet of Things

Wed, 6 Nov 2019 16:30:00 EST

The Internet of Things (IOT) is a potential massive market. However, the deployment of IOT brings forth many challenges across the dimensions of the business side (efficient supply chain) as well as the technical side (secure deployment). In order for the IOT promise to deliver massive volume, the marketplace must have secure, efficient, and effective ways to deploy and secure billions of devices in the market. The security threats to end points and devices has never been greater and will continue to evolve. Join us for a talk on how Intel and the industry are working together to deliver fast, secure, zero-touch, late binding onboarding for any device to any cloud in a safe and secure manner to advance the Internet of Things. About the speaker: Senior Director & General Manager, Security Architecture and Engineering, Intel Security Architecture and Technologies Group, Intel CorporationJames Cole, Senior Director & General Manager of Security Architecture and Engineering at Intel Corporation is responsible for various aspects of Intel's security portfolio along with strategic alignment and leadership across the company for security related technologies. Mr. Cole has over 22 years of experience as a senior technical and business leader at Intel in a variety of business units and functional roles from strategy and marketing to technical leadership positions. Mr. Cole and his team currently drive security strategy, define the security solutions spanning the Intel product lines and business units as well as provide software for highly secure security functionality for Intel products. James is the Intel Board of Directors lead for the FIDO Alliance and is a frequent speaker and lecturer at various schools and conferences. Mr. Cole has a BS in Computer Science from Purdue University along with an MBA from the Fuqua School of Business at Duke University.

Mitch Parker, Bitcoin and other dreams of utopian thinking-what happens when they meet reality?

Wed, 30 Oct 2019 16:30:00 EDT

Cryptocurrencies are the latest in a series of market bubbles that demonstrate irrational exuberance. In this lecture, Mitch Parker, CISO of IU Health, will go over previous market bubbles, and compare and contrast the differences between the security controls in two peer to peer exchange methods, the current US federal banking system, and Bitcoin. Through this, Mitch will demonstrate the need to have security built into both the technical and non-technical controls of a financial system, and that the power of the system is not just based upon backing by a central bank, but by the series of controls and measures used by the central bank and accounting standards to provide customers the assurance that they are protected. About the speaker: Mitchell Parker, CISSP, is the Executive Director of Information Security and Compliance at IU Health. Mitch has done a significant amount of work in researching the effects of cloud and distributed computing, network-based threats, compliance, and privacy and security requirements on connected health devices. Mitch works collaboratively with a number of EMR and biomedical equipment vendors to improve their security postures and provide a better quality of service. He currently resides in Carmel, IN, with his wife, two children, and two cats.

Leon Ravenna, Your Privacy has been Breached

Wed, 23 Oct 2019 16:30:00 EDT

GDPR/ NYDFS/ CCPA and other State, Federal and Supra-regional regulations coming online quickly. Governments are driving Security, Privacy & Compliance throughout the world. Since there is not an overriding set of Federal laws such as GLBA, many organizations in the US are unprepared for the upcoming deluge of regulations. Gain an understanding of what is coming and learn ways that you can help future organizations cope with and plan for a "50 States" strategy in an uncertain future. As well as prepare yourself for an uncertain future. About the speaker: Leon Ravenna, CISO - KAR Auction Services - Leon has over 25 years' experience in Healthcare, Financial Services and Technology companies. He leads Global Security Strategy, Execution, Privacy and Compliance services.Leon is currently CISO of a $2.4B multi-national company in the auto auction, salvage and financial services space. Providing Security, Privacy & Compliance expertise for over 17,000 employees. Leon has led nationwide support, Web & CRM development efforts, data center builds, heavy infrastructure for SaaS companies in the medical and financial space.Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST system builds and audits. In addition to holding a PMP, Leon is one of a very small group world-wide to hold 6 major Global Privacy certifications including CIPM, CIPP/C and CIPP/E, CIPP/G, CIPP/US and FIP.

Andrew Rozema, 'Networking' Skills for Cybersecurity

Wed, 16 Oct 2019 16:30:00 EDT

Sure, you may know how to subnet a class "C" network into 64 different networks, but how about where to go to learn about technology that has yet to make it into a textbook? Or to find your next job? Or just somewhere where you can commensurate with someone who understands what you mean when you say, "That APT left the MSSP DOA!" This presentation will outline the OSINT and TTP's cyber security practitioners use in industry to connect, build, and maintain networks, with an eye towards how Boilermakers who are CERIAS about cybersecurity can do the same. About the speaker: Andrew Rozema is the department head of the Grand Rapids Community College Computer Information Systems department, an Assistant Professor, and the director of the Grand Rapids Community College Center for Cybersecurity Studies. Prof. Rozema led GRCC's efforts to earn the "NSA DHS Center of Academic Excellence in Two Year Education" designation, and now mentors and reviews other institutions as they do the same. After 20 years in various IT, security, and managerial roles in industry, Prof. Rozema now focuses his attention on educating the next generation of IT and cybersecurity professionals.As an educator, Prof. Rozema teaches cybersecurity related courses for Grand Rapids Community College, and the ISC^2, as well as serving as a mentor for students with the SANS Institute.Prof. Rozema holds a AA from Grand Rapids Community College, a Bachelor of Science in Information Assurance and Security, and a Master of Computer Information Systems with a focus on Security from Boston University. Prof. Rozema has done postgraduate work with the SANS Technology Institute and is currently a student in the interdisciplinary Ph.D. program at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

Chet Hosmer, Forensic Identification of Fake Digital Photographs

Wed, 9 Oct 2019 16:30:00 EDT

The global impact resulting from the distribution of doctored digital photographs has reached an epidemic proportion. These digitally altered photos are distributed through social media, news outlets, traditional web resources and are making their way into the mainstream media. The impact of these photos can dramatically change the way people think, act, react, believe and can ultimately cause harm. At the simplest level they represent visual fraud.During this presentation, I will convey real examples along with the resulting impacts that have already occurred. Most importantly, I will demonstrate a new methodology rooted in the dark art of steganography that can actively identify these fraudulent photos and even trace their origins back to their creators. About the speaker: Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open source investigative technologies using Python and other popular scripting languages. Chet has been researching and developing technology and training surrounding forensics, digital investigation and steganography for decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics with IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.Chet is the author of Seven recent Books: PowerShell and Python Together – Targeting Digital Investigations, Defending IoT Infrastructures with a Raspberry Pi; Passive Python Network Mapping; Python Forensics; Integrating Python with Leading Computer Forensic Platforms; Data Hiding which is co/authored with Mike Raggo; Executing Windows Command Line Investigation, which is co/authored with Joshua Bartolomie and Ms. Rosanne Pelli.Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and the latest active cyber defense methods and techniques. Chet is also an adjunct professor at Champlain College, where his research and teaching focus on applying Python and other scripting languages to solve challenging problems in digital investigation and forensics.

Chris Jenkins, Moving Target Defense for a Serial Communication Protocol

Wed, 2 Oct 2019 16:30:00 EDT

Nation-state adversaries have shown the ability to disrupt critical infrastructure through cyber-attacks targeting systems of networked, embedded computers. This knowledge raises concern that space systems could face similar threats. This project will research and develop moving target defense algorithms that will add cyber resilience to space systems by improving their ability to withstand cyber-attacks. Most proposed cyber resilience solutions focus on or require detection of threats before mitigative actions can be taken, a significant technical challenge. Our novel approach avoids this requirement while creating informational asymmetry that favors defenders over attackers.We hypothesize that moving target defenses (MTD) can create dynamic, uncertain environments on space systems and be used to defeat cyber threats against these systems. Many proposed solutions focus on or require detection (e.g. anomaly detection, AI, data analytics) before mitigative actions can be taken, a significant technical challenge. We propose a novel approach that avoids this requirement while creating informational asymmetry that favors defenders over attackers. About the speaker: Dr. Chris Jenkins is a principal member of technical staff at Sandia National Laboratories in Albuquerque, NM. His primary responsibility focuses on cybersecurity. Under the cybersecurity umbrella, he focuses on two areas. First, he conducts assessments for a variety of government customers by analyzing devices and systems for vulnerabilities and design flaws. Second, he leads a moving target defense (MTD) research project. His MTD project looks to build cyber resiliency into the design of non-IP based networks. For example, his current research seeks to dynamically change addresses of devices on a non-IP bus where by adversaries have difficulty attacking nodes on the bus. In addition, he works on a high-performance computing (HPC) project called qthreads, which is a general-purpose multithreading library for HPC systems. He plans to port the library to the ASTRA supercomputer purchase by the department of energy. This supercomputer differs as it does not use x86 CPUs. Instead, the supercomputer uses ARM processors based on the ARMv8 architecture.Chris received his bachelor's degree in computer engineering from the University of Illinois at Urbana-Champaign. He finished his PhD at the University of Wisconsin-Madison focusing on accelerating cryptographic algorithms utilizing SIMD execution units on a software-defined radio DSP.

Aritra Mitra, A New Approach to Distributed Hypothesis Testing and Non-Bayesian Learning: Improved Learning Rate and Byzantine Resilience

Wed, 11 Sep 2019 16:30:00 EDT

Consider a scenario where a group of agents, each receiving partially informative private signals, aim to learn the true underlying state of the world that explains their collective observations. These agents might represent a group of individuals interacting over a social network, a team of autonomous robots tasked with detection, or even a network of processors trying to collectively solve a statistical inference problem. To enable such agents to identify the truth from a finite set of hypotheses, we propose a distributed learning rule that differs fundamentally from existing approaches, in that it does not employ any form of ``belief-averaging". Instead, agents update their beliefs based on a min-rule. Under standard assumptions on the observation model and the network structure, we establish that each agent learns the truth asymptotically almost surely. As our main contribution, we prove that with probability 1, each false hypothesis is ruled out by every agent exponentially fast, at a network-independent rate that strictly improves upon existing rates. We then consider a scenario where certain agents do not behave as expected, and deliberately try to spread misinformation. Capturing such misbehavior via the Byzantine adversary model, we develop a computationally-efficient variant of our learning rule that provably allows every regular agent to learn the truth exponentially fast with probability 1. About the speaker: Aritra Mitra received the B.E. degree from Jadavpur University, Kolkata, India, and the M.Tech. degree from the Indian Institute of Technology Kanpur, India, in 2013 and 2015, respectively, both in electrical engineering. He is currently working toward the Ph.D. degree in electrical engineering at the School of Electrical and Computer Engineering, Purdue University, West Lafayette, IN, USA. His current research interests include the design of distributed algorithms for estimation, inference and learning; networked control systems; and secure control. He was a recipient of the University Gold Medal at Jadavpur University and the Academic Excellence Award at IIT Kanpur.

Luke Butcher, Connected Intelligence

Wed, 4 Sep 2019 16:30:00 EDT

While made famous for the work that was done on the physical plastic cards many of carry around in our wallets, Mastercard is thinking way beyond those cards for the future.We'll walk through how Mastercard deploys its assets creating simple, safe and secure experiences for customers whether it is for payments or their identities.

Steve Lodin, The Golden Rules of Security and Assurance

Wed, 28 Aug 2019 16:30:00 EDT

This session provides observations regarding the process of moving the datacenter assets of a Top100 bank fully into the cloud. The Golden Rules providing security and assurance will be described. The gotchas, surprises, lessons learned, and resulting strategic changes are presented to raise awareness and prevent future mistakes by attendees. About the speaker: Steve Lodin is the Senior Director of Cyber Security Operations in Corporate Security at Sallie Mae. Mr. Lodin is focused on managing perimeter security, endpoint protection, application security, vulnerability management, and threat intelligence to reduce risk and ensure compliance. As an accomplished information security professional, Mr. Lodin has been published in numerous information security publications. He has been a speaker at many security conferences, as well as numerous local ISSA chapter meetings. He is a senior member of ISSA and a board member of the Central Indiana ISSA chapter. He is on the local governing boards of additional security organizations including Evanta and Cloud Security Alliance. Mr. Lodin took the "CISSP test of the test" in the mid ‘90s at Purdue and has maintained his CISSP certification since 1998. He has a Master's Degree in Computer Science from Purdue University where he was a member of the COAST/CERIAS program.

Eugene Spafford, Rethinking Cyber Security

Wed, 21 Aug 2019 16:30:00 EDT

Despite over 50 years of intensive research and experimentation, we still are plagued with systems that are fragile, compromised, and impossible to fully trust. There is near-daily news of compromises and losses, from criminals, nation-state actors, and vandals. The cyber ecosystem we have developed and upon which society is increasingly reliant appears to develop (or have exposed) a new vulnerability as soon as a current one is patched, and old problems keep being introduced. Why do we have such problems? I contend it is traceable to one root cause: we don't understand what cyber security really is. Without good definitions we cannot formulate good metrics. With the absence of good metrics we can't really tell whether we are spending our money and time on useful approaches. Furthermore, the only metrics available to most decision-makers is based simply on cost and speed -- neither of which reflects security or safety. This talk explores this idea in more depth, and should be understandable to non-specialists. I include discussion of some open research problems that -- if successfully addressed -- would lead to improvement of our cyber ecosystem.

Lauren Featherstun, Shivam Trivedi, Brian Werts, Erik Gough, The Purdue Live Security Analyzer (PULSAR)

Wed, 24 Apr 2019 16:30:00 EDT

As more disciplines leverage computational and data-driven modeling, the security of campus cyberinfrastructure is becoming increasingly important in order to protect intellectual property and secure a competitive advantage for researchers. Funded by the NSF Cybersecurity Innovation for Cyberinfrastructure (CICI) program, the Purdue Live Security Analyzer (PULSAR) project aims to enhance the cybersecurity of Purdue's campus cyberinfrastructure by developing a cyber attack detection and response capability for the Purdue campus research network. Goals of the project include enabling domain scientists to conduct research with heightened security requirements, enhancing cybersecurity research by making large volumes of production network traffic data available to researchers, and supporting cybersecurity education by engaging undergraduate students in the deployment and operation of advanced cyberinfrastructure. The implementation of PULSAR was led by a team of Purdue undergraduate students alongside mentors from ITaP Security and Policy and Research Computing. Implementation details of the project will be discussed along with information regarding generation of anonymized network traffic datasets.

Robert Mundt, Protecting your online Identity in a world of modern application architecture

Wed, 17 Apr 2019 16:30:00 EDT

Learn about common attacks against online accounts, ways to protect your accounts against malicious actors, and the next generation of Identity standards and application architecture. About the speaker: Rob Mundt, is an Enterprise Security Architect at Eli Lilly and Company focused on the identity domain. Rob has been at Lilly for 18 years with a majority of that time focused on information security. Rob graduated from Purdue University in 2001 with a degree in Computer Technology with a focus on Telecommunications and Networking. Rob is a proud father of two children, and avid golfer, and a die-hard Cubs fan.

Jim Routh, The Rise of Unconventional Security Controls

Wed, 10 Apr 2019 16:30:00 EDT

About the speaker: Jim Routh is the Chief Security Officer for CVS Health and leads the Global Security function focused on cyber security for CVS Health businesses and converged security for the Aetna business division. He is former CSO for Aetna and the former Chair of the H-ISAC Board. He serves as a member of the Advisory Board of the ClearSky Security Fund. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express. Jim is the winner of the 2017 Evanta Breakaway Leaders Award, 2016 Security Alliance Award for Innovation, 2016 ISE Luminary Leadership Award, the Northeast and the 2014 North American Information Security Executive of the Year for Healthcare, the 2009 BITS Leadership Award sponsored by the financial industry in collaboration with NIST and the Department of Treasury.

Krishna Kavi, Hardware Cybersecurity Attacks and Some Solutions

Wed, 3 Apr 2019 16:30:00 EDT

Recent reports on how side-channel attacks can be used to obtain secret information stored in Cache memories and how current processors that rely on speculative execution of code aids in these side-channel attacks have caught the attention of everyone. Names such as Spectre and Meltdown describe how a well-resourced attacker can discover secret information such as passwords and cyber keys. Since these attacks are applicable most to current processors, made by Intel, AMD and ARM; almost all computing devices (servers, desktops, laptops, cell phones) are vulnerable to such attaches. Several software and some hardware solutions have been suggested and deployed by major vendors; however, most solutions incur performance penalties. In this talk, I will provide an introduction to the architectural features that expose processors to side-channel attacks. I will present some available solutions as well some of our own ideas. I will briefly discuss other research on Cybersecurity at UNT About the speaker: Dr. Krishna Kavi is currently a Professor of Computer Science and Engineering at the University of North Texas and the Director of the NSF Industry/University Cooperative Research Center for Net-Centric and Cloud Software and Systems (NCSS I/UCRC). The center includes more than 20 industrial members and 4 academic institutions. During 2001-2009, he served as the Chair of CSE department at UNT. Prior to joining UNT, he held an Endowed Chair Professorship in Computer Engineering at the University of Alabama in Huntsville, and served on the faculty of the University Texas at Arlington. He was a NSF program manager between 1993-1995. He served on several editorial boards and program committees. He published nearly 200 technical papers, received more than $9M in extramural funding and graduated 15 PhDs and more than 40 MS students. He received his BS in Electrical from the Indian Institute of Science and PhD from Southern Methodist University.

Wei Jiang, Efficient and Constant-Round Secure Comparison through Function Transformation, Dynamic Group Switching and Asymmetric Computation

Wed, 27 Mar 2019 16:30:00 EDT

Within recent years, secure comparison protocols have been proposed using binary decomposition and properties of algebraic fields. These protocols have become increasingly efficient, but their performance has seemingly reached a plateau. We propose a new approach to this problem that transforms the comparison function into comparing specialized summations and takes advantage of dynamically switching domains of secret shares and asymmetric computations for intermediate calculations among the participating parties. As a consequence, according to our analysis, communication and computation costs have been brought to a very low and efficient level. Particularly, the communication costs have been considerably reduced both in order as well as the dominating term's order of magnitude. In addition, we propose a secure protocol under the malicious setting which maintains our transformation and is more efficient than the existing work for common domain sizes. About the speaker: Dr. Wei Jiang is an associate professor in the Department of Electrical Engineering and Computer Science of the University of Missouri-Columbia. He received the Bachelor's degrees in both Computer Science and Mathematics from the University of Iowa in 2002. He received the Ph.D. degree from Purdue University in 2008. His research interests mainly include secure multiparty computation and privacy-preserving data analytics. His work has been funded by the National Science Foundation, the Office of Naval Research, the National Security Agency, Google, and the University of Missouri Research Board.

Sathish Kumar, Securing IoT-based Cyber-Physical Human Systems against diverse attacks

Wed, 20 Mar 2019 16:30:00 EDT

In this talk the concept of Cyber Physical Human Systems security in the context of aviation systems will be introduced. The talk will also coverthe proposed security framework involving the detecting and responding to the attacks. In addition, the talk will describe the results of vulnerability assessment experiments from Aviations Cyber-Physical Systems pespective and the simulation experiments conducted for several attacks in the context of Internet of Things (IoT). About the speaker: Dr. Sathish A.P. Kumar is currently an Assistant Professor in the Department of Computing Sciences at the Coastal Carolina University, Conway, South Carolina, USA. He earned his PhD degree in Computer Science and Engineering from the University of Louisville, Kentucky, USA in 2007. His current research and teaching interests are in cybersecurity, machine learning, big data analytics and distributed systems. He has published more than 40 technical papers in journals and conference proceedings.

Charles Kamhoua, Game Theoretic Modeling of Cyber Deception in the Internet of Battlefield Things

Wed, 6 Mar 2019 16:30:00 EST

Most sophisticated cyber attack follow the well-known cyber kill chain. The first step of the cyber kill chain is the reconnaissance phase where attacker probe the network in search of weakness, misconfiguration, vulnerabilities, and identify potential targets before the actual attack start. To this end, the attacker need to collect important information about the characteristics of each devices (i.e., hardware, operating system, applications), the network topology, the different subnet, firewall rules, access control, privilege, the communication protocol at each layer, and the machine learning algorithm on each IoBT devices. The attacker reconnaissance can be summarized by an attack graph in which the node represent vulnerable IoBT devices and the edge show their associated vulnerabilities. This work investigates cyber deception as a complex game in which each player has three concurrent and interdependent objectives. Each players imperfectly monitor (partial observation) other players' action to find out each player's identity, strategies, payoff, available information, capability, and to continuously predict their intent. Each player strategically select to which players to hide particular information (e.g., camouflage). Each player judiciously manipulate other players' perception (e.g., decoy) based on his observed action, estimated capability, and predicted intent. This work examines from the defender's perspective several deception game on an attack graph. The defender goal is to stop the attacker early in the cyber kill chain and prevents the subsequent more dangerous phases. About the speaker: Charles A. Kamhoua is a researcher at the Network Security Branch of the U.S. Army Research Laboratory (ARL) in Adelphi, MD, where he is responsible for conducting and directing basic research in the area of game theory applied to cyber security. Prior to joining the Army Research Laboratory, he was a researcher at the U.S. Air Force Research Laboratory (AFRL), Rome, New York for 6 years and an educator in different academic institutions for more than 10 years. He has held visiting research positions at the University of Oxford and Harvard University. He has co-authored more than 150 peer-reviewed journal and conference papers. He is a co-inventor of 2 patents and 5 patent applications. He has been at the forefront of several new technologies, co-editing three books at Wiley-IEEE Press entitled "Assured Cloud Computing", "Blockchain for Distributed System Security" and "Modeling and Design of Secure Internet of Things", forthcoming. He has presented over 50 invited keynote and distinguished speeches and has co-organized over 10 conferences and workshops. He has mentored more than 60 young scholars, including students, postdocs, and Summer Faculty Fellow. He has been recognized for his scholarship and leadership with numerous prestigious awards, including the 2019 Federal 100-FCW annual awards for individuals that have had an exceptional impact on federal IT, the 2018 ARL Achievement Award for leadership and outstanding contribution to the ARL Cyber Camo (cyber deception) project, the 2018 Fulbright Senior Specialist Fellowship, the 2017 AFRL Information Directorate Basic Research Award "For Outstanding Achievements in Basic Research," the 2017 Fred I. Diamond Award for the best paper published at AFRL's Information Directorate, 40 Air Force Notable Achievement Awards, the 2016 FIU Charles E. Perry Young Alumni Visionary Award, the 2015 Black Engineer of the Year Award (BEYA), the 2015 NSBE Golden Torch Award—Pioneer of the Year, and selection to the 2015 Heidelberg Laureate Forum, to name a few. He has been congratulated by the White House, the US Congress and the Pentagon for those achievements. He received a B.S. in electronics from the University of Douala (ENSET), Cameroon, in 1999, an M.S. in Telecommunication and Networking from Florida International University (FIU) in 2008, and a Ph.D. in Electrical Engineering from FIU in 2011. He is currently an advisor for the National Research Council postdoc program, a member of the FIU alumni association and ACM, and a senior member of IEEE.

Bowei Xi, A Game Theoretic Approach for Adversarial Machine Learning -- When Big Data Meets Cyber Security

Wed, 27 Feb 2019 16:30:00 EST

Nowadays more and more data are gathered for detecting andpreventing cyber attacks. Unique to the cyber securityapplications, learning models face active adversaries that try todeceive learning models and avoid being detected. Hence futuredatasets and the training data no longer follow the samedistribution. The existence of such adversarial samplesmotivates the development of robust and resilient adversariallearning techniques. Game theory offers a suitable framework tomodel the conflict between adversaries and defender. We develop agame theoretic framework to model the sequential actions of theadversaries and the defender, allowing players to maximize theirown utilities. For supervised learning tasks, our adversarialsupport vector machine has a conservative decision boundary,whereas our robust deep neural network plays a random strategyinspired by the mixed equilibrium strategy. One the other hand,in real practice, labeling the data instances often requirescostly and time-consuming human expertise and becomes asignificant bottleneck. We develop a novel grid based adversarialclustering algorithm, to understand adversaries' behavior from alarge number of unlabeled instances. Our adversarial clusteringalgorithm is able to identify the normal regions inside mixedclusters, and to draw defensive walls around the center of the normalobjects utilizing game theoretic ideas. Our algorithm alsoidentifies sub-clusters of adversarial samples and the overlapping areaswithin mixed clusters, and identify outliers which may bepotential anomalies.

Meng Yu, Protection against Compromised Operating Systems on ARM Cortex-A Architecture

Wed, 20 Feb 2019 16:30:00 EST

ARM possessors are being widely used on mobile devices and smart IoT devices. Despite the best efforts, an operating system is too hard to be absolutely secured on both x86 and ARM platforms. We addresse the problem of executing an unmodified application in a compromised OS for ARM platforms. Existing protection mechanisms mainly focus on x86 platform, utilizing SGX of Intel Processors or a hypervisor which is running below an operating system. However, SGX is not available for ARM platform, and hypervisor is an overkill for embedded or IoT settings. We descript how to achieve the security goals on ARM Cortex-A processors using ARM specific designs. We also discuss the threats of side-channels and possible mitigations. About the speaker: Dr. Meng Yu is a Robert Miner Endowed Chair Professor of Roosevelt University. He is the Chairperson of the Department of Computer Science, Information Technology, and Data Science. He received his Ph.D. degree in Computer Science from Nanjing University, China. Before he joined Roosevelt University, he was a tenure associate professor of University of Texas at San Antonio and Virginia Commonwealth University. His research interests include systems and network security, cloud computing, virtualization and security. His primary research goal is to build more secure and trustworthy system software. He has been working on security problems such as privacy protection in cloud computing, self-healing problem, protection of applications against untrusted operating systems. His research has been supported by funding agencies such as National Science Foundation, Army Research Office, etc. He has served many conference program committees and also organized several international conferences and workshops.

David Ebert, Trustable Information for Security Applications: Visual Analytics for Reliable, Effective Decision Making

Wed, 6 Feb 2019 16:30:00 EST

Information, not just data, is key to today's security challenges. To solve these security challenges requires not only advancing computer science and big data analytics but requires new analysis and decision-making environments that enable reliable, decisions from trustable, understandable information. These environments are successful when they effectively couple human decision making with advanced, guided analytics in human-computer collaborative discourse and decision making (HCCD). Our HCCD approach builds upon visual analytics, traceable information, and human-guided analytics and machine learning and focuses on empowering the decision maker through interactive visual analytic environments where non-digital human expertise and experience can be combined with state-of-the-art and transparent analytical techniques. When we combine this approach with real-world application-driven research, not only does the pace of scientific innovation accelerate, but impactful change occurs. I'll describe how we have applied these techniques to homeland and community security, resiliency,public safety and disaster management. About the speaker: David Ebert is the Silicon Valley Professor of Electrical and Computer Engineering at Purdue University, a Fellow of the IEEE, interim director of the Center for Education and Research in Information Assurance and Security, and director of the Visual Analytics for Command Control and Interoperability Center (VACCINE), the Visualization Science team of the Department of Homeland Security's Command Control and Interoperability Center of Excellence. Ebert performs research in visual analytics, volume rendering, illustrative visualization, and procedural abstraction of complex, massive data. He is the recipient of the 2017 IEEE Computer Society vgTC Technical Achievement Award for seminal contributions in visual analytics. He has been very active in the visualization community, serving as Editor in Chief of IEEE Transactions on Visualization and Computer Graphics, serving as IEEE Computer Society Vice President and the IEEE Computer Society's VP of Publications, and successfully managing a large program of external funding to develop more effective methods for visually communicating information.

Sanjay Madria, Secure Information Forwarding through Fragmentation in Delay- tolerant Networks

Wed, 23 Jan 2019 16:30:00 EST

In application environments like international military coalitions or multi-party relief work in a disaster zone, passing secure messages using a Delay Tolerant Network (DTN) is challenging because the existing public-private key cryptographic approaches may not be always accessible across different groups due to the unavailability of Public Key Infrastructure (PKI). In addition, connectivity may be intermittent so finding reliable routes is also difficult. Thus, instead of sending a complete message in a single packet, fragmenting the message, and sending the fragments via multiple nodes can help achieve better security and reliability when multiple groups are involved. Therefore, encrypting messages before fragmentation and then sending both the data fragments and the key fragments (needed for decryption) provide much higher security. Keys are also fragmented as sending the key in a single packet can hamper security if it is forwarded to some corrupt nodes who may try to tamper or drop it. In this talk, I will discuss a scheme to provide improved security by generating multiple key-shares and data fragments, and disseminating them via some intermediate nodes. In this fragmentation process, we also create a few redundant blocks to guarantee higher data arrival rate at the destination when the message drop rate is high like in a DTN environment. The performance evaluation when compared to the closely related scheme like Multiparty Encryption shows the improvement on minimizing the number of compromised messages as well as reduced bandwidth consumption in the network. About the speaker: SanjayKMadriaisaCurators'DistinguishedProfessorintheDepartmentofComputer Science at the Missouri University of Science and Technology (formerly, University of Missouri- Rolla, USA). He received his Ph.D. in Computer Science from Indian Institute of Technology, Delhi, India in 1995. He has published over 250 Journal and conference papers in the areas of mobile and sensor computing, cloud and cyber security. He won five IEEE best papers awards in conferences such as IEEE MDM 2011, IEEE MDM 2012 and IEEE SRDS 2015. He is a co-author of a recent book on Secure Sensor Cloud published by Morgan and Claypool in Dec. 2018. He has served/serving in International conferences as a general co-chair, pc co-chair, and steering committee members, and presented tutorials/talks in the areas of secure sensor cloud, cloud computing, etc. NSF, NIST, ARL, ARO, AFRL, DOE, Boeing, ORNL, Honeywell, etc. have funded his research projects. He has been awarded JSPS (Japanese Society for Promotion of Science) invitational visiting scientist fellowship in 2006 and ASEE (American Society of Engineering Education) fellowship from 2008 to 2018. In 2012 and in 2018, he was awarded NRC Fellowship by National Academies. He has received research faculty excellence awards six times from his university. He is ACM Distinguished Scientist, and served/serving as an ACM and IEEE Distinguished Speaker, and is an IEEE Senior Member as well as IEEE Golden Core Awardee.

Chris Clifton, A Data Privacy Primer

Wed, 16 Jan 2019 16:30:00 EST

One of the reasons we care about information security is protectingprivacy, and satisfying requirements of privacy law. But whatexactly is meant by privacy? Is security sufficient to provideprivacy? This talk looks at some background on data privacy,and techniques for privacy protection including anonymity anddifferential privacy.

Haotian Deng, CEIVE: Combating Caller ID Spoofing on 4G Mobile Phones Via Callee-Only Inference & Verification

Wed, 9 Jan 2019 16:30:00 EST

Caller ID spoofing forges the authentic caller identity, thus making the call appear to originate from another user. In this paper, we propose CEIVE (Callee-only inference and verification), an effective and practical defense against caller ID spoofing. It is a victim callee only solution without requiring additional infrastructure support or changes on telephony systems. We implement CEIVE on Android phones and test it with all top four US mobile carriers, one landline and two small carriers. It shows 100% accuracy in almost all tested spoofing scenarios except one special, targeted attack case. About the speaker: Haotian Deng is a forth-year PhD student from the department of computer science. His advisor is Prof. Chunyi Peng. His research interests are mainly on mobile networks.

Yousra Aafer, Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Wed, 5 Dec 2018 16:30:00 EST

Access control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. Android Security model is no exception. This talk presents a new approach aiming to unveil Android inconsistent access controls enforced across multiple instances of the same resource. To address the complex nature of Android security checks (e.g., semantic similarity of syntactically different enforcements), the presented approach detects inconsistencies through modeling and normalizing diverse checks. The talk further presents application results of the approach, including the discovery of actual exploits. About the speaker: Dr. Aafer is a postdoctoral researcher at Purdue University. Her research tackles emerging threats of mobile and smart systems. She earned her Ph.D. degree in computer engineering from Syracuse University while focusing on Android security. Her discoveries directly benefited mobile vendors and led to publications in top security venues. She was elected as a member of the ACM's Future of Computing Academy.

James Lerums, Developing a Public/Private Cybersecurity Scorecard for the State of Indiana

Wed, 28 Nov 2018 16:30:00 EST

How do you assess the cybersecurity status of public and private organization in a State? The NIST has a comprehensive framework for assessing cybersecurity but for small companies with limited expertise or funding, this process is not possible to reasonably complete. Indiana Governor's Executive Council on Cybersecurity and Purdue University collaborated in conducting a Cybersecurity Scorecard Pilot to aid the improvements in cybersecurity across their state. The Cybersecurity Scorecard included several targeted objectives:Enable non-cybersecurity experts to confidently learn, self-assess, and initiate cybersecurity improvement.Enable public and private executives to identify systemic cybersecurity issuesProvide a means of comparing preparedness across public and private critical infrastructure and key resource sectors within the state.Utilize standards and measurements that support "apples to apples" comparison.Presentation will describe Indiana's Cybersecurity Scorecard's development process, pilot launch, and initial findings. About the speaker: James is currently an Interdisciplinary Information Security Ph.D. Candidate in the Purdue Homeland Security Institute and Department of Computer Information Technology at Purdue University, West Lafayette, Indiana. He has over thirty years of experience of as an engineer, senior manager, and military officer in voice and data communications, industrial automation, business, operations, and strategy.

Courtney Falk, Enemy Perspectives: When Nation-States Meet Cybercriminals

Wed, 14 Nov 2018 16:30:00 EST

Threat intelligence is interested in the entire kill chain from tools to victims. Chief among these interests are the threat actors themselves who carry out attacks and campaigns. Many different schemes exist on how to classify differet types of threat actors in order to more easily describe and understand them. This presentation focuses on the nation-state and cybercriminal classes of threat actors, how they differ, and how they overlap. Real world examples are provided to illustrate new and different ways of thinking about threat actors. About the speaker: Dr. Courtney Falk is an information security professional with over ten years of experience in the government, academic, and public sectors. He earned his doctorate of philosophy from Purdue University while researching the applications of natural language processing to information security problems. Courtney currently works as the senior research scientist for Optiv's Global Threat Intelligence Center.

Jason Ortiz, IoT Security: Living on the Edge

Wed, 7 Nov 2018 16:30:00 EST

This talk will explore the enormous threat landscape presented by the IoT ecosystem and examine the state of IoT security with a bit of humor. We will look at everything from individual devices, to conceptual challenges, as well as potential solutions to the most challenging security question we have ever had to answer. About the speaker: Jason is Sr. Integration Engineer and has worked in related roles for 9 years since graduating from Purdue University with a BS in Computer Science in 2009. Prior to joining Pondurance, Jason worked as a defense contractor in the Washington D.C. area and was a NASA intern while attending Purdue. Jason loves the challenges brought forward by a career in cyber security and working to secure national infrastructure. Outside of cyber security, Jason considers himself a maker with a particular passion for educational technology, an amateur cartographer, an urban enthusiast and is fascinated by aerospace engineering and everything related space exploration. Jason also enjoys playing soccer and basketball as well as rooting for the Colts, Pacers, Caps and Blues! Jason is excited to be back in Indy and to be part of the rising Indy tech community!

Meng Xu, Precise and Scalable Detection of Double-Fetch Bugs in Kernels

Wed, 31 Oct 2018 16:30:00 EDT

During system call execution, it is common for operating system kernels to read userspace memory multiple times (multi-reads). A critical bug may exist if the fetched userspace memory is subject to change across these reads, i.e., a race condition, which is known as a double-fetch bug. Prior works have attempted to detect these bugs both statically and dynamically. However, due to their improper assumptions and imprecise definitions regarding double-fetch bugs, their multiread detection is inherently limited and suffers from significant false positives and false negatives. For example, their approach is unable to support device emulation, inter-procedural analysis, loop handling, etc. More importantly, they completely leave the task of finding real double-fetch bugs from the haystack of multireads to manual verification, which is expensive if possible at all.In this paper, we first present a formal and precise definition of double-fetch bugs and then implement a static analysis system— DEADLINE—to automatically detect double-fetch bugs in OS kernels. DEADLINE uses static program analysis techniques to systematically find multi-reads throughout the kernel and employs specialized symbolic checking to vet each multi-read for double-fetch bugs. We apply DEADLINE to Linux and FreeBSD kernels and find 23 new bugs in Linux and one new bug in FreeBSD. We further propose four generic strategies to patch and prevent double-fetch bugs based on our study and the discussion with kernel maintainers. About the speaker: Meng Xu is a 5th-year Ph.D. student at School of Computer Science, Georgia Tech, advised by Professor Taesoo Kim. He is a member of SSLab and IISP. His research interests include system security, N-version programming, and bug finding. He served on the program committee of ACM CCS'18, and published many papers at top conferences such as ACM CCS USENIX Security and IEEE S&P.

Mark Loepker, 80/20 Rule-Cyber Hygiene

Wed, 24 Oct 2018 16:30:00 EDT

Hygiene - it's good for your body and it's good for your computer/network. We will explore the simplicity of cyber hygiene and the insider/outsider threats that take advantage of poor hygiene. It is all a matter of focus and attention to threat actors. In addition, we will introduce you to the Cyber Center for Education and Innovation, Home of the National Cryptologic Museum (CCEI-NCM). This is a unique national value proposition to bring together cybersecurity education and invite collaboration. CCEI-NCM's core mission is to broaden cyber threat awareness, understand cybersecurity best practices with educational outreach, and to enhance operational cybersecurity workforce development in support of our nation's critical infrastructure sectors. About the speaker: Mark S. Loepker is a master practitioner in Information Assurance (IA) and International Partnerships with over 39 years of government experience. He excels at orchestrating dissimilar groups aimed at fostering consensus to solve the toughest cybersecurity challenges. Mr. Loepker held many Executive level leadership positions throughout his career.Mr. Loepker currently serves as a Senior Advisor and Education Lead to the National Cryptologic Museum Foundation, focused on developing educational programs to be delivered from the new Cyber Center for Education & Innovation (CCEI). In this role, he focuses on ensuring that K-12/STEM initiatives are tightly aligned with national cyber curriculum standards, and that the CCEI becomes a national resource addressingworkforce development and operational training requirements targeting 13-20 grade curriculum.During his National Security Agency career, he worked closely with Congressional Members and Staff on emerging cybersecurity issues and legislation. He was the Director, National Information Assurance Partnership (NIAP) established between the National Institute of Standards and Technology (NIST) and NSA to evaluate Information Technology (IT) product conformance to international standards. He was the Department of Defense Chief Information Officer (DoD/CIO), Defense-wide Information Assurance Program (DIAP) Director. He ensured the DoD's vital IT resources were secured and protected by unifying and integrating cybersecurity activities to achieve secure Net-Centric Global Information Grid operations. He served as the Committee on National Security Systems (CNSS), Secretariat Manager and was responsible for setting National Security Systems (NSS) national-level Information Assurance policies, directives, and instructions and providing a forum for the discussion of policy issues amongst U.S. Government departments and agencies. He served as the Common Criteria Recognition Arrangement (CCRA) Executive Subcommittee Chairman leading 27 Nations in product assurance, evaluation, supply chain risk management and managing the CCRA. He served for six years as the NATO Information Security Subcommittee National Co-Chairman and three years as the CNSS Subcommittee Chairman.Mr. Loepker, working with Dr. Melissa Dark, Purdue's Professor of Technology in Computer and Information Technology, pioneered the first-ever NSA sponsored class where graduate students used typical NSA technical challenges for their class work with mentorship from NSA TechnicalDirectors. After five years, the effort now spans 19 Universities and 12 government agencies with over 354 alumni and over 160 currently enrolled.Mr. Loepker's educational degrees include a Master in Business Administration – Quantitative Analysis, University of Missouri; Bachelor of Science in Electrical Engineering Technology, Purdue University; Associate in Aviation Electronic Technology, Purdue University and numerous NSA technical, executive and legislative development programs.

Ryan Goldsberry, Applied Cyber and Mobile Security Consulting

Wed, 17 Oct 2018 16:30:00 EDT

Cyber security for increasingly mobile clients is an increasing and never ending challenge. Companies of the future are adopting agile systems and cross-functional processes to respond to these challenges. About the speaker: Mr. Goldsberry is a Specialist Leader in Deloitte's Transportation Strategy and Operations group. Ryan has over 20 years of leadership experience in industrial and automotive companies. He uses his background in both Strategic Marketing and Supply Chain to assist clients struggling with disruptive change. Ryan has managed consulting engagements in transportation, telecommunications, energy, and financial services, using his background in both strategic marketing and operations. His passion is preparing clients for the disruptive changes that are occurring due to changing mobility preferences and due to new technologies like autonomous, connected, electric, and shared vehicles/infrastructure. He has worked extensively with manufacturers, suppliers, universities, and government agencies to tackle these problems and prove out solutions with pilots and new business models. Prior to joining Deloitte, Ryan successfully turned around several automotive aftermarket businesses and has extensive experience across the automotive value chain from OEM to retail to wholesale/distribution. Ryan has a BS in Mechanical Engineering from Cornell University, an MS in Manufacturing Systems Engineering from the University of Michigan, and an MBA from Stanford University.

Jessy Irwin, Double the Factors, Double the Fails: How Usability Obstacles Impact Adoption of Strong Authentication Habits

Wed, 10 Oct 2018 16:30:00 EDT

About the speaker: Jessy Irwin is Head of Security at Tendermint, where she excels at translating complex cybersecurity problems into relatable terms, and is responsible for developing, maintaining and delivering comprehensive security strategy that supports and enables the needs of her organization and its people. Prior to her role at Tendermint, she worked to solve security obstacles for non-expert users as a strategic advisor, security executive, consultant and former Security Empress at 1Password. She regularly writes and presents about human-centric security, and believes that people should not have to become experts in technology, security or privacy to be safe online.Her current interests include security maturity and culture, usable security and secure UI/UX, and building impactful security teams and programs in emerging blockchain technologies.

Shiqing Ma, Kernel-Supported Cost-Effective Audit Logging for Causality Tracking

Wed, 26 Sep 2018 16:30:00 EDT

The Linux Audit system is widely used as a causality tracking system in real-world deployments for problem diagnosis and forensic analysis. However, it has poor performance. We perform a comprehensive analysis on the Linux Audit system and find that it suffers from high runtime and storage overheads due to the large volume of redundant events. To address these shortcomings, we propose an in-kernel cache-based online log-reduction system to enable high-performance audit logging. It features a multi-layer caching scheme distributed in various kernel data structures, and uses the caches to detect and suppress redundant events. Our technique is designed to reduce the runtime overhead caused by transferring, processing, and writing logs, as well as the space overhead caused by storing them on disk. Compared to existing log reduction techniques that first generate the huge raw logs before reduction, our technique avoids generating redundant events at the first place. Our experimental results of the prototype KCAL (Kernel-supported Cost-effective Audit Logging) on one-month real-world workloads show that KCAL can reduce the runtime overhead from 40+% to 15-%, and reduce space consumption by 90% on average. KCAL achieves such a large reduction with 4% CPU consumption on average, whereas a state-of-the-art user space log-reduction technique has to occupy a processor with 95+% CPU consumption all the time. About the speaker: Shiqing Ma is a Ph.D. candidate from the Department of Computer Science at Purdue University, advised by Dr. Xiangyu Zhang and Dr. Dongyan Xu. He received his B.E. from School of Software Engineering, Shanghai Jiao Tong University (SJTU) in 2013. His research focuses on system/software security, software engineering and machine learning. He is a recipient of the Bilsland Dissertation Fellowship and two Distinguished Paper Awards from NDSS 2016 and USENIX Security 2017.

Jillean Long Battle, What's Private: Exploring Reasonable Expectation of Privacy in the Age of Modern Innovation

Wed, 19 Sep 2018 16:30:00 EDT

Millions of people spend their day chatting away on their cellphones, ordering groceries from Amazon's Alexa, making calendar appointments with Apple's Siri, or posting on Facebook about the last concert they attended. Sharing our personal information via social media platforms or providing it to third party companies has become so common place in our routines that it begs the question, "What, if anything, in our personal lives is really private?" As we grow more comfortable using modern technology to streamline and stay connected, are we risking our right to a reasonable expectation of privacy, a protection garnered by the Fourth Amendment of the U.S. Constitution? Modern innovation has presented the judiciary with unique challenges, as the court balances the legitimate interests of government and the people. We will explore the dynamics of Carpenter v. United States, United States v. Miller, and Smith v. Maryland, and the recent developments surrounding the Golden State Killer and the Arkansas murder case involving Amazon's Alexa. About the speaker: Jillean Long Battle serves as Director of Privacy, Security and Compliance for the Rofori Corporation, an innovative technology company that uses meta data tagging and advanced algorithmic software to enhance virtual communication and cyber security protection for the public and private sectors. Before joining the Rofori Corporation, Jillean served as the Deputy Treasurer of State for both Missouri and Indiana. In her roles, she took the lead on risk management, provided legal guidance to the state treasurer, and acted to protect the states' investment portfolios, which included assets valued at $3 billion and $8 billion respectively. Jillean also served as a Trustee of the Indiana Public Retirement System, a pension system with approximately $30 billion in assets under management. A self-proclaimed WWII historian and Starbucks enthusiast, Ms. Battle has shared her financial insight and governance strategies in national publications and conferences across North America. She has been a panelist along-side respected economist and political leaders from around the world, including former Federal Reserve Chairman Ben Bernanke. When Jillean is not watching a documentary film or practicing yoga, she is cruising the corridors of art museums for inspiration. Jillean Battle is a licensed attorney, and holds degrees from the University of California, Berkeley and Indiana University School of Law.

Doug Rapp, Breaching Water Treatment Plants: Lessons Learned from Complex Exercises

Wed, 5 Sep 2018 16:30:00 EDT

US cybersecurity experts determined that Russian hacking group Dragonfly targeted the United States and European utilities with a cyber espionage campaign from 2015 – 2017. This government sponsored group was able to successfully infiltrate core control systems. Cold War espionage methodologies such as "sleeper cells" are now being executed in the cyber domain. Industrial firms including power and water providers have proven to be susceptible to attacks and disruptions that could be used during a significant geopolitical conflict. Antiquated industrial control devices now connected to the internet make utilities in even the most advanced countries susceptible to everyone from hacktivists to cyber criminals to nation states. In these times, the question has shifted from "can they?" to "when will they?". Using Indiana's groundbreaking cybersecurity exercise Crit-Ex as an example, we explore exactly how vulnerable of utilities really are and how insights into incident response and resiliancy are discovered through complex training and exercises. About the speaker: Douglas Rapp is the President of Rofori Corporation, an innovative young technology company that uses meta data tagging and advanced algorithmics to turn unstructured data into signal. Rofori's flagship application is DEFCON cyber, a scalable cybersecurity risk and awareness tool that offers small business enterprise level expertise. He is also President of the Cyber Leadership Alliance, a non-profit organization that convenes leadership in cybersecurity & security in the internet of things to synchronize efforts, promote cybersecurity efforts in the region, foster innovation and promote the economic impact. CLA's CISO forum represents over 20 Billion of private industry in Indiana. Doug is a published author on cybersecurity training, workforce development, and economic development. He is also an entrepreneur in residence for Purdue University. He is an international speaker and has testified before Congress on cybersecurity matters. Doug is a lifelong Hoosier, a former military officer and combat veteran and cybersecurity optimist.

Ryan Elkins, Hacking Your Security Career: Strategies That College Did Not Teach Me

Wed, 29 Aug 2018 16:30:00 EDT

The field of Information Security is broad with many career paths. The high demands and low supply for security expertise is constantly in the news. How do we fix this? Many people are either intimidated by security or do not realize that their expertise and talent would be a perfect fit for the security industry even if they are in a different field. This talk will bridge that gap and help identify the opportunities available to you. Common questions will be answered such as how to get started, what resources should be utilized, and what exactly does a career in Information Security look like. This presentation will turn the traditional career approach upside down and utilize the "hacker mindset" to our advantage to accelerate our careers, create opportunities, and position ourselves to be successful. About the speaker: Ryan Elkins, Advisor, Cloud and Application Security ArchitectureRyan Elkins leads the cloud and application security architecture programs for Eli Lilly and Company. Elkins has over 10 years of security experience leading programs across the financial, insurance, and pharmaceutical industries. Throughout his career, he has developed multiple application security programs, managed a global security services operations center, designed complex cloud architectures, performed security consulting and penetration testing, and has led a global information security program. Elkins holds the CISSP and CCSP certifications, a bachelors degree in Computer Technology from Kent State University, and a masters degree in Information Security from Nova Southeastern University.

Abe Clements, Protecting Bare-metal Embedded Systems from Memory Corruption Attacks

Wed, 22 Aug 2018 16:30:00 EDT

Embedded systems are used in every aspect of modern life. The Internet of Things is comprised of millions of these interconnected systems many of which are low cost bare-metal systems, executing without an operating system. These systems rarely employ security protections. Their development assumptions of unrestricted access to all memory and instructions and constraints on runtime, energy, and memory makes applying protections particularly challenging. I will present recent two recent techniques EPOXY (IEEE S&P 2017) and ACES (USENIX Security 2018), that harden bare-metal systems against memory corruption attacks. EPOXY is an LLVM based embedded compiler that uses a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode. This provides the foundation on which code-integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. EPOXY also employs fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks.These defenses prevent code injection attacks and ROP attacks from scaling across large sets of devices. EPOXY's evaluation on case study applications shows that EPOXY has, on average, a 1.8% increase in execution time and a 0.5% increase in energy usage.ACES is another LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems, thus applying the principle of least privileges. ACES takes a developer-specified compartmentalization policy and then automatically creates an instrumented binary that isolates compartments at runtime, while handling the hardware limitations of bare-metal embedded devices. ACES evaluation shows that ACES' compartments can have low runtime overheads (13% on our largest test application), while using 59% less Flash, and 84% less RAM than the Mbed uVisor—the current state-of-the-art compartmentalization technique for bare-metal systems. ACES‘ compartments protect the integrity of privileged data, provide control-flow integrity between compartments. About the speaker: Abe Clements is Senior Member of Technical Staff at Sandia National Laboratories and 4th year PhD student at Purdue University. He started at Sandia in 2010 where he worked primarily in industrial control system cyber security. In 2015 he was selected for Sandia's Doctoral Studies Program and came to Purdue for his doctoral studies. His PhD research focuses on using static and dynamic program analysis to create and deploy memory protection mechanisms for embedded systems. He is co-advised by Saurabh Bagchi (ECE) and Mathias Payer (CS). He holds a B.S. and M.S. Electrical Engineering from Utah State University.

Cristina Ledezma, DoD Cyber Requirements and Directives

Wed, 25 Apr 2018 16:30:00 EDT

The field of cyber engineering is relatively new as compared to other engineering disciplines such as software, mechanical, and systems. However, as we consistently hear and read about, cyber has rapidly become all-encompassing for every industry, including the Department of Defense. Specifically for DoD and weapons systems, the application of cyber engineering and cyber solutions must account for the entirety of the system life cycle. This requires a cyber test and evaluation strategy be defined from the start of a program and applied throughout the system life cycle, or system "V". This presentation will discuss the cyber requirements and directives as levied by the Department of Defense and how this affects program test and evaluation strategies and implementation across DoD programs. About the speaker: Cristina was born in Germany, raised in Louisiana, and transplanted to Indiana. She has worked in multiple roles and industries during her career including software development and test in both the automotive and defense industries. She is currently a Principal Cybersecurity Engineer with Raytheon Information, Intelligence, and Services (IIS). Cristina received a Bachelor's of Science in Electrical Engineering and Masters in Interdisciplinary Engineering from Purdue University. She has also received her Masters in Systems Engineering from Johns Hopkins University. Cristina is married and has three children.

Leon Ravenna, Personally Identifiable Data and the Specter of Customer Privacy

Wed, 18 Apr 2018 16:30:00 EDT

As more and more Personally Identifiable data is collected or created, the specter of customer privacy issues are looming large. Enterprises need to take a long hard look at the information they are capturing and determine whether the potential value outweighs the potential risk. How do your current Privacy practices match up against upcoming laws soon to Europe? Are you prepared to deal with new laws that with fines up to 4% of global revenue? If not, how do you start? Are you prepared to deal with companies using your data like Facebook, Google, Cambridge Analytica with or without your approval? Takeaways:What does your data mean to you and others? Understand what the implications of new laws are as well as your risksUnderstand how to comply with upcoming lawsUnderstand the technology at issueUnderstand how contracts and dataflow will be impactedHow can this be beneficial for you personally About the speaker: Leon has over 25 years' experience in Healthcare, Financial Services and Technology companies. He leads Global Security Strategy, Execution, Privacy and Compliance services.Leon is currently CISO of a $3B multi-national company in the auto auction and services space. Providing Security, Privacy & Compliance expertise for over 17,000 employees. Leon has led nationwide support, Web & CRM development efforts, data center builds, infrastructure for SaaS companies in the medical and financial space.Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST system builds and audits. In addition to holding a PMP.Leon is one of a very small group world-wide to hold 6 major Global Privacy certifications including CIPM, CIPP/ C and CIPP/ E, CIPP/ G, CIPP/ US and FIP.

Debajyoti Das, Anonymity Trilemma : Strong Anonymity, Low Bandwidth Overhead, Low Latency – Choose Two.

Wed, 11 Apr 2018 16:30:00 EDT

Over the last three decades, several anonymous communication (AC) protocols have been proposed towards improving users' privacy over the internet. Among those, the Tor protocol has been particularly successful. Thanks to its low communication latency and low bandwidth overhead, Tor today is employed by millions of users worldwide. Nevertheless, its anonymity is known to be broken in the presence of global adversaries. AC protocols like the dining cryptographers network provide anonymity even in the presence of global adversaries at the expense of bandwidth overhead, while others such as the mixing network designs improve anonymity at the expense of higher latency.In this work, we investigate the fundamental constraints of anonymous communication (AC) protocols. We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against the global passive (network-level) adversary. We confirm the trilemma that an AC protocol can only achieve two out of the following three properties: strong anonymity (i.e., anonymity up to a negligible chance), low bandwidth overhead, and low latency overhead.We further study anonymity against a stronger global passive adversary that can additionally passively compromise some of the AC protocol nodes. For a given number of compromised nodes, we derive necessary constraints between bandwidth and latency overhead whose violation make it impossible for an AC protocol to achieve strong anonymity. We analyze prominent AC protocols from the literature and depict to which extent those satisfy our necessary constraints. Our fundamental necessary constraints offer a guideline not only for improving existing AC systems but also for designing novel AC protocols with non-traditional bandwidth and latency overhead choices.

Josh Corman, Symposium Closing Keynote - Bits & Bytes, Flesh & Blood, and Adapting for the Next 20 Years

Wed, 4 Apr 2018 16:30:00 EDT

Symposium Closing Keynote - Bits & Bytes, Flesh & Blood, and Adapting for the Next 20 Years About the speaker: Joshua Corman is a Founder of I am The Cavalry (dot org), and formerly served as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and I am The Cavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon's Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Chris Reed, Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail

Wed, 28 Mar 2018 16:30:00 EDT

Security is often implemented through bolt-on assessments including periodic testing that only happens once in a release or even annually. Manual security processes can no longer keep up in today's fast paced world of agile development, devops and constant vulnerabilities. DevSecOps, or Security as Code, is an approach that allows security staff to multiply resources and increase agility and speed. Executed properly it also provides the audit trail necessary to demonstrate control even in the most rigorous regulatory environments. This session will explore this approach in the context of regulated medical device software. We'll explore the integration of Software Composition Analysis (3rd Party Open Source Libraries), Static Source Code Analysis, Dynamic Testing along with automated verification leveraged to reduce the risk of security failures in development and post-market/production operations. About the speaker: Chris Reed, Director of Product Cybersecurity at Eli Lilly and CompanyChris Reed leads the Cybersecurity Program for digital products at Eli Lilly and Company. He has been an information security practitioner for over 15 years including roles designing corporate security protection/detection/response systems, managing security operations, applying security architecture at enterprise scale, leading vendor assessments, leading pen testing and developing security standards and policy. Currently he is focused on establishing the Product Cybersecurity Program including formalizing cybersecurity risk management to ensure adequate cybersecurity controls are designed into medical devices as well as establishing the necessary post-market practices of vulnerability management and incident response for Eli Lilly and Company.

Pedro Moreno-Sanchez, Mind Your Credit: Assessing the Health of the Ripple Credit Network

Wed, 21 Mar 2018 16:30:00 EDT

The Ripple credit network has emerged as the payment backbone withindisputable advantages for financial institutions and the remittanceindustry. Ripple's market capitalization is currently third only toBitcoin and Ethereum. Its path-based IOweYou (IOU) settlements acrossdifferent currencies conceptually distinguishes the Ripple blockchainfrom the cryptocurrencies (such as Bitcoin) and makes it highly suitableto an orthogonal yet vast set of applications in the remittance worldand beyond. In this talk, I present our recent study of the structure and evolutionof the Ripple network since its inception, and our research resultsregarding its vulnerability to attacks that harm the IOU credit of itswallets. We find that about 13M USD are at risk in the current Ripplenetwork due to inappropriate configuration of the rippling flag oncredit links that paves the way to undesired redistribution of creditacross those links. Although the Ripple network has grown around a fewhighly connected hub (gateway) wallets that make the core of the networkand provide high liquidity to users, such credit link distributionresults in a user base of around 112,000 wallets that can be financiallyalienated by as few as 10 highly connected gateway wallets. Indeed,today about 4.9M USD cannot be withdrawn by their owners from the Ripplenetwork due to PayRoutes, a gateway tagged as faulty by the Ripplecommunity. Finally, we observe that stale exchange offers pose a realproblem, and exchanges (market makers) have not always been vigilantabout periodically updating their exchange offers according to currentreal-world exchange rates. For example, stale offers were used by 84Ripple wallets to gain more than 4.5M USD from mid-July to mid-August2017. Our findings should prompt the Ripple community to improve thehealth of the network by educating its users on increasing theirconnectivity, and by appropriately maintaining the credit limits,rippling flags, and exchange offers on their IOU credit links. About the speaker: Pedro Moreno-Sanchez is a PhD student in the Department of ComputerScience at Purdue University. His advisor is Prof. Aniket Kate. Hiscurrent research focuses on the areas of security, privacy andreliability of credit network based systems such as Ripple. Previously,he also worked on network access control in distributed scenarios suchas eduroam. Before moving to Purdue University in August 2015, he started his PhDstudies at Saarland University in 2013 under the supervision of Prof.Aniket Kate. Previously, he was an intern researcher at IBM Research -Zurich (Switzerland) in 2017 under the supervision of Christian Cachin;at Ripple (USA) in 2016 under the supervision of Stefan Thomas; and atPhilips Research Europe (The Netherlands) under the supervision of OscarGarcia-Morchon and Rafael Marin-Lopez. He received his bachelors andmasters from University of Murcia (Spain) in 2011 and 2013 respectively.

Nathan Burrow, CFIXX -- Object Type Integrity for C++

Wed, 7 Mar 2018 16:30:00 EST

C++ relies on object type information for dynamic dispatch and casting. The association of type information to an object is implemented via the virtual table pointer, which is stored in the object itself. As C++ has neither memory nor type safety, adversaries may therefore overwrite an object's type. If the corrupted type is used for dynamic dispatch, the attacker has hijacked the application's control flow. This vulnerability is widespread and commonly exploited. Firefox, Chrome, and other major C++ applications are network facing, commonly attacked, and make significant use of dynamic dispatch. Control- Flow Integrity (CFI) is the state of the art policy for efficient mitigation of control-flow hijacking attacks. CFI mechanisms determine statically (i.e., at compile time) the set of functions that are valid at a given call site, based on C++ semantics. We propose an orthogonal policy, Object Type Integrity (OTI), that dynamically tracks object types. Consequently, instead of allowing a set of targets for each dynamic dispatch on an object, only the single, correct target for the object's type is allowed. To show the efficacy of OTI, we present CFIXX, which enforces OTI. CFIXX enforces OTI by dynamically tracking the type of each object and enforcing its integrity against arbitrary writes. CFIXX has minimal overhead on CPU bound applica- tions such as SPEC CPU2006 — 4.98%. On key applications like Chromium, CFIXX has negligible overhead on JavaScript benchmarks: 2.03% on Octane, 1.99% on Kraken, and 2.80% on JetStream. We show that CFIXX can be deployed in conjunction with CFI, providing a significant security improvement. About the speaker: Nathan Burow is a fifth year PhD student in systems security, working for his Mathias Payer in the HexHive group within the Computer Science department at Purdue University. His research focuses on modifying the LLVM compiler infrastructure to secure the C / C++ programming languages. In particular, he is interested in adding memory and type safety to prevent control-flow hijacking attacks.

Courtney Falk, Threats and Risks in Cryptocurrencies

Wed, 28 Feb 2018 16:30:00 EST

Cryptocurrencies have exploded in popularity in the last few years. These cryptographic systems aim to provide freedom from government-backed fiat currencies. This presentation examines the traditional and novel risks to cryptocurrency systems. Special attention is paid to documented attacks on cryptocurrency infrastructure, criminal use of cryptocurrencies, and the policies affecting cryptocurrency systems. About the speaker: Dr. Courtney Falk is an information security professional with over ten years of experience in the government, academic, and public sectors. He earned his doctorate of philosophy from Purdue University while researching the applications of natural language processing to information security problems. Courtney currently works as the senior research scientist for Optiv's Global Threat Intelligence Center.

Mitchell Parker, Lessons Learned From the Retrocomputing Community

Wed, 21 Feb 2018 16:30:00 EST

The purpose of this presentation is to show that successful retrocomputing projects and groups which currently exist follow patterns we can use to help low-resource and industrial organizations that need to secure their devices. Can retrocomputing breathe new life into older technology to help secure the enterprise? About the speaker: Mitchell Parker, CISSP, is the Executive Director, Information Security and Compliance, at IU Health in Indianapolis, Indiana. Mitch is currently working on redeveloping the Information Security program at IU Health, and regularly works with multiple non-technology stakeholders to improve it. He also speaks regularly at multiple conferences and workshops, including HIMSS, IEEE TechIgnite, and Internet of Medical Things. Mitch has a Bachelor's degree in Computer Science from Bloomsburg University, a MS in Information Technology Leadership from LaSalle University, and his MBA from Temple University.

Adil Ahmad, OBLIVIATE: A Data Oblivious File System for Intel SGX

Wed, 14 Feb 2018 16:30:00 EST

Trusted computing is the key component in achieving confidentiality and integrity in modern cloud environments. Commodity trusted hardware such as Intel SGX and ARM Trustzone allow programs to execute and store sensitive data in secure memory regions. It is envisioned that these systems will enable important applications from trusted data analytics and Private Information Retrieval (PIR) in the cloud to content protection and secure financial services in mobile settings.This talk deals with the security aspects of SGX programs in accessing a key system resource, files. Our focus would be on concrete attacks against existing SGX filesystem implementations through well-known side-channels, as well as the design and implementation of an oblivious filesystem to thwart aforementioned attacks. Our solution, Obliviate, mitigates this threat using ORAM, a cryptographic primitive which enables secure data access even when the attacker can observe all memory interactions. We show that a naive implementation of ORAM within SGX opens vulnerability to other attacks and induces a degree of overhead. Therefore, Obliviate develops a secure implementation of ORAM using CMOV, an x86-based instruction, and employs other SGX-specific optimizations. We show that Obliviate can secure all filesystem interactions while providing a performance improvement of 6 − 8× over a baseline scheme. Potential use-cases of Obliviate include real-world cloud applications such as web servers, databases and personal cloud storage. This work will appear in NDSS 2018. About the speaker: Adil Ahmad is a PhD student with the Department of Computer Science at Purdue University, being advised by Prof. Byoungyoung Lee. His primary research interests are in the field of systems and security with a particular focus on hardware-assisted trusted computing.

Brian Lynch, Eli Lilly's Path to a Successful Threat Intelligence Program

Wed, 7 Feb 2018 16:30:00 EST

Eli Lilly's Threat Intelligence team (CTI) was officially established in July of 2016 tasked with several key objectives that would need to be met for the overall Security organization to be successful. This talk is going to cover the CTI team's journey over the past year, where they started from, how they got the start, the current state, as well as the future direction of the Threat Intelligence program. This will not be a deep technical talk, but rather a process-based talk covering a wide variety of topics including some of the following:GovernanceCISO SponsorshipValue of Previous Consulting HelpTypes of IntelligenceValue Driven by the CTI TeamCriteria for Selecting a Threat Intelligence Feed and TIP VendorHunting FrameworkTIP Integration(s) About the speaker: Brian Lynch is a Consultant on our Threat Intelligence team at Eli Lilly and has been with the company for over 16 years. He has held various roles within security thus far, including the Manufacturing security team, Vulnerability Management, Threat Management, and most recently Threat Intelligence since July 2016. He holds a Bachelor's degree in Management Information Systems and a Master's degree in Information and Communication Sciences. He also has several security certifications including CompTIA's Security+, Certified Ethical Hacker (CEH), and Certified Information Systems Security Professional (CISSP).

Matt Dimino, State of Cybersecurity in Healthcare

Wed, 31 Jan 2018 16:30:00 EST

The public health sector cannot deliver efficient and safe patient care without digital interconnectivity among devices. If the healthcare system is connected, but insecure, the interconnectivity could betray patient safety, subjecting patients to uncalculated and unnecessary risks with insurmountable costs, including death. Our nation must realize the dangers imposed on patients due to the reliance on interconnectivity amongst devices and information systems. Healthcare delivery organizations are often seen and titled as safe places, places for healing, and places we trust. These entities are a repository for our most sacred personal information as well as a harbor for some of the most technologically advanced equipment; thus they have become easy targets for threat actors.Real cases of protected health information theft, ransomware, and targeted nation-state hacking prove that our nation's healthcare systems, data, devices, and reputation are vulnerable. This presentation aims at depicting the current state of cybersecurity in healthcare delivery organizations as well as at understanding the main threats organizations face, discussion the ecosystem, industry-specific pitfalls, and the patient health attack model. About the speaker: Matt Dimino is on a mission to help our nation's healthcare and public health sector critical infrastructure recognize and prepare for tomorrows cyber threat landscape. Mr. Dimino works as an imaging engineer at Eskenazi Health, an adjunct professor for IUPUI and as a researcher and consultant for a non-profit public health and safety organization. Mr. Dimino has a BS in Healthcare Engineering Technology and an MBA, he has attained IT industry certifications such as CCNA, Network+, Healthcare IT, CSA+, and has completed formal cyber security and ethical hacking training. Motivated by work that makes a difference, Mr. Dimino is proud to continue research and development in the domains of training, testing, mitigation, and cyber threat avoidance strategies with a goal of disseminating cyber threat information.

Lotfi ben-Othmane, What Roles Can Empirical Research Play to Advance Software Security Knowledge?

Wed, 24 Jan 2018 16:30:00 EST

Software is an essential component to the operation of business information systems, cyber physical systems, and various personal devices. Despite increased awareness and concern about software security threats, current state of the art of software engineering practices are inadequate: new categories of security weaknesses are commonly reported. Challenges that hinder development of secure software start with difficulty of identifying threats and estimating risks. Practices such as incremental software development also pose challenges to software security. This talk discusses through a set of examples how empirical research can help to advance the state of the art of secure software engineering. About the speaker: Lotfi ben Othmane is a Lecturer (aka Teaching Assistant Professor) at Iowa State University, USA. He was the Head of the Department Secure Software Engineering at Fraunhofer Institute for Secure Information Technology, Germany. Dr. ben Othmane has extensive experience in industry and academia in Tunisia, Canada, USA, The Netherlands, and Germany. His research interests include the use of empirical research in secure software development, development of secure systems using an agile approach, and cyber-resilience in connected vehicles. He has about 40 peer-reviewed publications. Dr. ben Othmane received his Ph.D. degree from Western Michigan University, USA, in 2010; M.S. degree from University of Sherbrooke, Canada, in 2000; and B.S degree from University of Sfax, Tunisia, in 1995.

Ben Harsha, The Economics of Offline Password Cracking

Wed, 17 Jan 2018 16:30:00 EST

Password leaks have become an unfortunately common occurrence, with billions of records leaked in the past few years. In this work we develop and economic model to help predict how many user passwords such an attacker will crack after such a breach. Our analysis indicates that currently deployed key stretching mechanisms such as PBKDF2 and BCRYPT provide insufficient protection for user passwords. In particular, our analysis shows that a rational attacker will crack 100% of passwords chosen from a Zipf's law distribution and that Zipf's Law accurately models the distribution of most user passwords. This dismal claim holds even if PBKDF2 is used with 100,000 hash iterations (10 times greater than NIST's minimum recommendation). On a positive note our analysis demonstrates that memory hard functions (MHFs) such as SCRYPT or Argon2i can significantly reduce the damage of an offline attack. Based on our analysis we advocate that password hashing standards should be updated to require the use of memory hard functions for password hashing and disallow the use of non-memory hard functions such as BCRYPT or PBKDF2. About the speaker: Ben Harsha is a Computer Science Ph.D. student advised by Jeremiah Blocki. He currently works on password security and cryptographic hash functions. Before coming to Purdue in 2015 he also worked on distributed sensor networks at Argonne National Lab, as well as neural network optimization and computer science education methods at DePauw University. He has received a Masters from Purdue and a Bachelors from DePauw University.

Nat Shere, Penetration Testing: What? Why? How?

Wed, 6 Dec 2017 16:30:00 EST

Penetration testing, or "Ethical Hacking", is the practice of testing systems, environments, and even employees in the manner of a real-world hacker. As news of security breaches and wide-spread hacks increase, companies are increasingly pursuing penetration testing services. This talk will discuss what penetration testing is and different approaches that vendors bring to it, why penetration testing is so important to a security program, and how penetration tests are implemented to simulate real-world attacks. About the speaker: Nathaniel (Nat) Shere has a Master's of Science in Information Security from Columbia University. He has been working at Rook Security for three years as a Senior Information Security Consultant and specializes in web application penetration testing, network penetration testing, and social engineering assessments. In addition, Nat writes for Rook Security's blog and develops internal, automation tools.

Kirsten Bay, Securing the Future of Business: Broadening the Role of Security Technology

Wed, 29 Nov 2017 16:30:00 EST

Security technology has long been relegated as part of the IT stack, but the consistent stream of attacks on our government, corporations, and individuals alike have shown that the relationship between security technology and the business needs to be reconsidered. As we look at events such as manipulating news on Facebook, Equifax, WannaCry, NotPeta, and Uber, how do we engage a wider audience to be part of the conversation of understanding the challenges and solutions? What are the mechanisms that will stop companies from hiding the security gaps and events from investors, employees, and customers? This discussion will use current use cases intended to stimulate a dialogue on how we, as current and future leaders in cyber security, can better understand the broader risks and opportunities so that we can educate and inform on how to get ahead of the adversary. About the speaker: Kirsten Bay is redefining what it means to be a fearless leader in the technology industry. She is an accomplished, bilingual executive, transforming the cyber security space. As President and CEO of Cyber adAPT, she leverages more than 25 years of experience, leading her team with risk intelligence, information management, and policy expertise across a variety of sectors.Throughout her career, Kirsten has been appointed to a congressional committee developing cyber policies, initiatives and recommendations for the intelligence community. She has developed recommendations in partnership with the Center for North American Studies (CNAS) and Center for Strategic and International Studies (CSIS) for The White House energy policy, and collaborated on information studies for MIT-Harvard and several federal agencies. She has gone before a parliamentary subcommittee on recreating trust in the global economy, presented national security and critical infrastructure concepts at conferences such as Black Hat, Secured Americas, Enterprise Architecture Institute, SC World Congress, and the Eurim Information Management Committee. She has also spoken on applied economics and its relationship to both cyber and national security around the world.Kirsten is a self-proclaimed ‘serial student'. Her current membership of the Alliance of Chief Executives feeds her perpetual drive to learn and share insight with peers; an inspirational trait she models for her Cyber adAPT team.In previous executive roles for ISC8, Attensity Group, and iSIGHT Partners, she has led companies through corporate restructuring, risk and corporate intelligence product launches, and company turnarounds, respectively.With a BA in English and German from the University of Oregon, let's just say she will correct your grammar in multiple languages.

Abhishek Ray, Ad-Blockers: Extortionists or Digital Age Robin Hoods?

Wed, 15 Nov 2017 16:30:00 EST

Intrusive online advertising has given birth to the trend of ad-blockers. Initially dismissed by the online advertising industry as inconsequential, ad-blockers have evolved from a mere plugin tool on browsers to full-fledged platforms that derive benefits from certifying quality of advertisers and reducing disutility of users from intrusive activities such as user tracking. However, are ad-blocking platforms the optimal solution to improving user experience online? There is no clear answer. User experience advocates term this as yet another way to target users online. Industry advocates accuse ad-blockers of using an extortion-based business model, built on fleecing advertisers. Through our game theoretic model, we inform policy-makers on this problem and establish the optimal pricing policy for such ad-blocking platforms. In addition, we theorize the socially optimal pricing policies of advertising supported content platforms and establish how such platforms should price participation from users, given the obvious disutility of advertising they are exposed to. About the speaker: Abhishek Ray is a 4th year PhD candidate in Management Information Systems at Krannert School of Management, Purdue University. His research interests lie at the intersection of Economics, Digital Business & Engineering. He holds an MS in Economics and MS in Industrial Engineering from Purdue University.

Nikita Borisov, Refraction Networking: Censorship Circumvention in the Core of the Internet

Wed, 8 Nov 2017 16:30:00 EST

Internet users around the world are facing censorship. To access blocked websites, they use circumvention services that most commonly consist VPN-like proxies. The censors, in turn, try to block such proxies, creating a sort of cat-and-mouse game. Refraction networking takes a different approach by placing refracting routers inside ISP networks. By spending a special signal, a user can ask a router to refract *any* connection that transits the ISP to another, blocked destination, in a process that is undetectable by the censor. To prevent such connections, the censor would need to block all traffic from reaching that ISP, which considerably raises the cost of censorship.I will discuss the design of refraction networking and how it achieves the properties above. I will also discuss the results of our a pilot deployment of refraction networking two ISPs handling an aggregate of nearly 100 Mbps traffic, which provided censorship circumvention to 50,000 users in a country with heavy Internet censorship. I will close by discussing some future research issues in the space. About the speaker: Nikita Borisov is an associate professor at the University of Illinois atUrbana-Champaign. His research is interests are online privacy and networksecurity, with recent work on anonymous communication, censorship resistance,analysis of encrypted traffic, and protocols for secure communication. He isthe co-designer of the Off-the-Record (OTR) instant messaging protocol and wasresponsible for the first public analysis of 802.11 security. He has been thechair of the Privacy Enhancing Technologies Symposium and the ACM Workshop onPrivacy in Electronic Society. He is also the recipient of the NSF CAREERaward. Prof. Borisov received his Ph.D. from the University of California,Berkeley in 2005 and a B.Math from the University of Waterloo in 1998.

Mikhail J. Atallah, Opportunities and Perils of the Cyber Revolution

Wed, 1 Nov 2017 16:30:00 EDT

Rebroadcast from the original Oct. 30 talk.WEST LAFAYETTE, Ind. — Mikhail Atallah, distinguished professor of computer science and a professor of electrical and computer engineering (courtesy), has been chosen as the 2017 Arden L. Bement Jr. Award recipient. One of Purdue University's top three research honors, the Bement Award is the most prestigious award the university bestows in pure and applied science and engineering.Atallah is being honored for his significant contributions in the design and implementation of efficient processing and security protections for computer-based technologies."Dr. Atallah's world-renowned work in algorithms, access hierarchies and information security combines deep theoretical approaches with solutions-based efficient designs to address the most challenging computer processing and security issues," said Suresh Garimella, Purdue's executive vice president for research and partnerships and the Goodson Distinguished Professor of Mechanical Engineering, in announcing the winner. "His highly creative and innovative ideas and fresh viewpoints have had a major impact on the fields of distributed computing and cyber security."Atallah will deliver the Arden L. Bement Jr. Distinguished Lecture on Oct. 30 in Stewart Center's Fowler Hall. The 1:30 p.m. lecture is free and open to the public.Among his accomplishments, Atallah settled longstanding open problems in data structuring for range-minimum queries and in data filtering with running-max filters. He designed an influential and award-winning technique for key management in access hierarchies and developed a divide-and-conquer technique to parallelize sequential algorithms, resulting in numerous optimal algorithms for solving complex geometric and combinatorial problems.Atallah co-founded Arxan Technologies Inc., to commercialize a software protection technology developed jointly with his doctoral student Hoi Chang. Used in more than 500 million computing devices today, the technology consists of injecting self-protective mechanisms in software that make it harder to hack. Atallah came to Purdue as an assistant professor of computer science in 1982 after earning a doctorate at Johns Hopkins University. He was named a full professor in 1989 and has been a distinguished professor since 2004. He is affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS) and has a courtesy appointment in the School of Electrical and Computer Engineering.He is a fellow of both the Association for Computing Machinery and IEEE (Institute of Electrical and Electronics Engineers). His work on key management received the 2015 CCS Test of Time Award. He was the 2016 recipient of the Purdue Sigma Xi Faculty Research Award, and the 2013 recipient of the Purdue Outstanding Commercialization Award. He has lectured frequently around the nation and the world as a keynote and invited speaker and has served on editorial boards of top journals and on program committees of top conferences and workshops.The Arden L. Bement Jr. Award was established in 2015 by Purdue professor emeritus Arden Bement and his wife, Mrs. Louise Bement. The Bement Award recognizes Purdue faculty for outstanding and widely recognized contributions in the areas of pure and applied science and engineering.Winners of the Bement Award are nominated by colleagues, recommended by a faculty committee and named by the university president. Recipients receive a cash award and a small support grant for their university scholarly activities.

Jerome Edge, Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management

Wed, 25 Oct 2017 16:30:00 EDT

The Department of Defense has mandated a risk management rather than risk avoidance approach in Cybersecurity. All Department of Defense programs are being directed to the Risk Management Framework (RMF) process. No Cyber system can be 100% secure. RMF mandates that we clearly determine the "value" of assets, such as information and intellectual property, and design systems to properly protect those assets. The commercial domain embraces the mantra that an organization should not spend more to protect the asset than the asset is worth. This presentation will provide an overview of RMF as applied to a specific publically available case study and highlight that utilizing commercial best practices can reduce cost of delivered systems to DoD. About the speaker: Jerome Edge is a System Security Engineer who works for Lockheed Martin Corporation to provide secure solutions to DoD Information Systems. Jerome has worked at Lockheed Martin Aeronautics Company for 20 plus years with over 10 years in a Security Engineering role on a multitude of aeronautical aircraft.Jerome is a Certified Information System Security Professional (CISSP) and Security + and looking forward to obtaining a certification in Certified Ethical Hacker (CEH).Jerome holds a Bachelor of Science degree in Electrical Engineering from University of Tennessee (1997) and a Master of Science degree in Security Engineering from Southern Methodist University (2010).

Tianhao Wang, Locally Differential Private Protocols for Frequency Estimation

Wed, 18 Oct 2017 16:30:00 EDT

Protocols satisfying Local Differential Privacy (LDP) enable parties to collect aggregate information about a population while protecting each user's privacy, without relying on a trusted third party. LDP protocols (such as Google's RAPPOR) have been deployed in real-world scenarios. In these protocols, a user encodes his private information and perturbs the encoded value locally before sending it to an aggregator, who combines values that users contribute to infer statistics about the population. In this paper, we introduce a framework that generalizes several LDP protocols proposed in the literature. Our framework yields a simple and fast aggregation algorithm, whose accuracy can be precisely analyzed. Our in-depth analysis enables us to choose optimal parameters, resulting in two new protocols (i.e., Optimized Unary Encoding and Optimized Local Hashing) that provide better utility than protocols previously proposed. We present precise conditions for when each proposed protocol should be used, and perform experiments that demonstrate the advantage of our proposed protocols. About the speaker: Tiahhao Wang is a Ph.D. candidate at Purdue University working with Professor Ninghui Li. His research focuses on the practical aspects of privacy and security. Tiahhao's research has been published at top tier security venues such as USENIX and CCS, and his Erdos number is 3. His current research projects include local differential privacy and electronic voting.

Jeremiah Blocki, Memory Hard Functions and Password Hashing

Wed, 11 Oct 2017 16:30:00 EDT

In the last few years breaches at organizations like Yahoo!, Dropbox, Lastpass, AshleyMadison and Adult FriendFinder have exposed billions of user passwords to offline brute-force attacks. Password hashing algorithms are a critical last line of defense against an offline attacker who has stolen password hash values from an authentication server. An attacker who has stolen a user's password hash value can attempt to crack each user's password offline by comparing the hashes of likely password guesses with the stolen hash value. Because the attacker can check each guess offline it is no longer possible to lockout the adversary after several incorrect guesses. The attacker is limited only by the cost of computing the hash function. Offline attacks are increasingly commonplace and dangerous due to weak password selection and improved cracking hardware such as a GPU, Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC). A secure password hashing algorithm should have the properties that (1) it can be computed quickly (e.g., at most one second) on a personal computer, (2) it is prohibitively expensive for an attacker to compute the function millions or billions of times to crack the user's password even if the attacker uses customized hardware. The first property ensures that the password hashing algorithm does not introduce an intolerably long delay for the user during authentication, and the second property ensures that an offline attacker will fail to crack most user passwords. Memory hard functions (MHFs), functions whose computation require a large amount of memory, are a promising cryptographic primitive to enable the design of a password hashing algorithm achieving both goals. The talk will introduce and motivate the notion of memory hard functions and survey recent advances in the theory of MHFs. These results include (1) an attack on the Argon2i MHF, winner of the password hashing competition, which could reduce an amortized costs for a password attacker, (2) security lower bound for SCRYPT MHF and (3) construction of the first provably secure data-independent memory hard function. About the speaker: Jeremiah Blocki is an Assistant Professor in Computer Science at Purdue University. Jeremiah completed his PhD on Usable Human Authentication at Carnegie Mellon University under the supervision of Manuel Blum and Anupam Datta. Prior to joining Purdue he also spent a time at Microsoft Research New England as a postdoc and as a research fellow at the Simon's Institute for the Theory of Computing. Professor Blocki has made fundamental contributions to the theory of memory hard functions --- an important cryptographic primitive which can be used to protect low entropy secrets such as passwords against brute force attacks. Broadly, his research interests include cryptography, usable authentication, passwords, differential privacy, game theory and learning theory. One of his more ambitious research goals is to develop cryptographic protocols that are so simple that a human could execute them without receiving assistance from a trusted computer.

Xiaonan Guo, Friend or Foe? Your Wearable Devices Reveal Your Personal PIN

Wed, 4 Oct 2017 16:30:00 EDT

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. In this talk, I will present a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. I will show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. About the speaker: Xiaonan Guo received his Ph.D. degree in computer science and engineering from the Hong Kong University of Science and Technology under the guidance of Prof. Lionel M. Ni in 2013. Prior to joining IUPUI as an Assistant Professor at CIT department, he was a research associate working with Prof.Yingying Chen in the Electrical and Computer Engineering Department at Stevens Institute of Technology. His research interests include Cyber security and privacy, Security in mobile devices, intrusion detection using Wi-Fi for smart homes, Mobile healthcare and large data analysis on mobile devices. He received the Best Paper Award from ACM Conference on Information, Computer and Communications Security (ASIACCS) 2016.

Tony Huffman, Vulnerability Scanning, how it works and why

Wed, 27 Sep 2017 16:30:00 EDT

A vulnerability comes out and you need to know if you are vulnerableso you open up your vulnerability scanner and scan your systems tounderstand what you need to patch but what is that scanner doing todetermine you are vulnerable. This talk will describe what thatvulnerability scanner is doing and how we at Tenable write local,remote, and malware checks. About the speaker: My name is Tony Huffman, I work at Tenable Network Security as a Sr.Reverse Engineer on the Threat Automation team. I have been working inthe the computer security for over 10 years doing research intomalware threat, exploit development, software development and more.

Vince D'Angelo, Counter UAS Challenges and Technology

Wed, 20 Sep 2017 16:30:00 EDT

Unmanned airborne systems (UAS) provide a wide range of capabilities in areas such as agriculture, environmental monitoring, disaster relief, delivery of goods, media & communications and surveillance. While these systems are producing numerous benefits today they also can be used in manners that enable a broad range of security concerns. This talk will introduce the some of the technical challenges concerning the use of UAS, and approaches for counter UAS (C-UAS). SRC's Silent Archer ™ system Counter-UAS System will also be introduced. About the speaker: Vincent D'Angelo is an electrical engineer and program manager at SRC, Inc. He has broad experience in systems engineering, digital hardware, software engineering and program management. He is currently the manager of the Science Technology Engineering Leadership Rotational (STELR) program at SRC, of which he also graduated from in 2014. Along with managing the STELR program, Mr. D'Angelo is the lead systems engineer on a counter-drone system being developed for the US Army. The system is able to detect, track, and counter small unmanned airborne threats. As lead systems engineer Mr. D'Angelo utilizes his broad knowledge of radar systems, electronic warfare systems, and radio systems. Mr. D'Angelo has both a bachelor's degree and a master's degrees in Electrical Engineering from the Rochester Institute of Technology (RIT).

Bob Cheripka, Advanced Testing Assessments in the Power & Utilities Industry

Wed, 13 Sep 2017 16:30:00 EDT

This first portion of the presentation will explore the emerging cyber threats facing the industrial control systems network environments with a focused look at the Power & Utility industry. It will then discuss the challenges faces advanced technical testing (i.e., Attack & Penetration Testing and Red Teaming) within this environment. The first section concludes with a discussion of current testing approaches and in the face of the above challenges, why testing remains an important capability in this space. The second portion of the presentation will present a proposed approach for performing Advanced Testing Services in this environment as well as discussing the legal and security implications of testing in this environment. About the speaker: Bob is a Senior Manager in Deloitte Advisory's Cyber Risk Services and has been with the firm for over six years, coming to us with over 13 years of experience in Computer Network Defense Operations and over 5 years of Intelligence Operations, while working for the United States Army. Bob's area of expertise is highly diversified and includes both technical and operational experience across the following areas:• Attack and Penetration Testing (Including Network, Application, Wireless, Social Engineering, Red Teaming, and Physical Security)• InformationSecurityandAssurancePlanning/Implementation• Security Maturity Assessments• Public Key Infrastructure Program Implementation• Cyber Watch Center Operations, Design, and Implementation• Log Management and Security Information Event Monitoring (SIEM) Implementation andManagement• Crisis Action Team Design, Planning, Implementation, and Execution• Cyber Threat Intelligence and Defense Program Development/Implementation.

Doug Smith, Secure Code Development

Wed, 6 Sep 2017 16:30:00 EDT

Current and recent events make it clear that cybersecurity requires defense in depth. Software development is both an early opportunity to begin the defense, and the source of many commonly exploited security vulnerabilities. Preventing coding errors and eliminating security flaws during development is an effective way to reduce security risks. This presentation promotes awareness among software practitioners of the how and why to do secure code development and software assurance, covering:· Software Assurance Definitions· Software Assurance Threat· Software Assurance Guidance and Regulations· Secure Coding Activities· Classic Vulnerability Examples About the speaker: Doug Smith is a Technical Fellow and Manager of Engineering for Northrop Grumman Technology Services, providing engineering support to projects and leading the Systems and Modernization Services Division's engineering staff development programs as well as Agile and DevOps engineering improvement initiatives. Previously, Doug served as a software engineer, systems engineering manager, and program manager. He has more than 25 years of experience in software development. Doug received a Master of Science in Computer Science from the Naval Postgraduate School and was graduated Magna Cum Laude from Duke University with a Bachelor of Science in Computer Science. He is a veteran of the Marine Corps, a Lean Six Sigma Black Belt, co-author of the John Wiley book, "Practical Support for Lean Six Sigma Software Process Definition", and Subject Matter Expert for the IEEE Computer Society's "Certified Software Development Associate" (CSDA) Learning System.

Chris Roberts, The Stark Reality of Red vs. Blue and Why it's Not Working

Wed, 30 Aug 2017 16:30:00 EDT

We have spent so much time focusing on Red and the images of security ninjas leaping off tall walls with laptops and grappling tools that the role of "blue" has been left in the dark…it's underrated, nobody wants to do the job and typically it's under appreciated and the unloved discipline…it's time to change that. The focus on red has done nothing to help the industry protect our charges, we are still failing to protect those around us and we're still watching helplessly while companies lose all the data we're meant to protect…so time to change the focus. This talk will go through what's happening in the industry to force this line of thinking, what WE need to do as an industry and where we have to take the concepts of communication and collaboration…We'll look at several scenario's and technologies that are helping reshape security and generally throw the crystal ball out to the future and help everyone understand that change needs to happen... About the speaker: Role: Chief Security Architect, Where: Acalvio TechnologiesTwitter: Sidragon1LinkedIn: Sidragon1Roberts is considered one of the world's foremost experts on counter threat intelligence within the Information security industry. At Acalvio, Roberts helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. With increasingly sophisticated attack vectors, Roberts' unique methods of addressing the evolving threat matrix and experience with a variety of environments - Enterprise, Industrial, and IoT, make Roberts and his team an indispensable partner to organizations that demand robust, reliable, resilient and cost-effective protection.Roberts is credentialed in many of the top IT and INFOSEC disciplines and as a cyber-security advocate and passionate industry voice, Roberts has been featured in several documentaries and is regularly quoted in national newspapers, television news and industry publications. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever's taken his fancy…

Shiqing Ma, MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning

Wed, 23 Aug 2017 16:30:00 EDT

Operating system level auditing is one of the most important forensics techniques. With operating system level audit systems, e.g., the Linux audit system, investigators can generate attack causal graphs by analyzing the causal relationships between the logged events. However, traditional techniques usually generate large and inaccrute causal graphs. This is because applications are not aware of the existence of the OS level audit systems, and can not provide its own context information. To solve this problem, we propose MPI (short for Multiple Perspective attack Investigation), a semantics aware program annotation and instrumentation technique to partition process executions based on the application specific high level task structures. It converts current applications to be provenance-aware, generates execution partitions with rich semantic information and provides multiple perspectives of an attack. We develop a prototype and integrate it with three different provenance systems: the Linux Audit system, ProTracer and the LPM-HiFi system. The evaluation results show that our technique generates simple and accurate attack graphs with rich high-level semantics and has much lower space and time overheads. About the speaker: Shiqing Ma is a Ph.D. student from the Department of Computer Science at Purdue University, advised by Dr. Xiangyu Zhang and Dr. Dongyan Xu. His research focuses on system and software security especially data provenance problems. His past works include building low-overhead, cost-effective operating system level provenance systems, and automatically translating normal programs into provenance-aware programs to help assist accurate provenance analysis. He is a recipient of two Distinguished Paper Awards from NDSS 2016 and USENIX Security 2017.

Adam Bates, Enabling Trust and Efficiency in Provenance-Aware Systems

Wed, 26 Apr 2017 16:30:00 EDT

In a provenance-aware system, mechanisms gather and report metadata that describes the history of each object being processed on the system, allowing users to understand how data objects came to exist in their present state. However, little attention has been given to securing provenance-aware systems. Provenance itself is a ripe attack vector, and its authenticity and integrity must be guaranteed before it can be put to use. In this talk, I will detail our efforts to bring trustworthy data provenance to computing systems. These efforts have led to the design and implementation of a provenance-aware operating system anchored in trusted hardware, and a mechanism that leverages the confinement properties provided by Mandatory Access Controls to perform efficient policy-based provenance collection. Using these architectures, I will demonstrate that provenance is an invaluable tool for combating critical security threats including data exfiltration, SQL injection, and even binary exploitation. By addressing key security and performance challenges, this work paves the way for the further proliferation of provenance capabilities. About the speaker: Adam Bates is an Assistant Professor in the Computer Science Department at the University of Illinois at Urbana-Champaign. He received his PhD from the University of Florida, where he was advised by Professor Kevin Butler in the study of computer systems and cyber security. Adam has conducted research on a variety of security topics, including SSL/TLS, cloud computing, USB attack vectors, financial services, and telephony infrastructure. He is best known for his work in the area of data provenance, particularly the construction of secure provenance-aware systems.

Ron Ross, Pushing Computers to the Edge: Next Generation Security and Privacy Controls for Systems and IoT Devices

Wed, 19 Apr 2017 16:30:00 EDT

As we push computers to "the edge" building an increasingly complex world of interconnected systems and devices, security and privacy continue to dominate the national conversation. The Defense Science Board in its 2017 report, Task Force on Cyber Defense, provides a sobering assessment of the current vulnerabilities in the U.S. critical infrastructure and the systems that support the mission essential operations and assets in the public and private sectors."…The Task Force notes that the cyber threat to U.S. critical infrastructure is outpacing efforts to reduce pervasive vulnerabilities, so that for the next decade at least the United States must lean significantly on deterrence to address the cyber threat posed by the most capable U.S. adversaries. It is clear that a more proactive and systematic approach to U.S. cyber deterrence is urgently needed…"There is an urgent need to further strengthen the underlying systems, component products, and services that we depend on in every sector of the critical infrastructure—ensuring those systems, components, and services are sufficiently trustworthy and provide the necessary resilience to support the economic and national security interests of the United States. NIST Special Publication 800-53 (Revision 5) responds to the call by the Defense Science Board by embarking on a proactive and systemic approach to develop and make available to a broad base of public and private sector organizations, a comprehensive set of safeguarding measures for all types of systems, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and IoT devices. Those safeguarding measures include security and privacy controls to protect the critical and essential operations and assets of organizations and the personal privacy of individuals. The ultimate objective is to make the systems we depend on more penetration resistant to attacks; limit the damage from attacks when they occur; and make the systems resilient and survivable. About the speaker: Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800-37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.

Limin Jia, Information Flow Security in Practical Systems

Wed, 12 Apr 2017 16:30:00 EDT

Users routinely type sensitive data such as passwords, credit card numbers, and even SSN into their mobile phone apps and browsers. Rich functionality combined with weak security mechanisms makes protecting users' data a challenging. In this talk, I will present a few case studies of applying information flow security to protecting users' data in Android, the Chromium browser, and the IFTTT framework. For these systems, we show that dynamic coarse-grained taint tracking, even though it allows implicit flows, can be retrofitted into existing systems to defend users' data from common attacks. I will explain the challenges in striking a balance between preserving key functionality of legacy systems and ensuring formally provable security guarantees and discuss how different modeling techniques affect noninterference proofs. About the speaker: Dr. Jia is an Assistant Research Professor in the ECE Department at Carnegie Mellon University. Dr. Jia received her PhD in Computer Science from Princeton University. She received her BE in Computer Science and Engineering from the University of Science and Technology in China. Dr. Jia's research interests are in formal aspects of software security, in particular, applying formal approaches to constructing software systems with known security guarantees.

Scott Carr, DataShield: Configurable Data Confidentiality and Integrity

Wed, 29 Mar 2017 16:30:00 EDT

Applications written in C/C++ are prone to memory corruption, which allows attackers to extract secrets or gain control of the system. With the rise of strong control-flow hijacking defenses, non-control data attacks have become the dominant threat. As vulnerabilities like HeartBleed have shown, such attacks are equally devastating.Data Confidentiality and Integrity (DCI) is a low-overhead non-control-data protection mechanism for systems software. DCI augments the C/C++ programming languages with annotations, allowing the programmer to protect selected data types. The DCI compiler and runtime system prevent illegal reads (confidentiality) and writes (integrity) to instances of these types. The programmer selects types that contain security critical information such as passwords, cryptographic keys, or identification tokens. Protecting only this critical data greatly reduces performance overhead relative to complete memory safety.Our prototype implementation of DCI, DataShield, shows the applicability and efficiency of our approach. For SPEC CPU2006, the performance overhead is at most 16.34%. For our case studies, we instrumented mbedTLS, astar, and libquantum to show that our annotation approach is prac- tical. The overhead of our SSL/TLS server is 35.7% with critical data structures protected at all times. Our security evaluation shows DataShield mitigates a recently discovered vulnerability in mbedTLS. About the speaker: Scott A. Carr is a PhD Candidate in Computer Science at Purdue University, where he works with his advisor Mathias Payer in the HexHive research group. His research interests are security, programming languages, and program analysis. Scott's thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques. His work has appeared (or will soon appear) in ACM AsiaCCS, NDSS, IEEE TSE, and ACM CSUR.

Tawei (David) Wang, CIO Risk Appetite and Information Security Management

Wed, 22 Mar 2017 16:30:00 EDT

After a series of recent high profile information security breach incidents, the role of Chief Information Officers, particularly their role in information security risk management, has been in a heated debate among practitioners. However, little is known in academic literature about how a CIOs' risk aversion level affects the effectiveness of information security management. Using reported information security breach incidents during 2003-2015, this study examines how a CIO's risk aversion level is associated to the possibility of information security incidents. In addition, we investigate the moderating effect of CEOs' risk aversion level and whether the CIO is on the board on the aforementioned effect. Our preliminary results show that a CIO's risk aversion level is significantly associated with a lower likelihood of information security breaches. We further document that such association varies depending on types of security breaches. About the speaker: Tawei (David) Wang is currently an Assistant Professor at DePaul University. He received his Ph.D. from Krannert Graduate School of Management, Purdue University. Before joining DePaul University, he was a faculty member at the University of Hawaii at Manoa and National Taiwan University. His research interests are IT management and information security management. His papers have appeared in several leading journals, including Information Systems Research, Decision Support Systems, European Journal of Information Systems, Information and Management, Information Systems Journal, Journal of Accounting and Public Policy, Journal of Banking and Finance, Journal of Information Systems, Journal of Organizational Computing and Electronic Commerce, among others.

Stephen Reynolds, The Rise of Cyber-Crime: A Legal Perspective

Wed, 8 Mar 2017 16:30:00 EST

Whether it is a spear phishing attack, social engineering, or malware specifically tailored to obtain online banking credentials, hundreds of thousands of dollars are at risk to fund transfer fraud and other cyber-crime. Beyond the financial consequences of these cyber-attacks, entities face an increasingly complex array of legal obligations and issues in the aftermath of one of these events. This presentation will give an overview of trends in cyber-crime, legal issues that may arise from these events, how responses to the events affect potential liability, and how the law allocates responsibility between parties involved. About the speaker: Stephen Reynolds is a partner in Ice Miller's Litigation and Intellectual Property Group, and co-chairs the firm's Data Security and Privacy Practice. A former computer programmer and IT analyst, Stephen concentrates his legal practice on commercial litigation and data security and privacy law. Stephen is a Certified Information Systems Security Professional (CISSP), and a Certified Information Privacy Professional (CIPP/U.S.).

Yonghwi Kwon, A2C: Self Destructing Exploit Executions via Input Perturbation

Wed, 22 Feb 2017 16:30:00 EST

Malicious payload injection attacks have been a serious threat to software for decades. Unfortunately, protection against these attacks remains challenging due to the ever increasing diversity and sophistication of payload injection and triggering mechanisms used by adversaries.In this talk, I will present A2C, a system that provides general protection against payload injection attacks. A2C is based on the observation that payloads are highly fragile and thus any mutation would likely break their functionalities. A2C mutates inputs from untrusted sources. Malicious payloads that reside in these inputs are hence mutated and broken. To assure that the program continues to function correctly when benign inputs are provided, A2C divides the state space into exploitable and post-exploitable sub-spaces, where the latter is much larger than the former, and decodes the mutated values only when they are transmitted from the former to the latter. A2C does not rely on any knowledge of malicious payloads or their injection and triggering mechanisms. Hence, its protection is general. We evaluate A2C with 30 real-world applications, including apache on a real-world work-load, and our results show that A2C effectively prevents a variety of payload injection attacks on these programs with reasonably low overhead. About the speaker: Yonghwi Kwon is a PhD student in the Department of Computer Science at Purdue University. His research interests include dynamic/static binary analysis, reverse-engineering, and system security. In particular, he is interested in solving security and debugging problems using dynamic binary analysis and translation techniques.

Ashish Hota, Behavioral and Computational Aspects of Network Security Games

Wed, 15 Feb 2017 16:30:00 EST

In this talk, we will leverage the framework of game theory to understand the effects of decentralized decision-making on the robustness and security of large-scale networked systems. In the first part of this talk, we will consider a setting where each node in the network is an independent decision maker who wants to protect itself, and the probability of attack on a node is a function of the security investment by the node and its immediate neighbors in the network. Accordingly, the security investment of a node depends on its position in the network and its perception of attack probability. We will investigate the impact of certain empirically established behavioral biases, that affect how users perceive probabilities of risky outcomes, on the security investment decisions of the nodes. We will further characterize the structures of networks that maximize and minimize the expected fraction of nodes that are successfully attacked at the Nash equilibrium of the game, respectively. In the second part of the talk, we will consider a setting where each decision maker is responsible for defending multiple nodes in the network, and strategic attacker(s) launch multi-stage attacks that spread through the network. We will show that the problem of computing the best response for a defender can be formulated as a convex optimization problem. We will then illustrate the application of this framework in problems that arise in networked cyber-physical systems. About the speaker: Ashish R. Hota is currently a Ph.D. candidate in the School of Electrical and Computer Engineering at Purdue University. He received B.Tech and M.Tech degrees in Electrical Engineering from Indian Institute of Technology (IIT) Kharagpur in 2012. His research interests are in the areas of game theory, network economics, behavioral decision theory, security of networked systems and queueing games.

Neil Cassidy, Cyber Security in Large Complex Corporations

Wed, 8 Feb 2017 16:30:00 EST

Large corporations evolve over time. The technology they produce, the services they provide, the working practices and the IT that supports are changing at an ever increasing rate. From its formation in 1906, Rolls-Royce has been synonymous will high quality engineering and currently develops power systems to propel commercial airliners to Luxury Yachts. The company strives to maintain its market leading position through considerable investment in R&D and the Intellectual Property and engineering ‘know-how' developed needs to be kept secure in Cyber Space. About the speaker: In Rolls-Royce, Neil is responsible globally for IT and Information Security. He Joined Rolls-Royce in 2015 from CERT-UK, the national Computer Emergency Response Team in the UK, where he was Deputy Director Operations. In his role at CERT-UK Neil was responsible for Cyber Incident Handling across the UK Critical National Infrastructure as well as being responsible for Situational Awareness and being the sponsor for the UK's flagship Cyber security Information Sharing Partnership (CiSP) – a Government Industry collaboration to share cyber threat intelligence. Prior to CERT-UK Neil worked for QinetiQ where he ran their Security Operations Centre and was the Operations Director for their security division. In his early career Neil was a defence operational analyst before moving into business management and running change programs.Educated at the University of Nottingham he is married with two sons.

Vincent Urias, Network Deception as a Threat Intelligence Platform

Wed, 1 Feb 2017 16:30:00 EST

The threat landscape is changing significantly; complexity and rate of attacks is ever increasing, and the network defender does not have enough resources (people, technology, intelligence, and context) to make informed decisions. The need for network defenders to develop and create proactive threat intelligence is on the rise. Network deception may provide analysts the ability to collect raw intelligence about threat actors as they reveal their Tools, Tactics, and Procedures (TTP). This increased understanding of the latest cyber-attacks would enable cyber defenders to better support and defend the network, thereby increasing the cost to the adversary by making it more difficult to successfully attack an enterprise. This talk will discuss our deception framework, we have created a live, unpredictable, and adaptable Deception Environment leveraging virtualization/cloud technology, software defined networking, introspection and analytics. The environment not only provides the means to identify and contain the threat, but also facilitates the ability to study, understand, and develop protections against sophisticated adversaries. By leveraging actionable data, in real-time or after a sustained engagement, the Deception Environment may be easily modified to interact with and change the perception of the adversary on-the-fly. This ability to change what and where the attacker is on the network, as well as change and modify the content of the adversary on exfiltration and infiltration, is the defining novelty of our Deception Environment. About the speaker: Vincent was raised by his grandparents, both originally from Guatemala who immigrated to the U.S. in the 1960's. As a family, they moved from Manhattan to Albuquerque, New Mexico when Vincent was six years old. Dedicated to their grandchild and his upbringing, they taught him to take responsibility for his own life, to give back to his community and to his country. A curious boy who broke things while taking them apart to see how they worked, he was also entrepreneurial starting a candy selling business in elementary school. He saved his money and bought things that his grandparents could not afford, like a soldering kit. Vincent grew up in neighborhood labeled the "War Zone" made up of hard working but largely impoverished immigrants with its share of violence and gang problems as well as remarkable diversity. Vincent stayed out of trouble becoming involved in extracurricular activities and one of those, the Upward Bound Program gave him the opportunity to spend a high school summer at the University of New Mexico taking classes in math, literature, science and electives. Vincent took advantage of many opportunities this program would offer. His entrepreneurial spirit got him taking community college classes while still in high school and in his sophomore year, he was accepted for an internship at Sandia National Laboratories in its computer support unit. With the support of mentors, he was soon one of the go-to techs fixing computers and getting networks running again. A CyberCorps Scholarship for Service allowed him to stay at Sandia after graduation. He continued to excel and taking associated undergraduate and graduate level internships while earning his bachelor's and master's degree in computer science from New Mexico Tech. Today, Vincent Urias is a computer engineer, and Principal Member of Technical Staff in Sandia's Cyber Analysis Research Development Department continuing to make major contributions to Sandia's cyber defense programs, especially in the simulation of complex networks, in developing innovative cyber security methods, and in designing exercise scenarios that test the limits of current network security. This work is helping Sandia's customers anticipate current and emerging security threats and make critical decisions about their investments. Vincent and his team use technologies to conduct cyber defense exercises in partnership with the U.S. Department of Defense, and to support national security in collaboration with colleagues at other U.S. Department of Energy national laboratories, Department of Defense national laboratories, and the U.S. military.Vincent gives back to the community in a variety of ways, providing guidance and inspiration to college interns in the lab's Center for Cyber Defenders, he supports building computer labs for local organizations and is also helping to create an Urban Wildlife Refuge in Albuquerque's South Valley among other things. Vincent is currently pursuing his Ph.D. in computer science, at New Mexico Tech. He was honored by GMiS with a HENAAC Luminary Award in October of 2016.

Jean Camp, Changing the Economics of the Network

Wed, 25 Jan 2017 16:30:00 EST

BGP enables as a network of networks, and is also a network of trust. The most clear instantiation of that trust is the updating of router tables based on unsubstantiated announcements. The positive result of this trust is that the network can be extremely responsive to failures, and recover quickly. Yet the very trust that enables resilience creates risks from behavior lacking either technical competence or benevolence. Threats to the control plane have included political interference, misguided network configurations, and other mischief. Our goal is to look at solutions that treat BGP as an economic political artifact that embeds trust, and change the game in BGP defense.One step is to classify route updates along a continuum of trust, exploring new algorithms that will give a measure of integrity assurance to BGP updates. We have explored the application of machine learning techniques with the variety of data available (technical, rates of change, economic, and geopolitical) as network topology is changed via BGP updates in order to generate probabilistic (not only cryptographic) trust indicators for those changes. With this understanding, we develop technologies that embed economic incentives that have immediate value to the adopting party and also have second order system-wide security properties. In this talk I begin with the definition of the problem as economic, describe empirical work in macro-economics of security, and close with the description of an example solution called Bongo.' About the speaker: Jean Camp is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard's Kennedy School where her courses were also listed in Harvard Law, Harvard Business, and the Engineering Systems Division of MIT. She spent the year after earning her doctorate from Carnegie Mellon as a Senior Member of the Technical Staff at Sandia National Laboratories. She began her career as an engineer at Catawba Nuclear Station and with a MSEE at University of North Carolina at Charlotte. Her research focuses on the intersection of human and technical trust, levering economic models and human-centered design to create safe, secure systems. She is the author of two monographs. In addition, she has authored more than one hundred fifty publications, including more than one hundred peer-reviewed publications.

Nick Sturgeon, Emerging Cyber Threats

Wed, 18 Jan 2017 16:30:00 EST

Cybersecurity threats are constantly evolving and becoming more sophisticated. This has been observed through advanced spear phishing campaigns, increase in ransomware families/variants and the use of IoT devices for DDOS attacks. As well, the tactics, techniques and procedures (TTPs) utilize by bad actors are evolving with the technology and seemingly staying one step ahead of security technologies. This presentation will look at some of the trends from the past year and look at the emerging cyber threats for 2017 and beyond. About the speaker: Nick Sturgeon is the Manager of the Indiana Information Sharing and Analysis Center (IN-ISAC) and the Security Operations Center (SOC). As the Manager of the IN-ISAC, Nick is responsible for overall strategic planning, budget planning, project oversite, and ensures all efforts are focused on achieving the IN-ISAC's mission. Nick also provides management and oversight of the IN-ISAC's Security Awareness and Training program, as well as direction on IN-ISAC/SOC policy and procedure development. As the SOC Manager, Nick is responsible for all day to day operations of the SOC. Additionally, Nick serves as the Deputy Director for Cyber for the Indiana Intelligence Fusion Center (IIFC). As the Deputy Director for Cyber, Nick is responsible for developing and distributing cyber threat information to multiple sectors. Nick is actively involved with the Information Sharing and Analysis Organization's Standards Organization's (ISAO-SO), were he serves as a co-lead for Working Group 4 and is a member of three other ISAO-SO Working Groups. Before joining the Indiana Office of Technology, Nick spent eight years with the Indiana State Police serving various roles. Nick held ranks of Trooper, Sergeant and First Sergeant. His last assignment was in the Criminal Justice Data Division and serving as the Assistant Commander of the Information Technology Section. Nick earned a B.S. in Management Information Systems from Indiana State University 2003, and a M.S. with a specialization in Cyber Forensics from Purdue University in 2015.

Aniket Kate, Differential Guarantees for Cryptographic Systems

Wed, 11 Jan 2017 16:30:00 EST

Differential privacy aims at learning information about the population as a whole, while protecting the privacy of each individual. With its quantifiable privacy and utility guarantees, differential privacy is becoming standard in the field of privacy-preserving data analysis. On the other hand, most cryptographic systems for their privacy properties rely on a stronger notion of indistinguishability, where an adversary should not be able to (non-negligibly) distinguish between two scenarios. Nevertheless, there exists some cryptographic system scenarios for which the notion of indistinguishability is known to be impossible to achieve. It is natural to ask if one can define differential privacy-motivated privacy notions to accurately quantify the privacy loss in those scenarios. In this talk, we will study two such scenarios.Our first scenario will consider (non-)uniform randomness employed in cryptographic primitives. It is well-known that indistinguishability-based definitions of cryptographic primitives are impossible to realize in systems where parties only have access to non-extractable sources of randomness. I will demonstrate that it is, nevertheless, possible to quantify this secrecy (or privacy) loss due to some non-extractable sources (such as the Santha-Vazirani sources) using a generalization of indistinguishability inspired by differential privacy.Our second scenario will capture privacy properties of anonymous communication networks (e.g., Tor). In particular, I will present our AnoA framework that relies on a novel relaxation of differential privacy to enables a unified quantitative analysis of properties such as sender anonymity, sender unlinkability, and relationship anonymity. About the speaker: Prof. Aniket Kate is an assistant Professor in the the computer science department at Purdue university. Before joining Purdue in 2015, Prof. Kate was a junior faculty member and an independent research group leader at Saarland University in Germany, where he was heading the Cryptographic Systems Research Group. He was a postdoctoral researcher at Max Planck Institute for Software Systems (MPI-SWS), Germany for 2010 until 2012, and he received his PhD from the University of Waterloo, Canada in 2010.Prof. Kate designs, implements, and analyzes transparency and privacy enhancing technologies. His research integrates applied cryptography and distributed systems.

Yinqian Zhang, When Side Channel Meets Row Hammer: Cache-Memory Attacks in Clouds and Mobile Devices

Wed, 7 Dec 2016 16:30:00 EST

Processor caches and memory chips are hardware components used by all software programs on a computer system. They are designed, and thereafter fine-tuned over the years, for better performance and power efficiency, but not for strong isolation between mutually distrustful software programs. However, modern computing paradigm has been shifting towards resource sharing without full trust: In multi-tenant public clouds, virtual machines controlled by different customers are scheduled to run on the same cloud servers; in mobile devices, untrusted third-party apps, though isolated using sandboxes, share the same devices with sensitive apps. Our research question is whether sharing of memory resources will introduce new security threats to these systems.In this talk, we highlight a type of security threats that we call cache-memory attacks. These attacks are possible due to insufficient isolation in hardware memory resources (e.g., various levels of caches, memory controllers, buses and chips, etc.) that are shared between malevolent and sensitive software programs. We coin cache-memory attacks as the umbrella terms of side-channel attacks (i.e., confidentiality attacks), row-hammer attacks (i.e., integrity attacks) and resource contention attacks (i.e., availability attacks). We will discuss the root vulnerabilities of these attacks and their exploitation in the context of clouds and mobile devices. We will also cover some defense techniques against these attacks that we have developed over the past few years. About the speaker: Dr. Yinqian Zhang is an assistant professor of the Department of Computer Science and Engineering at The Ohio State University. His research topics range over various fields in security, including cloud and mobile security, hardware-assisted security, user authentication and anonymous communication. He is known for his work in side-channel attacks and defenses in multi-tenant cloud computing.

Abhilasha Bhargav-Spantzel, Digital Identity Protection

Wed, 30 Nov 2016 16:30:00 EST

Corey Holzer, The Application of Natural Language Processing to Open Source Intelligence for Ontology Development in the Advanced Persistent Threat Domain

Wed, 16 Nov 2016 16:30:00 EST

Over the past decade, the Advanced Persistent Threat (APT) has risen to forefront of cybersecurity threats. APTs are a major contributor to the billions of dollars lost by corporations around the world annually. The threat is significant enough that the Navy Cyber Power 2020 plan identified them as a "must mitigate" threat in order to ensure the security of its warfighting network.This presentation and its related research applies the science of Natural Language Processing Open Source Intelligence in order to build an open source Ontology in the APT domain. About the speaker: COREY HOLZER is currently a PhD Candidate of Computer and Information Technology at Purdue University. He earned a B.A. degree in Government and Politics from St. John's University, NY; a M.A. degree in Government and Politics from St. John's University, NY; a M.S. in Networking Communications Management from Keller Graduate School of Management, IL; and a M.B.A. from Keller Graduate School of Management, IL. He currently serves as a Captain in the United States Army and has worked in the Information Technology field for over 24 years. His research interests include Information Security, Cyber Security, Forensics, Risk Analysis, Cyber Resiliency, and Information Assurance Ethics.

Sanjai Narain, A Science of Cyber Infrastructure Configuration

Wed, 9 Nov 2016 16:30:00 EST

Configuration is the glue for logically integrating cyber infrastructure components to satisfy end-to-end requirements on security and functionality. Every component has a finite number of configuration variables that are set to definite values. It is well-documented that configuration errors are responsible for 50%-80% of infrastructure vulnerabilities and downtime and it can take months to set up and adapt infrastructure. This is because the large conceptual gap between requirement and configuration is manually bridged. This talk presents a Science of Configuration to automatically bridge this gap. The Science is embodied in the Distributed Assured and Dynamic Configuration (DADC) suite of tools for requirement specification, configuration synthesis, repair, vendor-specific adaptation, visualization, emulation, verification, distributed configuration, in-band configuration, reconfiguration planning and moving-target defense. DADC leverages modern SMT solvers that can solve a million constraints in a million variables in seconds, and group communication protocols that provide total-ordering message delivery guarantees. We will sketch a new application of DADC to cloud configuration. About the speaker: Dr. Sanjai Narain is a Fellow and Chief Scientist in the Systems and Cyber Security Department at Vencore Labs. Currently, he leads a Science of Configuration project to increase the efficiency and accuracy of building cyber infrastructure by several orders of magnitude. His industrial expertise is in networking and security, and formal training in mathematical logic, programming languages, and electrical engineering. He studied logic with Professor Alonzo Church at UCLA and Professor J.A. Robinson at Syracuse.

Victor Raskin, New Research and Resources in NL IAS at Purdue

Wed, 26 Oct 2016 16:30:00 EDT

The paper will briefly review the achievements of natural language information assurance and security, a Purdue-native innovative stand of research and applications, from NL watermarking and tamperproofing to deception detection, anonymization and now to implicit meaning, conceptual defaults, computational humor, and robotic intelligence and security. I will also briefly show a new acquisition and processing resource at https://engineering.purdue.edu/~ost/. About the speaker: Victor Raskin, CERIAS' Associate Director, is Distinguished Professor of English and Linguistics at Purdue, with courtesy appointments at Computer Science and Computer and Information Technology.

Jeremiah Blocki, Usable and Secure Human Authentication

Wed, 19 Oct 2016 16:30:00 EDT

A typical computer user today manages passwords for many different online accounts. Users struggle with this task ---often forgetting their passwords or adopting insecure practices, such as using the same passwords for multiple accounts and selecting weak passwords. Before we can design good password management schemes it is necessary to address a fundamental question: How can we quantify the usability or security of a password management scheme? In this talk we will introduce quantitative usability and security models. Notably, our user model, which is based on research on human memory about spaced rehearsal, allows us to analyze the usability of a large family of password management schemes while experimentally validating only the common user model underlying all of them. We argue that these quantitative models can guide the development of usable and secure password management schemes. In support of our argument we present Shared Cues, a simple password management scheme in which the user can generate many strong passwords after memorizing a few randomly generated stories. Our password management schemes are precisely specified and publishable: the security proofs hold even if the adversary knows the scheme and has extensive background knowledge about the user (hobbies, birthdate, etc.).This talk is based on joint work with Manuel Blum and Anupam Datta References:http://arxiv.org/abs/1302.5122http://arxiv.org/pdf/1410.1490v1.pdf About the speaker: At a high level Professor Blocki describes himself as "a theoretical computer scientist who is interested in applying fundamental ideas from computer science to address practical problems in usable privacy and security." He is especially interested in developing usable authentication protocols for humans. Are there easy ways for humans to create and remember multiple strong passwords? Can we design secure cryptographic protocols that are so simple that can be run by a human? Jeremiah has also developed algorithms for conducting privacy preserving data analysis in several different application settings including social networks and password data. Prior to joining Purdue Jeremiah completed his PhD on Usable Human Authentication at Carnegie Mellon University under the supervision of his advisors Manuel Blum and Anupam Datta. He also spent a year at Microsoft Research New England as a postdoc.

Terry Ching-Hsiang Hsu, Enforcing Least Privilege Memory Views for Multithreaded Applications

Wed, 12 Oct 2016 16:30:00 EDT

Failing to properly isolate components in the same address space has resulted in a substantial amount of vulnerabilities. Enforcing the least privilege principle for memory accesses can selectively isolate software components to restrict attack surface and prevent unintended cross-component memory corruption. However, the boundaries and interactions between software components are hard to reason about and existing approaches have failed to stop attackers from exploiting vulnerabilities caused by poor isolation. We present the secure memory views (SMV) model: a practical and efficient model for secure and selective memory isolation in monolithic multithreaded applications. SMV is a third generation privilege separation technique that offers explicit access control of memory and allows concurrent threads within the same process to partially share or fully isolate their memory space in a controlled and parallel manner following application requirements. An evaluation of our prototype in the Linux kernel (TCB < 1,800 LOC) shows negligible runtime performance overhead in real-world applications including Cherokee web server (< 0.69%), Apache httpd web server (< 0.93%), and Mozilla Firefox web browser (< 1.89%) with at most 12 LOC changes. About the speaker: Terry Hsu is a PhD candidate at Purdue University studying memory systems and system security. His research is concerned with the development of operating systems. Particular topics of interest include memory model, memory safety, memory isolation, and operating system security

Tony Sager, Growing Up In Cyber, But Is Cyber Growing Up?

Wed, 5 Oct 2016 16:30:00 EDT

Communications Security, Computer Security, Information Security, Information Assurance, Information Operations, Cyber Security: through a 35-year career at the National Security Agency, and now with the non-profit Center for Internet Security, Tony has been a participant, observer, and shaper of the world we now call Cyber Security. Since he?s never had another job (or some might say, never had a real job), through the lens of his career he will share his observations about the evolution of Cyber Security from a de facto government monopoly focused on national security and technology, to an issue that touches every one of us, in every aspect of our lives. Beyond the bumper stickers and rah-rah of Public-Private-Partnership, he?ll also describe the new models of cooperation between government and industry that we need for success. About the speaker: Tony Sager is a Senior VP and Chief Evangelist for the Center for Internet Security. He leads the development of the CIS Critical Security Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute.Tony retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Tony led the release of NSA security guidance to the public. He also expanded NSA's role in the development of open standards for security.Mr. Sager holds a B.A. in Mathematics from Western Maryland College and an M.S. in Computer Science from The Johns Hopkins University.

Nicholas Reuhs, The role of cyber insurance in security and risk management

Wed, 28 Sep 2016 16:30:00 EDT

Cyber-liability insurance has grown from a niche product into a multi-billion-dollar market in less than a decade. It has also become a negotiating point in technology-related contracts and a buzzword for corporate boards. In this seminar, we will discuss how this new insurance market has developed -- surveying the spectrum of "cyber" insurance products and outlining what events these products are (and are not) intended to cover. We will also discuss underwriting problems (information asymmetry, correlated losses, etc.) and how these underwriting problems are causing insurers to increasingly dictate security practices and behavior. Finally, we will discuss the future of cyber-liability insurance and how a major event could shift the market's focus or even lead to government intervention. About the speaker: Nick Reuhs is a partner in Ice Miller's Litigation Group, where he concentrates his practice on insurance coverage disputes, risk management and commercial litigation. Nick regularly advises clients in insurance coverage matters, managing claims and advocating policy construction that maximizes insurance recovery. Nick also provides policyholders with counseling on pre-loss issues, ranging from assessments of coverage for particular risks to help with securing favorable coverage terms under specialty insurance policies. As part of his risk management practice, Nick also assists client with data protection/privacy matters, including breach response, cost recovery and pre-event risk transfer through contracting.

Aniket Kate, The Internet of Value: Privacy and Applications

Wed, 21 Sep 2016 16:30:00 EDT

Over the last seven years we have been observing a tremendous growth of crypto-currencies such as Bitcoin and IOU credit networks such as Ripple. Their decentralized and pseudonymous nature, ability to perform transactions across the globe in a matter of seconds, and potential to monetize everything regardless of jurisdiction have been pivotal to their success so far. Despite some major hiccups, their market capitalization is increasing steadily over the years. It is now believed that, in the form of the blockchain technology and the internet of value, these concepts are here to stay.In this talk, I will first present some of our recent and ongoing efforts to improve the privacy of these inherently distributed systems. I will define the concept of peer-to-peer mixing, present an efficient P2P mixing protocol, and instantiate it in Bitcoin and Ripple. In the latter half of the talk, I will present an innovation application for these payment systems. In particular, I will present a novel Bitcoin-based smart contact for non-disclosure agreement (NDA) among mutually distrusting partners that monetarily penalizes malicious disclosures of the confidential documents. About the speaker: Prof. Aniket Kate is an assistant Professor in the the computer science department at Purdue university. Before joining Purdue in 2015, Prof. Kate was a junior faculty member and an independent research group leader at Saarland University in Germany, where he was heading the Cryptographic Systems Research Group. He was a postdoctoral researcher at Max Planck Institute for Software Systems (MPI-SWS), Germany for 2010 until 2012, and he received his PhD from the University of Waterloo, Canada in 2010. Prof. Kate designs, implements, and analyzes transparency and privacy enhancing technologies. His research integrates cryptography, distributed systems, and hardware-assisted security.

Di Jin, General Motors Product Cybersecurity Overview

Wed, 14 Sep 2016 16:30:00 EDT

In this presentation the speaker will give an introduction to the GM product cybersecurity organization and the efforts that is being undertaken by this organization to drive a better product cybersecurity posture. Many various interesting aspects will be discussed in the presentation, e.g., vehicle cybersecurity ecosystem, connected vehicle attack surfaces, external industry/academia collaborations, security vulnerability disclosure program, challenges for the automotive industry, future research directions, and automotive cybersecurity talents, etc. Come and join up for a very informative session! About the speaker: Di Jin is the Advanced Development Leader in the GM Product Cybersecurity organization where he works with GM R&D and engineering teams and external experts on cybersecurity advanced development. His responsibilities include forward looking technology roadmap, advanced technology projects, collaborating with industry and academia on cybersecurity advanced development and research, participating in consortia and standardization activities to drive automotive cybersecurity advancements and standards, etc. Prior to joining GM, he worked as the Senior Security Technical Specialist at Chrysler on defining better security solutions and strategies. Di started his industrial career from working as the Lead Security Engineer at GM OnStar. He received his Ph.D. from the University of Oklahoma in Electrical and Computer Engineering with focus on communications security.

Maria Andrews, Improving Outcomes with Services

Wed, 7 Sep 2016 16:30:00 EDT

I will be discussing Improving Outcomes with Services. Including a deep dive into Advanced Threat Analytics and how Cisco Active Threat Analytics (ATA) integrates deep expertise with cutting-edge technology, leading intelligence, and advanced analytics to detect and investigate threats with great speed, accuracy, and focus. There will be talks and examples of Proactive Threat Hunting: Activities involving seeking out malicious activity not identified by traditional alerting mechanisms. Hunting methods are documented in a living play-book that is continuously updated as threats and malicious campaigns evolve. Our expert investigators monitor customer networks 24x7 from our global network of state-of-the-art security operations centers, providing constant vigilance and in-depth analysis as a comprehensive security solution. About the speaker: Maria Andrews, a recent addition to Managed Security Services (MSS) in Cisco. She has a unique and broad skillset that is able to apply across various functional areas in supporting Cisco's Security clientele that has allowed her to grow with Cisco and is now a Cross-Functional Project Manager – MSS Advanced Threat Analytics (ATA) Security Operations Center (SOC) Engagement Manager leading multiple clients with day-to-day operations regarding their individual networks. Ms. Andrews' professional credentials are comprised of 20 years' experience in engineering Department of Defense solutions for Hardware, Software, PKI and Network Systems as well created multiple security solutions for various clients. Ms. Andrews has led multi million dollar efforts with Public Key Infrastructure (PKI) and the Common Access Card (CAC) development across the United States for the US Army Corp of Engineers. During one of her deployments to Iraq she held the project lead position as the Theater Certification and Accreditation Authority directly under RDML Simpson and then RDML Bond who was his replacement in the time she was there, which was almost two years. She has multiple Patents, TMs, TSs, and has co-authored protected documents around Cyber Security and other confidential solutions in the security realm. Ms. Andrews attended American Continental University where she achieved her Associates in Business Management and followed with attending the Saint Petersburg College to achieve Bachelors in Science in Information Technology Management in Florida.

Srivatsan Ravi, Towards Safe In-memory Transactions

Wed, 31 Aug 2016 16:30:00 EDT

Current general-purpose CPUs are multicores, offering multiple computing units within a single chip. The performance of programs on these architectures, however, does not necessarily increase proportionally with the number of cores. Designing concurrent programs to exploit these multicores emphasizes the need for achieving efficient synchronization among threads of computation. When there are several threads that conflict on the same data, the threads will need to coordinate their actions for ensuring correct program behaviour. Traditional techniques for synchronization are based on locking that provides threads with exclusive access to shared data. Coarse-grained locking typically forces threads to access large amounts of data sequentially and, thus, does not fully exploit hardware concurrency. Program-specific fine-grained locking or non-blocking (i.e., not using locks) synchronization, on the other hand, is a dark art to most programmers and trusted to the wisdom of a few computing experts. Thus, it is appealing to seek a middle ground between these two extremes: a synchronization mechanism that relieves the programmer of the overhead of reasoning about data conflicts that may arise from concurrent operations without severely limiting the program's performance. The Transactional Memory (TM) abstraction is proposed as such a mechanism: it intends to combine an easy-to-use programming interface with an efficient utilization of the concurrent-computing abilities provided by multicore architectures. TM allows the programmer to speculatively execute sequences of shared-memory operations as atomic transactions with all-or-nothing semantics: the transaction can either commit, in which case it appears as executed sequentially, or abort, in which case its update operations do not take effect. Thus, the programmer can design software having only sequential semantics in mind and let TM take care, at run-time, of resolving the conflicts in concurrent executions. It is important that the intermediate state witnessed by each transaction be "safe"; if it is not consistent with any sequential execution, then the application may experience a fatal irrecoverable error or enter an infinite loop. In this talk, we focus on implementing safe TM implementations and the inherent complexities associated with them. About the speaker: Srivatsan Ravi is a Postdoctoral researcher/Visiting assistant professor at Purdue University. His research interests are in the theory and practice of distributed computing.

Michael Taylor, Secure Coding - Patterns and anti-patterns in the design & architecture of secure applications

Wed, 24 Aug 2016 16:30:00 EDT

Applications are only as secure as the network architecture and operating systems in which they operate. It is only a matter of time before services, networks, or applications are targeted by bad actors even if they are not directly exposed to the public Internet. In this seminar we will discuss some of the patterns seen in secure application development and the anti-patterns that should be avoided. Then we will examine how to best implement these practices both as an individual and within organizations throughout the software development lifecycle. About the speaker: Michael Taylor is the lead software developer at Rook Security, an Indianapolis-based provider of global IT security solutions that monitors, detects, and remediates cybersecurity threats worldwide. Michael directs the development unit at Rook Security, which creates custom programs to enable the integration of disparate solutions in a client's existing inventory. Michael and his team also invest their efforts in the creation of new data analysis tools for Rook Security to gain new threat intelligence and make smarter security recommendations to its client base. He is an instructor at the Eleven-Fifty Academy and an active participant in the open source community. Michael earned his bachelor's degree in Information Technology from Western Governors University.

Christopher N. Gutierrez, ErsatzPasswords - Ending Password Cracking

Wed, 27 Apr 2016 16:30:00 EDT

In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to prevent off-site password discovery as well as a deception mechanism to alert administrators of such attempts. Our scheme can be easily integrated with legacy systems without the need for any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme. However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords she will get are the ErsatzPasswords— the "fake passwords". When an attempt to login using these ErsatzPasswords is detected an alarm is triggered. Even with an adversary who knows about the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. ErsatzPassword is flexible by design, enabling the proposed scheme to be integrated to existing authentication systems without changes to user experience. The proposed scheme is integrated into the pam_unix module as well as two client/server authentication schemes: LDAP authentication and the Pythia PRF Service [Everspaugh et al. 2015]. The core library to support ErsatzPassword in C and Python required 255 and 103 lines of code, respectively. The integration of ErsatzPassword for each explored authentication systems required less than 100 lines of code. Experimental evaluation of ErsatzPassword shows an increase of authentication latency in the order of 100 ms, which may be acceptable for end user experience. A framework for implementing ErsatzPassword using the Trusted Platform Module (TPM) provides a greater sense of machine-dependent functionality to resist offline attacks.

Kelley Misata, Information Security: Through the Lens of Crisis Organizations

Wed, 20 Apr 2016 17:00:00 EDT

Annual Symposium 2016 Tech TalkKelley Misata, Ph.D. Candidate, Interdisciplinary Information Security - Purdue University About the speaker: Kelley Misata is a strategic leader who combines over 15 years in business leadership roles with a passion for facilitating critical conversations around responsible digital citizenship, digital safety, and free of speech online. Her current work with The Open Information Security Foundation and recent work at The Tor Project spans across fundraising, advocacy, policy discussions, marketing, and outreach activities with an array of stakeholders. Kelley combines 15 years of professional success in strategic business development and training with a unique perspective as a survivor of cyberstalking. She draws on current trends and conversations in digital securitywith local and federal law enforcement, information security experts and national resources to create strategies that incorporate the human side of digital safety. Bringing to the table a fearless and unique perspective drives Kelley's successes in her professional and academic endeavors. Kelley holds a Bachelor of Science in Marketing, a Masters Degree in Business Administration and is currently pursuing her Ph.D. in the Information Security Interdisciplinary Program at Purdue University with an emphasis on information security for non-pro t organizations.

Richard M. (Dickie) George, Life as a Target

Wed, 20 Apr 2016 16:30:00 EDT

Dickie George spent 41 years working for the National Security Agency as a cryptographer. As a member of the Intelligence Community, you learn to live as a target. However the world has changed – communications systems, the internet, on-line life (banking, shopping, social life) – the set of targets, the type of information that is sought, and the adversary have all changed significantly. We'll discuss those changes, how they impact us all, and how today's cyber professionals need to address this threat to protect government, industry, and individuals. About the speaker: Richard M. (Dickie) George is the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab. At the Lab, he works on a number of projects sponsored by the US Government and provides oversight on additional efforts. Prior to joining APL, he worked at the National Security Agency as a mathematician from 1970 until his retirement in 2011. While at NSA, he wrote more than 125 peer-reviewed technical papers on cryptomathematical subjects, ranging from new mathematical methods for attacking cryptographic algorithms, to security evaluations of complex systems. He worked on Information Assurance projects, including hardware and software supply chain issues facing the US Government, for almost his entire 41-year NSA career. While at NSA, his work was recognized by the Cryptomath Institute as the most important mathematical contribution to the Agency's mission in 1980, by 2 Presidential Rank awards, a Superior Technical Award, a Distinguished Senior Technical Achievement Award, and he was elected to Distinguished Member status into both the Kryptos (Cryptanalytic Society) and the CMI (Cryptomath Society). He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement.

Pedro Moreno Sanchez, Privacy-preserving payments in credit networks

Wed, 13 Apr 2016 16:30:00 EDT

A credit network models trust between agents in a distributed environment and enables payments between arbitrary pairs of agents. With their flexible design and robustness against intrusion, credit networks form the basis of several Sybil-tolerant social networks, spam-resistant communication protocols, and payment systems.In the first half of the talk, we introduce the concept of credit network and its application in the currently deployed Ripple payment system. We further characterize the privacy issues in Ripple as the result of clustering heuristics to group wallets based on observations on the publicly available Ripple network graph. In the second half of the talk, we show PrivPay, the first provably secure privacy-preserving payment protocol for credit networks. The distinguishing feature of PrivPay is the computation of the maximal credit between two agents without revealing any information about the credit network, the transaction or the agents themselves. Finally, we present our results on privacy-preserving payments on a distributed credit network, where each agent locally stores its own financial information. About the speaker: Pedro Moreno-Sanchez is a PhD student in the Department of Computer Science at Purdue University. His advisor is Prof. Aniket Kate. His current research focuses on the areas of security, privacy and reliability of credit network based systems such as Ripple. Previously, he also worked on network access control in distributed scenarios such as eduroam.Before moving to Purdue University in August 2015, he started his PhD studies at Saarland University in 2013 under the supervision of Prof. Aniket Kate. Previously, he was an intern researcher at Philips Research Europe (The Netherlands) under the supervision of Dr. Oscar Garcia-Morchon and Dr. Rafael Marin-Lopez. He received his bachelors and masters from University of Murcia (Spain) in 2011 and 2013 respectively.

Endadul Hoque, Finding Specification Noncompliance and Attacks in Wireless Network Protocol Implementations

Wed, 6 Apr 2016 16:30:00 EDT

Several newly emerged wireless technologies (e.g., Internet-of-Things)---extensively backed by the tech industry---are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies utilize several communication protocols that usually have stringent requirements stated in their specifications or standards, which their implementations are expected to comply with. Noncompliance exhibited by an implementation can cause interoperability issues, inconsistent behavior, or even security vulnerabilities.Automatically detecting whether a protocol implementation is noncompliant with a given property is a long-standing and challenging problem. Moreover, lack of robustness in a protocol implementation to malicious attacks---exploiting subtle vulnerabilities in the implementation---mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network.Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations of the protocol implementations calls for pre-deployment measures. In this talk, I will focus on fortifying these emerging technologies along two dimensions. I will first present an automated framework that enables a developer to check whether a protocol implementation violates its desired properties derived from its specifications and standards.Finally, I will present an automated adversarial testing platform to help developers find malicious attacks that impair the performance of their protocol implementations. About the speaker: Endadul Hoque is a Postdoctoral Research Associate at Northeastern University working with Prof. Cristina Nita-Rotaru and a visiting scholar at Purdue University. He received his PhD in computer science from Purdue University in 2015. His research interests include reliability and security of network protocols and distributed systems. In particular, his approach involves building efficient techniques to automate compliance checking and testing of network protocol implementations and distributed systems in the presence of failures and/or malicious attacks. During his PhD, he was awarded the Graduate Teaching Fellowship in 2014 and the Bilsland Dissertation Fellowship in 2015 to support his dissertation work.

Chris Kanich, Bottom Line Security: Understanding the True Cost of Cybersecurity Attacks

Wed, 30 Mar 2016 16:30:00 EDT

Using the Internet is a risky venture: cybercriminals could be lurking behind any email or in any web page, just waiting to compromise your machine. Practicing and researching cybersecurity is about minimizing that risk. Unfortunately, modern cybercriminals don't compromise machines just because they can - they do it to make money or steal data. Likewise, the risks that end users care about aren't measured in vulnerabilities discovered or hosts compromised, they care about losing hard earned money, embarrassing pictures, or simply a night of their free time because they had to remove malware from the family computer. Cybersecurity research should minimize the chance of successful attacks by maximizing the number of vulnerabilities patched or infiltrations thwarted. However, these technical goals are fundamentally intermediate goals: the ultimate goal of cybersecurity is to minimize the amount of harm that comes to users, which is a quantity denominated in dollars lost, days spent recovering from attacks, or data lost to attackers. By quantifying the harm of these attacks in these meaningful quantities, we can focus defenses and mitigations on the attacks that cause the most harm to the Internet's users.This presentation will highlight recent results that improve our understanding the true cost of cybercrime. I'll also show how these results can lead to actionable insights into which attacks we should be spending our finite effort combating. I'll cover losses due to affiliate fraud, measured in profits lost, both by the platforms and legitimate marketers. I'll also cover losses incurred due to typosquatting: while typosquatting is perpetrated by thousands upon thousands of domains, the harm caused is not clear. We use a model which quantifies how many visitors legitimate sites lose and how much time end users waste when they visit these sites. Finally, I'll showcase a tool which quantifies the value of a user's private data (their account logins), which can motivate better security behavior through a personalized warning regarding how much their account might be worth to cybercriminals. About the speaker: Chris Kanich is an Assistant Professor in the Department of Computer Science at the University of Illinois at Chicago. He received his Ph.D. in Computer Science and Engineering at UC San Diego and a B.S. in Mathematics and Computer Science at Purdue University. His current research focuses on improving user experience in the face of cybersecurity attacks. His approach uses myriad data-driven techniques (anything from botnet infiltration to user studies) to improve our understanding of how to counteract the true motivations of cybercriminals and minimize real-world losses for targets of cybercrime.

Kent Seamons, Usable Secure Webmail for Grassroots Adoption

Wed, 23 Mar 2016 16:30:00 EDT

Recent concerns about government surveillance have focused attention on secure communication tools for the masses. The security properties of these tools receive more attention than their usability properties. This talk will cover our recent effort to design a usable secure webmail system. We have conducted a number of studies to analyze existing tools and our own systems to determine whether these tools are usable by the masses to communicate securely. Most recently, to determine whether secure email is ready for grassroots adoption, we conducted a laboratory user study that recruits pairs of novice users to install and use several of the latest systems to exchange secure messages. We will discuss both quantitative and qualitative results from 25 pairs of novice users as they use Pwm, Tutanota, and Virtru. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are "on the same page". We find that users prefer integrated solutions over depot-based solutions, and that tutorials are important in helping first-time users. Hiding the details of how a secure email system provides security can lead to a lack of trust in the system. Participants expressed a desire to use secure email, but few wanted to use it regularly and most were unsure of when they might use it. About the speaker: Dr. Kent Seamons is the Director of the Internet Security Research Lab in the Computer Science Department at BYU. His research interests are in usable security, privacy, authentication, identity management, and trust management. He received a PhD in Computer Science from Illinois. Prior to joining the faculty at BYU, he conducted research at the IBM Pittsburgh Lab where he was a co-inventor of trust negotiation. He has published over 50 peer-reviewed papers that have been cited over 4,300 times. Dr. Seamons has been awarded nearly $5 million in funding from NSF, DARPA, NASA, and industry. He is also a co-inventor on four patents in the areas of automated trust negotiation, single sign-on, and security overlays.

Ryan Henry, Batch Techniques for Practical Private Information Retrieval

Wed, 9 Mar 2016 16:30:00 EST

Private information retrieval (PIR) is a way for clients to query a remote database without the database holder learning the clients' query terms or the responses they generate. Compelling applications for PIR abound in the cryptographic and privacy research literature, yet existing PIR techniques are notoriously inefficient. Consequently, no such PIR-based application to date has seen real-world at-scale deployment.In this talk, I will discuss some ongoing research that unifies "batch query" and "batch coding" techniques to help address PIR's efficiency problem. The new approach exploits the connection between 'ramp secret sharing schemes' and multi-server, information-theoretically secure PIR (IT-PIR) protocols, thereby enabling clients to fetch several records from an IT-PIR database for only *a fraction* the cost of fetching *a single record* using the standard approach. The approach is highly tuneable, and I will briefly discuss interesting asymptotic phenomenon that arise with extremal settings of the various tuning knobs. About the speaker: Ryan Henry is an assistant professor at Indiana University Bloomington. He obtained his PhD from the University of Waterloo in 2014, where he held the Vanier Canada Graduate Scholarship, Canada's most prestigious graduate scholarship. His research explores the systems challenges of applied cryptography, with a particular emphasis on using cryptography to build secure systems that protect the privacy of their users.

Anupam Joshi, Context Aware, Policy based approaches to Security

Wed, 2 Mar 2016 16:30:00 EST

Traditional approaches to securing systems tend to be fixed and mostly non adaptive. The Policy that defines the security posture is in some sense "hardcoded". In this talk, we focus on approaches to securing systems using approaches that have declarative policies that factor in dynamically evolving context. The approach is grounded in W3C standard representation formats for knowledge and formal logic. We show instances of this approach in two different network settings -- mobile devices and intrusion detection. About the speaker: Anupam Joshi is the Oros Family Professor and Chair of Computer Science and Electrical Engineering Department at the University of Maryland, Baltimore County(UMBC). He is the Director of the UMBC Center for Cybersecurity, and the Co-Technical Director of the newly announced National Cybersecurity FFRDC. He is a Fellow of IEEE.Dr. Joshi obtained a B.Tech degree from IIT Delhi in 1989, and a Masters and Ph.D. from Purdue University in 1991 and 1993 respectively. His research interests are in the broad area of networked computing and intelligent systems. His primary focus has been on data management and security/privacy in mobile/pervasive computing environments, and policy driven approaches to security and privacy. He is also interested in Semantic Web and Data/Text/Web Analytics, especially their applications to (cyber) security. He has published over 200 technical papers with an h-index of 70 and over 17000 citations (per Google scholar), filed and been granted several patents, and has obtained research support from National Science Foundation (NSF), NASA, Defense Advanced Research Projects Agency (DARPA), US Dept of Defense (DoD), NIST, IBM, Microsoft, Qualcom, Northrop Grumman, and Lockheed Martin amongst others.

Xukai Zou, Resilient, privacy-preserving, revocable and user-centric authentication – Biometric Capsule

Wed, 24 Feb 2016 16:30:00 EST

User authentication and identity management are the first-gate defense and access protection for cyber systems. Authentication failures, including post-authentication attacks, have caused constant system breaches and resulted in serious economic and social consequences to governments, enterprises, and individuals. Passwords or smartcards have issues related to true identity, loss/theft, interoperability, cross-system password vulnerability, and post-authentication attacks. It is frustrating to memorize passwords and painful when one cannot log into a system because of forgetting the password. Due to biometrics' memorization-free, identity-binding and loss-resistant properties, assisted with widely-deployed built-in biometric sensors in mobile devices, biometric authentication is becoming more feasible and very attractive. However, biometrics technology introduces its own challenges. One serious problem is that biometric templates are hard to replace once compromised. In addition, biometrics may disclose a user's sensitive information (e.g., race, gender, even health condition), thus creating user privacy concerns. A demo at Black Hat USA 2015 has alerted the public: fingerprints stored on smartphones can be stolen--remotely and at a large scale. The lost biometrics cannot be revoked and the individual's biometric identity becomes permanently void. A most recent event ``iPhone Error 53" has shocked the real world, and both angered and worried end customers: the iPhones of thousands of iPhone 6 users were killed after their iPhones' touch ID home buttons were repaired (by any third party), which was caused by touch IDs' irrevocability due to the physical binding of fingerprint touch ID with the home button.In this talk, we will present a new biometric authentication method --Biometric Capsule which can address the aforementioned issues. Unlike existing biometric authentication methods, Bio-Capsule (BC) is a template derived from the secure fusion of a user's biometrics and that of a Reference Subject (RS). The RS is simply a physical object, e.g., a doll, or an artificial one, e.g., an image. Theoretical analysis and experiments have shown that the BC mechanism is solid and efficient. BC is replaceable, non-invertible (thus, preserving privacy), and resilient. About the speaker: Dr. Xukai Zou is a faculty member of CERIAS and an associate professor at the Department of Computer and Information Sciences, Indiana University-Purdue University Indianapolis. His current research focus is Applied Cryptography, Network Security, Authentication, secure electronic voting and health and genomic data security and privacy. His research has been supported by NSF, the Department of Veterans Affairs and Industry such as Cisco and Northrop Grumman.

Bruno Ribeiro, Predicting What Users Will do Next

Wed, 17 Feb 2016 16:30:00 EST

Which song will Smith listen to next? Which restaurant will Alice go to tomorrow? Which product will John click next? These applications have in common the prediction of user trajectories that are in a constant state of flux but subject to hidden constraints (e.g. geographical location, the links of a website). What users are doing now may be unrelated to what they will be doing in an hour from now. In this talk I introduce the difficulties associated with predicting user trajectories, more specifically how the concepts of non-stationary, transiency, and time-heterogeneity make this task challenging. Mindful of these difficulties I introduce Tribeflow, a general method that can perform next product recommendation, next song recommendation, next location prediction, and general arbitrary-length user trajectory prediction without domain-specific knowledge. Extensive simulations on large and small datasets show TribeFlow to be more accurate and up to 413x faster than top state-of-the-art competitors.

Nicholas Sturgeon, IN-ISAC: SOC, Security Awareness and More

Wed, 10 Feb 2016 16:30:00 EST

The Indiana Information Sharing and Analysis Center (IN-ISAC) is an entity developed by the State of Indiana and key partners to mitigate cybersecurity risks for the State of Indiana. The IN-ISAC will accomplish this through sharing threat information and collaborating with the public, private industry, local government and other governmental agencies. About the speaker: Nick Sturgeon is the Manager of the Indiana Information Sharing and Analysis Center (IN-ISAC) and the Security Operations Center (SOC). As the Manager of the IN-ISAC, Nick is responsible for overall strategic planning, budget planning, project oversite, and ensures all efforts are focused on achieving the IN-ISAC's mission. Nick also provides management and oversight of the IN-ISAC's Security Awareness and Training program as well as direction on IN-ISAC/SOC policy and procedure development. As the SOC Manager, Nick is responsible for all day to day operations of the SOC. Nick is also involved with two Crit-Ex working groups and the State of Indiana Cybersecurity Coordination group. Nick also serves as the Deputy Director for Cyber Intelligence for the Indiana Intelligence Fusion Center (IIFC). Before joining the Indiana Office of Technology, Nick spent eight years with the Indiana State Police serving various roles. Nick held ranks of Trooper, Sergeant and First Sergeant. His last assignment was in the Criminal Justice Data Division and serving as the Assistant Commander of the Information Technology Section. Nick earned a B.S. in Management Information Systems from Indiana State University, and a M.S. with a specialization in Cyber Forensics from Purdue University.

Hemanta Maji, Robust Secure Computation

Wed, 3 Feb 2016 16:30:00 EST

Modern Cryptography provides algorithmic solutions to securely compute over the private data of mutually distrustful parties. These solutions require algorithmic or physical building blocks such as computational hardness assumptions, trusted hardware, correlated private randomness and noisy channels. A fundamental limitation of these solutions is that their security necessarily hinges on the assumption that these underlying building blocks are free of any imperfection. Over the last decade, however, this assumption has been repeatedly proven false in the real world, often rendering these solutions completely insecure. This raises the following important question: "Can secure computation be based on imperfect building blocks?" My research provides algorithmic solutions that resolve this question in the affirmative. About the speaker: Hemanta K. Maji joined the Department of Computer Science at Purdue University as Assistant Professor in Fall 2015. Earlier, he was a post-doctoral researcher and a Center Fellow at the Center of Encrypted Functionalities in University of California, Los Angeles. He was a Computing Innovations Fellow sponsored by Computing Research Association from 2011 to 2013. He obtained his Ph.D. in computer science from University of Illinois, Urbana-Champaign and his undergraduate B.Tech. from Indian Institute of Technology, Kanpur. His research interest is cryptography, in general, and secure computation, in particular. He has over 25 original peer reviewed publications at venues like FOCS, CRYPTO, EUROCRYPT and Innovations in Computer Science. His current research focuses on developing highly resilient protocols with strong mathematical security guarantees which are practically deployable. Recently, his research has been recommended for the NSF CISE Research Initiation Initiative (CRII) Award.

Elisa Bertino, Big Data Security and Privacy

Wed, 27 Jan 2016 16:30:00 EST

Technological advances and novel applications, such as sensors, cyber-physical systems, smart mobile devices, cloud systems, data analytics, and social networks, are making possible to capture, and to quickly process and analyze huge amounts of data from which to extract information critical for security-related tasks. In the area of cyber security, such tasks include user authentication, access control, anomaly detection, user monitoring, and protection from insider threat. By analyzing and integrating data collected on the Internet and Web one can identify connections and relationships among individuals that may in turn help with homeland protection. By collecting and mining data concerning user travels and disease outbreaks one can predict disease spreading across geographical areas. And those are just a few examples; there are certainly many other domains where data technologies can play a major role in enhancing security. The use of data for security tasks is however raising major privacy concerns. Collected data, even if anonymized by removing identifiers such as names or social security numbers, when linked with other data may lead to re-identify the individuals to which specific data items are related to. Also, as organizations, such as governmental agencies, often need to collaborate on security tasks, data sets are exchanged across different organizations, resulting in these data sets being available to many different parties. Apart from the use of data for analytics, security tasks such as authentication and access control may require detailed information about users. An example is multi-factor authentication that may require, in addition to a password or a certificate, user biometrics. Recently proposed continuous authentication techniques extend access control system. This information if misused or stolen can lead to privacy breaches.It would then seem that in order to achieve security we must give up privacy. However this may not be necessarily the case. Recent advances in cryptography are making possible to work on encrypted data – for example for performing analytics on encrypted data. However much more needs to be done as the specific data privacy techniques to use heavily depend on the specific use of data and the security tasks at hand. Also current techniques are not still able to meet the efficiency requirement for use with big data sets.In this talk we will discuss methods and techniques to make this reconciliation possible and identify research directions. About the speaker: Elisa Bertino is professor of computer science at Purdue University and serves as Research Director of the Center for Information and Research in Information Assurance and Security (CERIAS). She is also an adjunct professor of Computer Science & Info tech at RMIT. Prior to joining Purdue in 2004, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies. Her recent research focuses on database security, digital identity management, policy systems, and security for web services. She is a Fellow of ACM and of IEEE. She received the IEEE Computer Society 2002 Technical Achievement Award and the IEEE Computer Society 2005 Kanai Award. She is currently serving as EiC of IEEE Transactions on Dependable and Secure Computing

Chris Clifton, Privacy in Big Data: Thinking Outside the Anonymity/Confidentiality Box

Wed, 20 Jan 2016 16:30:00 EST

The computer science community has had a growing research focus in Privacy over the last decade. Much of this has really focused on confidentiality: Anonymization, computing on encrypted data, access control policy, etc. This talk will look at a variety of research results in this area, including "weaker" approaches than the absolutes typically considered in the security community, and how they all come down to the same basic concept of providing confidentiality.Privacy is much more complex. People are often willing to allow use of their data – but not just for anything. This talk will look at such other privacy issues, such as harm to individuals and society from the fear of disclosure or misuse of private data. The talk will conclude with ideas for new research directions in privacy. About the speaker: Dr. Clifton works on data privacy, particularly with respect to analysis of private data. This includes privacy-preserving data mining, data de-identification and anonymization, and limits on identifying individuals from data mining models. He also works more broadly in data mining, including data mining of text and data mining techniques applied to interoperation of heterogeneous information sources. Fundamental data mining challenges posed by these applications include extracting knowledge from noisy data, identifying knowledge in highly skewed data (few examples of "interesting" behavior), and limits on learning. He also works on database support for widely distributed and autonomously controlled information, particularly issues related to data privacy.Prior to joining Purdue, Dr. Clifton was a principal scientist in the Information Technology Division at the MITRE Corporation. Before joining MITRE in 1995, he was an assistant professor of computer science at Northwestern University.

Jim Gallagher, Microsemi Security Solutions and Threat Driven Security

Wed, 13 Jan 2016 16:30:00 EST

Threat-driven security is a systematic system-level approach that is driven by a clear understanding of the security need – it is not arbitrary application of security technologies based on their perceived effectiveness or hype. Using this systematic approach, the strength of a protection is easily gauged through simple identification of the weakest link in the design. This presentation will review our approach to identifying security vulnerabilities, determining viable mitigations, and developing a threat tree that leads to a robust threat-driven protection. About the speaker: Jim joined Microsemi as Vice President of Engineering for Security Solutions in August 2009. Jim leads the development of software, firmware, crypto, and security products and services to prevent reverse engineering and product tampering. Jim has nearly 30 years of experience in real-time embedded software and system development, with a strong focus on software process implementation. Prior to joining Microsemi, Jim began his career with General Motors holding numerous software and systems assignments. Jim holds a Bachelor of Science degree in Electrical Engineering from the University of Notre Dame and a Master of Software Engineering degree from Carnegie Mellon University.

Aniket Kate, Preventing or Penalizing Equivocation in Decentralized Environments

Wed, 9 Dec 2015 16:30:00 EST

Making conflicting statements to others, or equivocation, is a simple yet remarkably powerful tool of malicious participants in distributed systems of all kinds. In distributed computing protocols, equivocation leads to Byzantine faults and fairness issues. In this talk, I will cover my recent work towards preventing or penalizing equivocations in decentralized Systems.In the first half of the talk, we study how the resilience of asynchronous distributed computing tasks such as Byzantine agreement and multiparty computation can be improved using an increment-only counter that implements non-equivocation, a mechanism to restrict a corrupted party from making conflicting statements to different (honest) parties. In the second half of the talk, we show how equivocation can be monetarily disincentivized by the use of crypto-currencies such as Bitcoin. To this end, we have designed completely decentralized non-equivocation (smart) contracts, which make it possible to penalize an equivocating party by the loss of its money. About the speaker: Prof. Aniket Kate is an assistant Professor in the the computer science department at Purdue university. He is an applied cryptographer and a privacy researcher. His research projects aim at bridging the large gap between cryptographic research, and systems security and privacy research.Before joining Purdue in 2015, Prof. Kate was a junior faculty member and an independent research group leader at Saarland University in Germany, where he was heading the Cryptographic Systems Research Group. He was a postdoctoral researcher at Max Planck Institute for Software Systems (MPI-SWS), Germany for 2010 until 2012, and he received his PhD from the University of Waterloo, Canada in 2010.

Laura Amo, Gender Gaps in Cybersecurity Engagement and Self-Efficacy Growth Trajectories

Wed, 2 Dec 2015 16:30:00 EST

Females are significantly less likely to pursue tech-focused careers, and have significantly lower self-efficacy in technical domains. Despite initiatives to increase female participation in STEM majors, the percentage of females pursuing college degrees in computer and information science actually decreased between 2004 and 2012 in the United States. Towards the ultimate goal of increasing female representation in the cyber workforce, it is important to spark and nurture females' engagement and self-efficacy during formative years in middle and high school. As a first step, we need to define and measure cybersecurity engagement and self-efficacy. In this talk, I will discuss my work in the area of cybersecurity engagement and self-efficacy measurement by introducing the Cybersecurity Engagement and Self-Efficacy Scale. I present results from a pilot study of 34 participants (ages 13 – 17) that tracked growth in cybersecurity engagement and self-efficacy across three time points. Overall, females initially demonstrated significantly lower cybersecurity engagement and self-efficacy relative to males. However, over the course of five days of hands-on learning and simulated cyber-attack, female participants demonstrated significantly greater growth over time and the gender-based gaps in cybersecurity engagement and self-efficacy disappeared. This suggests that informal, activity-based learning experiences are crucial for reducing gender-based gaps in cyber-related domains and may serve as a starting point for promoting female participation, pursuit, and persistence in applied cybersecurity. About the speaker: Laura earned her Ph.D. in Educational Psychology and Quantitative Methods from the University at Buffalo in 2015. She is a visiting assistant professor with the UB School of Management in Management Science and Systems where she teaches large classes in statistics and analytics. Her research in cybersecurity focuses on measuring engagement and self-efficacy, as well as exploring gender differences in growth in these areas. Laura is also currently exploring the role of information-seeking self-efficacy in reducing the education gap in eHealth behaviors, and exploring the role of policy and psychological factors associated with misuse of information systems.

Jongho Won, A Secure Communication Protocol for Drones and Smart Objects

Wed, 18 Nov 2015 16:30:00 EST

In many envisioned drone-based applications, drones will communicate with many different smart objects, such as sensors and embedded devices. Securing such communications requires an effective and efficient encryption key establishment protocol. However, the design of such a protocol must take into account constrained resources of smart objects and the mobility of drones. In this paper, a secure communication protocol between drones and smart objects is presented. To support the required security functions, such as authenticated key agreement, non-repudiation, and user revocation, we propose an efficient Certificateless Signcryption Tag Key Encapsulation Mechanism (eCLSC-TKEM). eCLSC-TKEM reduces the time required to establish a shared key between a drone and a smart object by minimizing the computational overhead at the smart object. Also, our protocol improves drone's efficiency by utilizing dual channels which allows many smart objects to concurrently execute eCLSC-TKEM. We evaluate our protocol on commercially available devices, namely AR.Drone2.0 and TelosB, by using a parking management testbed. Our experimental results show that our protocol is much more efficient than other protocols. About the speaker: Jongho Won is a PhD student and his advisor is Prof. Bertino. His research interests include the fields of information security, privacy and wireless networks. His current research interests are as follows: key management and secure data collection protocol in wireless sensor networks (WSNs), trustworthiness assessment in WSNs, secure localization of sensors in WSNs, privacy-preserving data aggregation protocol for smart metering and path planning for drones.

Ariel Feldman, Verifying Computations with (Private) State

Wed, 11 Nov 2015 16:30:00 EST

Is it possible for Alice to compute a result and for Bob to be convinced of its correctness without having to reexecute the computation? What if the computation is performed over sensitive data that Bob is not allowed to see due to privacy concerns? Recent work on proof-based verifiable computation has brought these goals much closer to practicality. In this talk, I will present two implemented systems that incorporate verifiable computation in order to build realistic applications. The first, Pantry, enables a user to outsource a general-purpose computation to a potentially faulty cloud provider and yet verify that the computation was performed correctly. Unlike prior efforts, Pantry allows verifiable computations to operate on remotely-stored data, opening the way to a wide variety of uses such as MapReduce jobs and database queries.The second system, VerDP, aims to resolve the conflict in many research studies between the verifiability of the results and the privacy of the study participants. VerDP accepts queries over sensitive data that are written in a domain-specific language and processes them only if a) it can certify that the result will not compromise individuals' privacy, and if b) it can prove the integrity of the result to the public. Experimental evaluation shows that VerDP can successfully process several types of useful queries, and that the cost of generating and verifying the proofs is practical. About the speaker: Ariel Feldman is an Assistant Professor of Computer Science at the University of Chicago. His research lies at the intersection of computer security and distributed systems. He is presently focused on finding new ways to protect the security and privacy of users of "cloud hosted" services. His interests also include software and network security, data privacy, anonymity, and electronic voting, as well as the interaction between computer security, law, and public policy. Previously, he was a postdoctoral researcher at the CIS department at the University of Pennsylvania, and he received his Ph.D. in Computer Science from Princeton University in 2012.

Balamurugan Anandan, Secure Multiparty Computation and Differential Privacy

Wed, 4 Nov 2015 16:30:00 EST

Secure multiparty computation (MPC) and differential privacy are two notions of privacy that deal respectively with how and what functions can be privately computed. In this talk, I will first give an overview of MPC and differential privacy. Then, I will show how to build a two party differentially private secure protocol in the presence of semi-honest and malicious adversaries.Computing a differentially private function using secure function evaluation prevents private information leakage both in the process, and from information present in the function output. However, the very secrecy provided by secure function evaluation poses new challenges if any of the parties are malicious. We then relax the utility requirement of computational differential privacy to reduce computational cost, still giving security with rational adversaries. Finally, we provide a modified two-party computational differential privacy definition and show correctness and security guarantees in the rational setting. About the speaker: Balamurugan Anandan is a PhD candidate in Computer Science from Purdue University and works with Prof. Chris Clifton. He received his bachelor's degree in computer science from Kongu Engineering College, India in 2005 and MS in computer science from Purdue University in 2013. His research interests is in the intersection of data mining and privacy, specifically focussing on developing privacy preserving protocols.

Kate Seigfried-Spellar, Case Study of the Authur Pendragon Cyber Threat at The University of Alabama

Wed, 28 Oct 2015 16:30:00 EDT

This presentation is a detailed case study of the Authur Pendragon cyberthreat that occurred at The University of Alabama on September 21, 2014.The Authur Pendragon threat instigated mass fear, social mediahyperactivity, and rumor mongering, all of which reached beyond TheUniversity of Alabama campus. A timeline of the event, which includessocial media posts, official University responses, and mass mediacoverage, are presented followed by an analysis of the case from asocio-psychological and communications perspective using Social AttachmentModel and Theory of Proximity. Recommendations for managing Universitycyber threats and rumor mongering are discussed. About the speaker: Dr. Kathryn Seigfried-Spellar is an Assistant Professor in the Departmentof Computer and Information Technology (CIT) at Purdue University. Dr.Seigfried-Spellar has multiple publications, book chapters, and conferencepaper presentations, including international presentations in India,Ireland, Russia, and South Korea on the who and why of cybercrime.Specifically, Dr. Seigfried-Spellar studies the personalitycharacteristics and socio-legal factors associated with cyberdeviance,such as Internet child pornography use, hacking, cyberbullying, trolling,and cyber threats via social media. Dr. Seigfried-Spellar is a member ofthe Digital and Multimedia Sciences section of the American Academy ofForensic Sciences (AAFS), the IEEE Computer Society, InternationalAssociation of Law Enforcement Intelligence Analysts (IALEIA), and theAmerican Psychological Association (APA). Dr. Seigfried-Spellar alsoserves as an editorial board member for the Journal of Digital Forensics,Security, and Law as well as the International Journal of Psychology andCyber Crime.

Koray Mancuhan, Anonymized Data

Wed, 21 Oct 2015 16:30:00 EDT

Privacy has been a hot issue since early 2000s, in particular with the rise of social network and data outsourcing. Data privacy is a big concern in data outsourcing because it involves sharing personal data with third parties. In this talk, I will give an introduction to data privacy on topics such as privacy standards, data anonymization techniques, and data anonymization usage in data outsourcing and data mining. Then, I will present our work in data mining using anonymized data. We propose a data publisher-third party decision tree learning method for outsourced private data. The privacy model is anatomization/fragmentation: the third party sees data values, but the link between sensitive and identifying information is encrypted with a key known only to data publisher. Data publishers have limited processing and storage capability. Both sensitive and identifying information thus are stored on the third parties. The approach presented also retains most processing at the third parties, and data publisher-side processing is amortized over predictions made by the data publishers. Experiments on various datasets show that the method produces decision trees approaching the accuracy of a non-private decision tree, while substantially reducing the data publisher's computing resource requirements. About the speaker: Koray is a PhD student in the Department of Computer Science at Purdue University. He is currently a member of the privacy preserving data mining lab under the supervision of Chris Clifton. His research elaborates the data mining models from the anonymized data. The challenge in his research is the injected uncertainty into data because of anonymization methods. In most cases, uncertainty slows down the data mining models and require special mechanisms to exploit noisy data. His work includes learning algorithms such as k-NN classification, SVM classification, decision tree classification and frequent itemset mining.Koray received his masters degree in Computer Science from Purdue University and his undergraduate degree in Computer Engineering from Galatasaray University. Throughout his masters degree, he studied on data mining and social fairness, and authored papers in this topic. Before joining to Purdue CS, he did his research in semantic web area. He was a former member of Complex Networks lab in Galatasaray University where he worked in developing a new automatic web service annotation tool.

Fang-Yu Rao, A Hybrid Private Record Linkage Scheme: Separating Differentially Private Synopses FromMatching Records

Wed, 14 Oct 2015 16:30:00 EDT

Private record linkage protocols allow multiple parties to exchange matching records, which refer to the same entities or have similar values, while keeping the non-matching ones secret. Conventional protocols are based on computationally expensive cryptographic primitives and therefore do not scale. To address these scalability issues, hybrid protocols have been recently proposed that combine differential privacy techniques with secure multiparty computation techniques. However, a drawback of such protocols is that they disclose to the parties both the matching records and the differentially private synopses of the datasets involved in the linkage. Consequently, differential privacy is no longer always satisfied. To address this issue, we propose a novel framework, which separates the private synopses from the matching records. The two parties do not access the synopses directly, but still use them to efficiently link records. We theoretically prove the security of our framework. In addition, we have developed a simple but effective strategy for releasing private synopses. Extensive experimental results show that our framework is superior to the existing methods in terms of both recall rate and efficiency. About the speaker: Fang-Yu Rao is a Ph.D. candidate in Computer Science at Purdue University. He received his Master and Bachelor of Computer Science and Engineering from National Sun Yat-sen University. His research interests are in data privacy, information security, and applied cryptography, with an emphasis on privacy-preserving data analytics.

Kevin McPeak, The Five W's of Mobile Malware: Examining the Who, What, When, Where, and Why

Wed, 7 Oct 2015 16:30:00 EDT

Mobile malware is a growing menace, even though many Cybersecurity practitioners don't fully grasp the situation. This presentation will address the Five W's of mobile malware, namely: Who is developing it? Who is being affected by it? What exactly is it? When does it get dropped on mobile devices and when does it execute on mobile devices? Where are botnet operations that harvest mobile devices most prevalent? Why is mobile malware developed in the first place? This high-level presentation will stimulate thoughtful discussions and commensurate actions amongst Cybersecurity professionals who are tasked with defending their organization's people, data and infrastructure. About the speaker: Kevin McPeak is a Symantec Security & Mobility Architect who is focused on supporting US Government customers. In this capacity, he serves as a technical SME for reputation based malware filtering, endpoint management, endpoint security, data loss prevention, encryption, mobile device management, mobile app management, secure mobile content delivery, and new defensive technologies. Kevin has two Masters of Science degrees, with one being earned at Johns Hopkins University and the other being earned at Virginia Tech. He is also currently a part-time PhD candidate at Virginia Tech's northern Virginia extension campus. Prior to working for Symantec, Kevin worked for several systems integrators to include CACI, Lockheed Martin, and AlphaInsight. Additionally, Kevin is currently an Army Reserve warrant officer (with over 22 years of continuous service) and in that military capacity he is a veteran of both Operation Enduring Freedom (2003) and Operation Iraqi Freedom (2010 – 2011).

Omar Chowdhury, Applying Formal Verification Techniques for Checking Compliance of Computer Systems and Protocols

Wed, 30 Sep 2015 16:30:00 EDT

While designing computer systems and their underlying protocols, architects impose functionality, security, and privacy requirements or policies with which the designed systems and protocols should comply with. These requirements and policies are generally written in natural language and more often than not they are not complied with in the implementations due to ambiguity, misinterpretation of the requirements, or developer errors. Non-compliance with the requirements can not only have security, privacy, and utility consequences but also can have safety implications. One possible solution is to express the requirements in some formal language. In addition to eliminating ambiguities and misinterpretations of the requirements, this also enables application of formal verification techniques to check for compliance of the implementation against the desired requirements or the policies. Formal verification techniques can be applied for checking compliance in potentially three different settings. In the first setting,compliance checking is performed statically before a system or a protocol is deployed. In the second setting, a runtime monitor can be deployed alongside the system or the protocol, and the monitor provably disallows the system or the protocol to take non-compliant actions. Finally, compliance can be be checked in a post-hoc fashion by capturing all the relevant runtime events in an audit log which can then be scrutinized for non-compliance. In this talk, I will present demonstrative examples of using formal verification techniques for compliance checking in each of these settings. About the speaker: Omar Chowdhury is a Post-Doctoral Research Associate at the Department of Computer Science at Purdue University. Before joining Purdue, he was a Post-doctoral Research Associate at Cylab, Carnegie Mellon University. He received his Ph.D. in Computer Science from the University of Texas at San Antonio. His research interest broadly lies in the field of Computer Security and Privacy. He is specifically interested in applying formal verification techniques for developing efficient compliance checking mechanism for computer information systems with respect to applicable privacy regulations like HIPAA and GLBA. He has won the best paper award The ACM Symposium on Access Control Models and Technologies (SACMAT). He has also served as a program committee member in ACM SACMAT and ACM CCS.

Kexin Pei, LEAPS: Detecting Camouflaged Attacks with Statistical Learning Guided by Program Analysis

Wed, 23 Sep 2015 16:30:00 EDT

Currently cyberinfrastructures are facing increasinglystealthy attacks that implant malicious payloads under thecover of benign programs. Existing attack detection approachesbased on statistical learning methods may generate misleadingdecision boundaries when processing noisy data with such amixture of benign and malicious behaviors. On the other hand,attack detection based on formal program analysis may lackcompleteness or adaptivity when modeling attack behaviors.In light of these limitations, we have developed LEAPS, anattack detection system based on supervised statistical learningto classify benign and malicious system events. Furthermore,we leverage control flow graphs inferred from the system eventlogs to enable automatic pruning of the training data, whichleads to a more accurate classification model when applied tothe testing data. Our extensive evaluation shows that, comparedwith pure statistical learning models, LEAPS achieves consistentlyhigher accuracy when detecting real-world camouflaged attackswith benign program cover-up. About the speaker: Kexin Pei is a second year master student at Department of Computer Science, Purdue University. His research interests include data mining and security, focusing on solving security problems using program analysis and machine learning techniques.

John Feddema, Evaluation of Urban Vehicle Tracking Algorithms

Wed, 16 Sep 2015 16:30:00 EDT

Low signal-to-noise data processing algorithms forimproved detection, tracking, discrimination and situationalthreat assessment are a key research challenge. As sensortechnologies progress, the number of pixels will increase significantly.This will result in increased resolution, which couldimprove object discrimination, but unfortunately, will also resultin a significant increase in the number of potential targets totrack. Many tracking techniques, like multi-hypothesis trackers,suffer from a combinatorial explosion as the number ofpotential targets increase. As the resolution increases, the phenomenologyapplied towards detection algorithms also changes.For low resolution sensors, blob tracking is the norm. Forhigher resolution data, additional information may be employedin the detection and classification steps. The most challengingscenarios are those where the targets cannot be fully resolved,yet must be tracked and distinguished for neighboring closelyspaced objects. Tracking vehicles in an urban environment is anexample of such a challenging scenario. This report evaluatesseveral potential tracking algorithms for large-scale tracking inan urban environment. The algorithms considered are: randomsample consensus (RANSAC), Markov chain Monte Carlo dataassociation (MCMCDA), tracklet inference from factor graphs,and a proximity tracker. Each algorithm was tested on acombination of real and simulated data and evaluated againsta common set of metrics.

Yonghwi Kwon, P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions

Wed, 9 Sep 2015 16:30:00 EDT

In cyber-attack analysis, it is often highly desirable to understand the meaning of an unknown file or network message in the absence of their consumer (i.e. the program that parses and understands the file/message). For example, a malware may stealthily collect information from a victim machine, store them as a file and later send it to a remote server. P2C is a novel technique that can parse and understand unknown files and network messages. Given a file/message that was generated in the past without the presence of any monitoring techniques, and a set of potential producers of the file/message, P2C systematically explores the execution paths in the producers without requiring any inputs. In the meantime, it tries to transform a producer execution to a consumer execution that closely resembles the ideal consumer execution that can parse the given unknown file/message. In particular, when a write operation is encountered in the original execution, P2C performs the opposite read operation on the unknown file/message and patches the original execution with the loaded value. In order to handle correlations between data fields in the file/message, P2C follows a trial-and-error approach to look for the correct transformation until the file/message can be parsed and the meaning of their fields can be disclosed. Our experiments on a set of real world applications demonstrate P2C is highly effective. About the speaker: Yonghwi Kwon is a PhD student in the Department of Computer Science at Purdue University. His research interests include, but not limited to, dynamic/static binary analysis, reverse-engineering, and system security, focusing on solving security and debugging problems using dynamic binary analysis and translation techniques. He is a recipient of the SIGSOFT Distinguished Paper Award and Best Paper Award from ASE 2013.

Jianjun Huang, SUPOR: Precise and Scalable Sensitive User Input Detection for Mobile Apps

Wed, 2 Sep 2015 16:30:00 EDT

While smartphones and mobile apps have been an essential part of our lives, privacy is a serious concern. Previous mobile privacy related research efforts have largely focused on predefined known sources managed by smartphones. Sensitive user inputs through UI (User Interface), another information source that may contain a lot of sensitive information, have been mostly neglected. This talk examines the possibility of scalably detecting sensitive user inputs from mobile apps. In particular, SUPOR, a novel static analysis tool that automatically examines the UIs to identify sensitive user inputs containing critical user data, such as user credentials, finance, and medical data, is designed and implemented. SUPOR enables existing privacy analysis approaches to be applied on sensitive user inputs as well. To demonstrate the usefulness of SUPOR, we build a system that detects privacy disclosures of sensitive user inputs by combining SUPOR with off-the-shelf static taint analysis. We apply the system to 16,000 popular Android apps, and conduct a measurement study on the privacy disclosures. SUPOR achieves an average precision of 97.3% and an average recall of 97.3% for sensitive user input identification. SUPOR finds 355 apps with privacy disclosures and the false positive rate is 8.7%. We discover interesting cases related to national ID, username/password, credit card and health information. About the speaker: Jianjun Huang is a PhD student in the Department of Computer Science at Purdue University, supervised by Prof. Xiangyu Zhang. Jianjun Huang is interested at leveraging program analysis techniques to detect malicious behaviors and flaw in mobiles apps. In particular, his research combines static program analysis, text and GUI analysis.More details may be found at https://www.cs.purdue.edu/homes/huang427/.

Samuel Jero, Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Wed, 26 Aug 2015 16:30:00 EDT

Network transport protocols, like TCP, underlie the vast majority of Internet communication, from email to web browsing to instant messaging to file transfer. Despite their importance, these protocols are difficult to implement correctly, leading to a long string of bugs and vulnerabilities dating back to 1985.In this talk we present a new method for finding attacks in unmodified transport protocol implementations using the specification of the protocol state machine to reduce the search space of possible attacks. Such reduction is obtained by applying malicious actions to all packets of the same type observed in the same state instead of applying them to individual packets. Our method requires knowledge of the packet formats and protocol state machine. We demonstrate our approach by developing SNAKE, a tool that automatically finds performance and resource exhaustion attacks on unmodified transport protocol implementations. SNAKE utilizes virtualization to run unmodified implementations in their intended environments and network emulation to create the network topology. SNAKE was able to find 9 attacks on 2 transport protocols, 5 of which we believe to be unknown in the literature. This work was awarded best paper in DSN 2015. About the speaker: Samuel Jero is a PhD student in the Department of Computer Science at Purdue University working with Prof. Cristina Nita-Rotaru. He is a member of the Dependable and Secure Distributed Systems Lab (DS^2) and the Center for Education and Research in Information Assurance and Security (CERIAS). His research interests include fault tolerance, security, and testing for network protocols and distributed systems. He is a recipient of the Purdue University Andrews Fellowship. He received a combined BS and MS in Computer Science from Ohio University in 2013.

Steve Bellovin, Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

Wed, 29 Apr 2015 16:30:00 EDT

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications — there was no longer just "Ma Bell" to talk to — and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which mandated a standardized lawful intercept interface on all local phone switches. Technology has continued to progress, and in the face of new forms of communication — Skype, voice chat during multi-player online games, many forms of instant messaging, etc.— law enforcement is again experiencing problems. The FBI has called this "Going Dark": their loss of access to suspects' communication. According to news reports, they want changes to the wiretap laws to require a CALEA -like interface in Internet software.CALEA , though, has its own issues: it is complex software specifically intended to create a security hole — eavesdropping capability — in the already-complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts' warnings of the danger posed by this mandated vulnerability, but time has proven the experts right. The so-called "Athens Affair", where someone used the built-in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system.This talk explores the viability and implications of an alternative method for addressing law enforcement's need to access communications: legalized hacking of target devices through existing vulnerabilities in end-user software and platforms. About the speaker: Steven M. Bellovin is the Percy K. and Vidal L. W. Hudson Professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don't get along, as well as related public policy issues. In his spare professional time, he does some work on the history of cryptography. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). Bellovin has served as Chief Technologist of the Federal Trade Commission. He is a member of the National Academy of Engineering and is serving on the Computer Science and Telecommunications Board of the National Academies, the Department of Homeland Security's Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission; he has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to the Cybersecurity Hall of Fame.Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number of patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996-2002; he was co-director of the Security Area of the IETF from 2002 through 2004.More details may be found at http://www.cs.columbia.edu/~smb/informal-bio.html.

Rohit Ranchal & Payuna Uday & Zhemei Fang, CERIAS Poster Contest Winners

Wed, 22 Apr 2015 16:30:00 EDT

"Increasing robustness and resilience: assessing disruptions and dependencies in analysis of System-of-Systems alternatives"Researchers: Prof. Daniel Delaurentis, Karen Marais, Navindran Davendralingam, Zhemei Fang, Cesare Guariniello, Payuna Uday"PD3: Policy–based Distributed Data Dissemination"Researchers: Rohit Ranchal, Denis Ulybyshev, Pelin Angin, Prof. Bharat Bhargava

Yan Huang, Engineering Secure Computation -- Efficiently

Wed, 15 Apr 2015 16:30:00 EDT

Secure Multiparty Computation offers cryptographically strong guarantees on the secrecy of data used in collaborative computing among untrusted parties. It has many important applications ranging from peer-to-peer secure auction to privacy-preserving data mining. In this talk, I will present my experience in building efficient secure computation protocols. I will also share my vision on how to blend modern cryptography and programming languages research to solve interesting cyber-security problems. About the speaker: Dr. Yan Huang is an assistant professor at Indiana University. Dr. Huang is interested in developing secure protocols, with applications in private collaborative data mining, secure cloud computing, and cyber-physical systems. His research combines techniques from systems, cryptography, and programming languages to build secure systems. He is the creator of FastGC and ObliVM, the leading software tools to build efficient secure computation applications. The tools are freely available and have been used in several research projects by both academia and industry labs world-wide.

Rebecca Herold, Privacy Potpourri: Changing Privacy from the Bottom Up

Wed, 8 Apr 2015 16:30:00 EDT

Rebecca will provide a brief discussion of the general consideration of what "privacy" and "personal information" really are, in addition to important factors when making privacy risk assessment. She will also discuss some of her work and research in recent years involving medical devices, smart meters, geo location, and a wide host of other Internet of Things and Big Data scenarios. Long with this will be discussion of the need to be able to identify privacy risks that accompany the use of new and evolving technologies, and then determine the best controls to use to mitigate them. This is intended to be an interactive and thought provoking session. Rebecca will also a copy of her new book, "Data Privacy for the Smart Grid" (http://www.crcpress.com/product/isbn/9781466573376), published by CRC Press, to an attendee. About the speaker: Rebecca is widely recognized and respected and has been providing information privacy, security and compliance services, tools and products to organizations in a wide range of industries for over two decades. Rebecca has authored 16 published books, most recently "The Practical Guide to HIPAA Privacy and Security Compliance 2nd Edition" in October, 2014 and "Data Privacy for the Smart Grid" in January, 2015, both published by CRC Press. Rebecca is currently authoring the ISACA Privacy Program Management Guide which will be released during Q3 of 2015. Rebecca was one of the first practitioners to be responsible for both information security and privacy starting in 1996 in a multi-national insurance and financial organization that was establishing one of the first online banks. In June 2009, Rebecca was asked to lead the NIST SGIP Smart Grid Privacy Subgroup, where she also led the Privacy Impact Assessment (PIA) for the home to utility activity, the very first performed in the electric utilities industry. In 2015 Rebecca also was asked to work for NIST for their Privacy Engineering initiative. Rebecca is a co-owner for the SIMBUS Information Security and Privacy Services business, currently with the premier flagship HIPAA Compliance Tools and Vendor Tracker services (http://www.HIPAACompliance.org) for healthcare organizations and their business associates to meet their HIPAA, HITECH and other legal requirements. Rebecca has been an Adjunct Professor for the Norwich University Master of Science in Information Security & Assurance (MSISA) program since 2005. Rebecca currently serves on multiple advisory boards for security, privacy and high-tech technology organization. Rebecca is frequently interviewed and quoted in diverse broadcasts and publications such as IAPP Privacy Advisor, BNA Privacy & Security Law Report, Wired, Popular Science, Computerworld, IEEE's Security and Privacy Journal, and many others. In addition to achieving CISSP, CISM, CISA, and FLMI certifications, Rebecca is CIPP/US, CIPM and CIPT certified, is a member of the IAPP Certification Advisory Board, and is an instructor for the IAPP's CIPT, CIPM, CIPP/US and CIPP Foundations classes. Rebecca has received numerous awards and recognitions for her privacy and information security work over the years. Rebecca Herold, CIPM, CIPT, CIPP/US, CISSP, CISM, CISA, FLMIOwner & CEO, The Privacy Professor (http://www.privacyguidance.com & http://www.privacyprofessor.org)Co-Owner & CVO, SIMBUS Information Security and Privacy Services, HIPAA Compliance Tools (http://www.HIPAACompliance.org)Partner, Compliance Helper (http://www.compliancehelper.com)Adjunct Professor for the Norwich University Master of Science in Information Security and Assurance (MSISA) program (http://www3.norwich.edu/msia) Twitter ID: PrivacyProf (http://twitter.com/PrivacyProf)Linked In: https://www.linkedin.com/in/rebeccaherold

Kui Ren, Breaking Mobile Social Networks for Automated User Location Tracking

Wed, 1 Apr 2015 16:30:00 EDT

Location-based social networks (LBSNs) feature location-based friend discovery services attracting hundreds of millions of active users world-wide. While leading LBSN providers claim the well-protection of their users' location privacy, in this talk we show for the first time through real world attacks that these claims do not hold after summarizing the existing practices from the industry. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. I will further talk about the development of an automated user location tracking system based on the proposed attack and its test on leading LBSNs including Wechat, Skout, and Momo. Real-world experiments on 30 volunteers and the defense approaches will also be discussed. These findings serve as a critical security reminder of the current LBSNs pertaining to a vast number of users. About the speaker: Kui Ren is an associate professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo. He received his PhD degree from Worcester Polytechnic Institute. Kui's current research interest spans Cloud & Outsourcing Security, Wireless & Wearable System Security, and Human-centered Computing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He is a recipient of NSF CAREER Award in 2011 and Sigma Xi/IIT Research Excellence Award in 2012. Kui received several Best Paper Awards including IEEE ICNP 2011. He currently serves as an associate editor for IEEE TMC, IEEE TIFS, IEEE IoT, IEEE TSG, etc. Kui is a senior member of IEEE, a member of ACM, a Distinguished Lecturer of IEEE, and a past board member of Internet Privacy Task Force, State of Illinois.

Michelle Dennedy, Symposium/Michelle Dennedy, Intel

Wed, 25 Mar 2015 16:30:00 EDT

We will discuss how the known practives and inspirations of the past can enlighten our path forward into the uncertain seas of Big Data, Clouds and Things that absorb data and even talk back. Privacy engineering as a set of methodologies and cross disciplinary field of inquiry is another theme that I will present and students and attendees can grow. About the speaker: Michelle Finneran Dennedy currently serves as VP and Chief Privacy Officer at Intel Security. She is responsible for the development and implementation of Intel Security data privacy policies and practices, working across business groups to drive data privacy excellence across the security continuum. Before joining Intel Security, Michelle founded The iDennedy Project, a public service organization to address privacy needs in sensitive populations, such as children and the elderly, and emerging technology paradigms. Michelle is also a founder and editor in chief of a new media site—TheIdentityProject.com—that was started as an advocacy and education site, currently focused on the growing crime of Child ID theft. Michelle was the Vice President for Security & Privacy Solutions for the Oracle Corporation. This team worked closely with customers to enable them to proceed with the confidence that information is protected and accelerated as an asset. Before the Oracle acquisition of Sun, Michelle was Chief Data Governance Officer within the Cloud Computing division at Sun Microsystems, Inc. Michelle worked closely with Sun's business, technical and legal teams to create the best data governance policies and processes possible for cloud computing in order to build trust for cloud environments through vendor transparency. Michelle also served as Sun's Chief Privacy Officer. Michelle is a sought-after and provocative public speaker, evangelizing new approaches and business justifications for soundly-defined, transparent security and privacy policies and systems that protect healthy, safe global businesses. Michelle has a JD from Fordham University School of Law and a BS degree with university honors from The Ohio State University. In 2009, she was awarded the Goodwin Procter-IAPP Vanguard award for lifetime achievement and the EWF – CSO Magazine Woman of Influence award for work in the privacy and security fields.

Andrew Pyles, Virtual Android Malware Detection and Analysis (VAMDA)

Wed, 11 Mar 2015 16:30:00 EDT

Mobile application vetting is pivotal to preserve the integrity of mobile platforms. Existing frameworks typically rely on virtual environments which are easily detected by malware. Advanced malware can avoid detection within existing vetting processes by limiting its functionality within the virtual environment.Virtual Android Malware Detection and Analysis (VAMDA) is a multi-tiered malware analysis platform with extensive detection and analysis capabilities. Malware is analyzed within a modified emulator, a virtualized ARM environment and instrumented physical phone. VAMDA utilizes extensive logging capabilities and can be used for automatic report generation based upon a set of observable metrics as well as an extensible tool for Mobile security analysts. About the speaker: Andrew Pyles is a Cyber Security researcher at The MITRE Corporation specializing in Mobile security. He has a PhD in Computer Science from the College of William and Mary and BS in Computer Science from The Ohio State University. He holds a patent based on his dissertation on mobile wireless energy efficiency.

Xinming Ou, Aiding Security Analytics -- From Dempster-Shafer Theory to Anthropology

Wed, 4 Mar 2015 16:30:00 EST

Research on new technologies to help security analysts defend networks and systems from attacks has unique challenges --- the ad-hoc nature of attacks and their mitigation makes formal modeling elusive; the diverse threat scenarios of organizations makes a one-size-fit-all solution unlikely; and the lack of data and production deployment to test research prototypes makes evaluation extremely difficult. In this talk I will describe the unique approaches we have been taking to address this problem. Since algorithms and tools that arise from this research are intended to help the tasks performed by human analysts, it becomes a pre-requisite for researchers to first understand how analysts do their jobs, and identify the key obstacles and bottlenecks for performance. I will explain how we designed/built the SnIPS system for intrusion analysis by eliciting expert knowledge through ad-hoc interviews, and the formulation of a customized Dempster-Shafer theory to capture how humans deal with the inherent uncertainty in this reasoning process. I then explain how this led us to eventually adopt an anthropological approach to address this research challenge.Anthropology is a social science well known for its long-term participant observation method in which researchers spend substantial amounts of time living/working together with the subjects of study, as participant observers who take part in the daily lives and challenges of those they study, giving them a more empathic perspective understanding of their views, practices, and challenges. I will use the examples in my past eight years' research to explain why this type of ethnographic fieldwork is crucial and could be a very effective method to extract the "tacit knowledge" embodied in the practices of security analysts. Joining the "community of practice" of security operations will enable researchers to access the tacit knowledge, make it explicit, subject it to systematic analysis and modeling, and yield algorithms that execute the knowledge in an automated fashion. I will also talk about "unexpected findings" we are still deriving from on-going anthropological fieldwork at multiple security operations centers. About the speaker: Dr. Xinming (Simon) Ou is an associate professor of Computer Science and the Peggy and Gary Edwards Chair in Engineering at Kansas State University. He received his PhD from Princeton University in 2005. Before joining Kansas State University in 2006, he was a post-doctoral research associate at Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS), and a research associate at Idaho National Laboratory (INL). Dr. Ou's research is primarily in cyber defense technologies, with focuses on intrusion/forensics analysis, cloud security and moving-target defense, mobile system security, and cyber physical system security. Dr. Ou's research has been funded by National Science Foundation, Department of Defense, Department of Energy, National Institute of Standards and Technology (NIST), HP Labs, and Rockwell Collins. He is a recipient of 2010 NSF Faculty Early Career Development (CAREER) Award, a three-time winner of HP Labs Innovation Research Program (IRP) award, and 2013 K-State College of Engineering Frankenhoff Outstanding Research Award.

Kami Vaniea, Software updates: decisions and security implications

Wed, 25 Feb 2015 16:30:00 EST

Installing security-relevant software updates is one of the best computer protection mechanisms available to end users. Unfortunately, users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the decisions users make about installing future security updates. As many as 70% of computers worldwide are running old versions of Java, a common target of attack. In this presentation I will talk about my research into why users choose to not update their software, and what can be done about it. I report on a multi-factor study where we investigated why users choose to not update software. We interviewed users and analysed the logs on their computers. We found that the default automatic update behaviour of Windows did not always match users' intentions, sometimes causing users to be more secure than they intended, sometimes less. Non-security components of updates, such as user interface changes, also impacted users' willingness to update software. About the speaker: Dr. Kami Vaniea is an Assistant Professor at Indiana University's School of Informatics and Computing. She obtained her PhD in Computer Science from Carnegie Mellon University where she was a member of the Cylab Usable Privacy and Security group working in the areas of computer security and human computer interaction. Her research interests are in how people manage access to digital items and information. Her work examines how people interact with security technologies, and explores how to best design security technologies that support users and improve security.

Ninghui Li, Privacy Notions for Data Publishing and Analysis

Wed, 18 Feb 2015 16:30:00 EST

Data collected by organizations and agencies are a key resource intoday's information age. The use of sophisticated data mining techniquesmakes it possible to extract relevant knowledge that can then be used for avariety of purposes, such as research, developing innovative technologiesand services, intelligence and counterterrorism operations, and providinginputs to public policy making. However the disclosure of those data posesserious threats to individual privacy. In this talk, we will present the evolvement of privacy notions fordata publishing and analysis, leading to our proposed membership privacyframework, which formalizes the intuition that privacy means that theadversary cannot significantly increasing its ability to conclude that anentity is in the input dataset. We show that several recently proposedprivacy notions, including differential privacy, are instantiations of themembership privacy framework, and that the framework provides a principledapproach to developing new privacy notions under which better utility can beachieved than what is possible under differential privacy. About the speaker: Ninghui Li is a Professor of Computer Science at Purdue University. Hisresearch interests are insecurity and privacy. Prof. Li is currently Vice Chair of ACM SpecialInterest Group on Security, Audit and Control (SIGSAC) and Program Chair of 2015 ACM Conference on Computer andCommunications Security (CCS). He is on the editorial boards of IEEE Transactions on Dependable and SecureComputing, Journal of Computer Security, and ACM Transactions on InternetTechnology.

Mathias Payer, Code-Pointer Integrity

Wed, 11 Feb 2015 16:30:00 EST

Programs are full of bugs, leading to vulnerabilities. We'll discusspower and limitations of code-pointer integrity (CPI), a strong butpractical security policy that enforces memory safety for all codepointers, protecting against any form of control-flow hijack attack(e. g., ROP or JOP).Systems code is often written in low-level languages like C/C++, whichoffer many benefits but also delegate memory management toprogrammers. This invites memory safety bugs that attackers canexploit to divert control flow and compromise the system. Deployeddefence mechanisms (e. g., ASLR, DEP) are incomplete, and strongerdefence mechanisms (e. g., CFI) often have high overhead and limitedguarantees (and are therefore not generally deployed).In this talk we discuss code-pointer integrity (CPI), a strongsecurity policy that guarantees the integrity of all code pointers ina program (e.g., function pointers, saved return addresses) andthereby prevents all control-flow hijack attacks, includingreturn-oriented programming and jump-oriented programming. We alsointroduce code-pointer separation (CPS), a relaxation of CPI withbetter performance properties. Both CPI and CPS offer substantiallybetter security-to-overhead ratios than the state of the art, they arepractical (we protect a complete FreeBSD system and over 100 packageslike apache and postgresql), effective (prevent all attacks in theRIPE benchmark), and efficient, resulting in very low to negligibleperformance overhead. About the speaker: Mathias Payer is a security researcher and an assistant professor incomputer science at Purdue university. His interests are related tosystem security, binary exploitation, user-space software-based faultisolation, binary translation/recompilation, and (application)virtualization. His research focuses on protecting applications evenin the presence of vulnerabilities, with a focus on memory corruption.

Omar Chowdhury, Regulatory Compliance Checking Over Encrypted Audit Logs

Wed, 4 Feb 2015 16:30:00 EST

Individuals have the privacy expectation that organizations (e.g., bank, hospital) that collect personal information from them will not share these personal information with mischievous parties. To prevent unauthorized disclosure of personal information by organizations, US federal government has put forward privacy legislation like HIPAA and GLBA. Violation of these privacy regulations can bring down heavy financial penalties for the organization. To maintain compliance with all the relevant privacy regulations, organizations collect day-to-day privacy events in an audit log which is periodically checked for compliance. The audit logs capturing the privacy sensitive events tend to be large and due to the cost-effectiveness of cloud infrastructures, outsourcing the audit log storage to a third party cloud service provider is now a viable option for organizations. As the audit logs can possibly contain customers' sensitive personal information, protecting confidentiality of the audit log data from the cloud service provider and other malicious parties should be a major objective for the organization. One possibility is to encrypt the audit logs before uploading it in the cloud storage. However, encrypting the audit log with any semantically secure encryption scheme might prohibit the organization from automatically check compliance of the audit log. Theoretical solutions like fully homomorphic encryption is not practically viable in this scenario. In this talk, I will present two very simple audit log encryption schemes that reveal enough information so that the organization can run an automatic compliance checking algorithm over the encrypted log. With empirical evaluation we demonstrate that, our enhanced compliance checking algorithm incurs low to moderate overheads for our cryptographic schemes, relative to a baseline without encryption. About the speaker: Omar Chowdhury is a Post-Doctoral Research Associate in the Department of Computer Science at Purdue University. Prior to joining Purdue University, he was a Post-Doctoral Research Associate in Cylab, Carnegie Mellon University. He received his B.Sc. in Computer Science & Engineering from Bangladesh University of Engineering & Technology and his Ph.D. in Computer Science in the University of Texas at San Antonio. His research interest lies in investigating fundamental issues in Computer Security and Privacy. He is interested in developing novel access control features and technologies. His current research focuses on using formal verification techniques to design efficient security and privacy policy analysis and enforcement mechanisms. Specifically, he is interested in developing efficient algorithms for checking compliance of practical privacy policies like HIPAA and GLBA. He has won the best paper award The ACM Symposium on Access Control Models and Technologies (SACMAT). He has also served as a program committee member in The ACM Symposium on Access Control Models and Technologies (SACMAT).

Savvas Savvides, Practical Confidentiality Preserving Big Data Analysis in Untrusted Clouds

Wed, 28 Jan 2015 16:30:00 EST

The "pay-as-you-go" cloud computing model has strong potential for efficiently supporting big data analysis jobs expressed via data-flow languages such as Pig Latin. Due to security concerns — in particular leakage of data — government and enterprise institutions are however reluctant to moving data and corresponding computations to public clouds. In this talk we will discuss Crypsis, a system that allows execution of MapReduce-style data analysis jobs directly on encrypted data. Crypsis transforms data analysis scripts written in Pig Latin so that they can be executed on encrypted data. Crypsis to that end employs existing practical partially homomorphic encryption (PHE) schemes, and adopts a global perspective in that it can perform partial computations on the client side when PHE alone would fail. About the speaker: Savvas Savvides is a PhD student in Computer Science at Purdue University. He earned his Master's degree in Computer Science from New York University and his Bachelor's in Computer Science from the University of Manchester. His primary research interests include Information Security, Distributed Systems and Cloud Computing. His current research focus is on devising practical solutions for confidentiality preserving big data analysis jobs.

Bharath Samanthula, Security with Privacy - A Research Agenda

Wed, 21 Jan 2015 16:30:00 EST

Cloud computing is a key technology for storing, managing and analyzing big data. However, such large, complex, and growing data, typically collected from various data sources, such as sensors and social media, can often contain personally identifiable information (PII) and thus the organization collecting the big data may want to protect their outsourced data from the cloud. In this talk, we will discuss current research towards development of efficient and effective privacy-enhancing (PE) techniques for management and analysis of big data in cloud computing. In particular, we will discuss initial approaches to address two important PE applications: (i) privacy-preserving data management and (ii) privacy-preserving data analysis under the cloud environment. Additionally, we will discuss research issues that still need to be addressed to develop comprehensive solutions to the problem of effective and efficient privacy-preserving use of data. About the speaker: Bharath Kumar Samanthula is a Postdoctoral Research Associate in the Cyber Center department and a Visiting Assistant Professor in the Department of Computer Science at Purdue University. His primary research interests include Personal Privacy, Information Security, Applied Cryptography, and Data Mining. His current research focus is on devising privacy-enhanced solutions for various data outsourcing tasks in Cloud Computing and Social Networks.

Jackie Rees Ulmer, Learning from Information Security Maturity: A Textual Analysis

Wed, 14 Jan 2015 16:30:00 EST

The Building Security in Maturity Model V (BSIMM-V) is an industry-driven maturity model dedicated to software security, which specifies a set of activities designed to foster an improved security posture within the organization. This research explores the firm characteristics and approaches to information risk of the participating BSIMM-V firms, primarily through text mining techniques. The objective of this research is to determine if there are any significant associations or relationships between firm characteristics, the activities identified by the BSIMM –V model, and reported information security incidents. About the speaker: Jackie Rees Ulmer is currently an associate professor of Management Information Systems in the Krannert Graduate School of Management at Purdue University. She earned her Ph.D. in Decision and Information Sciences from the Warrington College of Business at the University of Florida in 1998. Her research interests include information security risk management, privacy, machine learning, particularly text mining and evolutionary computation. She has published in journals such as Communications of the ACM, Decision Sciences, Decision Support Systems, European Journal of Operational Research, Information System Research, INFORMS Journal on Computing, Information Technology and Management, International Journal of Electronic Commerce, and the Journal of Organizational Computing and Electronic Commerce. She teaches courses in Information Security, Principles of Management Information Systems, Java Programming, Database Management Systems, and Data Mining. She is currently serving as the director of accreditation for the Krannert School of Management and is also a CERIAS Fellow.

Xiangyu Zhang, How Program Analysis can be Used in Security Applications

Wed, 10 Dec 2014 16:30:00 EST

This presentation will discuss how program analysis can be used in security applications. Three sample applications will be discussed:binary transformation that can mutate and instrument off-the-shelf commodity binary executables, memory forensics that can extract critical information from memory images, and reverse engineering technique that can expose hidden behaivor of software. All these applications are driven by program analysis.

Marcus Ranum, Privacy in the Age of the Police State

Wed, 19 Nov 2014 16:30:00 EST

A great deal of discussion about privacy focuses on the technicaldetails of metadata, data in motion, data at rest, etc -- details which are designed to obscure the basic discussion rather than to illuminate.In this talk we'll look at some of the philosophical questions regarding privacy and what they may mean in modern terms. About the speaker: Marcus J. Ranum, Senior Strategist at Tenable Network Security, Inc., is a world-renowned expert on security system design and implementation. He has been involved in every level of operations of a security product business, from developer, to founder and CEO.

Kevin Bowers, You can hack, but you can't hide: Using log analysis to detect APTs

Wed, 12 Nov 2014 16:30:00 EST

In my talk I will be describing new techniques developed at RSA Labs to analyze massive log data commonly collected by large enterprises to detect and identify suspicious activity. Unlike common signature-based detection mechanisms used today, our approach leverages behavior patterns that persist across different infection vectors, and is thus more resilient to attacker evasion. Moreover, our techniques are unique in their ability to detect stealthy campaigns in which only a single host sporadically communicates with malicious sites controlled by attackers. Through effective data reduction and algorithms inspired from the graph-theoretic belief propagation model we identify the most suspicious domains contacted by hosts in an organization in different stages of an APT campaign (e.g., initial delivery, infection, command-and-control, etc.). We demonstrate the effectiveness of our techniques against two datasets. The first, a public dataset made available by Los Alamos National Laboratory includes the simulations of APT campaigns overlaid on their DNS traffic. We successfully detect 94% of the campaigns with only a 1% false positive rate. We then apply the techniques to 38TB of web proxy logs collected by a large enterprise to discover hundreds of malicious domains that had bypassed other installed security tools. About the speaker: Kevin Bowers is a Senior Research Scientist and Manager of RSA Laboratories, the security research group at RSA, the Security Division of EMC. He holds a B.S. in Electrical, Computer and Systems Engineering and Computer Science, and a B.S. in Mathematics, both from Rensselaer Polytechnic Institute, as well as an M.S. in Computer Science from Carnegie Mellon University. Kevin has been with RSA Labs since 2007 and his current research is focused on user authentication, breach resilience, and data science for security applications. Kevin's publication history covers many diverse topics including numerous cryptographic protocols for remote verification of integrity and resilience, time stamping, secure chain-of-custody, as well as advanced authentication techniques and steganography.

Barrett Caldwell and Omar Eldardiry, Improving Analyst Team Performance and Capability in NOC / SOC Operations Centers

Wed, 5 Nov 2014 16:30:00 EST

Network Operations Center and Security Operations Center (NOC / SOC) teams have complex and challenging cognitive tasks that are crucial to the IT health of the organization, but existing tools and metrics do not support this range of tasks. To enhance their key tasks, namely situation awareness, incident response, prevention and knowledge sharing, it is critical to understand how people, tools and information sharing co-function in a NOC environment, and what limits their performance--from low-level analysts to their managers and team leads responsible for translating this NOC/SOC value to others in the organization. Beginning at RSA 2014, our research team began to explore how to improve the information available and displayed to NOC / SOC analysts, team leads, and managers. Our interviews and information display usability efforts are focused on recognizing and reducing the gaps that limit NOC/SOC effectiveness and integration with the rest of the organization. The two recurring themes that address the needs of lower- and higher-level analysts, and their managers were: 1) Analysts need to effectively turn data visualizations into usable presentations to increase network situation awareness, and 2) SOC leads and managers need tools and metrics to effectively communicate the status of the organization's network assets, team operations and company's incident response preparedness to the rest of the organization. Besides standard training, analysts are required to engage in the development of expertise and acquiring skills necessary to perform required tasks. Transfer of organizational knowledge to novice analysts efficiently is a vital process to maximize the organization's capabilities at all times. In preliminary interviews, network managers and team leads stated that they are unaware of tools that will allow them to document work procedures and cases to be used as a resource for novice analysts. They express frustration from the need of their continuous involvement in operational level tasks that interrupt their managerial tasks. About the speaker: Barrett S. Caldwell, PhD is a Professor in Industrial Engineering (and Aeronautics & Astronautics) at Purdue. His PhD (Univ. of California, Davis, 1990) is in Social Psychology; his two BS degrees are from MIT (1985). His research program is known as the Group Performance Environments Research (GROUPER) Laboratory. GROUPER research highlights human factors engineering approaches to design, evaluation, and innovation for how people get, share, and use information well. Prof. Caldwell has published over 150 scientific publications and has been recently funded by sources including CERIAS, FAA, and NASA. He is a Fellow of the Human Factors and Ergonomics Society (HFES), a Purdue University Faculty Scholar, and Immediate Past Secretary-Treasurer of the Human Factors and Ergonomics Society.Omar Eldardiry is a PhD student in the Purdue GROUPER Laboratory, advised by Prof. Barrett Caldwell. His BS and MS degrees are from Alexandria University. Omar studies how information availability affects the decision making process as well as operations efficiency. The goal of his research is to develop strategies to tame the effect of information delays/inaccuracy, and improve team collaboration. He has research and operations experience in manufacturing engineering and information security, and has completed projects and internships in the US, Egypt, and Taiwan. In addition to research and industry experience, Omar has had course responsibility as an instructor in Engineering Economics.

Robert Zimmerman, Healthcare Security and Privacy: Not There Yet

Wed, 29 Oct 2014 16:30:00 EDT

The Healthcare Industry; Rapid Growth, Increased RiskWhy the Healthcare Industry is behind the curve on Security and PrivacyHow the Trust Factor affects Adoption of Technology InnovationHealthcare Data is Valuable and Criminals are starting to realize itCritical Healthcare Compliance and Security IssuesSimplified Security and Compliance Solutions that Fit the Way Healthcare operates About the speaker: CTO of Inforistec

Golden G. Richard III, "Memory Analysis, Meet GPU Malware"

Wed, 22 Oct 2014 16:30:00 EDT

Graphics Processing Units (GPUs) have evolved from very specialized,idiosyncratic hardware intended to execute specialized graphics workloadsto semi-autonomous "supercomputers" that can be programmed easily usingcommon programming languages and powerful, portable APIs. GPUs also formthe basis for an emerging threat, GPU malware, which offloads importantaspects of malicious computations onto the GPU. The benefits of executingmalicious computations on the GPU include abundant compute power, a largeamount of semi-non-volatile memory, and perhaps most importantly, isolationfrom host-based security measures. While memory analysis offers powerfultools to detect and analyze traditional host-based malware, there areessentially no equivalent tools for analyzing GPU malware. Furthermore,existing general-purpose tools for debugging GPU applications arecompletely ineffective if a large number of conditions are not establishedbefore a GPU application is executed, all of which will certainly beviolated by weaponized GPU malware. This talk explores GPU malware indetail, identifies why it's hard to analyze, and also discusses measuresthat can easily employed to make analysis even more difficult. A primarymotivation for this research is the 2015 DFRWS Digital Forensics Challenge,under development by Dr. Richard, the aim of which is to increase interestin GPU malware analysis and foster the development of powerful tools toanalyze and combat this threat. About the speaker: Golden G. Richard III is Professor of Computer Science, University ResearchProfessor and Director of the Greater New Orleans Center for InformationAssurance (GNOCIA) at the University of New Orleans. Prof. Richardreceived his Ph.D. in Computer Science from The Ohio State University in1995 and has 35 years of experience in computer systems and computersecurity. He is a Fellow of the American Academy of Forensic Sciences, amember of the United States Secret Service Cybercrime Task Force, andChairman of the Board of Directors for DFRWS, a conference devoted todigital forensics research. His research interests mirror his teachinginterests: digital forensics, reverse engineering, offensive computing,operating systems internals, and malware analysis. In private practice, Dr.Richard owns Arcane Alloy, LLC, and to further his agenda of absolutely notime for sleep, Golden is also a professional music photographer--you cancheck out his work at HighISOMusic.com.

Stephen Elliott, Biometrics and Usability

Wed, 8 Oct 2014 16:30:00 EDT

About the speaker: Dr. Elliott's teaching and research interests are in the field of biometrics. He currently leads a team of graduate and undergraduate students who work in the area of biometric technology. For more information about the team, please visit www.icbrpurdue.org. His research interests within biometrics include testing and evaluation of biometric devices, biometric performance, and biometric education initiatives. He has spoken at several conferences, and is active in biometric standards initiatives.

Larry Ponemon, Responsible Information Management and the 2014 Cost of Data Breach: Global Analysis

Wed, 1 Oct 2014 16:30:00 EDT

Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat. With the exception of Germany, companies had to spend more on their investigations, notification and response when their sensitive and confidential information was lost or stolen. As revealed in the 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, the average cost to a company was $3.5 million in US dollars and 15 percent more than what it cost last year. Will these costs continue to escalate? Are there preventive measures and controls that will make a company more resilient and effective in reducing the costs? Nine years of research about data breaches has made us smarter about solutions. Critical to controlling costs is keeping customers from leaving. The research reveals that reputation and the loss of customer loyalty does the most damage to the bottom line. In the aftermath of a breach, companies find they must spend heavily to regain their brand image and acquire new customers. Our report also shows that certain industries, such as pharmaceutical companies, financial services and healthcare, experience a high customer turnover. In the aftermath of a data breach, these companies need to be especially focused on the concerns of their customers. As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company's business continuity management team in dealing with the breach.In most countries, the primary root cause of the data breach is a malicious insider or criminal attack. It is also the most costly. In this year's study, we asked companies represented in this research what worries them most about security incidents, what investments they are making in security and the existence of a security strategy. An interesting finding is the important role cyber insurance can play in not only managing the risk of a data breach but in improving the security posture of the company. While it has been suggested that having insurance encourages companies to slack off on security, our research suggests the opposite. Those companies with good security practices are more likely to purchase insurance. Global companies also are worried about malicious code and sustained probes, which have increased more than other threats. Companies estimate that they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month. Unauthorized access incidents have mainly stayed the same and companies estimate they will be dealing with an average of 10 such incidents each month. When asked about the level of investment in their organizations' security strategy and mission, on average respondents would like to see it doubled from what they think will be spent—an average of $7 million to what they would like to spend—an average of $14 million. This may be a tough sell in many companies. However, our cost of data breach research can help IT security executives make the case that a strong security posture can result in a financially stronger company. About the speaker: Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy, data protection and information security practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Security Magazine has named Dr. Ponemon as one of the "Most Influential People for Security."Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws. He serves as chairman of the Government Policy Advisory Committee and co-chair of the Internet Task Force for the Council of American Survey and Research Organizations (CASRO).Dr. Ponemon was a senior partner of PricewaterhouseCoopers, where he founded the firm's global compliance risk management group. Prior to joining Price Waterhouse as a partner, Dr. Ponemon served as the National Director of Business Ethics Services for KPMG Peat Marwick, and was appointed Executive Director of the KPMG Business Ethics Institute.Dr. Ponemon has held chaired (tenured) faculty positions and published numerous articles and learned books. He has presented hundreds of keynote speeches or learned presentations at national or international conferences on privacy, data protection, information security, corporate governance, and responsible information management. Dr. Ponemon is an active member of the International Association of Privacy Professionals, serving as founding member of the Certified Information Privacy Professional (CIPP) Advisory Board. Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master's degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

Sam Liles, Threat intelligence and digital forensics

Wed, 24 Sep 2014 16:30:00 EDT

There are various forms and types of intelligence but this topic isn't about how smart you are. It is about how smart you are in figuring out the risks and various impacts against your organization. How do you use digital forensics to determine an adversary within the network. Starting with a small primer on the tradecraft of intelligence the discussion covers how threat intelligence to information enterprises is impacted on the tactical, operational, and strategic level. About the speaker: Dr. Liles has been in higher education for a decade and is currently an associate professor in the Purdue University Cyberforensics Laboratory where he teaches digital forensic investigation courses. Previously he worked in industry on network security and information management projects worldwide. He served in law enforcement and the military.

Mark Guido, MITRE/Purdue Mobile Masquerading User Experiment

Wed, 17 Sep 2014 16:30:00 EDT

Periodic Mobile Forensics (PMF) is a MITRE research project investigating user behavioral measurement on mobile devices by applying both traditional and mobile forensics processes. We applied our research to an enterprise mobile infrastructure, where we utilize a mobile on-device agent named TractorBeam. This agent periodically collects changed storage locations from each device to allow for later image reconstruction and analysis. We collaborated with Purdue University to perform a three-month experiment where we evaluated TractorBeam's operation in a simulated operational setting to identify masquerading users (i.e., users operating the devices other than the enterprise designated mobile device user). We surmised that even if a masquerading user on an enterprise mobile device lacked malicious intent; this masquerader would still be undesirable to the enterprise. On campus, we provided a set of human-subject volunteers the following: preconfigured mobile devices with cellular voice and data plans, also with the TractorBeam agent pre-installed; a simple acceptable use policy; and deceptive project background information to stimulate normal behavior. As a result of the experiment, we collected enough data to successfully reconstruct 821 forensic images, extract over 1 million audit events, and perform masquerading user analysis. This presentation describes PMF and characterizes the collected experiment corpus, the extracted audit events, and the performance of TractorBeam throughout the protocol. Then our approach for advanced masquerading detection will be discussed. About the speaker: Mr. Mark Guido is a principal cyber engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement). Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than twelve years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.

Mathias Payer, WarGames in Memory: Fighting Powerful Attackers

Wed, 10 Sep 2014 16:30:00 EDT

Memory corruption (e.g., buffer overflows, random writes, memoryallocation bugs, or uncontrolled format strings) is one of the oldestand most exploited problems in computer science. These problems arehere to stay as low-level languages like C or C++ continue to tradesafety for potential performance. A small set of all proposedsolutions (e.g., Address Space Layout Randomization, Data ExecutionPrevention, and stack canaries) is applied in practice but realexploits show that all currently deployed protections can be defeated.The problems of current protection mechanisms call for novelapproaches towards software protection that fulfill the followingproperties: low overhead for high security guarantees, no changes tothe original source code, and compatibility to existing libraries andbinaries (including a partial migration strategy).We present a security policy that deterministically protects softwareagainst control-flow hijack attacks. Our mechanism uses both auser-space virtualization system (building on binary translation) tosupport legacy code and a compiler-based framework to enforce theintegrity of all code pointers at runtime. Such a system controls theexecution of all code in user-space, extracts information from allloaded components, and enforces a strong security policy for theexecuted software with low overhead. We show possible pitfalls andlimitations and discuss future extensions and optimizations. About the speaker: Mathias Payer is a security researcher and an assistant professor incomputer science at Purdue university. His interests are related tosystem security, binary exploitation, user-space software-based faultisolation, binary translation/recompilation, and (application)virtualization.Before joining Purdue in 2014 he spent two years as PostDoc in DawnSong's BitBlaze group at UC Berkeley. He graduated from ETH with a Dr.sc. ETH in 2012. The topic of his thesis is related to low-levelbinary translation and security. After developing a fast binarytranslation system (fastBT) he started to analyze different exploittechniques and wondered how binary translation could be used to raisethe guard of current systems (with TRuE and libdetox as a prototypeimplementation of the security framework).

Brendan Saltaformaggio, DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse

Wed, 3 Sep 2014 16:30:00 EDT

State-of-the-art memory forensics involves signature-based scanning of memory images to uncover data structure instances of interest to investigators. A largely unaddressed challenge is that investigators may not be able to interpret the content of data structure fields, even with a deep understanding of the data structure's syntax and semantics. For example, an investigator may know that a buffer field is holding a photo image, but still cannot display (and hence understand) the image. We call this the data structure content reverse engineering challenge. In this talk, we present DSCRETE, a system that enables automatic interpretation and rendering of in-memory data structure contents. DSCRETE is based on the observation that the application in which a data structure is defined usually contains interpretation and rendering logic to generate human-understandable output for that data structure. Hence DSCRETE aims to identify and reuse such logic in the program's binary and create a "scanner+renderer" tool for scanning and rendering instances of the data structure in a memory image. We will show that DSCRETE is able to recover a variety of application data — e.g., images, figures, screenshots, user accounts, and formatted files and messages — with high accuracy. The raw contents of such data would otherwise be unfathomable to human investigators. About the speaker: Brendan Saltaformaggio is a Ph.D. student in the Department of Computer Science at Purdue University. His research focuses on the application of binary analysis techniques to digital forensics problems. Most recently, his work on data structure content reverse engineering won the Best Student Paper Award at Usenix Security 2014. Brendan earned a BS with Honors in Computer Science from the University of New Orleans. Prior to joining Purdue, Brendan was a digital forensics researcher at MIT Lincoln Labs (2012) and the Greater New Orleans Center for Information Assurance (2011).

Rachel Sitarz, Women In Cyber Security

Wed, 30 Apr 2014 16:30:00 EDT

In our ever connected society, security has become an essential component for all facets of life. Businesses, government, academics, and individually, all facets have a need to protect and secure technology. Over the past 5-10 years, the demand for cyber security professionals has significantly increased. According to the Bureau of Labor Statistics, employment for Cyber Security Specialists is expected to increase much faster than the average career over the course of the next 10 years. Despite the growing demand, women represent an alarmingly low percentage. This can be demonstrated in nearly any university's technology courses. Cyber security especially is highly male-dominated. Research shows that having a balance of male and female perspectives facilitates diverse and creative innovation and problem solving, within the ever changing realm of cyber security.The NSF SFS funded Broadening Participation of Women in Cybersecurity Project, which aims to build a movement towards diversifying Cyber Security. The program put on the Women in Cyber Security Conference (WiCyS), in Nashville, TN, April 11-12. I will discuss my experience at this conference. I will also discuss takeaways from this conference, and important information for anyone interested in pursuing a career in this ever evolving and highly demanded field. About the speaker: Rachel Sitarz is a PhD student in Cyber Forensics at Purdue University. She studies under the guidance of Dr. Marcus Rogers. She obtained her Master degree in Cyber Forensics in 2010 from Purdue University. She received her undergraduate degrees in Law and Society, Psychology and Forensics in 2007 from Purdue University. Over the past three years, while being a full-time student, Rachel worked full-time for the Indiana State Police, as a Criminal Intelligence Analyst, on the Internet Crimes Against Children Task Force. Currently, Rachel works for the IT Security and Policy section at Purdue, where she builds analytical products from the current threats that are seen on the Purdue network. Rachel is also an Adjunct Professor, teaching Research Methods. Rachel's area of research interest is on the psychological and behavioral analysis of cyber criminals. She aims to understand the user behind the crime. How they are behaving, what programs they are using to facilitate their crimes, how do they engage with other criminals, are among many of her areas of study.

Masooda Bashir, Online Privacy Agreements, is it Informed Consent?

Wed, 16 Apr 2014 16:30:00 EDT

Considering that most consumers do not read Privacy Policies and Terms of Service agreements before accepting them, considerable informational asymmetry exists between consumers and cloud service providers regarding the collection and processing of personal information online. One potential method for reducing this informational asymmetry is the application of informed consent to online environments. Informed consent online will mean upholding principles such as disclosure, competence, comprehension, voluntariness, and agreement. Comprehension and voluntariness are arguably the hardest principles to achieve under current Internet business models and consumer behavior patterns. In this talk I will present the results of an extensive, two-part privacy survey that assessed knowledge and opinions concerning comprehension and voluntariness in online consent agreements. Results expose comprehension gaps with respect to the contents of consent agreements as well as the background knowledge that would be necessary to understand the significance of the terms within the documents. In addition, our survey results highlight the coercive nature of the online consent process and suggest ways for better facilitating voluntariness in online interactions. We found substantial support for alternative service delivery models concerning privacy and for legislation that would endorse standardized consent agreements. These findings provide thought-provoking information which can be used to guide future efforts aimed at increasing consumer awareness about online privacy issues. About the speaker: Dr. Masooda Bashir is an Assistant Professor at the Graduate School of Library and Information Science at the University of Illinois at Urbana Champaign. Dr. Bashir also has appointments at the Coordinated Science laboratory, Information Trust Institute, Industrial and Enterprise Engineering and directs the social science research at the college of engineering. Dr. Bashir received her undergraduate degrees in Mathematics and Computer Science and her Ph.D. in Psychology from Purdue University. She worked for several years as a systems analyst, technical trainer, manager, and global manager for a number of high-tech corporations in Silicon Valley, including Lotus and IBM. Most recently, Dr. Bashir was the Assistant Director for Social Trust Initiatives in the Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign. Dr. Bashir's areas of research interests lie at the interface of IT, Psychology, and Society, especially how privacy, trust, and security factors intersect from a psychological point of view with information technology.

Chris Jenkins, Integrity Levels: A New Paradigm for Protecting Computing Systems

Wed, 9 Apr 2014 16:30:00 EDT

As the field of determined and increasingly sophisticated adversaries multiplies, the confidence in the integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a substantial target for attackers. Over the past decade, malware transitioned from attacking a single program to subverting the OS kernel by means of what is known as a rootkit. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities potentially remain. Signature-based schemes seek to detect malware with a known signature or digital fingerprint. Signature-less schemes seek to detect anomalies within the computer system by understanding normal behavior. Both architectures are typically built on top of existing solutions or paradigms. Furthermore, these solutions tend to utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to deactivation.We propose an approach to designing computer systems that inherently decouples the function of the computer system from its security specification. Instead of preventing and detecting malware attacks by patching code or using signatures (though we can use them as well), our proposed approach focuses on the policy specification of the system and possible graceful degradation of functionality according to the policy as anomalies of security concern are detected. We believe this innovative paradigm uses existing technologies in a novel manner to determine the integrity level of the system. Based on the integrity level, the system may behave differently and/or limit access to data available at a given integrity level. About the speaker: Dr. Chris Jenkins is a senior member of technical staff at Sandia National Laboratories in Albuquerque, NM. His primary responsibility focuses on researching new computing paradigms for mitigating compromise (malware) in current computing systems. He seeks to find ways to move beyond detection and prevention of malware and rootkits. Specifically, he concentrates on how to design systems that operate in a compromised state while maintaining availability and basic functionality. For decades, computer systems have been designed around the OS/app two- domain model. He has proposed a different model that attempts to bridge the old model to a new proposed four-domain model. The current prototype highlights a potential framework for achieving this goal. The current prototype utilizes various technologies ranging from low-level virtualization techniques to computer security policy specification at a high level. Additionally, he taught a mini-course entitled Virtualization on ARM at Sandia. His current career aspiration emphasizes on finding different ways to utilize next-generation processor and platforms to solve current and future cyber-security challenges. Chris received his bachelor's degree in computer engineering from the University of Illinois at Urbana-Champaign. He finished his PhD at the University of Wisconsin-Madison focusing on accelerating cryptographic algorithms utilizing SIMD execution units on a software-defined radio DSP.

Philip Ritchey & Mohammed Almeshekah, CERIAS Poster Contest Winners

Wed, 2 Apr 2014 16:30:00 EDT

Joshua Corman, Why so CERIAS!? Why we're losing and what to do about it.

Wed, 26 Mar 2014 16:30:00 EDT

About the speaker: As a security strategist and philosopher serving in the IT Security space, Joshua Corman's cross-domain research highlights adversaries, game theory and motivational structures. A passionate advocate who "fights for the user" and the oft neglected public good, Corman's research has shifted toward the rise of hactivism, internet governance, cyber-conflict, and the growing tensions between technology and civil liberties.Prior to joining Sonatype, Corman was the Director of Security Intelligence at Akamai Technologies. He is also the former Research Director of the 451 Group. He co-founded Rugged Software and IamTheCavalry, was named a Top Influencer of IT in NetworkWorld and serves as a Fellow with the Ponemon Institute. Corman received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Marina Blanton, General-Purpose Secure Computation and Outsourcing

Wed, 12 Mar 2014 16:30:00 EDT

The desire to compute on sensitive data without revealing it has led to several decades of research in the area of secure multi-party computation. Today, cloud computing serves as a major motivation for the development of secure data processing techniques suitable for use in outsourced environments for computing with private or sensitive data. Despite much attention, most of the available techniques focused on a rather narrow domain of integer arithmetic. In this talk, we describe our work on other types of computation and algorithms suitable for secure computation and outsourcing with the goal of enabling secure and efficient distributed implementation of a general-purpose program. This, in particular, includes a compiler that transforms a program written in C extension, where variables to be protected are marked as private, into its secure distributed implementation suitable for execution in the cloud. About the speaker: Marina Blanton is an assistant professor in the Department of ComputerScience and Engineering at the University of Notre Dame. She received her MS in EECS from Ohio University in 2002, MS in CS from Purdue University in2004, and PhD in CS from Purdue University in 2007. Dr. Blanton's researchinterests are centrally in information security, privacy, and appliedcryptography. Recent projects span across areas such as secure computationand outsourcing, integrity of outsourced computation and storage, privatebiometric and genomic computation, privacy-preserving systems for medicaland social networks, authentication, anonymity, and key management. Dr.Blanton has served on technical program committees for top conferences andworkshops and journal editorial boards. Her research is supported by NSF,AFOSR, and AFRL.

Marina Gavrilova, Machine Intelligence for Biometric and On-Line Security

Wed, 5 Mar 2014 16:30:00 EST

Security research domain has recently witnessed tremendous growth in respect to all aspects of information access and sharing. There has been notable progress in developing successful approaches to tackle the problem of user authentication. Among those approaches, biometric-based authentication firmly established itself as one of the most reliable, efficient, and versatile tools for providing discretionary access control to a secure resource or system. While state-of-the art methods for biometric authentication are becoming increasingly more powerful and better understood, the same unfortunately cannot be said about security of users populating on-line communities or cyberworld. Ensuring safe and secure communication and interaction among users and, respectably, their on-line identities presents unique challenges to academicians, as well as the industry and the public. Despite the fact that those challenges are regularly making headlines in the news, in government reports and in IT security domain, there is a lack of effort to address this urgent problem. The limited efforts that do exists are currently restricted to network security, password protection, encryption, database security and policy-making efforts. However, one of most crucial components for ensuring on-line security ñ the relationship between communication among users and user authentication, has been largely overlooked. This crucial issue requires a systematic study and a targeted effort to develop effective security solutions for cyberworlds, which is the main topic of this proposed talk. About the speaker: Marina L. Gavrilova is an Associate Professor in the Department of Computer Science, University of Calgary. Dr. Gavrilova research interests lie in the area of biometric security, cognitive sciences, pattern recognition, social networking and cyberworlds. Prof. Gavrilova is founder and co-director of the Biometric Technologies Laboratory, with over 120 journal and conference papers, edited special issues, books and book chapters, including World Scientific Bestseller (2007) ñ ìImage Pattern Recognition: Synthesis and Analysis in Biometricî and \"Multimodal Biometrics and Intelligent Image Processing for Security Systems\". Together with Dr. Kenneth Tan, Prof. Gavrilova founded ICCSA series of international events in 2002. She was co-Chair of the International Workshop on Biometric Technologies BT 2004 and General Chair of International Conference on Cyberworlds CW2011, and currently servces as Founding Editor-in-Chief of Transactions on Computational Science Journal, Springer. Prof. Gavrilova has given Invited Keynotes and Invited Panel Lectures at such prestigious international events at INDIN 2003, 3AIí06, ICBAKE 2008, ICCSA 2010, ICCI*CC 2011, CyberWorlds 2012, GRAPHICON 2012 and appeared as panelist at 14th Security and Privacy Conference. She has given invited talks at DIMACS, Bell Labs, USA, Microsoft Research, Redmond, Samsung Research, South Korea and at numerous universities worldwide. Her research was profiled in newspaper and TV interviews, most recently being chosen to be featured in Exhibit at National Museum of Civilization, in National Film Canada production and on upcoming Discovery Channel biometric spoofing segment.

Rahul Potharaju, Delivering "Always-on" Services Despite Flaky Network Infrastructure

Wed, 26 Feb 2014 16:30:00 EST

As computing shifts to a service-oriented world, a key need is to deliver an always-on experience to the end-users. However, providing a 24x7x365 available service is challenging because failures are the norm rather than an exception in distributed systems. While there has been significant work to improve server and software reliability, networks have become the new "weakest link" in delivering reliable services. Towards improving network service reliability, my research focuses on (a) studying reliability of datacenter networks, (b) building automated systems for problem inference, and (c) gaining operational experience from real-world deployment of the systems I built.In this talk, I will answer three key questions on improving service reliability in datacenters:1. What is the service impact due to network failures? What are their root causes?2. How to build geo-distributed cloud services?3. How do we analyze unstructured data from network operators to improve network management?The outcomes of this work have either undergone a tech-transfer or are being used by multiple business groups inside a large cloud provider. About the speaker: Rahul Potharaju is a PhD candidate in the Computer Science department of Purdue University and a member of CERIAS, advised by Prof. Cristina Nita-Rotaru. Prior to that, in 2009, he earned his Masters Degree in Computer Science from Northwestern University. He has over three years of industrial research experience working on collaboration projects with Microsoft Research, Redmond and Motorola Applied Research Center. He is passionate about building large-scale data-intensive systems, with a particular interest in analytics-as-a-service clouds and automated problem inference systems. His research has been adopted by several business groups inside Microsoft and has won the Microsoft Trustworthy Reliability Computing Award for 2013.

Ed Felten, Technical Tradeoffs in the NSA's Mass Phone Call Program

Wed, 19 Feb 2014 16:30:00 EST

This talk will examine several technical questions related to the NSA's program that collects data about a substantial fraction of all domestic phone calls. How effective is such a program likely to be in identifying potential terrorists or clearing up false suspicion? How easily can enemies evade the program? Can the program be redesigned to better protect privacy, without losing effectiveness? About the speaker: Ed Felten is the Robert E. Kahn Professor of Computer Science and Public Affairs at Princeton University, and the Director of Princeton's Center for Information Technology Policy. His research interests include computer security and privacy, network technologies, and public policy issues relating to computing. In 2011-12 he served as the first Chief Technologist at the Federal Trade Commission. He is a Fellow the ACM and a member of the National Academy of Engineering.

Ting-Fang Yen, Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks

Wed, 12 Feb 2014 16:30:00 EST

As more and more Internet-based attacks arise, organizations are respondingby deploying an assortment of security products that generate situationalintelligence in the form of logs. These logs often contain high volumes ofinteresting and useful information about activities in the network, and areamong the first data sources that information security specialists consultwhen they suspect that an attack has taken place. However, security productsoften come from a patchwork of vendors, and are inconsistently installed andadministered. They generate logs whose formats differ widely and that areoften incomplete, mutually contradictory, and very large in volume. Hence,although this collected information is useful, it is often dirty.We present a novel system, Beehive, that attacks the problem ofautomatically mining and extracting knowledge from the dirty log dataproduced by a wide variety of security products in a large enterprise. Weimprove on signature-based approaches to detecting security incidents andinstead identify suspicious host behaviors that Beehive reports as potentialsecurity incidents. These incidents can then be further analyzed by incidentresponse teams to determine whether a policy violation or attack hasoccurred. We have evaluated Beehive on the log data collected in a largeenterprise, EMC, over a period of two weeks. We compare the incidentsidentified by Beehive against enterprise Security Operations Centerreports, antivirus software alerts, and feedback from enterprise securityspecialists. We show that Beehive is able to identify malicious events andpolicy violations which would otherwise go undetected. About the speaker: Ting-Fang Yen is a research scientist at RSA Laboratories, the security division of EMC. Ting-Fang's research interests include network security and data analysis for security applications. Ting-Fang received a B.S. degree in Computer Science and Information Engineering from National Chiao Tung University, Taiwan, and M.S. and Ph.D. degrees in Electrical and Computer Engineering from Carnegie Mellon University.

Shumiao Wang, Secure and Private Outsourcing to Untrusted Cloud Servers

Wed, 29 Jan 2014 16:30:00 EST

Storage and computation outsourcing to cloud servers has become very popular due to the large volume of data that needs to be hosted at cloud servers and the intent to employ servers to perform computational work for clients. However, many clients are still reluctant to do so due to their concern for the confidentiality of the data. In this talk, I will present our work on developing secure protocols to outsource several kinds of computation without leaking the clients' data to the cloud servers, including outsourcing feature extraction of images, generalized matrix multiplication, etc. About the speaker: Shumiao Wang is a Ph.D. candidate in Computer Science Department, Purdue University. She joined the CS department in 2010, received her MS in CS in 2012, and has been working with Prof. Mikhail Atallah on several research projects in the cloud outsourcing setting. Her research interests are primarily in information security, and also include algorithms and computer vision, and her thesis work is on designing protocols for secure computation and/or storage outsourcing.

Marina Kaljurand, Economic Policy and Cyber Challenges in Estonia

Wed, 4 Dec 2013 16:30:00 EST

Muhammad Umer Arshad, Trust Management for Publishing Graph Data

Wed, 20 Nov 2013 16:30:00 EST

Use of graph-structured data models is on the rise -- in graph databases, in representing biological and healthcare data as well as geographical data.In order to secure graph-structured data, and develop cryptographically secure schemes for graph databases, it is essential to formally define and develop suitable collision resistant one-way hashing schemes and show them they are efficient. The widely used Merkle hash technique is not suitable, because graphs may be directed acyclic ones or cyclic ones. In this talk, we will address this problem. In particular, we: (1) discuss the practical and formal security model of hashing schemes for graphs, (2) present the formal security model of perfectly secure hashing schemes, (3) describe constructions of hashing and perfectly secure hashing of graphs, and (4) present performance results for the constructions. We use graph traversal techniques, which are highly efficient for hashing, redaction, and verification of hashes graphs. We have implemented the proposed schemes. Performance analysis on both real and synthetic graph data sets support the viability of our approach. About the speaker: Umer received his MS and BS degrees in ECE from University of Engineering and Technology, Lahore, Pakistan in 2005 and 2002 respectively. Currently he is doctoral student in the School of ECE, Purdue University. His research interests are in the area of distributed systems and information security.

Randall Brooks, Cloud Security: How Does Software Assurance Apply

Wed, 13 Nov 2013 16:30:00 EST

It was once said that the last time one had full control of their software was right before they released it. This is ever more important as organizations move applications and services into a public cloud to support a mobile lifestyle. Clouds have been described as "a safe and secure private cloud", "a semi-trusted partner cloud", or "a wild wild west full and open public cloud". It's typically toward the latter in which the industry has been moving. Because of this, one must understand their Attack Surface and threat environment to ensure that they have focused on "building security in" to their application. About the speaker: Randall Brooks, Engineering Fellow, Raytheon, has more than 15 years of experience in Cybersecurity with expertise in Software Assurance (SwA) and secure development life cycles (SDLC). He has been awarded three US patents on Intrusion Detection and Prevention, and three US andone UK patent(s) on Cross Domain solutions. He is also a CISSP, CSSLP, ISSEP, ISSAP and an ISSMP. He is a graduate of Purdue University with a Bachelors of Science from the School of Computer Science. He represents Raytheon within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1). E-mail: brooks@raytheon.com

Tejashree Datar, Yahoo! Messenger Forensics on Windows Vista and Windows 7

Wed, 6 Nov 2013 16:30:00 EST

The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducted research indicates the evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Several differences were found within the Yahoo Messenger's registry keys and directory structure on Windows Vista and Windows 7 as compared to Windows XP. About the speaker: Final year PhD student in Cyber Forensics in College of Technology. Completed my under graduate studies in India in Electronics and Telecommunications Engineering. Completed my Masters from Oklahoma State University in Telecommunications Management. Got interested in the filed of Digital Forensics in my last semester at Oklahoma State University after taking a course in Digital Forensics. Area of interest is social networking in teens, forensic investigation.

Ninghui Li, Membership Privacy: A Unifying Framework For Privacy Definitions

Wed, 30 Oct 2013 16:30:00 EDT

Data collected by organizations and agencies are a key resourcein today's information age. The use of sophisticated data mining techniquesmakes it possible to extract relevant knowledge that can then be used for avariety of purposes, such as research, developing innovative technologiesand services, intelligence and counter-terrorism operations, and providinginputs to public policy making. However the disclosure of those data posesserious threats to individual privacy. In this talk, we present a novelprivacy framework that we call Membership Privacy, which prevents theadversary from significantly increasing its ability to conclude that anentity is in the input dataset. Membership privacy is parameterized by afamily of distributions that captures the adversary's prior knowledge. Thepower and flexibility of the proposed framework lies in the ability tochoose different distribution families to instantiate membership privacy.Many privacy notions in the literature are equivalent to membership privacywith interesting distribution families, including differential privacy,differential identifiability, and differential privacy under sampling. Theframework also provides a principled approach to developing new privacynotions under which better utility can be achieved than what is possibleunder differential privacy. This is joint work with Wahbeh Qardaji, DongSu, Yi Wu, and Weining Yang. About the speaker: Ninghui Li is an Associate Professor of Computer Science atPurdue University. He received a Bachelor's degree from the University ofScience and Technology of China in 1993 and a Ph.D. in Computer Science fromNew York University in 2000. Before joining the faculty of Purdue in 2003,he was a Research Associate at Stanford University Computer ScienceDepartment for 3 years. Prof. Li's research interests are in security andprivacy, and has published over 100 referred papers in this area. Prof. Liis an ACM Distinguished Scientist and IEEE Senior member. In June 2013, hewas elected Vice Chair of ACM Special Interest Group on Security, Audit andControl (SIGSAC). He served on the editorial board of the VLDB Journal from2007 to 2013, and is current on the editorial board of IEEE Transactions onDependable and Secure Computing (TDSC).

Daniel DeLaurentis, Systems of Systems: Opportunities and Challenges

Wed, 23 Oct 2013 16:30:00 EDT

What are Systems of Systems? Why are we interested in them? What about them vex us? These topics will be addressed in this overview talk along with emphasis on the analysis of vulnerabilities in SoS Architectures. Our particular work targets advancements in the modeling and analysis of System of Systems (SoS), in particular to support systems engineering activities associated with architecture design, evolution, and operational assessment. We analyze dynamic impacts of interdependencies and uncertainties inherent in SoS. We envision an analytic workbench (populated by a variety of analytical tools from several sources) that makes these analysis capabilities accessible to "SoS System Engineers" in tackling real SoS problems like Air Transportation and Ballistic Missile Defense.

Paul Thompson, The Durkheim Project: Privacy Considerations in Predicting Military and Veteran Suicide Risk

Wed, 25 Sep 2013 16:30:00 EDT

The DARPA Detection and Computational Analysis of Psychological Signals (DCAPS) program provided initial funding for the Durkheim Project. While DCAPS as a whole addressed PTSD, the Durkheim Project sought to predict military and veteran suicide risk. We developed a clinician's dashboard, which presents suicide risk predictions for the clinician's patients based on analysis of: a) free text portions of VA medical records and, b) opt-in social media postings. Dartmouth's Committee for the Protection of Human Subjects approved our protocol to conduct a Veterans Affairs (VA) medical records study with the White River Junction, Vermont, VA Medical Center. A second protocol has been approved to study opt-in Facebook postings from active duty military personnel and veterans. We have built the software infrastructure to collect these opt-in postings in collaboration with Facebook. A third protocol is currently being developed to support intervention, when high suicide risk is predicted. This talk will describe the Durkheim Project, focusing on privacy issues related to using opt-in social media postings. About the speaker: Paul Thompson's thesis research was on probabilistic information retrieval. He was an assistant professor at Drexel University's College of Information Studies and then a member of PRC, Inc.'s (now part of Northrop Grumman) artificial intelligence development group, where he conducted research in natural language understanding and information retrieval. He later worked for West Publishing Company (now part of Thomson - Reuters). After joining Dartmouth College's Institute for Security Technology Studies in 2001, he became the technical lead for the Semantic Hacking project. He also participated in an Institute for Information Infrastructure Protection (I3P) research project on control system security in the oil and gas industry. He is currently an instructor in the Department of Genetics at the Geisel School of Medicine at Dartmouth. He was the co-principal investigator on the DARPA Detection and Computational Analysis of Psychological Signals program's Durkheim project.

Mark Crosbie, Tim Tickel, Four Flynn, Protecting a billion identities without losing (much) sleep

Wed, 18 Sep 2013 16:30:00 EDT

The Facebook security team will share how we approach the securitychallenges involved in protecting the identities of over a billion userson our site. This talk is partly about our culture, and partly on how wetake a practical, risk-based approach to security. In the first part ofthe talk Mark Crosbie will give an overview of our culture, how we thinkabout security and what makes Facebook unique in the industry in thisregard. Then Tim Tickel and Four Flynn will give an in-depth look atFacebook's easy to use internal multi-factor authentication deployment.We will discuss our motivations, how our solution works, technical andsecurity trade-offs, deployment problems, and outstanding issues. About the speaker: Mark Crosbie is head of information security for Facebook EMEA. His focusis on the areas of data protection, privacy, controlling access toinformation and intelligently managing risk for user data. He works withFacebook security, legal, policy and user operation teams worldwide onaddressing security challenges. Mark has 20 years experience ininformation security in multiple domains. Prior to joining Facebook Markled development of security policy for the IBM CIO where he also led ateam of ethical hackers who specialised in software penetration testing.Before joining IBM Mark was a member of the corporate security programoffice at Hewlett-Packard where he led a global program to delivere-Passport and national identity systems. Mark has done extensive work inthe areas of biometrics and intrusion detection, and holds numerouspatents on key security innovations. Mark graduated with an MsC fromPurdue University computer science under Prof. Gene Spafford in 1995, anda bachelors from Trinity College Dublin in 1993. Mark lives in Irelandwith his family and a very large pile of Lego.Tim Tickel is a security engineer specializing in enterprise securityand large-scale linux infrastructure. He currently works at Facebookwhere he spends much of his time solving auth problems at scale. Priorto Facebook, Tim worked as a security engineer at Google. Tim holds aMasters in Computer Science and Information Assurance from GeorgeWashington University and a Bachelors in Computer Science from PurdueUniversity.John "Four" Flynn is an expert in Information Security with over 10 yearsof experience in the field. At Google, he was the founder and leadarchitect of Google's innovative Intrusion Detection group which led tothe successful detection of the Aurora attack in December 2009. Four alsoled Google's Security Operations team where he pioneered innovativeapproaches to Enterprise IT Security. He is a technical advisor to both aprominent political campaign and a top tier Venture Capital firm. Fourholds a Masters in Computer Science and Information Assurance from GeorgeWashington University as well as a Bachelors in Computer Engineering fromthe University of Minnesota. Currently he works as a Security Engineer atFacebook.

John Butterworth, BIOS Chronomancy: Using Timing-Based Attestation to Detect Firmware Rootkits

Wed, 4 Sep 2013 16:30:00 EDT

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this talk we look at the implementation of the SRTM from a Dell Latitude E6400 laptop.I'll discuss a couple ways that an attacker can gain access to the BIOS and demonstrate an exploit we discovered in the BIOS update process that bypasses the signed firmware update and allows an attacker to execute arbitrary code in the context of System Management Mode. This allows an attacker to install a malicious BIOS reflash even in the presence of a signed update requirement.Next I'll show what happens when an attacker is able to do once he gains access to a system BIOS. I'll show how a 51 byte patch to the SRTM can cause it to provide a forged measurement to the TPM indicating that the BIOS is pristine. If a TPM Quote is used to query the boot state of the system, this TPM-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the BIOS may not necessarily remove this trust-subverting malware.To fix the un-trustworthy SRTM we apply the technique of "timing-based attestation" to create a custom SRTM that can detect malicious modifications of itself. We call our timing-based attestation system "BIOS Chronomancy" because the extra trust is divined from timing, and we show that it could be incorporated into vendor BIOSes as a stronger root of trust for measurement. About the speaker: John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. Currently he is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.

Keith Watson, Information Security Challenges in an Academic Environment

Wed, 28 Aug 2013 16:30:00 EDT

The university environment has unique challenges for information security. Just as corporate networks have exploded in size, services, users, and devices, university networks also have a continually changing and diverse user population, an open network that encourages collaboration, intellectual property that has requirements to be shared as well as protected, and budgetary constraints that reduce services or move data outside of the university. This talk will explore some of these issues. About the speaker: Keith Watson is a security architect for IT Security & Policy at Purdue University. Previously, Keith spent ten years at CERIAS as a research engineer.

Jarek Duda, New possibilities of steganography based on Kuznetsov-Tsybakov problem

Wed, 21 Aug 2013 16:30:00 EDT

To hide information within a picture we usually replace the least significant bits. This approach is no longer available if there is only 1 bit/pixel like for Quick Response Codes we meet everyday now. I will talk about theoretical limitation and practical aspects of hiding information in such situations: by generating encoding sequences fulfilling given constraints, for example to enforce resemblance to given picture (grayness of pixel defines probability of using "1" there). If the receiver would know the constraints/picture, we could just use entropy coder for this purpose, but we would like to omit this requirement here. In Kuznetsov-Tsybakov problem only the sender knows simple constraints, but it turns out that we can approach the same channel capacity as if both sides would know them. I will talk about generalizations to statistical constraints and applications for example to picture codes, steganography or lossy compression. About the speaker: Jaroslaw Duda has received MSc in Computer Science, Mathematics and Physics, and PhD in Computer Science and Physics from Jagiellonian University in Cracow, Poland. His main interest is information theory, both directly applied in computer science and as an integral part of different fields of science. He is currently a Postdoctoral Researcher in the Center for Science of Information and the Computer Science Department at Purdue University, USA, working with W. Szpankowski.

David Pisano, Identity-Based Internet Protocol Network

Wed, 24 Apr 2013 16:30:00 EDT

The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by "hiding" our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a "permissible use" policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network, all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.11.Extracted from "Nakamoto, G.; Durst, R.; Growney, C.; Andresen, J.; Ma, J.; Trivedi, N.; Quang, R.; Pisano, D., "Identity-Based Internet Protocol Networking," MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012 , vol., no., pp.1,6, Oct. 29 2012-Nov. 1 2012. About the speaker: David Pisano is a Senior Network Engineer at the MITRE Corporation, where he has been employed for the last two and a half years. David has devoted most of this time working on networking and networking security challenges. He has been a contributor to The Honeynet Project since 2009. Prior to joining MITRE David earned a Masters in Networking and Systems Administration at the Rochester Institute of Technology (R.I.T.) David completed his undergraduate degree in Applied Networking and Systems Administration with a minor in Criminal Justice, also at R.I.T. David is coauthor on two papers on networking and networking security published in peer-reviewed journals.

Rahul Potharaju, Towards Automated Problem Inference from Trouble Tickets

Wed, 17 Apr 2013 16:30:00 EDT

The growing demand for cloud services is driving the need to deliver an always-on and safe user experience in accessing their data and applications. Examples include web search, social networking, email, ecommerce, video streaming, data analytics and even mission-critical services such as power grid control. Such environments are required to be highly available and secure. This is often satisfied by having experts monitoring the system 24x7 to ensure that problems, if any, are resolved within a reasonable time. The need to solve a problem within the minimum time gives rise to a "whatever-it-takes-to-fix-the-problem" attitude amongst experts and produces a constant flow of informal text documenting the debugging steps taken to resolve problems. Understanding the content within this informal text at scale is the key to uncovering big problem trends that will enable us learn from mistakes and improve system design.In this talk, I will present NetSieve, a system that we built that aims to do automated problem inference from trouble tickets. Specifically, I will show you how statistical natural language processing (NLP) can be combined with knowledge representation, ontology modeling and human-guided learning to automatically analyze natural language text in trouble tickets to infer the problem symptoms, troubleshooting activities and resolution actions. I will further discuss fundamental challenges which arise when extracting meaning from such massive open-domain text corpora. Finally, I will then discuss how we applied NetSieve in a massive data center setting to automatically analyze 10K+ network trouble tickets and how we used these results to improve several key network operations. About the speaker: Rahul Potharaju is a PhD student in the Computer Science department of Purdue University and a member of CERIAS, advised by Prof. Cristina Nita-Rotaru. Prior to that, in 2009, he earned his Masters Degree in Computer Science from Northwestern University. He has over two years of industrial research experience working on collaboration projects with Microsoft Research, Redmond and Motorola Applied Research Center. His current work focuses on large-scale Internet measurements, problem inference system, intrusion detection and security aspects of smartphones architectures and reliability aspects of data centers both from a hardware and a software perspective. A recurring theme in all his research is combining cross-domain techniques such as those from natural language processing with statistical machine learning and data mining to make surprising inferences in the networking and smartphone areas.

Aaron Massey, Regulatory Compliance Software Engineering

Wed, 27 Mar 2013 16:30:00 EDT

Laws and regulations safeguard citizens' security and privacy. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the security and privacy of electronic health records (EHR) systems. HIPAA violations can result in millions of dollars in penalties for non-compliance. Ensuring EHR systems are legally compliant is challenging for software engineers because the laws and regulations governing EHR systems are written by policymakers with little to no understanding of software engineering. This presentation introduces the field of Regulatory Compliance Software Engineering and discusses a particular research concern within that field: How can we help software engineers seeking to assess whether security and privacy requirements for EHR systems are legally compliant? About the speaker: Aaron Massey is a Postdoctoral Fellow at Georgia Tech's School of Interactive Computing and the Associate Directory of ThePrivacyPlace.org. His research interests include computer security, privacy, and regulatory compliance software engineering. Aaron earned the MS and PhD degrees in Computer Science from North Carolina State University and a BS in Computer Engineering from Purdue University. He is a recipient of a Google Policy Fellowship and the Walter H. Wilkinson Research Ethics Fellowship. He is a member of the ACM, IEEE, IAPP, and the USACM Public Policy Council.

Kristin Heckman, Active Cyber Network Defense with Denial and Deception

Wed, 20 Mar 2013 16:30:00 EDT

In January 2012, MITRE performed a real-time, red team/blue team cyber-wargame experiment. This presented the opportunity to blend cyber-warfare with traditional mission planning and execution, including denial and deception tradecraft. The cyber-wargame was designed to test a dynamic network defense cyber-security platform being researched in The MITRE Corporation's Innovation Program called Blackjack, and to investigate the utility of using denial and deception to enhance the defense of information in command and control systems. The Blackjack tool failed to deny the adversary access to real information on the command and control mission system. The adversary had compromised a number of credentials without the computer network defenders' knowledge, and thereby observed both the real command and control mission system and the fake command and control mission system. However, traditional denial and deception techniques were effective in denying the adversary access to real information on the real command and control mission system, and instead provided the adversary with access to false information on a fake command and control mission system. About the speaker: Kristin E. Heckman, D.Sc. is a Lead Scientist at The MITRE Corporation with interdisciplinary skills in computer science, cognitive science, neuropsychology, and cognitive neuroscience. She has ten years of experience in applied research, serving as the principal investigator for MITRE Innovation Program research projects or as the project leader for sponsored work across the Intelligence Community. Her research areas include intelligence interviewing, deception detection, subconscious priming, perception, denial and deception in computer security, and the psychophysiological and neurological signatures of emotions, intent, and deception. She has authored several papers, a book chapter, and a book. She has developed and delivered training in these areas for internal MITRE Institute courses, as well as for external courses in sponsor environments. She was an adjunct faculty member of The George Washington University from 2005-2007, teaching Computer Science Senior Design. Dr. Heckman received her Doctorate of Science in Machine Intelligence and Cognition with minors in Neuropsychology and Developmental Psychology from The George Washington University in 2004.

Emiliano DeCristofaro, Whole Genome Sequencing: Innovation Dream or Privacy Nightmare?

Wed, 6 Mar 2013 16:30:00 EST

Recent advances in DNA sequencing technologies have put ubiquitous availability of whole human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of whole genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, the very same progress also amplifies worrisome privacy concerns, since a genome represents a treasure trove of highly personal and sensitive information.In this talk, we will overview biomedical advances in genomics and discuss associated privacy, ethical, and security challenges. We begin to address genomic privacy by focusing on some important applications: Paternity Tests, Ancestry Testing, Personalized Medicine, and Genetic Compatibility Tests. After carefully analyzing these applications and their privacy requirements, we propose a set of efficient techniques based on private set operations. This allows us to implement, in silico, some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today. Finally, we explore a few alternatives to securely store human genomes and allow authorized parties to run tests in such a way that only the required minimum amount of information is disclosed, and present an Android API framework geared for privacy-preserving genomic testing. About the speaker: Emiliano De Cristofaro is a Research Scientist in the Security and Privacy group at PARC (a Xerox Company). In 2011, he received a PhD in Networked Systems from the University of California, Irvine, advised by Gene Tsudik. His research interests include privacy-oriented cryptography, system security, as well as security and privacy in emerging areas, such as, genomics, big-data analytics, and smart grids. In 2007, Emiliano was awarded the 4-year Dean's Outstanding Fellowship and, in 2011, the Distinguished Dissertation Fellowship, both from UC Irvine. In 2013 and 2014, he will serve as the Program Co-Chair of the Privacy Enhancing Technologies Symposium (PETS). His web page is available at http://www.emilianodc.com.

Weining Yang, Minimizing Private Data Disclosures in the Smart Grid

Wed, 20 Feb 2013 16:30:00 EST

Smart electric meters are meters that can measure electric usage with a pretty high frequency. Smart electric meters pose a substantial threat to the privacy of individuals in their own homes. Combined with a method called non-intrusive load monitors, smart meter data can reveal precise home appliance usage information. An emerging solution to behavior leakage in smart meter measurement data is the use of battery-based load hiding. In this approach, a battery is used to store and supply power to home devices at strategic times to hide appliance loads from smart meters. A few such battery control algorithms have already been studied in the literature.In this talk, we will ﬁrst consider two well known battery privacy algorithms, Best Effort (BE) and Non-Intrusive Load Leveling (NILL), and demonstrate attacks that recover precise load change information, which can be used to recover appliance behavior information, under both algorithms. We will then introduce a stepping approach to battery privacy algorithms that fundamentally differs from previous approaches by maximizing the error between the load demanded by a home and the external load seen by a smart meter. By design, precise load change recovery attacks are impossible. We also propose mutual-information based measurements to evaluate the privacy of different algorithms. We implement and evaluate four novel algorithms using the stepping approach, and show that under the mutual-information metrics they outperform BE and NILL About the speaker: Weining Yang is a PhD student in the Computer Science department of Purdue University. He received his Bachelor's degree in Computer Science and Technology in 2011 from Tsinghua University. His research interests are information security and data privacy. In particular, his research focuses on privacy preserving data publishing. His research advisor is Prof. Ninghui Li.

Rahul Potharaju, I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets

Wed, 13 Feb 2013 16:30:00 EST

Plagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some extent through their manual application approval process, open markets such as Google's Android Market, where anyone can publish an application for others to download, are plagued by this problem.In this talk, I will show how an attacker can launch malware onto a large number of smartphone users by plagiarizing Android applications and by using elements of social engineering to increase the infection rate. Using a dataset of 158,000 smartphone applications' meta-information, I will portray the seriousness of this problem. To this end, we propose three detection schemes that rely on syntactic fingerprinting to detect plagiarized applications under different levels of obfuscation used by the attacker. Experimental analysis of 7,600 smartphone application binaries shows that the proposed schemes detect all instances of plagiarism from a set of real-world malware incidents with 0.5% false positives and scale to millions of applications using only commodity servers. About the speaker: Rahul Potharaju is a PhD student in the Department of Computer Science at Purdue University and a member of CERIAS. Prior to that, in 2009, he earned his Masters Degree in Computer Science from Northwestern University. He has over two years of industrial research experience working on projects in collaboration with Microsoft Research, Redmond and Motorola Applied Research Center. His current work focuses on large-scale Internet measurements, intrusion detection and security aspects of smartphone architectures, and reliability aspects of data centers both from a hardware and a software perspective. A recurring theme in all his research is combining cross-domain techniques such as those from natural language processing with statistical machine learning and data mining to make surprising inferences in the networking and smartphone areas. His research advisor is Prof. Cristina Nita-Rotaru.

Chris Gates, Using Probabilistic Generative Models for Ranking Risks of Android Apps

Wed, 6 Feb 2013 16:30:00 EST

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "stand-alone" fashion and in a way that requires too much technical knowledge and time to distill useful information.We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic generative models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach. About the speaker: Christopher Gates is a PhD student in the Computer Science department of Purdue University and a member of CERIAS. He received his Masters Degree in Computer Science in 2005 from Rutgers University, and then worked at a startup company in NYC before deciding to pursue his PhD. His research interests are in information security and machine learning. In particular, his research focuses on using data to help users make more informed and safer security decisions. His research advisor is Prof. Ninghui Li.

Christian F. Hempelmann, A Semantic Baseline for Spam Filtering

Wed, 30 Jan 2013 16:30:00 EST

This paper presents a meaning-based method to spam filtering by distinguishing text without content from text with little content from text with normal content, based on the amount of meaning that can be automatically processed in the way humans do. The basic method assumes that a semantic analyzer will be able to produce less output from semantically less grammatical input text than from semantically well-formed text. The method was pilot-tested on a corpus of blog spam. Future improvements, including a method to distinguish semantically unified from semantically disparate text are sketched. The tested method, but even more the projected improvements, will open up the way to taking the spam filtering arms race to a new level very costly to spam producers. About the speaker: Christian F. Hempelmann, is Assistant Professor of Computational Linguistics and Director of the Ontological Semantic Technology Lab at Texas A&M-Commerce. He received his PhD in 2003 from Purdue University with a specialization in ontological semantics and NLP applied to information security at the Center for Education and Research in Information Assurance and Security (CERIAS), and humor. After a post-doc in psychology at Memphis University and a professorship at Georgia Southern University, he has worked in the NLP industry since 2006, first at the Internet search engine hakia.com, then at Riverglass, Inc., developing full-scale ontological-semantic solutions. He is a member of the Editorial Board of the International Journal on Advances in Intelligent Systems and the Journal for Humor Research and has (co-)authored over forty articles.

Wahbeh Qardaji, Differentially Private Publishing of Geospatial Data

Wed, 23 Jan 2013 16:30:00 EST

We interact with location-aware devices on a daily basis. Such devices range from GPS-enabled cell-phones and tablets, to navigation systems. Each device can report a multitude of location data to centralized servers. Such location information, commonly referred to as geospatial data, can have tremendous benefits if properly processed and analyzed. If shared, such geo-spatial data can have significant impact for research and other uses. Sharing such information, however, can have significant privacy implications. In this talk, we will focus on the problem of releasing static geo-spatial data in a private manner. In particular, we will explore methods of releasing a synopsis of two-dimensional datasets while satisfying differential privacy.The key challenge to anonymizing geospatial datasets while satisfying differential privacy is ensuring the utility of anonymized dataset. In particular, there are two types of error that influence the utility of anonymized datasets. The first is the anonymization noise--a direct byproduct of the differential privacy mechanism. The second is a result of the granularity of data release and the nature of the dataset itself. In this talk, we will explore methods of publishing two-dimensional datasets with utility in mind. We will analyze the current state-of-the-art methods and explore alternative grid-based approaches that best balance the two sources of error. About the speaker: Wahbeh Qardaji is a PhD candidate in the Computer Science department of Purdue University, and a member of Cerias. He received his Masters Degree in Computer Science in 2010 from Purdue University, and his Bachelors from the American University of Beirut. His research interests are in information security and data privacy. In particular, his research focuses on privacy preserving data publishing using differential privacy. His research advisor is Prof. Ninghui Li.

Bilal Shebaro, You are Anonymous!!! Then you must be Lucky

Wed, 5 Dec 2012 16:30:00 EST

Services like online banking require high confidentiality due to the sensitivity of the data being transfered. As a result, online users have turned to anonymity services which offer identity protection and secure communication in their web transactions. While these services are secure and trustworthy, their popularity has attracted many attacks which result in the identification of the users. In addition, online applications are not developed with the users' anonymity in mind, which opens doors for more vulnerabilities. In this talk, I will present several attacks that anonymous users may not be aware of but which may jeopardize their anonymity. About the speaker: Bilal Shebaro is a Post Doctoral Research Associate at the Cyber Center of Purdue University. He received his Ph.D. in May 2012 from the Computer Science department at the University of New Mexico, in Albuquerque, NM, USA. His research interests are in digital forensics as well as data privacy and protection in computers and smartphones.

Ashish Kundu, A New Class of Buffer Overflow Attacks

Wed, 28 Nov 2012 16:30:00 EST

In this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new" have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. We would describe how the "placement new" expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage. About the speaker: Ashish Kundu is a Research Staff Member IBM T J Watson Research Center. He works in the area of security and privacy with current focus on cloud security, and a long term vision of "end-to-end holistic security woven into the systems". Dr. Kundu was awarded the CERIAS Diamond Award in 2011. In 2010, he graduated from Purdue with Ph.D.. His doctoral thesis addressed the problem of "How to Authenticate Trees and Graphs Without Leaking". Ashish has received Best Student Paper at the IEEE Enterprise Computing conference in 2006, and three Best Research Poster awards at CERIAS symposia during 2006-2008. He has been an (co-)inventor in about twenty patents. He has also been awarded with the IBM Bravo award as well as three IBM Plateau awards for his contributions. This talk is based on the paper co-authored with his advisor Elisa Bertino and presented at ICDCS 2011.

Hal Aldridge, Not the Who but the What -- New applications of Hardware Identity

Wed, 14 Nov 2012 16:30:00 EST

An essential part of security is controlling access. Traditional access control depends on the a person's ability to prove their identity and the access control system's ability to verify their identity. For computer access, a person usually carries some combination of methods to prove their identity (password, token, and/or biometric). What if a thing needs access instead of a person? It is easy enough to embed a secret into software or hardware so a device can identify itself, but how do you ensure the integrity of that data and the identity of the device? This presentation will discuss challenges of ensuring the device is what it claims to be, how the supply chain effects the assurance level of that identity, new technologies that can be used to provide hardware based identity, and other security features than can be enabled by the secure device identity. About the speaker: Hal Aldridge is Director of Engineering at Sypris Electronics in Tampa, Florida. Dr. Aldridge has lead Cybersecurity Research and Development efforts at Sypris Electronics since joining in 2008. Prior to joining Sypris, Dr. Aldridge lead development of unmanned systems for space and security applications at Northrop Grumman and NASA. Dr. Aldridge is active with advanced cybersecurity research at organizations including Purdue University CERIAS and Carnegie Mellon University CyLab. Dr. Aldridge has a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University specializing in fault tolerant robotic control systems for space applications. Dr. Aldridge's research interests include trusted computing, secure cyber-physical systems, and fault tolerant systems.

Jianneng Cao, Publishing Microdata with a Robust Privacy Guarantee

Wed, 7 Nov 2012 16:30:00 EST

Today, the publication of microdata poses a privacy threat. Vast research has striven to define the privacy condition that microdata should satisfy before it is released, and devise algorithms to anonymize the data so as to achieve this condition. Yet, no method proposed to date explicitly bounds the percentage of information an adversary gains after seeing the published data for each sensitive value therein. This paper introduces \beta-likeness, an appropriately robust privacy model for microdata anonymization, along with two anonymization schemes designed therefor, the one based on generalization, and the other based on perturbation. Our model postulates that an adversary's confidence on the likelihood of a certain sensitive-attribute (SA) value should not increase, in relative difference terms, by more than a predefined threshold. Our techniques aim to satisfy a given \beta threshold with little information loss. We experimentally demonstrate that (i) our model provides an effective privacy guarantee in a way that predecessor models cannot, (ii) our generalization scheme is more effective and efficient in its task than methods adapting algorithms for the k-anonymity model, and (iii) our perturbation method outperforms a baseline approach. Moreover, we discuss in detail the resistance of our model and methods to attacks proposed in previous research. About the speaker: Jianneng is a Postdoctoral Research Associate at the cyber center of Purdue University. He obtained the Ph.D. degree in computer science from National University of Singapore in 2011. Jianneng's research interests are in data privacy, including data anonymization to hide sensitive personal information and privacy-preserving data mining, as well as access control over streaming data, private record linkage, and query processing on encrypted data.

Vaibhav Garg, Risk perception of information security risks online

Wed, 31 Oct 2012 16:30:00 EDT

Perceived risk is informed by a myriad of affectiveassessments, nine of which have been examined rigorously for offlinerisk decisions. Is the risk voluntarily taken? Is the impact of therisk immediate or delayed? Does the individual understand theimplications of the risk? What is the perceived effectiveness ofexpert systems/judgments? Does the risk appear controllable? Is therisk new or old? Is it commonly encountered or rarely available? Doesit impact individuals or communities? How severe are the consequencesof risk taking behavior? This research examines how these ninedimensions inform perceived risk and decision-making online. Further,I examine how the determinants of perceived risk are impinged bycontext and individual awareness. About the speaker: Vaibhav Garg is a final year doctoral candidate at the School ofInformatics and Computing (SOIC), Indiana University, Bloomington(IUB). His research agenda has two core areas. The first focuses onindividual decision-making and leverages social psychology andbehavioral economics. While his focus has been security and privacydecisions online, the research has design implications in otherdomains such as health decisions. Secondly, his research examinescyber crime, both organized and individual, through theoreticalmacroeconomics as well as macro econometrics with both situated in arich tradition of criminology. This informs the design of both publicpolicy and technical systems, by regarding online decisions assituated in community norms.

Mark Guido, Detecting Maliciousness Using Periodic Mobile Forensics

Wed, 24 Oct 2012 16:30:00 EDT

Android Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could leave sensitive data exposed with little recourse. There is a both a breadth and depth of information that can be gained by using physical forensic acquisition techniques against an Android phone. The resulting forensic images can be mostly treated as traditional images and can be subjected to traditional forensics tools and techniques for analysis. The MITRE Innovation Project research project "Detecting Maliciousness Using Periodic Mobile Forensics" addressed the enterprise use case of installed malicious applications. The results of the research will be discussed, as well as experimentation performed using real mobile malware. About the speaker: Mr. Mark Guido is a cyber security engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement). Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than ten years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.

Edmund Jones, The Boeing Company

Wed, 17 Oct 2012 16:30:00 EDT

In this talk EJ will be speaking about a security development lifecycle necessary to address vulnerabilities in complex systems. The need for software security is clear in today's cyber world. He will be talking about the steps necessary to ensure a high level of assurance in systems to identify, mitigate, and control threats and vulnerabilities. He will be going beyond the traditional software security development lifecycle and bring real world examples. EJ is an engaging speaker so bring your questions. About the speaker: EJ Jones is a Technical Fellow in Information Security at the Boeing Company. He is recognized industry wide as an expert in software engineering and has over 20 years of experience in the software development and has developed large scale systems on many diverse platforms and languages. He has created Application Security teams and has hands on experience in every phase of the software security lifecycle and has created comprehensive security programs for software development.EJ has also been leading technical teams in evaluating cloud hosting security controls for applications. He teaches all aspects of software development and a certified CSSLP instructor. He was one of the first developers in the nation to receive the GIAC Secure Software Programming certification in Java. EJ is a leading security architect for mobile devices. He has spoken at the RSA Security, IBM/Rational Developers, and Cloud Security Alliance conferences. In his spare time EJ develops iPhone applications. Education and Credentials: · BS Computer Science· MSE Software Engineering· CISSP-ISSEP, CSSLP, GIAC-Java

Chris Kanich, Understanding Spam Economics

Wed, 10 Oct 2012 16:30:00 EDT

Over the past two decades, the Internet has become an essential tool in the lives of millions of people. Unfortunately, this success has also attracted cybercriminals who exploit the Internet as a platform for illicit gain. Perhaps the most familiar scam is sending unsolicited advertisements (spam), clogging inboxes and putting people's computers at risk of dangerous malware infections. Understanding the mechanisms and effectiveness of these scams is essential to building effective countermeasures to cybercrime. In this talk, I'll explain the modern spamming landscape and present research that help us better understand how spammers make their money online. One effort uses the technique of botnet infiltration to examine a spam campaign from the point of view of the spammers. Botnet infiltration allows us to measure their operation including the advertisements' effectiveness and the worldwide use of spam filtering techniques. The second effort exploits key information leaks to answer key questions about the modern affiliate marketing-based spam ecosystem, from estimating their worldwide gross revenue, to understanding customer demographics and their most popular products. About the speaker: Chris is an Assistant Professor in the Department of Computer Science at the University of Illinois at Chicago. Chris Earned his Ph.D. in Computer Science and engineering from UC San Diego in 2012, and his B.S. in Mathematics and Computer Science from Purdue University in 2005. His research centers around Internet security and Internet measurement, with a particular focus on fully characterizing attackers' motivations, capabilities, and strategies.

William Enck, Defending Users Against Smartphone Apps: Techniques and Future Directions

Wed, 3 Oct 2012 16:30:00 EDT

Smartphone security research has become very popular in response to the rapid, world-wide adoption of new platforms such as Android and iOS. Smartphones are characterized by their ability run third-party applications, and Android and iOS take this concept to the extreme, offering hundreds of thousands of "apps" through application markets. Thus, smartphone security research has focused on protecting users from apps. In this talk, I will discuss the current state of smartphone research, including efforts in designing new OS protection mechanisms, as well as performing security analysis of real apps. I will offer insight into what works, what has clear limitations, and promising directions for future research. About the speaker: William Enck is an Assistant Professor in the Department of Computer Science at NC State University. William earned his Ph.D. and M.S. in Computer Science and Engineering from the Pennsylvania State University in 2011 and 2006, respectively, and his B.S. in Computer Engineering from Penn State in 2004. His research focuses primarily on security in smartphone and mobile device platforms and the challenges that arise in this new computing environment. However, he is also interested in the broader area of systems security. His previous research efforts have included OS security, hardware security, telecommunications security, network protocol security, voting systems security, and large-scale network configuration.

Marc Brooks, Leveraging internal network traffic to detect malicious activity: Lessons learned

Wed, 26 Sep 2012 16:30:00 EDT

The detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring. This talk will discuss work done to better detect malicious activityon an enterprise by monitoring internal network traffic. The state ofthe art will be discussed, as well as the limitations inherent in thismonitoring approach. Promising results will be discussed as well asmethods that were not as effective. About the speaker: Mr. Marc Brooks is a cyber security researcher at the MITREcorporation, a non-profit organization chartered to work in the publicinterest. He is the focal point for the Insider Threat capabilitywithin the Cyber Security Division of the MITRE Corporation. He isresponsible for helping coordinate division support to various InsiderThreat activities, as well as being actively involved in researchactivities on the topic.Mr. Brooks has worked in the defense, intelligence, and lawenforcement communities for more than ten years. Mr. Brooks began hiscareer at MITRE developing internet based technologies for the AirForce out of the MITRE Bedford, MA location. Since then, Mr. Brookshas supported technology research and development within MITRE via itsinternal research program, DISA, a DOJ sponsor, and other governmentsponsors. Mr. Brooks also served as the chief engineer for the MITREInformation Analysis and Engineering department, while supporting anoperational Insider Threat program. Mr. Brooks currently works onresearch in detecting the advanced cyber threat and maliciousinsiders.Mr. Brooks has a bachelor's degree in computer science from AmherstCollege, a master's in business administration from the University ofMaryland, and is currently earning a PhD in computer science atGeorge Mason University.

Jason Haas, Global Revocation for the Intersection Collision Warning Safety Application

Wed, 19 Sep 2012 16:30:00 EDT

Identifying and removing malicious insiders from a network is a topic ofactive research. Vehicular ad hoc networks (VANETs) may suffer frominsider attacks; that is, an attacker may use authorized vehicles toattack other vehicles. Specifically, attackers may use their vehicles tobroadcast specially formed packets that will trigger warnings in targetvehicles. This malicious behavior could have a significant detrimentaleffect on cooperative safety applications (SAs), one of the driving forcesbehind VANET deployment.We propose modifications to the intersection collision warning (ICW) SAthat enable a certificate authority (CA) to be offline and yet to decideto revoke a vehicle's certificates using retransmitted information thatcannot repudiated. Our approach differs from previous proposals in thatit is SA specific, and it is resilient to Sybil attacks. We simulate andmeasure the resources an attacker requires to attack a vehicle using theICW SA without our modifications and demonstrate that our additions reducethe false positive rate arising from errors in estimated vehicle dynamics. About the speaker: Jason J. Haas graduated from the University of Wisconsin-Madison with hisB.S. in Electrical and Computer Engineering (ECE) and Physics. Hereceived his M.S. in 2007 and his PhD in 2010 in ECE from the Universityof Illinois at Urbana-Champaign. His dissertation was on security andprivacy for vehicular ad hoc networks supportingrevocation. Jason has worked on defining security mechanisms forvehicular ad hoc networks, participating in the Crash Avoidance MetricsPartnership's (CAMP) Vehicular Safety Communications (VSC) program as acontractor. Jason has also done work on commercial vehicle controlsystems and cyber security for commercial vehicles. Currently, Jason is aSenior Member of the Technical Staff at Sandia National Laboratories inAlbuquerque, New Mexico, where he continues to conduct research onsecurity for vehicular ad hoc networks.

Sharon Chand & Chad Whitman, Trends in cyber security consulting

Wed, 12 Sep 2012 16:30:00 EDT

Deloitte Security & Privacy will present on recent trends in cyber security consulting, including how industry and regulatory trends are driving change to information security practices. The presentation will also include the anatomy of a cyber incident, walking through a real world example of an incident from discovery to remediation. About the speaker: Sharon Chand is a Director with Deloitte & Touche Enterprise Risk Services, specializing in Security & Privacy and Technology Risk. Ms. Chand is a CISSP with over 17 years experience in designing, implementing, and managing security solutions for her global clients. Ms. Chand has deep skills with multiple information security domains, including threat & vulnerability management, identity & access management, security strategy & planning, security policy & standards, risk assessments, and privacy & compliance. Ms. Chand specializes in the Power & Utility industry, and leads Deloitte's practice on NERC CIP regulatory consulting.Chad Whitman is a Manager with Deloitte & Touche's Security & Privacy Services practice based out of Chicago. Chad has over 8 years of experience in the Information Security field serving various fortune 500 companies in the financial services, hospitality, consumer business, software, and telecommunications industries. Chad has successfully delivered on a number of key security focused projects and implementations including Payment Card Industry readiness assessments, application architecture reviews, network security assessments, and cyber investigations. Chad continually maintains his knowledge of the latest technology, while at the same time providing the professionalism required to serve all his clients. Chad is a Certified Information Systems Security Professional (CISSP).

Ed Lopez, The Inertia of Productivity

Wed, 5 Sep 2012 16:30:00 EDT

Why do we implement systems and application with poor security characteristics? This talk looks at the evolution of network security as a consequence of productive change. Specifically, we will look at the challenges imposed by BYOD requirements (particularly on wireless security), the pressure on performance to meet the aggregated traffic loads of cloud/datacenter demands, the emergence of IP-based industrial controls, and a deep look into how the migration from IPv4 to IPv6 will require new network-based approaches for their security. About the speaker: Ed Lopez is the VP of Technology for Fortinet, and has been with the company for over six years. He has designed network security solutions for over 15 years, and has previously worked for Cisco Systems, NetScreen, Juniper Networks, and ConSentry Networks in consultative/leadership roles. His patent-pending work applying clustering technologies to UTM nodes has resulted in developing what has been christened as the 'World's Fastest Firewalls', meeting the throughput and capacitance requirement of large carrier IP environments. He holds a BS in Sociology, as well as an MBA.

Lewis Shepherd, Challenges for R&D in the Security Field

Wed, 29 Aug 2012 16:30:00 EDT

Long-range research into information assurance and security has seen peaks and valleys over the past three decades, mirroring larger trends including the explosive growth of Internet services and declining technology R&D investment trends. A gulf threatens to develop between the scope and scale of R&D in the private sector, and in the public sector. In particular, rapid iterative advances by commercial and black-hat entities could outstrip government's ability (particularly the US Government's ability) to perform useful basic research and advanced development of innovative tools and algorithms. Yet these malignant trends are occurring at the same time as some very exciting (but unheralded) progress in critical research areas. This talk will examine these trends, explain their context, and discuss significant implications for the field of security research -- and for the advance of trustworthy computing overall. About the speaker: Lewis Shepherd is Director of Microsoft's Institute for Advanced Technology in Governments (MSI), having joined Microsoft as Chief Technology Officer of the Institute in 2007. Lewis joined Microsoft from the U.S. Defense Intelligence Agency (DIA). He has degrees from Stanford University (where he was a Rockefeller Graduate Fellow), the University of Virginia, and the Université Libre de Bruxelles (Belgium). He has also been a guest-lecturer at the Stanford Graduate School of Business for MBA courses on government/Silicon Valley relations. Lewis spent two decades working in and around Silicon Valley, with two startups under his belt, but after the 9/11 attacks he focused on technologies to support the Intelligence Community and in 2003 accepted an offer to become Senior Technology Officer at DIA, where he spent four years participating in a remarkable period of innovation and reform for the intelligence community. Some of his team's work focused on secure information sharing, better analysis, and introducing Web 2.0 capabilities to secure networks, including the first beta versions of popular systems Intellipedia and A-Space.

Scott Andersen, The New Frontier, Welcome the Cloud Brokers

Wed, 22 Aug 2012 16:30:00 EDT

The recent and new concept of "Cloud Brokers" and Brokerage came to light with the recent release of the GSA Cloud Broker RFI. What does that mean for the cloud professionals of today (skills they need) and the cloud professionals of tomorrow (skills they are going to need). About the speaker: Scott Andersen, Director of Cloud Computing, Commercial StrategiesScott Andersen recently joined Lockheed Martin IS&GS with 15 years of experience from Microsoft where he served as the Director of Cloud Computing. Andersen consults with sophisticated technical teams across the organization to help drive technical and "go-to-market" strategies and commercial best practices. Andersen earned his BS from Indiana University. Andersen holds positions on the Board of Directors and the Board of Education for the IASA (International Association of Software Architects).

Christine Task, A Practical Beginners' Guide to Differential Privacy

Wed, 25 Apr 2012 16:30:00 EDT

Differential privacy is a very powerful approach to protecting individual privacy in data-mining; it's also an approach that hasn't seen much application outside academic circles. There's a reason for this: many people aren't quite certain how it works. Uncertainty poses a serious problem when considering the public release of sensitive data. Intuitively, differentially private data-mining applications protect individuals by injecting noise which "covers up" the impact any individual can have on the query results. In this talk, I will discuss the concrete details of how this is accomplished, exactly what it does and does not guarantee, common mistakes and misconceptions, and give a brief overview of useful differentially privatized data-mining techniques. This talk will be accessible to researchers from all domains; no previous background in statistics or probability theory is assumed. My goal in this presentation is to offer a short-cut to researchers who would like to apply differential privacy to their work and thus enable a broader adoption of this powerful tool. About the speaker: Christine Task is a PhD candidate in the Computer Science department of Purdue University, and a member of CERIAS. She has five years experience teaching discrete math and computability theory at the undergraduate level. Her research interests are in differential privacy and its application to social network analysis, and her research advisor is CERIAS fellow Chris Clifton.

Steve Battista, What firmware exists in your computer and how the fight for your systems will be below your operating system

Wed, 18 Apr 2012 16:30:00 EDT

Many security professionals look to software on hardrives as the source of compromise. To detect compromises, they use systems to check the hashes of all files on disk, When a machine is compromised, they wipe the hardrive, and assume that the machine in clean. The battlefield between attackers and defenders is moving to the firmware level. This presentation will explore what firmware exists in your computer and how the fight for your systems will be below your operating system and what can be done about this. About the speaker: Mr. Battista has over 20 years of professional experience in securing systems, creating architectures, examining research, and running programs. During this time has focused on large federal government and infrastructure systems. He currently works for MITRE as a lead cyber security engineer. He holds a M.B.A from Temple University and a M.S. in Computer Science from Villanova. He holds PMP, CISSP and NSA-IAM/IEM certifications. He is currently on the board of the ISSA-NOVA.

Traian Truta, : K-Anonymity in Social Networks: A Clustering Approach

Wed, 11 Apr 2012 16:30:00 EDT

The proliferation of social networks, where individuals share private information, has caused, in the last few years, a growth in the volume of sensitive data being stored in these networks. As users subscribe to more services and connect more with their friends, families, and colleagues, the desire to use this information from the networks has increased. Online social interaction has become very popular around the globe and most sociologists agree that this will not fade away. Social network sites gather confidential information from their users (for instance, the social network site PacientsLikeMe collects confidential health information) and, as a result, social network data has begun to be analyzed from a different, specific privacy perspective. Since the individual entities in social networks, besides the attribute values that characterize them, also have relationships with other entities, the risk of disclosure increases. In this talk we present a greedy algorithm for anonymizing a social network and a measure that quantifies the information loss in the anonymization process due to edge generalization. About the speaker: Traian Marius Truta is an associate professor of Computer Science at Northern Kentucky University. He received his Ph.D. in computer science from Wayne State University in 2004. His major areas of expertise are data privacy and anonymity, privacy in statistical databases, and data management. He has served on the program committee of various conferences such as International Conference on Database and Expert Systems Applications (DEXA), Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), ACM Symposium of Applied Computing (SAC), and International Symposium on Data, Privacy, and E-Commerce (ISDPE). He received the Yahoo Research! Best Paper Award for Privacy, Security, and Trust in KDD 2008 (PinKDD) for the paper "A Clustering Approach for Data and Structural Anonymity in Social Networks" in 2008. For more information, including the list of research publications please see: http://www.nku.edu/~trutat1/research.html.

Nabeel Mohamed, Privacy preserving attribute based group key management

Wed, 28 Mar 2012 16:30:00 EDT

Group key management (GKM) is a fundamental building block in any secure group communication applications. In fact, successful management of group keys is critical to the security of any cryptosystem. In this talk, I will first give an overview of the traditional GKM approaches and their limitations to support current technological trends and large dynamic systems. Then I will present a new approach to GKM that is expressive and privacy preserving. The talk is based on our work appeared in ICDE 2010, CCS 2011 and CollaborateCom 2011. About the speaker: Nabeel Mohamed is a PhD candidate at the department of computerscience, Purdue university. He is also a member of CERIAS, PurdueUniversity, IEEE and ACM. His research interests are in data privacy,distributed system security and applied cryptography. His research adviser is prof. Elisa Bertino. He has published in the areas of privacy preserving content disseminationand group key management.

Randall Brooks, Adding a Software Assurance Dimension to Supply Chain Practices

Wed, 21 Mar 2012 16:30:00 EDT

There is a long history of supply chain management, from which many related policies, practices, processes, and enabling artifacts have been developed and employed by those business enterprises that acquire hardware and software components from a third party. Traditionally, Supply Chain Risk Management (SCRM) has been the focal point of supply chain practices and has focused on business and contractual issues, although recent efforts have increasingly included engineering expertise for product quality evaluations.This presentation advocates the introduction of a security assurance dimension to the SCRM process. It does not, however, propose the addition of an independent, parallel track of SCRM process for security assurance evaluation, but rather practical steps for augmenting those SCRM processes that already exist.Just as is the case in legacy SCRM, the cyber dimension of SCRM is based on assessing and balancing risk vs. cost. The goal is to minimize the added costs associated with improved information assurance by efficiently incorporating relevant practices industry, government, and academia to provide a security assurance dimension into the supply chain process.SCRM-relevant industry and government practices will be presented in this paper in such a way that supply chain staff can easily make use of them, even without a background in information security. Also, it will be clearly noted when subcontract management, information assurance engineering, or other business or technical expertise may be needed to complement traditional supply chain activities in the pursuit of cyber-based SCRM.Points of discussion common to both hardware and to software component acquisition will include:1. Acquirer business risk2. End customer mission criticality and mission assurance3. Subcontract management4. Supplier secure development assessment5. Supplier management practices for their suppliers6. Supplier business assessment7. Product assessmentPoints of discussion peculiar to hardware component acquisition will include:1. Quality vs. counterfeiting vs. malicious alteration2. ASICS, FPGAs, and microprocessors3. Information storage in volatile memory4. Information storage in non-volatile memory and permanent disk storagePoints of discussion peculiar to software component acquisition will include:1. COTS, contracted software, open source, and freeware2. Software pedigree and provenance3. License management of open source About the speaker: Mr. Brooks, a twelve year Raytheon employee, is an Engineering Fellow in the Cyber Defense Solutions business area in Largo, FL. He is a recipient of the Raytheon Excellence in Technology Meritorious and Distinguished Awards. He has developed and submitted 4 patents on Intrusion Detection and Prevention design and implementation with 3 Patents awarded. He is also a Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Information Systems Security Engineering Professional (ISSEP), Information Systems Security Architecture Professional (ISSAP), and an Information Systems Security Management Professional (ISSMP). He is a graduate of Purdue University with a Bachelors of Science from the School of Computer Science.

Chenyun Dai, Privacy-Preserving Assessment of Location Data Trustworthiness

Wed, 7 Mar 2012 16:30:00 EST

Assessing the trustworthiness of location data corresponding toindividuals is essential in several applications, such as forensicscience and epidemic control. To obtain accurate and trustworthylocation data, analysts must often gather and correlate informationfrom several independent sources, e.g., physical observation, witnesstestimony, surveillance footage, etc. However, such information may befraudulent, its accuracy may be low, and its volume may be insufﬁcientto ensure highly trustworthy data. On the other hand, recentadvancements in mobile computing and positioning systems, e.g.,GPS-enabled cell phones, highway sensors, etc., bring new andeffective technological means to track the location of an individual.Nevertheless, collection and sharing of such data must be done in waysthat do not violate an individual's right to personal privacy.Previous research efforts acknowledged the importance of assessinglocation data trustworthiness, but they assume that datais available to the analyst in direct, unperturbed form. However, suchan assumption is not realistic, due to the fact that repositories ofpersonal location data must conform to privacy regulations. In thiswork, we study the challenging problem of reﬁning trustworthiness oflocation data with the help of large repositories of anonymizedinformation. We show how two important trustworthiness evaluationtechniques, namely common pattern analysis and conﬂict/supportanalysis, can beneﬁt from the use of anonymized location data. We haveimplemented a prototype of the proposed privacy-preservingtrustworthiness evaluation techniques, and the experimental resultsdemonstrate that using anonymized data can signiﬁcantly help inimproving the accuracy of location trustworthiness assessment. About the speaker: Chenyun Dai is currently a 5th year Ph.D. student in Computer ScienceDepartment at Purdue University. He got his master degree in computerscience from Purdue University in 2010. Before coming to Purdue, hegot a master degree and a bachelor degree, both in computer science,from Fudan University and East China Normal University respectively.His Ph.D. dissertation addresses the development of a trustworthinessmodels for information concerning locations of individuals. Theavailability and correctness of this information is crucial forimportant applications, namely forensics, criminal investigations, anddisease control and monitoring. A paper reporting the first results ofthis research was accepted and presented at the 2009 ACM SIGSPATIALGIS Conference. More recently he has developed a major extension tohis model that supports the assessment of location data when locationdata are only available in anonymized form and the work was publish in2011 ACM SIGSPATIAL GIS Conference. He is currently extending thiswork to support more sophisticated models for locations andtrajectories, uncertain data and social network data.

Nishanth Chandran, Cryptographic Protocols in the Era of Cloud Computing

Wed, 29 Feb 2012 16:30:00 EST

With the advent of cloud computing, our view of cryptographic protocols has changed dramatically. In this talk, I will give an overview of some of the newer challenges that we face in cloud cryptography and outline some of the techniques used to solve these problems. In particular, a few questions that I will address are:1) How can we store sensitive data in the cloud, in an encrypted manner, and yet allow controlled access to certain portions of this data?2) How can we ensure reliability of data across cloud servers that may be connected by only a low-degree communication network, even when some of the servers may become corrupted?3) How can users authenticate themselves to the cloud in a user-friendly way?This talk will assume no prior knowledge of cryptography and is based on works that appear at TCC 2012, ICALP 2010 and STOC 2010. About the speaker: Nishanth Chandran is a post-doctoral researcher in the Cryptography group at Microsoft Research, Redmond. His research interests are in the area of cryptography, security and distributed algorithms. Nishanth has published several papers in top theory and cryptography conferences such as STOC, FOCS, Crypto, Eurocrypt, TCC and so on. He received his PhD in Computer Science from UCLA in 2011, his Masters in Computer Science from UCLA in 2007, and his Bachelors in Computer Science and Engineering from Anna University, India in 2005. Nishanth received the Dissertation Year Fellowship from UCLA and the Chorafas International Award for exceptional achievements in research in 2010. He is also a professional Indian classical violinist.

Ben Calloni, Vulnerability Path and Assessment

Wed, 22 Feb 2012 16:30:00 EST

US Government, Department of Defense, and Enterprise computer systems must be trusted to protect data with varying levels of sensitivity / security. Affordability requirements are driving the need to incorporate many diverse commercial software products of unknown quality and pedigree into said systems. While there exist many Static Code Analysis products, the depth, rigor, and coverage of these tools is incomplete and inconsistent. In addition, finding and eliminating computer flaws or weaknesses is not the same as determining true vulnerabilities. Further there is significant cost reduction that can occur if automated support for establishing the case for trust and assurance can be achieved. The collection of evolving standards known as the OMG Software Assurance (SwA) Ecosystem is supported and endorsed by AFRL, NIST, SEI, OSD/NII, and DHS Cyber Security Division among others. The SwA Ecosystem defines several standard protocols to enable interoperability for tools, services and security researchers in developing, exchanging and utilizing machine-readable content (e.g. vulnerability patterns, enumerations, rules) for security assurance of existing software based systems. This standard-based plug-and-play framework integrates software analysis and data mining tools and facilitates highly automated fact-oriented approach to assurance by providing traceability link between assurance claims and high-fidelity system facts as evidence to justify assurance claims. This presentation will focus on the work funded by AFRL and OSD/NII to addressing the Vulnerability Path Assessment piece of the Ecosystem. About the speaker: Dr. Ben Calloni is a Lockheed Martin Fellow for Software Security and a Certified Information Systems Security Professional (CISSP). He is a senior research program manager of Aeronautics Company in Fort Worth assigned to the Advanced Development Programs, formerly known as "The Skunk Works". His research interests are in the area of Software Security and Safety Assurance. He is partnered with Air Force Research Labs, the National Security Agency, and Department of Defense Networks and Information Integration office, and several commercial off the shelf suppliers, to provide international standards based, COTS product based, Multi Level Security infrastructures applicable for Department of Defense weapon systems and for the Department of Homeland Security (DHS) as well.

Simson Garfinkel, Forensic Carving of Network Packets with bulk_extractor and tcpflow

Wed, 15 Feb 2012 16:30:00 EST

Using validated carving techniques, we show that popular operating systems (\eg Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from long-terminated network traffic. Such information is useful for many forensic purposes including establishment of prior connection activity and services used; identification of other systems present on the system's LAN or WLAN; geolocation of the host computer system; and cross-drive analysis. We show that network structures can also be recovered from memory that is persisted onto a mass storage medium during the course of system swapping or hibernation.We present our network carving techniques, algorithms and tools, and validate these against both purpose-built memory images and a readily available forensic corpora. These techniques are valuable to both forensics tasks, particularly in analyzing mobile devices, and to cyber-security objectives such as malware analysis.

Kelley Misata, Digital Citizenship: A Target's View of Security and Life Online

Wed, 8 Feb 2012 16:30:00 EST

As technological advancements continue to expand the range of information access, issues of privacy and cyber security have risen to the forefront. Technology is only one part of a larger conversation. Looking through a different lens, consider the humans behind the machines. Technology can now be used with unprecedented ease and anonymity as a malicious vehicle to harass, defame and stalk. This presentation recounts the very personal and in-depth journey of a target of cyberstalking whose efforts to navigate within the system have been met with both successes and failures. Learn the profound impact this journey has had on life online as well as off, catalyzing a shift in perspective from fear to redefining responsible digital citizenship. The conversation will provide new insights into security issues, communication, and business management, as well as the limitations of the systems currently in place. About the speaker: Kelley Misata educates and facilitates critical conversations around responsible digital citizenship for individuals, communities and businesses. Kelley combines 15 years of professional success in strategic business development and consulting with a unique perspective as a survivor of cyberstalking. Highly-organized and detail-centric, she draws on current trends and conversations in cyber security with local and federal law enforcement, information security experts and national resources to create strategies which incorporate the human side of cyber safety. Taking a fearless and fresh perspective drives Kelley's successes as a leader, consultant and speaker. Kelley holds a Bachelor of Science in Marketing and a Masters Degree in Business Administration.

George Vanecek, Is it Time to add Trust to the Future Internet/Web?

Wed, 1 Feb 2012 16:30:00 EST

The future web, and Internet, are undergoing a humanization of their technologies which increasingly make their services more personalized, individualized and transparent. This is jointly fueled by the inexpensive yet easily accessible huge computing and storage capacities in clouds, the adoption of personal, mobile smart devices used across consumer/enterprise interchangeably, and the emergence of personal agents and services attaining personalized perception of the real-world and its control on behalf of the users. In this human/machine convergences, trust is being recognized as potentially playing a huge role in addressing future human/machine security, commerce and social on-line issues. However, trust has been adopted only partially and independently by certain services and not made integral in the fabric of the Internet or the web.This talk explores the technical and social issues for the establishment of a ubiquitous trust network in the Future Internet. The talk reviews necessary technologies from the Semantic Web, Intercloud, and broader Identity methodologies, and provides a number of use cases for how the Future Internet would benefit from the trust network. About the speaker: George Vanecek, Jr., PhDis a senior principal researcher at Futurewei Technologies in Santa Clara Center of Innovation conducting exploration research and innovation projects in the areas of middleware services supporting IoT and sensor networks. Vanecek has extensive experience in designing and building software systems, mobile applications, and cloud services platforms as a solutions architect at Cordys, a chief scientist at AT&T Internet Platforms Organization, founder, lead architect and developer at several software startups, teaching at Purdue University CSD and conducting research at NIST and IBM.

Frank Tompa, A Flexible System for Access Control

Wed, 25 Jan 2012 16:30:00 EST

A variety of mechanisms have been used in access control systems to support enterprises' diverse security needs. For example, some enterprises might allow individual users to assign privileges on files that they own, whereas others might require that permissions be granted and revoked by security administrators only; some enterprises wish to operate under closed access policies (where permission is denied unless explicitly granted), whereas others prefer to allow access only if the number of positive authorizations exceeds the number of negative ones. We will explore two frameworks, namely creation time policies and conflict resolution policies, that together allow software vendors to support a wide variety of discretionary access control mechanisms using a single code base. About the speaker: Frank Tompa has been on the faculty in Computer Science at the University of Waterloo since 1974. His teaching and research interests are in the fields of data structures and databases, particularly the design of text management systems suitable for maintaining large reference texts and large, heterogeneous text collections. He has co-authored papers in the areas of database dependency theory, storage structure selection, query processing, materialized view maintenance, text matching, XML processing, structured text conversion, database integration, data retention and security, and text classification. In 2005, the University of Waterloo and the City of Waterloo announced the naming of the road Frank Tompa Drive in recognition of Professor Tompa being one of those who "epitomize the energy and enterprise that characterize the University of Waterloo." In 2010, he was named a Fellow of the ACM for contributions to text-dominated and semi-structured data management.

Salmin Sultana, Secure Provenance Transmission for Data Streams

Wed, 18 Jan 2012 16:30:00 EST

Many application domains, such as real-time financial analysis, e-healthcare systems, sensor networks, are characterizedby continuous data streaming from multiple sources and through intermediate processing by multiple aggregators. Keeping track ofdata provenance in such highly dynamic context is an important requirement, since data provenance is a key factor in assessingdata trustworthiness which is crucial for many applications. Provenance management for streaming data requires addressing severalchallenges, including the assurance of high processing throughput, low bandwidth consumption, storage efficiency and secure transmission. In this talk, I will discuss a novel approach to securely transmit provenance for streaming data (focusing on sensor network) by embedding provenance into the inter-packet timing domain while addressing the above mentioned issues. As provenance is hidden in another host-medium, our solution can be conceptualized as watermarking technique. However, unlike traditional watermarking approaches, we embed provenance over the inter-packet delays rather than in the sensor data themselves, hence avoiding the problem of data degradation due to watermarking. Provenance is extracted by the data receiver utilizing an optimal threshold-based mechanism which minimizes the probability of provenance decoding errors. The resiliency of the scheme against outside and inside attackers is established through an extensive security analysis. Experiments show that our technique can recover provenance upto a certain level against perturbations to inter-packet timing characteristics. About the speaker: Salmin Sultana is pursuing her PhD in Computer Engineering in the School of ECE at Purdue University. Her research interests include secure data provenance, security and fault tolerance of distributed systems, such as cloud computing, power grid, and high performance computing. She is a member of the Center for Education and Research in Information Assurance and Security (CERIAS).

Stephen Elliott, Introduction to Biometrics

Wed, 11 Jan 2012 16:30:00 EST

A discussion about biometrics, performance and error. Learn more about biometric technologies and challenges related to performance. About the speaker: Dr. Stephen Elliott is the Director of the Biometric Standards, Performance and Assurance Laboratory at Purdue University, and Associate Director of CERIAS. His research interests are biometrics including human factors and usability issues as they relate to performance. He is also involved in a number of Information and Communication Technology standards at the US and international level.

Apu Kapadia, Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones

Wed, 30 Nov 2011 16:30:00 EST

We introduce Soundcomber, a "sensory malware" for smartphones that uses the microphone to steal private information from phone conversations. Soundcomber is lightweight and stealthy. It uses targeted profiles to locally analyze portions of speech likely to contain information such as credit card numbers. It evades known defenses by transferring small amounts of private data to the malware server utilizing smartphone-specific covert channels. Additionally, we present a general defensive architecture that prevents such sensory malware attacks. About the speaker: Apu Kapadia is an Assistant Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University. He received his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign in October 2005. Following his doctorate, Prof. Kapadia joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies, and then as a Member of Technical Staff at MIT Lincoln Laboratory.Prof. Kapadia is interested in topics related to systems' security and privacy. He is particularly interested in privacy-enhancing technologies such as anonymizing networks, usable models and policy languages for privacy, security in peer-to-peer networks, and applied cryptography.j

Loukas Lazos, Jam me if you can: Mitigating the Impact of Inside Jammers

Wed, 16 Nov 2011 16:30:00 EST

The open nature of the wireless medium leaves wireless communications exposed to interference caused by the concurrent operation of co-located wireless devices over the same frequency bands. While unintentional signal interference is managed at the physical and mac layers using an array of techniques (advanced signal processing, channel coding and error correction, spread spectrum communications, multiple access protocols, etc.), in a hostile environment, wireless communications remain vulnerable to intentional interference attacks typically referred to as jamming. Jamming can take the form of an external attack launched by "foreign" devices that are unaware of the network secrets (e.g., cryptographic credentials) or its protocols. Such external attacks are relatively easy to neutralize through a combination of cryptography-based measures andspreading techniques. In contrast, when jamming attacks are launched from compromised nodes, they are much more sophisticated in nature.These attacks exploit knowledge of network secrets (e.g., cryptographic keys and pseudo-random spreading codes) and its protocol semantics to maximize their detrimental impact by selectively and adaptively targeting critical data transmissions. In this talk, wediscuss the feasibility and impact of selective jamming attacks in the presence of inside adversaries. The attacker's selectivity is considered at different granularities, namely on a per-channel basis and on a per-packet basis. We describe several mitigation methods thatdo not rely on the existence of shared secrets, but defeat selectivity via a combination of temporary packet hiding and uncoordinated frequency hopping. About the speaker: Loukas Lazos is an Assistant Professor in the Electrical and Computer Engineering Department at the University of Arizona. He received his Ph.D. in Electrical Engineering from the University of Washington, Seattle, in 2006. He is a recipient of the NSF CAREER Award (2009), for his research in security of multi-channel wireless networks. His main research interests are in the areas of networking, security, and wireless communications, focusing on the identiﬁcation, modeling, and mitigation of security vulnerabilities, visualization of network threats, and analysis of network performance.

Zhongshu Gu, Process Implanting: A New Active Introspection Framework for Virtualization

Wed, 9 Nov 2011 16:30:00 EST

Previous research on virtual machine introspection proposed "out-of-box" approach by moving out security tools from the guest operating system. However, compared to the traditional "in-the-box" approach, it remains a challenge to obtain a complete semantic view due to the semantic gap between the guest VM and the hypervisor.In this paper, we present Process Implanting, a new active VM introspection framework, to narrow the semantic gap by implanting a process from the host into the guest VM and executing it under the cover of an existing running process. With the protection and coordination from the hypervisor, the implanted process can run with a degree of stealthiness and exit gracefully without leaving negative impact on the guest operating system. We have designed and implemented a proof-of-concept prototype on KVM which leverages hardware virtualization. We also propose and demonstrate application scenarios for Process Implanting in the area of VM security. About the speaker: Zhongshu Gu is a Ph.D. student from department of computer science atPurdue University. His research interests are on application/systemsecurity, virtualization technology and malware analysis. His advisoris Prof. Dongyan Xu.

Morgan Greenwood, SureView AMP, Active Malware Protection, detecting malware anti virus solutions miss

Wed, 2 Nov 2011 16:30:00 EDT

Learn how organization's proactivly protect against malware that traditional signature-based anti virus solutions miss.

Sheila Becker, Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack

Wed, 26 Oct 2011 16:30:00 EDT

Peer-to-peer real-time communication and media streaming applicationsoptimize their performance by using application-level topology estimationservices such as virtual coordinate systems. Virtual coordinate systems allownodes in a peer-to-peer network to accurately predict latency between arbitrarynodes without the need of performing extensive measurements. However, systemsthat leverage virtual coordinates as supporting building blocks, are prone toattacks conducted by compromised nodes that aim at disrupting, eavesdropping,or mangling with the underlying communications.Recent research proposed techniques to mitigate basic attacks (inflation, deflation,oscillation) considering a single attack strategy model where attackers performonly one type of attack. In this work we explore supervised machine learningtechniques to mitigate more subtle yet highly effective attacks (frog-boiling,network-partition) that are able to bypass existing defenses. We evaluate ourtechniques on the Vivaldi system against a more complex attack strategy model,where attackers perform sequences of all known attacks against virtual coordinatesystems, using both simulations and Internet deployments. About the speaker: Sheila is a Ph.D. candidate at the University of Luxembourg. She is a visiting scholar at Purdue University in the Dependable and Secure Distributed Systems Lab for this academic year with the support of a Fulbright grant. In 2008, she obtained the M. Sc. degree from the University Henri Poincare in Nancy, France. She received an industrial engineering degree in applied informatics from University of Luxembourg in 2007. Her interests lie in Machine Learning, Network Security and Fuzz testing.

Julia M. Taylor, Victor Raskin, and Eugene H. Spafford, Ontological Semantic Technology Goes Phishing

Wed, 19 Oct 2011 16:30:00 EDT

The talk reports on an early stage of on-going research on the application of computational semantic techniques to detect phishing, i. e., mass mailings intended to sweep up personal details for later malicious use by the phishers themselves or their potential customers. Our personal experience as targets of phishing has shown that the texts are getting increasingly polished, plausible, and sophisticated, often making it difficult even for humans to tell phishing from bona fide, if unadvised messages. In this talk, we will demonstrate, on a few examples, how Ontological Semantic Technology can help to achieve machine natural language understanding that allows the computer to match and, augmented by the best existing technologies, possibly exceed human ability to detect the meaning-based clues pointing to phishing and to reason accordingly. We will also discuss the problem of automatic phishing detection and share our thoughts on applying the most feasible and promising techniques on a large corpus of phishing emails. About the speaker: Dr. Julia M. Taylor has been associated with CERIAS since 2008, first as a Visiting Scholar while working full-time on implementing OST at a start-up and, since August 2011, as a Research Assistant Professor. She earned her Ph.D. in CSE from the University of Cincinnati in 2008, following the MS in 2004 and BS in CS and BA in MATH in 1999. She has published widely on various aspect of NLU, including pioneering work on computational humor detection as well as fuzzy logic and, most recently, NL IAS.Dr. Victor Raskin, Distinguished Professor of English and Linguistics (with a courtesy appointment in CS), has been a member of the CERIAS Internal Advisory Board since its inception and Associate Director for Graduate Education since 2002. He earned all of his degrees in Mathematical and Computational Linguistics from the Lomonosov Moscow State University in 1970, 1966, and 1964, respectively. Prior to joining Purdue in 1978, he had taught at his alma mater, at the Hebrew University of Jerusalem and Tel Aviv University. He has published intensely on natural language semantics and its formal and computational applications.Dr. Eugene H. Spafford, Professor of Computer Sciences, is the CERIAS founder and Executive Director. He earned his BA in CS and MATH from SUNY at Brockport in 1979 and his MS and Ph.D. in Information and CS from GA Tech in 1981 and 1986, respectively. At Purdue since 1986, he has done work much of which is at the foundation of current security practice, including intrusion detection, firewalls, and whitelisting. His most recent work has been in cyber security policy, forensics, and future threats. A Fellow of the AAAS, ACM, IEEE, (ICS)^2, and a Distinguished Fellow of the ISSA. he is also the current chair of the Public Policy Council of ACM (USACM) and editor-in-chief of the journal Computers & Security.

Dan McWhorter and Steve Surdu, Enterprise-Wide Intrusions Involving Advanced Threats

Wed, 12 Oct 2011 16:30:00 EDT

Since early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat.Mandiant will draw upon investigations it has conducted over the last eighteen months to:Illustrate major differences among the attack groupsDescribe the tactics attackers use to breach their victimsOutline the investigative approaches required to contain active attack groupsDetail remediation techniques that are most successful at removing attackers from the networks.The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted – some of which have not received media attention to date. About the speaker: Dan McWhorter is responsible for Mandiant's Professional Education services. Mr. McWhorter has been a part of the Mandiant team for over five years. Over that time he has contributed to dozens of initiatives. He has led and managed incident response investigations, developed and delivered course curriculum, and helped design and implement an automated methodology for evaluating software assurance in source code. He has also supervised Mandiant's team of Consulting Technical Directors, oversaw process improvement within Consulting, and managed a complex matrix-staffing methodology for Consulting projects. Mr. McWhorter is a graduate of the National Security Agency's (NSA) three-year Cryptologic Mathematics Program. Mr. McWhorter has worked toward his doctorate in mathematics at the University of North Carolina, has a Masters of Science in mathematics from the University of Cincinnati, and has a Bachelors of Science in mathematics from Mount Union College. Steve Surdu has responsibility for Mandiant's Professional Services organization. He has spent his career providing information technology consulting services or software product integration services to large organizations. He has been an application programmer, systems programmer, tech support team lead and project manager. For the last 14 years he has focused primarily on computer security. He has deployed security infrastructure, lead complex vulnerability assessment teams and participated in dozens of incident response investigations. He graduated from the University of Michigan with a business degree in 1980. MANDIANT Corporation is a private company with offices in Washington DC, New York City, Los Angeles and San Francisco. MANDIANT specializes in investigating and resolving large scale active network breaches involving hundreds or thousands of compromised systems. It also helps organizations to improve their security postures so they can avoid breaches. Lastly, Mandiant delivers malware analysis, network traffic analysis, wireless security and incident response courses to law enforcement and corporate clients.

Hal Aldridge, Trusted Computing and Security for Embedded Systems

Wed, 5 Oct 2011 16:30:00 EDT

Computer hardware and software that perform real-world functions such as flight control, telecommunications switching, and network routing form a class of systems called embedded systems. These embedded systems have challenges that differ from general purpose computing. The security challenges of embedded systems have become a topic of concern in critical infrastructure such as SmartGrid. This presentation will discuss the embedded systems security challenges and a possible solution, Trusted Computing. Trusted Computing provides a tight coupling of hardware and software for security which can provide significant security enhancements over software only solutions and is highly applicable to embedded systems. About the speaker: Hal Aldridge is Director of Engineering at Sypris Electronics in Tampa, Florida. Dr. Aldridge has lead Cybersecurity Research and Development efforts at Sypris Electronics since joining in 2008. Prior to joining Sypris, Dr. Aldridge lead development of unmanned systems for space and security applications at Northrop Grumman and NASA. Dr. Aldridge is active with advanced cybersecurity research at organizations including Purdue University CERIAS and Carnegie Mellon University CyLab. Dr. Aldridge has a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University specializing in fault tolerant robotic control systems for space applications. Dr. Aldridge's research interests include trusted computing, secure cyber-physical systems, and fault tolerant systems.

Xukai Zou, Weighted Multiple Secret Sharing

Wed, 28 Sep 2011 16:30:00 EDT

Secret sharing is important in information and network security and has broad applications in the real world. Since an elegant secret sharing mechanism was first proposed by Shamir in 1979 (also Blakley did the similar work then), many schemes have appeared in literature. These schemes deal with either single or multiple secrets and their shares have either the same weight or different weights. Weighted shares mean that different shares have different capabilities in recovering the secret(s) -- a more (less) weighted share needs fewer (more) other shares to recover the secret(s). In this talk, we will first discuss two primary categories of (representative) methods implementing secret sharing: polynomial based, i.e., Shamir's scheme, and Chinese Remainder Theorem (CRT) based, i.e., Mignotte's scheme. Then we present a new CRT based weighted multiple secret sharing scheme, based on the identification of a direct relation between the length (i.e., the number of bits) and the weight of shares. The new scheme can also be naturally applied to other cases such as sharing a single secret with same-weight shares and is remarkably simple and easy to implement. Compared to both Shamir's scheme and Mignotte's scheme, the new scheme is more efficient than both schemes in share computation and more efficient than Shamir's scheme (and as efficient as Mignotte's scheme) in secret recovery. One prominent and unique advantage of the new scheme is that it admits non-whole number weights which the existing schemes have not offered. Thus, the sizes of shares can vary distantly in fine-tuned granularity to fit different requirements and constraints of various devices such as sensors, PDAs, cell phones, iPads and to allow the new scheme to apply to broader applications involving wireless/sensor networks and pervasive computing. About the speaker: : Dr. Xukai Zou is an associate professor at the Department of Computer and Information Sciences, IUPUI. His current research includes applied cryptography and network security. Dr. Zou is a member of CERIAS.

Joe Leonard, Methods and Techniques for Protecting Data in Real Time on the Wire

Wed, 21 Sep 2011 16:30:00 EDT

The ongoing explosion of data and information throughout the enterprise is undeniable. Sensitive data, whether structured or unstructured, finds itself replicated and dispersed. This creates a challenge for information security professionals to prevent the flow of this information to unauthorized or inappropriate destinations.The security community has made great progress in protecting this data and information while it is at rest or in use. But ... is there more that can be done?Companies are now asking, "Who moved my data and where did it go? Was it an appropriate flow from one internal department to another? Was the flow intended for a trusted business partner? Or ... was my data heading for an unknown destination, a competitor or a pool of cybercriminals?"End point controls, access controls, database monitoring and encryption are all important components of a solid layered security approach. However tools that provide visibility and control over "data in motion" deliver critical capabilities that none of these other components can adequately address. When prioritizing various components or layers of an information security implementation, it has been argued that a solid "data in motion" component can provide 80% of the bang for 20% of the buck (and effort!)This presentation focuses on methods and techniques in wire speed detection and control of data in motion. The presentation will include:approaches to detecting simple patterns emphasizing low false positivesadvances in wire speed pattern matching enabling protection of specific fields or combination of fields in a databasepolicy designs that combine network application controls with content identification and controlwire speed blocking that does not require a proxy About the speaker: Mr. Leonard is responsible for bringing to market an advanced Deep Packet Inspection device focused on Information Leak Prevention and other leading edge security applications for Global Velocity.He has spent over 25 years in Communications Technology, with experience ranging from Military systems to global fortune 100 networks to modern day internet solutions. Previously Joe held a Director's role in the Chief Technology Office of Nortel Networks where he was responsible for Enterprise Data and VoIP technology direction. Prior to Nortel, Joe was Director of Principal Engineering with a Successful Silicon Valley startup, Shasta Networks which was acquired by Nortel Networks in 1999. Joe has also held various technical and management positions with Compaq Computer, and MCI Communications focused primarily on wide area and local area data networking solutions.

David Zage, What does Knowledge Discovery, Predictability, and Human Behavior have to do with Computer Security

Wed, 14 Sep 2011 16:30:00 EDT

Vast resources are devoted to predicting human behavior in domainssuch as economics, popular culture, and national security, but thequality of such predictions is often poor. Thus, it is tempting toconclude that this inability to make good predictions is a consequenceof some fundamental lack of predictability on the part of humans.However, recent work offers evidence that the failure of standardprediction methods does not indicate an absence of humanpredictability but instead reflects:1. misunderstandings regarding which features of human dynamicsactually possess predictive power2. the fact that, until recently, it has not been possible to measurethese predictive features in real world settings.This talk introduces some of the science behind these basicobservations and demonstrates their utility in various case studies.We begin by considering social groups in which individuals areinfluenced by the behavior of others. Correctly identify andunderstanding the social forces in these situations can increase theextent to which the outcome of a social process can be predicted inits very early stages. This finding is then leveraged to designprediction methods which outperform existing techniques for predictingsocial network dynamics. We also look at the analysis of thepredictability of adversary behavior in the co-evolutionary "armsraces" that exist between attackers and defenders in many domains. Ouranalysis reveals that conventional wisdom regarding these co-evolvingsystems is incomplete, and provides insights which enable thedevelopment of predictive methods for computer network security. About the speaker: David Zage is a senior member of Sandia National Laboratories in theCyber Analysis R&D group. His main research interest are in the areasof security, networking, and distributed systems. David received hisPh.D. in computer science from Purdue University in 2010 and his B.S.in computer science from Purdue in 2004.

Steven Gianvecchio, Detecting Bots in Online Games using Human Observational Proofs

Wed, 7 Sep 2011 16:30:00 EDT

The abuse of online games by automated programs, known as bots, hasgrown significantly in recent years. The conventional methods fordistinguishing bots from humans, such as CAPTCHAs, are not effective ina gaming context. This talk presents a non-interactive approach based onhuman observational proofs for continuous game bot detection. HOPsdifferentiate bots from human players by passively monitoring inputactions that are difficult for current bots to perform in a human-likemanner. The talk describes a prototype HOP-based game bot defense systemthat analyzes user-input actions with a cascade-correlation neuralnetwork to distinguish bots from humans. The experimental results showthat the HOP system is effective in capturing game bots in World ofWarcraft, raising the bar against game exploits and forcing attackers tobuild more complicated bots for detection evasion in the future. About the speaker: Steven Gianvecchio received his Ph.D. in Computer Science from theCollege of William and Mary in 2010. He is a Senior Scientist at theMITRE Corporation, McLean, VA. His research interests include networks,distributed systems, network monitoring, intrusion detection, traffic modeling, and covert channels.

Tamir Tassa, Non-homogeneous Anonymizations

Wed, 31 Aug 2011 16:30:00 EDT

Privacy Preserving Data Publishing (PPDP) is an evolving research field that is targeted at developing anonymization techniques to enable publishing data so that privacy is preserved while data distortion is minimized. Up until recently most of the research on PPDP considered partition-based anonymization models. The approach in such models is to partition the database records into groups and then homogeneously generalize the quasi-identifiers in all records within a group, as a countermeasure against linking attacks. We describe in this talk alternative anonymization models which are not based on partitioning and homogeneous generalization. Such models extend the set of acceptable anonymizations of a given table, whence they allow achieving similar privacy goals with much less information loss. We shall briefly review the basic models of homogeneous anonymization (e.g. k-anonymity and l-diversity) and then define non-homogeneous anonymization, discuss its privacy, describe algorithms and demonstrate the advantage of such anonymizations in reducing the information loss. We shall then discuss the usefulness of those models for data mining purposes. In particular, we will show that the reduced information loss that characterizes such anonymizations translates also to enhanced accuracy when using the anonymized tables to learn classification models. Based on joint works with Aris Gionis, Arnon Mazza, Mark Last and Sasha Zhmudyak About the speaker: Tamir Tassa is a member of the Department of Mathematics and Computer Science at The Open University of Israel. Previously, he served as a lecturer and researcher in the School of Mathematical Sciences at Tel Aviv University, and in the Department of Computer Science at Ben Gurion University. During the years 1993-1996 he served as an assistant professor of Computational and Applied Mathematics at University of California, Los Angeles. He earned his Ph.D. in applied mathematics from the Tel Aviv University in 1993. His current research interests include cryptography, privacy preserving data publishing and data mining.

Scott Hollenbeck, Provisioning Protocol Challenges in an Era of gTLD Expansion

Wed, 24 Aug 2011 16:30:00 EDT

The number of generic top-level domains in the Internet's Domain Name System has been increasing slowly since 2000. In July 2011 the Internet Corporation for Assigned Names and Numbers (ICANN) approved a long-awaited plan to significantly increase the number of generic top-level domain names. With a specific focus on users of the Extensible Provisioning Protocol (EPP), this presentation will describe the practical challenges faced by participants in the domain name provisioning ecosystem in the face of evolving domain name management requirements. About the speaker: Scott Hollenbeck is the Director of Applied Research for Verisign. In this capacity he manages the company's efforts to explore and investigate strategic technology areas in collaboration with university partners. Mr. Hollenbeck is the author of the Extensible Provisioning Protocol (EPP), a standard protocol for the registration and management of Internet infrastructure data including domain names. He has served as a member of the Internet Engineering Steering Group of the Internet Engineering Task Force, where he was the responsible area director for several working groups developing application protocol standards. He received a Bachelor's degree in Computer Science from the Pennsylvania State University and a Master's degree in Computer Science complemented by a graduate certificate in Software Engineering from George Mason University.

Eric Katz, Mobile Phones and Evidence Preservation

Wed, 27 Apr 2011 16:30:00 EDT

Jose Fernandez, Semantic Security: or How I Learned to Stop Worrying and Looooooove the Internet

Wed, 20 Apr 2011 16:30:00 EDT

My late friend Robert Garigue, a pioneer of Information Warfare and one of the most original and visionary corporate Chief Information Security Officer, first described the notion a "semantic attack" as the eventual non plus ultra in the hacking arsenal. Semantic attacks do not target directly the information-carrying or information-bearing portions of a system, but rather those components of the system that give it meaning and value; i.e. the semantic components that help us, among other things, establish and maintain truth and trust. When Garigue first coined the phrase "Hack not system, hack the belief system" many of us misinterpreted this as a cry for addressing the non-electronic non-technological "soft" components of the system, i.e. humans and their decision making cycles. In fact, social engineering, phishing attacks and other forms of internet-based cons are in some sense instances of such cyber-mediated attacks on the"meat computers" we have in our brains. However, reality is fast catching up with Science Fiction, and our decision making whether as citizens in a democracy, consumers, military leaders, politicians, businessmen and even intellectuals, is increasingly depending on Internet-based sources and systems. Our increased use and reliance on search engines, social networks, blogospheres, wikis and other non traditional media, for our daily decision making has made it such that an increased portion of the semantic system is computer-based. How are we to define, evaluate or measure the security of these new cybernetic semantic components? Join me on a highly speculative tour of "Semantic Security" (tm), a new subfield of Computer Security, ripe with lots of low-hanging, easily solvable research problems. Believe me!! About the speaker: Dr. Fernandez became an assistant professor in the Department ofComputer & Software Engineering at the …cole Polytechnique de MontrÈal in 2004, time at which he forsook all previous research attempts in Quantum Computing, Computational Complexity and Cryptography (he was just not that good at it). He now heads the laboratory for Information Security Research (Lab SecSI, in French), where his current research interests include malware analysis, botnet command and control, denial of service attacks, intrusion detection, security product testing methodologies, security and integration of logical and physical access control systems, semantic security and theory of cyber conflict. He holds bachelors in Math and in Computer Engineering from MIT, a Master's from University of Toronto, and a Ph.D. from Universite de Montreal.

Ronda R. Henning, FuzzyFusion™, an application architecture for multisource information fusion

Wed, 13 Apr 2011 16:30:00 EDT

The correlation of information from disparate sources has long been an issue in data fusion research. Traditional data fusion addresses the correlation of information from sources as diverse as single-purpose sensors to all-source multi-media information. Information system vulnerability information is similar in its diversity of sources and content, and in the desire to draw a meaningful conclusion, namely, the security posture of the system under inspection. FuzzyFusion™, a data fusion model that is being applied to the computer network operations domain is presented. This model has been successfully prototyped in an applied research environment and represents a next generation assurance tool for system and network security. About the speaker: Ronda Henning, CISSP-ISSAP, CISSP-ISSMP, CSSLP, CISM, is the Senior Scientist for Security and Privacy at Harris Corporation; a Melbourne, Florida based international communications company. Ms. Henning is responsible for the advanced information assurance research and technology direction for Harris' information assurance offerings. She is the Program Manager of the Harris Institute for Assured Information, a collaborative research venture with the Florida Institute of Technology. Previously, she was the Network Security Manager for the FAA Telecommunication Infrastructure (FTI) Program, responsible for securing the FAA's Wide Area Network, a national critical infrastructure. Prior to her employment at Harris, Ms. Henning worked in information security research and development at the National Security Agency. Ms. Henning holds an M.B.A. from the Florida Institute of Technology, an M.S. in Computer Science from Johns Hopkins University, and a B.A. from the University of Pittsburgh. She is a doctoral candidate in information assurance at Nova Southeastern University. A frequent speaker on enterprise information security processes and assurance, Ms. Henning has over 50 refereed publications on various security topics.

Carter Bullard, Society, Law Enforcement and the Internet: Models for Give and Take

Wed, 6 Apr 2011 16:30:00 EDT

Krannert Auditorium, Purdue University, West Lafayette, INThe interaction of society, law enforcement and telecommunications has evolved over the last 140 years to a successful balance of give and take. Society gives, providing well-defined processes and procedures that allow the government, law enforcement and citizens regulated access to information routinely collected by telecommunications service providers. And society benefits, where its justice systems can effectively use the information in support of criminal investigations and civil dispute resolutions.Internet technology has been designed, developed and deployed without any consideration to this relationship, and the technical and social void that has emerged isactively being exploited, reducing the security of the Internet, and the natural compensatory actions threaten innovation and privacy.Our presentation discusses how a comprehensive policy regarding Internet communications identifying information (CII), could align the Internet with the existing public private partnerships that have evolved, minimizing the threats to privacy that an Internet ‘wiretapping' strategy alone could generate. About the speaker: Carter Bullard is a pioneer and industry expert, holding both academic and industry positions researching computer network security. Carter established in the early 1990's, research programs in network vulnerability analysis and assessment at Carnegie Mellon's CERT, where he pioneered and developed the concepts of network flow based forensics, and situational awareness. Carter helped develop and standardize the complete security architecture for ATM networking while a principal at FORE Systems and Nortel Networks, and most recently has been conducting security research in the areas of high performance virtual networking, forensics, optimization, awareness, and protection, at the U.S. DoD. Carter has authored over 20 contributions to the IETF, ITU, and the ATM Forum in the areas of network security, has consulted to U.S. Federal and State agencies regarding large scale network surveillance, mitigation, attribution and protection.

Kim Trieu, Wireless Technologies and how it relates to cyber security research

Wed, 23 Mar 2011 16:30:00 EDT

If you are interested in what cyber-related technologies will be most relevant at the time you graduate, and where many of the cutting-edge jobs will be, then this talk will be of interest. This presentation will be a high level view of where Lockheed Martin and what where we think the government is heading in terms of Cyber security and especially in wireless technologies realm such as Wi-Fi, Cellular, Wi-Max, and Zigbee communications.This presentation will also discuss the cyber capabilities in Hanover, MD and the new NexGen cyber security center in Gaithersburg. The presentation will lead into how some of our interns contributed to the cyber arena and later were hired and became permanent members of the Lockheed team. We would like the talk to be as interactive as possible to help answer questions from students and graduates on cyber security topics and how Lockheed Martin can help those starting their careers in the cyber security domain. About the speaker: He has dedicated most of his professional career in support of the intelligence community. Mr. Quoc Kim Trieu ("Kim") has demonstrated exceptional leadership within Lockheed Martin in his two-year tenure with the company. His superb skills and talents have been recognized by Lockheed Martin's government customer and have helped shaped the views of senior cyber community leaders.He brings with him 8 years of intelligence experience and has provided his skills and talents to numerous US intelligence agencies such as the NGA, NRO, DNI, CIA and NSA. Since joining Lockheed IS&GS Security in 2008 he has taken on numerous assignments and stays motivated supporting Hanover, MD campus and his community. Kim has demonstrated to both the Lockheed Martin Chief Executive Officer and the Governor of Maryland results of research conducted by Lockheed Martin's Wireless Cyber Security Center. He has help lead the National Security Agency's highly successful Cyber Defense Exercise to train future military cyber defense leaders and was the primary technical liaison for cyber experiments and demonstrations spanning Lockheed Martin's Herndon Solution Center, Gaithersburg's NexGen Cyber Innovation Center, and Hanover's Wireless Cyber Security Center.

Michael Schearer, Exploiting Banners for Fun and Profits

Wed, 9 Mar 2011 16:30:00 EST

SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities. About the speaker: Michael Schearer is a government contractor for Booz Allen who spent nearly nine years in the United States Navy as a combat-experienced EA-6B Prowler Electronic Countermeasures Officer. He also spent nine months on the ground doing counter-IED work with the U.S. Army. He is a graduate of Georgetown University's National Security Studies Program and a previous presenter at DEFCON, and has spoken at ShmooCon, HOPE and internationally at CONFidence (Poland) and HackCon (Norway) as well as other numerous conferences. Michael is a licensed amateur radio operator and an active member of the Church of WiFi. He lives in Maryland with his wife and four children.

Casey Deccio, Modeling DNS Security: Misconfiguration, Availability, and Visualization

Wed, 2 Mar 2011 16:30:00 EST

The Domain Name System (DNS) is one of the components most critical toInternet functionality. The ubiquity of the DNS necessitates both theaccuracy and availability of responses. While the DNS SecurityExtensions (DNSSEC) add authentication to the DNS, they also increasethe complexity of an already complex name resolution system. Manydeployments have suffered from server misconfiguration or maintenanceneglect which increase the likelihood of name resolution failure for adomain name, even if servers are responsive.Our research introduces metrics for quantifying DNSSEC availability andevaluates these metrics on production signed DNS zones to show thepervasiveness of misconfiguration. We present methodology forincreasing robustness of name resolution in the presence of DNSSECmisconfiguration. In our survey of production signed zones, we observethat nearly one-third of the validation errors detected might bemitigated using the technique proposed in our research.As part of my talk, I will also demo an online DNS visualization tooldesigned to assist administrators in identifying critical issues withtheir DNSSEC deployments.This is joint work with researchers at UC Davis and Intel Corporation. About the speaker: Casey Deccio is a Senior Member of Technical Staff at Sandia NationalLaboratories in Livermore, CA. He joined Sandia in 2004 after receivinghis BS and MS degrees in Computer Science from Brigham Young University,and he received his PhD in Computer Science from the University ofCalifornia, Davis in 2010. Casey's research interests lie primarily inmodeling and availability analysis of DNS and DNSSEC, and he leadsSandia's DNSSEC deployment efforts.

Jan Vitek, A couple of results about JavaScript

Wed, 23 Feb 2011 16:30:00 EST

This talk will summarize two recent results on JavaScript."The Eval that Men Do": Transforming text into executable code with a function such as JavaScript's eval endows programmers with the ability to extend applications, at any time, and in almost any way they choose. But this expressive power comes at a price. Reasoning about the dynamic behavior of programs that use this features becomes difficult. A better understanding of how eval is used could lead to increased performance and security. I will report on a large-scale study of the use of eval in JavaScript-based web applications. We have recorded the behavior 317 MB of strings given as arguments to 481,844 calls to the eval function. We provide statistics on the nature and content of strings used in eval expressions, as well as their provenance and data obtained by observing their dynamic behavior."Flexible Access Control Policies with Delimited Histories and Revocation": Providing security guarantees for software systems built out of untrusted components requires the ability to enforce fine-grained access control policies. This is evident in Web 2.0 applications where JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over delimited histories and allows for revocation of the history, and reversion to a safe state if a violation is detected. We report on an empirical evaluation in the context of a production browser. We show examples of security policies which prevent real attacks without imposing drastic restrictions on legacy applications. We have evaluated our proposal with two non-trivial policies on 50 of the Alexa top websites with no changes to the legacy JavaScript code. Between 72% and 84% of the sites were fully functional, and only 1 site was rendered non-functional. About the speaker: Jan Vitek is a Professor of Computer Science at Purdue. He works on programming language technologies with applications to real-time computing. Prof. Vitek led the Ovm project which resulted in the first open source real-time Java virtual machine to be flight-tested in 2005. He has since investigated virtual machine technologies for safety-critical embedded systems. He is or has been general chair of PLDI, LCTES and ISMM as well as program chair of ECOOP, VEE, Coordination, and TOOLS. He is a member of the JSR-302 Safety Critical Java expert group and of the IFIP 2.4 working group on compilers and software technologies.

Fariborz Farahmand, Understanding insiders: An analysis of risk-taking behavior *

Wed, 9 Feb 2011 16:30:00 EST

There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders' perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders. About the speaker: Fariborz Farahmand received his Ph.D. in information and computer science from the Georgia Institute of Technology. He is a faculty fellow and a research assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He has received several awards for excellence in scholarship and education, including a fellowship from the Institution for Information Infrastructure Protection (I3P). His research interests are in behavioral economics and its applications in information systems, security and privacy of information systems, vulnerability and risk assessment of information systems, and technology policy. *For full review of this work please visit: Fariborz Farahmand, Eugene H. Spafford, "Understanding Insiders: An Analysis of Risk- Taking Behavior," Information SystemsFrontiers, Springer Publications, to appear 2011, 11 pages (Available online at: http://www.springerlink.com/content/t2g2836u1712474w/)

Torsten Braun, User and Machine Authentication and Authorization Infrastructure for Distributed Testbeds

Wed, 26 Jan 2011 16:30:00 EST

The Wisebed wireless sensor network testbed provides a federated experimentation facility covering several European universities. For scalable management of access control we have designed and implemented a single-sign-on and attribute-based authentication and authorization infrastructure based on the Shibboleth software, which has been developed by the Internet2 Middleware Initiative. Shibboleth is usually used for protecting browser-based access of web resources. We have designed and implemented an extension to protect web services using the Simple Object Access Protocol. This extension allows both user and machine authentication for web services. As a proof of concept, we implemented a complete reservation system for sensor nodes in the Wisebed test-bed federation. Two different user interfaces based on a web page and an iPhone application have been implemented. Although implemented for Shibboleth, the architecture can be easily adapted to other authentication and authorization infrastructures. About the speaker: Torsten Braun got his Ph.D. degree from University of Karlsruhe (Germany) in 1993. From 1994 to 1995 he has been a guest scientist at INRIA Sophia-Antipolis (France). From 1995 to 1997 he has been working at the IBM European Networking Centre Heidelberg (Germany) as a project leader and senior consultant. He has been a full professor of Computer Science at the University of Bern (Switzerland) since 1998 and director of the Institute of Computer Science and Applied Mathematics at University of Bern since 2007. He has been member of the SWITCH (Swiss education and research network) board of trustees since 2001.

Somesh Jha, Retrofitting Legacy Code for Security

Wed, 19 Jan 2011 16:30:00 EST

Research in computer security has historically advocated Design forSecurity, the principle that security must be proactively integratedinto the design of a system. While examples exist in the researchliterature of systems that have been designed for security, there arefew examples of such systems deployed in the real world. Economic andpractical considerations force developers to abandon security andfocus instead on functionality and performance, which are moretangible than security. As a result, large bodies of legacy code oftenhave inadequate security mechanisms. Security mechanisms are added tolegacy code on-demand using ad hoc and manual techniques, and theresulting systems are often insecure.This talk advocates the need for techniques to retrofitsystems with security mechanisms. In particular, it focuses on theproblem of retrofitting legacy code with mechanisms for authorizationpolicy enforcement. It introduces a new formalism, calledfingerprints, to represent security-sensitive operations. Fingerprintsare code templates that represent accesses to security-criticalresources, and denote key steps needed to perform operations on theseresources. This talk develops both fingerprint mining andfingerprint matching algorithms.Fingerprint mining algorithms discover fingerprints ofsecurity-sensitive operations by analyzing source code. Thistalk presents two novel algorithms that use dynamic programanalysis and static program analysis, respectively, to minefingerprints. The fingerprints so mined are used by the fingerprintmatching algorithm to statically locate security-sensitiveoperations. Program transformation is then employed to staticallymodify source code by adding authorization policy lookups at eachlocation that performs a security-sensitive operation.These techniques have been applied to three real-world systems. Thesecase studies demonstrate that techniques based upon program analysisand transformation offer a principled and automated alternative to thead hoc and manual techniques that are currently used to retrofitlegacy software with security mechanisms. Time permitting, we willtalk about other problems in the context of retrofitting legacy codefor security. I will also indicate where ideas from model-checking have been used in this work. About the speaker: Somesh Jha received his B.Tech from Indian Institute of Technology,New Delhi in Electrical Engineering. He received his Ph.D. in ComputerScience from Carnegie Mellon University in 1996. Currently, Somesh Jhais a Professor in the Computer Sciences Department at theUniversity of Wisconsin (Madison), which he joined in 2000. His workfocuses on analysis of security protocols, survivability analysis,intrusion detection, formal methods for security, and analyzingmalicious code. Recently he has also worked on privacy-preservingprotocols. Somesh Jha has published over 100 articles in highly-refereedconferences and prominent journals. He has won numerous best-paper awards.Somesh also received the NSF career award in 2005.

Fariborz Farahmand, Risk Perception and Trust in Cloud

Wed, 12 Jan 2011 16:30:00 EST

Many companies today are paying attention to cloud computing and new aspects of large-scale, distributed computing. This emerging paradigm of the information age offers exciting benefits to companies and users, but cloud computing, like any other innovation, faces challenges such as security and privacy risks. How do different stakeholders perceive these risks and the effectiveness of the mitigations? And, how are these reflected in their trust in the cloud? The answers to these questions can affect the outcome of policy debates, and the allocation of resources in controlling security issues of cloud environments. This work presents an introduction to the cloud and some of its advantages and disadvantages. It discusses the role of risk perception and trust in security and privacy challenges of the cloud. It also makes recommendations addressing these challenges. About the speaker: Fariborz Farahmand received his Ph.D. in information and computer science from the Georgia Institute of Technology. He is a faculty fellow and a research assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He has received several awards for excellence in scholarship and education, including a fellowship from the Institution for Information Infrastructure Protection (I3P). His research interests are in behavioral economics and its applications in information systems, security and privacy of information systems, vulnerability and risk assessment of information systems, and technology policy.

Matthew Hashim, Nudging the Digital Pirate: Behavioral Issues in the Piracy Context

Wed, 1 Dec 2010 16:30:00 EST

Piracy is a significant source of concern facing software developers, music labels, and movie production companies. Firms continue to invest in digital rights management technologies to thwart piracy, but their efforts are quickly defeated by hackers and pirates. In the context of piracy, we observe a surprising phenomenon: pirates may often choose to purchase the digital good after pirating it. This is quite interesting given the minimal risk of being caught. Since piracy is often considered a victimless crime, we theorize that moral obligation may mediate other constructs from the theory of planned behavior. We believe this is a consequence of the desire for an individual to rationalize unethical behavior, especially when the crime is victimless. We also identify under what circumstances an individual might be susceptible to exogenous nudging from a software company. Salient constructs under initial purchase and piracy conversion intentions are compared to document under which situations they become relevant to the potential pirate. About the speaker: Matthew J. Hashim is a Ph.D. candidate of Management Information Systems in the Krannert School of Management at Purdue University. His primary research interest is in the behavioral aspects of piracy, particularly the role of information in the piracy decision, including the conversion of pirates to paying customers. His research links the information systems literature with interdisciplinary concepts from social psychology and behavioral economics through the use of empirical and analytical research methodologies. Matthew received his M.B.A. from California State University, Fresno in 2003, and his B.S. in Business Administration from California Polytechnic State University, San Luis Obispo in 1999. Matthew worked in industry for approximately 10 years, with experience in IT security, ERP implementation and development, forensics, and other management and IT-related roles.

Michael Kirkpatrick, Security Applications for Physically Unclonable Functions

Wed, 17 Nov 2010 16:30:00 EST

Physically unclonable functions (PUFs) are hardware structures that create unique characteristics for distinct copies of a device. Specifically, the physical nature of manufacturing a device introduces slight variations that can be neither controlled nor predicted. PUFs quantify these differences into a random one-way function. In our work, we have explored multiple application scenarios for integrating PUFs into security systems.In the first application, we propose leveraging PUFs to bind access requests to known, trusted devices. This scheme also offers a lightweight key exchange protocol that can reduce the computational cost for low-power embedded devices. In our second work, we have designed PEAR, a portable authentication token based on PUFs that allows for privacy-preserving transactions with websites. Finally, we have created PUF ROKs, which are read-once cryptographic keys based on PUFs. In this talk, we will introduce these applications, highlighting the advantages of deploying PUFs over competing technologies, as well as presenting the results of our empirical and formal analyses of these prototypes. About the speaker: Michael S. Kirkpatrick is a Ph.D. candidate in the Department of Computer Sciences at Purdue University. His research interests lie in the realm of designing secure systems, with a special focus on the interactions between hardware, architectures, and operating systems. He received a M.S. in Computer Science and Engineering at Michigan State University in 2007 and a B.A. in Mathematics and Computer Science at Indiana University in 2001. In addition, he spent more than five years with IBM, primarily working in the area of semiconductor engineering and lithography.

Nikita Borisov, Detecting Coordinated Attacks with Traffic Analysis

Wed, 10 Nov 2010 16:30:00 EST

Coordinated attacks, such as botnets, present a major threat to today's computing infrastructures. They are able to evade traditional detection techniques by using zero-day and polymorphic exploits, partitioning misbehavior, and encrypting communications. I will discuss our work that aims to identify coordinated activity itself by analyzing the patterns of network communication and inferring information via the available side information. First, I will discuss the detection of linked network flows that relay traffic across compromised computers, called stepping stones. We use statistical techniques to locate timing correlation between flows, aided by active perturbation of network delays to insert a specialized pattern, called a watermark. I will show that the use of watermarks provides superior detection performance over passive correlation and present two watermark designs: RAINBOW, a low-overhead watermark for enterprise-level stepping stone detection, and SWIRL, a scalable design that can be used in the wide area.I will then discuss our work on using community detection to locate groups of computers organized into a structured peer-to-peer topology. Our tool, BotGrep, finds tightly connected components in communication graphs using several graph-theoretic metrics and heuristics. It is designed to scale to very large data sets, allowing large core ISPs to detect previously unknown peer-to-peer botnets. About the speaker: Nikita Borisov is an assistant professor at the University of Illinois at Urbana-Champaign. His research interests are network security and online privacy. He is the co-designer of the ``off-the-record'' (OTR) instant messaging protocol and was responsible for the first public analysis of 802.11 security. He is also the recipient of the NSF CAREER award in 2010. Prof. Borisov received his PhD from the University of California, Berkeley in 2005 and a BMath from the University of Waterloo in 1998.

Trent Jaeger, Tackling System-Wide Integrity

Wed, 3 Nov 2010 16:30:00 EDT

Computing system compromises occur because system integrity is not managed effectively. The various parties that contribute to a system, programmers, OS distributors, and system administrators, do not account for integrity threats comprehensively, leading to recurrence of the same kinds of attacks. The problem is that we lack scalable and automated approaches for these parties to assess the integrity of their individual components that enables one to build upon the efforts of others. In this talk, I will discuss an conceptual approach to composing system-wide integrity from enforcement of multiple system layers. This approach is motivated by various work in information flow security, but we find that managing system-wide integrity requires different inferencing approaches and care in mapping actual components to the model. In particular, we will discuss methods to establish a specifications of integrity, validating the initial integrity of system components and channels, and composing systems from such components that protect runtime integrity. We will demonstrate the use of methods on Xen and Linux systems for deploying cloud computing applications. We show that accounting for integrity in component design can lead to comprehensive system-wide management. About the speaker: Trent Jaeger is an Associate Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. He joined Penn State after working for IBM Research for nine years in operating systems and system security research groups. Trent's research interests include operating systems security, access control, and source code and policy analysis tools. He has published over 90 refereed research papers on these subjects. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, the SELinux module and policy development, integrity measurement in Linux, and the Xen security architecture. Trent is the author of the book "Operating Systems Security," which examines the principles and designs of secureoperating systems. He is active in the security research community, having been a member of the program committees of all the major security conferences, and the program chair of the ACM CCS Government and Industry Track, as well as chairing several workshops. He is anassociate editor with ACM TOIT and has been a guest editor of ACM TISSEC. Trent has an M.S. and a Ph.D. from the University ofMichigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively.

P. Madhusudan, The Role of Automata Theory in Software Verification

Wed, 27 Oct 2010 16:30:00 EDT

The 80s and 90s saw a revolution in hardware verification, where automata theory played a prominent role, formalizing model-checking and establishing the basis of verification using the logic-automata connection. We shift focus to software verification and ask how exactly would automata theory be useful in program analysis. Drawing from work in recent years in software verification in my research group as well as in the field, I will identify several key areas, ranging from modeling, abstraction, model-checking, interface synthesis, testing, to logical reasoning with dynamic data-structures, where automata theory promises to provide the right abstractions and yield effective tools for program analysis. About the speaker: Madhusudan worked for his Ph.D. at the Institute of Mathematical Sciences, India, and after a three-year post-doc stint at UPenn, joined the faculty at the Unviersity of Illinois at Urbana-Champaign. His research interests are primarily in the verification and analysis of software, with an emphasis on methods involving concurrency, logic and automata theory.

Sam King, Trust and Protection in the Illinois Browser Operating System

Wed, 20 Oct 2010 16:30:00 EDT

Current web browsers are complex, have enormous trusted computing bases, and provide attackers with easy access to modern computer systems. In this talk we introduce the Illinois Browser Operating System (IBOS), a new operating system and a new browser that reduces the trusted computing base for web browsers. In our architecture we expose browser-level abstractions at the lowest software layer, enabling us to remove almost all traditional OS components and services from our trusted computing base by mapping browser abstractions to hardware abstractions directly. We show that this architecture is flexible enough to enable new browser security policies, can still support traditional applications, and adds little overhead to the overall browsing experience.I will also talk briefly about some of my groups recent work in defending against malicious hardware. About the speaker: Samuel T. King is an assistant professor in the Computer Science department at the University of Illinois. His research interests include security, experimental software systems, operating systems, and computer architecture. His current research focuses include defending against malicious hardware, designing and implementing secure web browsers, and applying machine learning to systems problems. Sam received his PhD in Computer Science and Engineering from the University of Michigan in 2006.

Alex Liu, Fast Regular Expression Matching using Small TCAMs for Network Intrusion Detection and Prevention Systems

Wed, 13 Oct 2010 16:30:00 EDT

Regular expression (RegEx) matching is a core component of deep packet inspection in modern networking and security devices. Prior RegEx matching algorithms are either software-based or FPGA-based. Software-based solutions have to be implemented in customized ASIC chips to achieve high-speed, the limitations of which include high deployment cost and being hard-wired to a specific solution and thus limited ability to adapt to new RegEx matching solutions. Although FPGA-based solutions can be modified, resynthesizing and updating FPGA circuitry in a deployed system to handle RegEx updates is slow and difficult. In this talk, we present the first hardware-based RegEx matching solution that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. There are three main reasons why TCAM-based RegEx matching works well. First, a small TCAM is capable of encoding a large Deterministic Finite Automata (DFA) with carefully designed algorithms leveraging the ternary nature and first-match semantics of TCAMs. Second, TCAMs facilitate high-speed RegEx matching because TCAMs are essentially high-performance parallel lookup systems: any lookup takes constant time (i.e, a few CPU cycles) regardless of the number of occupied entries. Third, because TCAMs are off-the-shelf chips that are widely deployed in modern networking devices, it is easy to design networking devices that include our TCAM based RegEx matching solution. About the speaker: Alex X. Liu is currently an assistant professor in the Department of Computer Science and Engineering at Michigan State University. He received his Ph.D. degree in Computer Science from The University of Texas at Austin in 2006. He received the IEEE & IFIP William C. Carter Award in 2004 and the National Science Foundation CAREER Award in 2009. His special research interests are in networking, security, and privacy. His general research interests include computer systems, distributed computing, and dependable systems.

Mihaela Vorvoreanu, Lorraine G. Kisselburgh, Global Study of Web 2.0 Use in Organizations

Wed, 6 Oct 2010 16:30:00 EDT

In this seminar, we present results from a global study about Web 2.0 use in organizations. The study, commissioned by McAfee, Inc., included a worldwide survey of over 1,000 organizational IT leaders, and in-depth interviews with industry experts. Data paint a rich picture of adoption and usage trends, as well as security concerns related to Web 2.0 technologies. About the speaker: Dr. Vorvoreanu is an assistant professor in Computer Graphics Technology and Organizational Leadership & Supervision at Purdue University. She studies the socio-cultural impact of new communication technologies. Before joining Purdue, she was an assistant professor in the Department of Communication Studies at Clemson University, SC, and the Department of Communication at the University of Dayton, Ohio. While at Clemson and UD respectively, Dr. Vorvoreanu taught various public relations and communication courses, and did academic research in the area of public relations and new Web technologies. . She has published research articles in the Journal of New Communications Research, Public Relations Review and the Journal of Website Promotion and a book about online public relations: Web Site Public Relations: How Corporations Build and Maintain Relationships Online. Dr. Vorvoreanu holds a Ph.D. in Communication from Purdue University.Lorraine G. Kisselburgh is an assistant professor in Communication at Purdue University, and is also affiliated with research institutes at CERIAS and Discovery Park. She began her career as an information analyst and programmer, and directed the development and use of emerging technologies in higher education. She studies organizational communication, the social implications of emerging technologies, privacy, social networks, and collaboration in online groups. She has published in Communication Yearbook, Management Communication Quarterly, Communication Studies, Journal of Mechanical Design, Journal of Motor Behavior, and Acta Psychologica, and other published books. Dr. Kisselburgh is a member of the Public Policy committee of the ACM, and has served on advisory committees for business intelligence, decision support systems, distance learning, and instructional technology.

Sergey Panasyuk, Assured Processing through Obfuscation

Wed, 29 Sep 2010 16:30:00 EDT

In this seminar, an Obfuscation Module is discussed. This module provides a means to perform computation on untrusted computing systems while maintaining the confidentiality and integrity of the information. Being able to do so not only enables assured processing, such as running a program with certain assurances that the algorithm will remain protected, but it can also increase the defensive posture of cyber systems. When an executable is requested by the operating system, the module will apply obfuscation techniques to repackage it. Once repackaged, it will send the new executable to the host system. In this way, the untrusted system will never have access to the original executable image but a convoluted equivalent of it, protecting the confidentiality of the image and the algorithm which it implements, since it is cost prohibitive to unscramble the available executable. About the speaker: Sergey Panasyuk is employed as a Computer Scientist at the Air Force Research Laboratory's Information Directorate in Rome NY. He joined AFRL in 2008 and is assigned to the Computing Architectures Branch (AFRL/RITA). In his current position; Sergey focuses on research and development of technologies related to the application of advanced computing to Information Assurance and Trusted Computing. Sergey has more than nine years of professional experience as embedded system developer.Sergey received his Bachelor of Science in Computer/Information Science with Minor in Mathematics from SUNY Institute of Technology at Utica/Rome in 2002. In 2008 he received Master of Science in Computer/Information Science from the same institution.

Petros Mouchtaris, Security of Mobile Ad Hoc Networks (MANETs)

Wed, 22 Sep 2010 16:30:00 EDT

This talk will initially provide an overview of Telcordia's cyber security research. The talk will then focus on Telcordia's research in securing MANETs. MANETs are networks that do not require a fixed infrastructure (like base stations or access points) that are typically used in commercial wireless networks. In MANETs, messages are relayed from node to node from the source of a packet towards the destination. If there is a "sufficient" number of nodes covering a specific area, communication between the source and the destination can be achieved. MANETs have attracted a lot of interest in applications where fixed infrastructure may not be available or has been destroyed such as vehicle to vehicle communication, military networks, and disaster relief support. The key value of MANETs is their ability to allow nodes to join forces quickly to form a network. Achieving the potential value of MANETs in a secure manner though is a significant challenge. This talk will discuss Telcordia's research and progress in this area. About the speaker: Petros Mouchtaris is the Executive Director of Information Assurance and Security at Telcordia Technologies leading a department performing research and development of innovative cyber security technologies addressing the needs of commercial and government customers. Dr. Mouchtaris has published several papers in conferences and journals and a book entitled "Security for Wireless Ad Hoc Networks." Dr. Mouchtaris received his M.S. and Ph.D. from the California Institute of Technology.

Xiaofeng Wang, Side Channel Threats in the Software-as-a-Service Era: Challenges and Responses

Wed, 15 Sep 2010 16:30:00 EDT

With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is a "two-part" program, with its components deployed both in the browser and in the web server. The communication between these two components inevitably leaks out the program's internal states to those eavesdropping on its web traffic, simply through the side channel features of the communication such as packet length and timing, even if the traffic is entirely encrypted. In this talk, I will present our discovery showing that such side-channel leaks are both fundamental and realistic: a set of high-profile web applications are found to disclose highly sensitive user data such as one's family incomes, health profiles, investment secrets and more through their side channels. More importantly, we found that the root causes of the problem are some fundamental characteristics of web applications: stateful communication, low entropy input for better interaction, and significant traffic distinctions. This indicates that a significant improvement of the current web-application development practice becomes necessary. As a response to this urgent call, I will also describe in this talk a new technique we developed, called Sidebuster, which facilitates detection and quantification of side-channel vulnerabilities during development of web applications. About the speaker: Dr. XiaoFeng Wang is the Director of Center for Security Informatics under the School of Informatics and Computing, Indiana University. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University in August, 2004, and has since been a faculty member at IU. Dr. Wang is a recognized active researcher on system and network security, privacy protection and incentive engineering. His group extensively publishes at leading security venues and vigorously pursues innovative and high-impact research directions. His current work focuses on privacy issues in processing and dissemination of human genome data, and security/privacy issues in Cloud Computing. Dr. Wang has also been actively serving the research community, participating in the program committees and organization committees of numerous conferences and workshops. His research is supported by the NSF, Department of Homeland Security and the Air Force.

Xeno Kovah, Rootkits

Wed, 8 Sep 2010 16:30:00 EDT

This talk will examine the state of current and proposed rootkits, to try and answer the following question: are rootkits stupid and lame? The speaker will provide supporting evidence that most all rootkits are eminently detectable, in theory. But theory doesn't matter if tools for detection are not used in practice. Therefore the talk will highlight the few weaknesses in detection methodologies and many weaknesses in tools, so that the audience can think about what they could do to make the world more secure. About the speaker: "Xeno Kovah is mortal and fallible. So are you."

Ashish Kundu, Data in the Cloud: Authentication Without Leaking

Wed, 1 Sep 2010 16:30:00 EDT

Assurance of authenticity as well as confidentiality of data is an important problem, in cloud computing and in third-party data distribution environments. Existing data authentication schemes for structured and semi-structured data such as trees and graphs leak information, leading to privacy and confidentiality breaches. We have developed schemes for leakage-free authentication of trees and graphs. Our schemes are provably secure and efficient. In this talk, I would present these schemes as well as describe how to address the problem for disconnected trees/graphs (forests) (e.g., a set of databases). Time permitting, we would discuss some of the applications of these schemes. Our solutions have several applications in the cloud-based service offerings such as in the database and e-mail as services, storage and distribution of healthcare and biological data, and in security of social networks. About the speaker: Ashish Kundu is a Ph.D. Candidate in Computer Science at PurdueUniversity and is affiliated with CERIAS. Ashish is as an advisee of Prof. Elisa Bertino. His research interests are broadly in the area of "how to build secure and dependable systems and services". In his doctoral thesis, Ashish is addressing the problem of "How to Authenticate Trees and Graphs Without Leaking". One of his papers related to his thesis received the Best Student Paper at the IEEE Enterprise Computing conference in 2006. Prior to joining Purdue, Ashish was a Research Staff Member at IBM India Research Lab for about five years. At IBM Research, Ashish worked on distributed and pervasive systems. He has been (co-)inventor in several patents. He has also been awarded with the IBM Bravo award as well as two IBM Plateau awards for his contributions.

Cristina Nita-Rotaru, Secure Network Coding for Wireless Mesh Networks

Wed, 25 Aug 2010 16:30:00 EDT

In this talk we identify two general frameworks (inter-flow and intra-flow) that encompassseveral network coding-based systems proposed in wireless mesh networks. Our systematicanalysis of the components of these frameworks reveals vulnerabilities to a wide range of attacks,which may severely degrade system performance. We then focus on addressing the most severeand generic attack against network coding systems, known as packet pollution attack. We showthat existing cryptographic mechanisms that were proposed to solve the problem have a prohibitivecost that makes them impractical in wireless mesh networks. We propose the first practical defensemechanisms to pollution attacks in network coding for wireless mesh networks. The experimentalresults show that the proposed mechanisms can effectively filter out polluted packets and quicklyidentify and isolate attacker nodes while incurring small computation and bandwidth overhead. About the speaker: Cristina Nita-Rotaru is an Associate Professor in the Department of Computer Science at Purdue University where she established the Dependable and Secure Distributed Systems Laboratory (DS2).She is a member of the Center for Education and Research in Information Assurance and Security (CERIAS) and is associated with the Center for Wireless Systems and Applications (CWSA) at Purdue University.Her research interests lie in designing distributed systems, network protocols and applications that are robust to failure, mis-configuration, and malicious attacks. Cristina Nita-Rotaru is a recipient of the NSF Career Award in 2006. She has served on the Technical Program Committee of numerous conferences in security, networking, and distributed systems. She is currently serving as an Associate Editor for ACM Transactions on Information Security and Elsevier Computer Communications.

Victor Raskin & Julia Taylor, Ontological Semantic Technology for Detecting Insider Threat and Social Engineering

Wed, 28 Apr 2010 16:30:00 EDT

The paper describes a computational system, an application and implementation of the mature Ontological Semantic Technology, for detecting unintentional inferences in casual unsolicited and unrestricted verbal output of individuals, potentially responsible for leaked classified information to people with unauthorized access. Uses of the system for cases of insider threat and/or social engineering are discussed. About the speaker: Victor Raskin is a Distinguished Professor of English and Linguistics at Purdue, who also is an Associate Director for Graduate Education at CERIAS and has a courtesy appointment in CS. He holds a Ph.D. (1970) from the Lomonosov Moscow State University in mathematical and computational linguistics. A co-founder of Ontological Semantics, with his former Ph.D. advisee Sergei Nirenburg, he has authored, co-authored, edited, etc. some 20 books and over 200 papers in the are of theoretical and computational semantics and their applications. He has also consulted a number of businesses implementing applications of Ontological Semantics.Julia M. Taylor is a Visiting Scholar at CERIAS and Linguistics at Purdue University and a leading designer for the Text Analytics application of the Ontological Semantics Technology at RiverGlass, Inc. She holds a Ph.D. in Computer Science and Engineering from the University of Cincinnati (2008). She has published over 30 papers on knowledge representation, fuzzy logic, and, of course, the Ontological Semantic Technology and its applications and is working on a book about computational joke detection system.

Stephen Dill, The role of System Security Engineering in the engineering lifecycle

Wed, 21 Apr 2010 16:30:00 EDT

This seminar will provide an overview of how Information Security (AKA Cyber Security, AKA INFOSEC) engineering, requirements analysis and security policies and other activities fit into the overall life cycle of an IT system. We will define an INFOSEC systems engineering methodology using industry best practices and we will define the major steps or key activities in that systems engineering methodology. We will also discuss what the role of Information Systems Security Engineering and the Systems Security Engineers should be in the Life Cycle processes. About the speaker: Mr. Dill has been working in information security for 35 years, primarily in IT and communications systems architecture & design and operations & maintenance. Currently he is the CyberSecurity Solution Family Chief Architect, responsible for the coordination and execution of Cyber Security Research and Development within IS&GS and managing contracted R&D with other businesses and at universities. He has been with Lockheed Martin since 1991. In the past Mr. Dill led R&D projects in cross-domain information sharing, multilevel security, Information Assurance management systems, data provenance, identity management and intrusion detection and atmospheric sounding. Other work experiences include IT over satellite comms systems architecture and program management, IA training and career development, C2 program management for the White House Communications Agency, Communications-Electronics Repair Activity Management, DSCS Satellite Terminal Station Chief, and Avionics and Armament Repair Management. Mr. Dill holds a BS in Biology/Botany from Bucknell University, a MS in Telecommunications Management from the University of Maryland and received his initial training in Information Security courtesy of the US Army.

Christian Hammer, Security of JavaScript in a Browser Environment

Wed, 14 Apr 2010 16:30:00 EDT

The power of modern websites emerges to a large extent from the ability to combine content from different sources. As an example, a site may include a Google map next to business information a user had been searching for. Combining content from possibly untrusted sites gives rise to all sorts of security concerns, as JavaScript has no concept of separating scripts from different sources. This has lead to several recent attacks like the Samy or Yamanner worms. This talk presents the state of the art in securing JavaScript for such settings and proposes a sandboxing facility for in-browser script separation. About the speaker: Christian Hammer is a post-doctoral researcher at Purdue University working in the Secure Software Systems lab with Prof. Jan Vitek. His research interests include static and dynamic program analyses, in particular security, program slicing, information flow, concurrency, and programming languages. He received the Doctor of Engineering (Dr.-Ing.) from Karlsruhe Institute of Technology, Germany in 2009, and a Diplom (equiv. M.Sc.) in Computer Science from University of Passau, Germany. As a graduate student, he spent two semester breaks at the IBM T. J. Watson Research Center in Hawthorn, NY.

Yvo Desmedt, 60 years of scientific research in cryptography: a reflection

Wed, 7 Apr 2010 16:30:00 EDT

Shannon started the unclassified scientific research in cryptography with hisOctober 1949 paper. First we briefly survey the scientific research incryptography since then. We discuss the strengths and weaknesses of thisresearch, attempting to present a balanced viewpoint.The lecture will also discuss the progress we have not made. We will show thatnot everything in modern cryptography is rosy. Besides above examples, we willalso talk about the discrepancy between the massive number of applications ofcryptography studied by academics and the fact most of these are being viewedas completely irrelevant to the real world. About the speaker: Yvo Desmedt received his Ph.D. (Summa cum Laude) from the University ofLeuven, Belgium (1984). He is presently the Chair of InformationCommunication Technology at University College London, UK and Invited SeniorResearch Scientist at RCIS (AIST), Japan. He is also a courtesy professor atFlorida State University. His interests include cryptography, network securityand computer security. He was program chair of ICITS 2007, co-program chair ofCANS 2005, program chair of PKC 2003, the 2002 ACM Workshop on ScientificAspects of Cyber Terrorism and Crypto '94. He is editor-in-chief of the IETInformation Security, editor of the Journal of Computer Security, ofInformation Processing Letters and of Advances in Mathematics ofCommunications. He has given invited lectures at several conferences andworkshop in 5 different continents. He has authored over 150 refereed papers.He has 139 entries on DBLP. He is ranked as 4th most productive (out of 1817researchers) at the two main research conferences in Cryptology. He is arecipient of the Society of Worldwide Inter-bank Funds Transfer (SWIFT) award.

David Bell, Everything I Needed to Know about Security, I Learned in 1974

Wed, 31 Mar 2010 16:30:00 EDT

The security field is an excellent illustration of the maxim that ``the more things change, the more they stay the same.'' Thus while technical details change, underlying security principles remain remarkably constant. Dr. Bell's talk ``Everything I Needed to Know about Security, I Learned in 1974'' covers the lessons he learned in his early modeling work, how they have remained valid since, and how those principles inform his view of 21st-Century challenges. About the speaker: David Elliott Bell, Ph. D., is the co-author of the widely-known ``Bell-La Padula security model." His work in security has been varied, from the conceptual security of his modeling work to security architectures, operating system security, database management security, network security, formal verification, public-key technology, and standards and guidelines for security practice.In addition to security, he has also contributed in systems design and implementation, acquisition, integration, and, not least, in passing his insight along through formal and informal training and education. He has been a guest lecturer at the U.S. Military Academy at West Point and the U.S. Naval Academy at Annapolis.Major customers benefitting from his contributions include the Department of Defense, especially the U.S. Air Force, DIA, and the National Security Agency (where he was presented the NSA Meritorious Civilian Service Award); the Department of Homeland Security; and the Department of Energy.Since retirement, he has given invited addresses at ACSAC, Mississippi State University, the University of Nebraska, Omaha, and Winston-Salem State University.

David Zage, A Platform for Creating Efficient, Robust, and Resilient Peer-to-Peer Systems

Wed, 24 Mar 2010 16:30:00 EDT

The rapid growth of communication environments such as the Internet has spurred the development of a wide range of systems and applications based on peer-to-peer ideologies. As these applications continue to evolve, there is an increasing effort towards improving their overall performance. This effort has led to the incorporation of measurement-based adaptivity mechanisms and network awareness into peer-to-peer applications, which can greatly increase peer-to-peer performance and dependability. Unfortunately, these mechanisms are often vulnerable to attack, making the entiresolution less suitable for real-world deployment. In this work, we study how to create robust systems components for adaptivity, network awareness, and responding to identified threats. These components can form the basis for creating efficient, high-performance, and resilient peer-to-peer systems.

Pascal Meunier, Making of the CWE Top-25, 2010 Edition

Wed, 10 Mar 2010 16:30:00 EST

For the second time, MITRE's Common Weakness Enumeration project has released a Top-25 list. However, this year's is a much more sophisticated document, created using a systematic and more rigorous approach. It contains several sections and tables as well as profiles, and isn't only a list. I willexplain what the CWE is, what the purpose of the Top-25 is, how it was created,which problems it faced and which it still faces, how it has been improvedsince last year, and how you can use it. About the speaker: Pascal Meunier received his B.S. in Physics in 1986 from Laval University, Ph.D. in Biophysics from the University of Québec in 1990, and M.Sc. in computer science from Purdue in 2000. Dr. Meunier has since worked at CERIAS on projects such as the Cassandra system (https://cassandra.cerias.purdue.edu), vulnerabilities of PDAs in a wireless environment, and vulnerability analysis (https://coopvdb.cerias.purdue.edu). He has been on the board of editors of the CVE at MITRE since 1999, and is adjunct faculty in Norwich University's program for their online Masters in Information Assurance.

Wonjun Lee, Detection and protection from denial of service attacks in grids by accountability agents

Wed, 3 Mar 2010 16:30:00 EST

By exploiting existing vulnerabilities, malicious parties can take advantage of resources made available by grid systems to attack mission critical websites or the grid itself. In this paper, we present two approaches for protecting against attacks aiming at targets located outside or inside the grid. Our approach is based on special-purpose software agents, referred to as accountability agents that collect provenance and resource usage data in order to perform detection and protection. We show the effectiveness of our approach and the performance of the accountability agent based system by conducting various experiments on a grid-emulated testbed. About the speaker: I am a Ph.D candidate at School of Electrical & Computer Engineering. My research interests are in security issues related to authentication, authorization, accountability, and identity management in distributed computing systems such as grid, cloud. Currently I am working on the distributed denial of service attacks induced from grid resources, and the accountability policies. My research advisor is Professor Elisa Bertino in Computer Science. I am originally from South Korea.

Kevin Hoffman, Ribbons, A Partially-Shared Memory Programming Model

Wed, 24 Feb 2010 16:30:00 EST

We present ribbons, a shared memory programming modelthat allows for more implicit sharing of memory than processes but ismore restrictive than threads. Ribbons structure the heap into protectiondomains. Privileges between these protection domains are carefullycontrolled to provide the ability to fully or partially "sandbox" certainportions of a program's computation. RibbonJ, a backwards-compatibleextension of Java, is deﬁned to easily create programs that leverage theribbons model. RibbonJ is implemented within Jikes RVM, and avoidsthe overhead of inline security checks and read or write barriers byleveraging the memory protection mechanisms already supported inmodern hardware and operating systems. This is joint work withHarrison Metzger and Professor Patrick Eugster. About the speaker: Kevin Hoffman is a PhD candidate in the Computer Science Department at Purdue, advised by Professor Patrick Eugster.He has published papers on topics ranging from reputation systems,aspect-oriented programming, and software metrics, to automatedregression-cause determination via dynamic software analysis.He is currently working on the Ribbon project, as well as onscalable, low-latency, low-contention garbage collection techniquesfor high core count systems.

Hyo-Sang Lim, Provenance-based Data Trustworthiness Assessment in Data Streams

Wed, 17 Feb 2010 16:30:00 EST

This talk presents a systematic approach for estimating the trustworthiness of data items in data stream environments (such as sensor networks). The approach uses the data item provenance as well as their values. To obtain trust scores, the approach exploits a cyclic framework which well reflects the inter-dependency property: the trust scores of data items affect the trust scores of network nodes, and vice versa. The trust scores of data items are computed from their value similarity and provenance similarity. The value similarity comes from the principle that "the more similar values for the same event, the higher the trust scores," and we compute it under the assumption of normal distribution. The provenance similarity is based on the principle that "the more different provenances with similar values, the higher the trust scores," and we compute it using the tree similarity. Since new data items continuously arrive in DSMSs, we need to evolve (i.e., recompute) trust scores to reflect those new items. As evolution scheme, we propose the batch mode for computing scores (non)periodically along with the immediate mode. Experimental results show that the approach is efficient and effective in data stream environments. About the speaker: Hyo-Sang Lim is a post-doc in the department of computer science and CERIAS at Purdue University. He received his B.S. degree in computer science from Yousei University, South Korea and M.S. and Ph.D. degrees in computer science from KAIST (Korea Advanced Institute of Science and Technology). His research interests include query processing and security issues in data streams, sensor networks, and spatial databases.

Marcus Rogers, Dissecting Digital Data: Context & Meaning through Analytics

Wed, 10 Feb 2010 16:30:00 EST

This talk will look at how analytics can be used to increase our understanding of what digital evidence actually means. The real value of evidence is often related to the context and meaning of the data ; not just on its mere existence. The talk will examine how analytics can be used to answer core investigative and intelligence questions and where meaning can be found.

Greg Stephens, Detecting Insider Theft of Trade Secrets

Wed, 3 Feb 2010 16:30:00 EST

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts. About the speaker: Since joining MITRE in 2001, Greg has been consulting and researching in the area of enterprise security operations. His areas of expertise include security operation center (SOC) architecture and management, the effective implementation of intrusion detection and audit systems, and the effective use of security information management systems (SIMs). Since 2003, his focus has been on detecting insider threats. He led successful R&D efforts within MITRE and for the Institute for Information Infrastructure Protection (I3P) that yielded an effective, novel detection approach and significant insight into insider threat behavior. He is currently extending his insider threat research, adapting it for cyber threat detection. Prior to joining MITRE, Greg helped architect the managed security monitoring service provided by Counterpane Internet Security and managed the security of a mid-sized defense contractor.Greg holds a B.S. in Materials Science from U.C. Berkeley and an M.S. in Information Technology from George Mason University.

Stephen Elliott, Applications of biometric technologies

Wed, 20 Jan 2010 16:30:00 EST

In today's society, biometric technologies are being used in a number of different applications. This discussion will introduce the concept of biometric technologies, and outline various challenges and solutions that are being undertaken in the biometrics lab at Purdue University.

Eugene Spafford, Thinking Outside the Box

Wed, 13 Jan 2010 16:30:00 EST

Kelly Caine, Human Factors Approaches to Preserving Privacy

Wed, 9 Dec 2009 16:30:00 EST

Threats to privacy are not only due to traditional computer security issues; human factors issues such as unintentional disclosure of information also have an impact on privacy preservation. In this talk I will discuss two examinations of psychological aspects of privacy and how they relate to technology. First, I will present results from an investigation of everyday privacy behaviors and discuss how these naturally occurring behaviors can guide the design of privacy protective technology. Then, I will introduce the concept of misclosure, which is the unintentional disclosure of information, and provide multiple example misclosures. I will conclude by demonstrating that misclosures a) occur frequently b) occur across systems and c) may be preventable by considering human factors during design. About the speaker: Kelly Caine is a Research Fellow in the School of Informatics and Computer Science at Indiana University. She received her B.A. in Psychology from the University of South Carolina and her M.S. and Ph.D. in Engineering Psychology from the Georgia Institute of Technology. Her research interests include health informatics, privacy, human factors, human computer interaction, and designing for special populations. She is a member of APA, HFES, and the ACM SIGCHI, is an alumnus of the Georgia Tech Human Factors and Aging Lab and the GVU Center, and the Aware Home Initiative, and is a current member of the IU ETHOS group. She is the recipient of a fellowship in Information Technology and International Development, the Foley Scholar award, and the Georgia Tech Presidential Scholarship. Outside of academia, Kelly worked as a User Experience Researcher at Google on a variety of projects including Google Health.

Andrew Scholnick, Cyber Security Trends and Disruptors

Wed, 2 Dec 2009 16:30:00 EST

The Director of the VeriSign iDefense Applied Vulnerability Research Labs discusses current cyber security trends identified in 2008 and manifested in 2009 from Cyber Crime, Cyber War, Cyber Espionage and Cyber Terrorism. He will then look over the horizon to identify some potential Cyber Security Disruptors; ideas or technologies coming down the pike that will fundamentally change how the security community protects its enterprise and its customers. About the speaker: Mr. Scholnick, as the Director of the VeriSign iDefense Applied Vulnerability Research Lab, supervises a highly experienced team of research engineers in the discovery, acquisition and verification of software and firmware vulnerabilities. This expert team provides advance notification of problems and potential mitigations to product vendors, iDefense subscribers, and the general public in accordance with the iDefense policy for Responsible Disclosure.

Gerome Miklau, Safely Analyzing Sensitive Network Data

Wed, 18 Nov 2009 16:30:00 EST

Social and communication networks are formed by entities (such as individuals or computer hosts) and their connections (which may be contacts, relationships, or flows of information). Such networks are analyzed to understand the influence of individuals in organizations, the transmission of disease in communities, the operation of computer networks, among many other topics. While network data can now be recorded at unprecedented scale, releasing it can result in unacceptable disclosures about participants and their relationships. As a result, privacy concerns are severely constraining the dissemination of network data and disrupting the emerging field of network science. Our recent work investigates the properties of a network that can be accurately studied without threatening the privacy of individuals and their connections. We adopt the rigorous condition of differential privacy, and develop algorithms for releasing randomly perturbed statistics about the topology of a sensitive network. This talk will focus on two basic analysis tasks: the estimation of the degree distribution of a network and the study of small structural patterns that occur in a network (sometimes called motif analysis). We show that the degree distribution of a network can be very accurately estimated by a novel technique in which constraints are applied to the noisy output to improve utility. This technique is of general interest, and can be used to boost the accuracy of differentially private output in other tasks as well. We show that studying motifs is fundamentally harder, but can be done with acceptable accuracy if the privacy condition is relaxed. About the speaker: Gerome Miklau is an Assistant Professor at the University of Massachusetts, Amherst. His primary research interest is the secure management of large-scale data. This includes evaluating threats to privacy in published data, devising techniques for the safe publication of social networks, network traces, and audit logs, designing database management systems to implement security policies, and theoretically analyzing information disclosure. He received an NSF CAREER Award in 2007 and won the 2006 ACM SIGMOD Dissertation Award. He received his Ph.D. in Computer Science from the University of Washington in 2005. He earned Bachelor's degrees in Mathematics and in Rhetoric from the University of California, Berkeley, in 1995.

Leszek Lilien, Some Thoughts on the Pervasive Trust Foundation for the Future Internet Architecture. A position presentation.

Wed, 11 Nov 2009 16:30:00 EST

We start with presenting motivation and goals for the Future Internet, and reviewing basics of trust in computing.The Pervasive Trust Foundation (PTF) for the Future Internet is proposed next. This includes presenting motivation for trust foundation for the Future Internet, showing placement of security services and mechanisms within the architecture, and trust considerations for security services.Inefficient operation of the PTF-based architecture is the main obstacle to making such architecture a reality. There are two classes of approaches that can reduce operational costs. First, inherent PTF properties result in automatic cost-saving. Second, additional cost-saving techniques --such as leveraging high-trust enclaves, or using enclave "insurers"-- can be used.The architectural principles presented here are a position statement, and their practical verification will require substantial research efforts. About the speaker: Leszek Lilien is an Assistant Professor of Computer Science at Western Michigan University (WMU). He obtained his Ph.D. degree from the University of Pittsburgh, and was involved in post-doctoral research at Purdue University. His was a faculty at the University of Illinois at Chicago and a tutorial instructor for IEEE Computer Society. He has a diversified R&D experience in industry and some entrepreneurial experience in the United States and Poland.His current research is focused in two areas: (1) opportunistic capability utilization networks a.k.a. oppnets (a specialized kind of ad hoc networks); and (2) trust, privacy and security in open computing systems. In Area 1, he focuses on primitives for oppnets, privacy and security in oppnets, and interoperability of oppnet helper networks and devices. In Area 2, he concentrates on privacy-preserving data dissemination, the role of trust in open computing environments, analysis of computer security paradigms, and security and privacy aspects in pervasive systems, including ad hoc sensor networks and embedded networks. He is an Editorial Board member for the International Journal of Communication Networks and Distributed Systems, The Open Cybernetics & Systemics Journal, and Recent Patents on Computer Science. He chaired and organized two International Workshops on Specialized Ad Hoc Networks and Systems (SAHNS 2007 and SAHNS 2009) in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2007 and ICDCS 2009). He was a Co-PI for an NSF grant on vulnerability analysis and threat assessment/avoidance. In 2008, he was selected for the Visiting Faculty Research Program (VFRP), U.S. Air Force Research Lab. He is a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE) and IEEE Computer Society. He is affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

Zahid Pervaiz, Multi-Policy Access Control for Healthcare using Policy Machine

Wed, 4 Nov 2009 16:30:00 EST

Access control policies in healthcare domain define permissions for users to access different medical records. A Role Based Access Control (RBAC) mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding thecapabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newlyimplemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data. About the speaker: Zahid Pervaiz is a PhD candidate in School of Electrical and Computer Engineering at Purdue University. He received his bachelor's degree in Electronics engineering from National University of Science and Technology, Pakistan in 2000. Prior to joining Purdue in 2007, he worked with a research organization in Pakistan for five years as a senior design engineer. His research interests include information privacy, data security and access control. His current research work focuses on access control mechanisms for healthcare applications. He can be reached at zpervaiz@purdue.edu.

Andre Koenig, Security in Infrastructureless and Decentralized Communication Networks - Possibilities, Results, and Evaluation Challenges

Wed, 28 Oct 2009 16:30:00 EDT

Infrastructureless and decentralized communication substrates such as mobile ad hoc networks and peer-to-peer systems enable setting up communication services beyond borders of contemporary wired or cellular client/server systems. Yet, due to their specific characteristics like wireless multihop data transmission and lack of central trusted instances, infrastructureless and decentralized networks are also beyond the protection of contemporary security mechanisms. This especially requires consideration in possible first responder or military application scenarios. Various new threats targeting each layer of the ISO/OSI model have been identified. Central questions regarding security include how to deal with misbehavior and how to protect information in networks without well-defined borders, consisting of devices, services, and users from multiple administrative domains.In this talk we present possible solutions for excluding misbehaving nodes from infrastructureless networks to recover the availability of the network in presence of attacks. We further present mathematical tools for governing cooperative decision processes without central trusted instances as basis for security objectives such as authentication and access control in decentralized systems. We show evaluation results based on analytical models as well as simulation and testbed studies and highlight general challenges regarding the evaluation of protocols and algorithms for infrastructureless decentralized communication networks. About the speaker: Andre Koenig received his diploma in computer science from TU Darmstadt. After having worked for a system retailer offering network design, consultation, and trainings, he joined the Multimedia Communications Lab (KOM) at TU Darmstadt, Germany, in 2005. His research focuses on security mechanisms for highly dynamic, infrastructureless and decentralized environments such as mobile ad hoc networks and peer-to-peer systems. Until 2007, Andre Koenig contributed to the SicAri project funded by the German Ministry for Education and Research (BMBF) with the goal to develop a toolkit for secure ubiquitous communications. After SicAri, he was involved in the SoKNOS project funded by BMBF aiming at offering a service oriented communication platform for emergency response scenarios. Since October 2008, he is working on the G-Lab project of the BMBF with the goal to establishing a national experimental platform for research on future internet technologies. Here, Andre Koenig is responsible for the work package on quality of service and security. Since 2009 Andre Koenig is head of the 'Network Security' research group at the Multimedia Communications Lab. Besides the work on his PhD thesis and research projects, Andre Koenig is involved in various teaching activities at TU Darmstadt.

Juhee Kwon, Information Security Management and IT Executives in a Top Management Team

Wed, 21 Oct 2009 16:30:00 EDT

As information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that human resources and policies are the most likely cause of information risks, which need to become real enterprise-wide and strategic issues. This paper examines the impacts of an IT executive's structural status in Top Management Teams (TMTs) on information security risk management. E-Business has made it imperative for IT executives to adopt cross-functional roles due to the increased importance of securing and managing risks to information assets across the enterprise. Therefore, IT executive representation and status in a TMT is necessary to strategically and operationally conduct liaison activities between IT groups and other business units. However, there is little empirical research examining the effects of IT executives' structural status on managing information security risks. We employ logistical regression to examine the data from 2003 to 2008 with information security breach reports and executive compensation data. We augment this data with IT internal controls information provided by external auditors. Our results demonstrate high IT executive engagement and fair compensation are associated with reduced levels of both IT internal controls weaknesses and reported information security breaches. Second, we find that pay dispersion in a TMT increases the probability of information security breaches, while IT executive turnover is not significantly associated with breaches. As a comprehensive analysis across the accounting, human resources, and information systems literature, this study gives firms new insights into how they set IT executive compensation strategies as well as delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets. About the speaker: Juhee Kwon is currently a Ph.D. candidate of Management Information Systems at Krannert School of Management, Purdue University. Her primary research interests cover Information Security and Privacy. Although the primary interest is in information security, her research interest spans e-Commerce, Accounting Information Systems, and Telecommunication with cross-selling.

Raquel Hill, PlugNPlay Trust for Embedded Communication Systems

Wed, 14 Oct 2009 16:30:00 EDT

Given the proliferation of malware, the integrity of embedded communication systems is becoming a growing concern. Recent compromises to systems such as ATMs and network switches and routers provide evidence of the potential security problems of embedded communication systems. Trusted communication channels that pass sensitive information should only be established after the integrity of the remote system can be assured. Security hardware, such as the Trusted Computing Group's (TCG's) Trusted Platform Module (TPM) provides a mechanism to measure and authenticate the integrity of individual machines. This device can be readily found in many laptops today, however we are unaware of its use as a mechanism for providing or denying communication access to services based on the integrity of remote systems. In this work, we propose PlugNPlay Trust, an integrity framework which is a drop-in solution for providing a hardware root of trust for embedded applications. The PlugNPlay Trust design exploits the static nature of embedded communication systems and independently provides remote attestation and identity verification for the host application using the TPM. This framework, coupled with the attestation and dynamic firewall exception services we authored, enables remote parties to confirm the integrity of embedded communication systems, thereby limiting the effects and the proliferation of malware in compromised systems. Although there are preexisting technologies for interfacing with the TPM directly, we implemented the first prototype for allowing or denying access to networked services based on the trustworthiness of a remote system. The PlugNPlay framework simplifies the integration of existing TPM related tools and provides a ready to use platform for trusted computing research. About the speaker: Raquel Hill is an Assistant Professor of Computer Science in the School of Informatics and Computing. Her primary research interests are in the areas of trust and security for distributed and pervasive computing environments. Dr. Hill's research is funded by the Center for Applied CyberSecurity Research (CACR). She holds B.S. and M.S. degrees in Computer Science from Georgia Tech and a Ph.D. in Computer Science from Harvard University.

Gary McGraw, Building Security In Maturity Model (BSIMM)

Wed, 7 Oct 2009 16:30:00 EDT

As a discipline, software security has made great progress over the last decade. There are now at least 46 large scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008, Brian Chess, Sammy Migues and I interviewed the executives running nine initiatives using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include: Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity was used to guide the construction of the Building Security In Maturity Model (BSIMM). This talk will describe the observation-based maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works---people, process, and automation are all required. While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. Since its March release, the BSIMM is being expanded to include BSIMM Europe, BSIMM II, and BSIMM Lite. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you. About the speaker: company: http://www.cigital.compodcast: http://www.cigital.com/silverbulletpodcast: http://www.cigital.com/realitycheckblog: http://www.cigital.com/justiceleaguebook: http://www.swsec.compersonal: http://www.cigital.com/~gemGary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean¹s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.

Richard Power, Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security

Wed, 30 Sep 2009 16:30:00 EDT

Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security: It is not enough to develop a comprehensive cyber security program that exists in isolation from the world beyond the cloud and the cables. We have to understand the political, economic and social environments that impact our ability to deliver security, as well as our own organizational cultures. We cannot wage a 21st Century struggle for hearts and minds with a 20th Century world-view anymore than we can wage a 21st Century struggle to secure information and systems with 20th Century technology. A bold new vision is needed, one that is holistic and evolves out of transformative metaphors that reframe our concepts about security. About the speaker: Richard Power, an internationally recognized authority on Security, Intelligence and Risk, has conducted executive briefings and led professional training in over forty countries, and been widely quoted in the world news media. Power is the author of five books, including Secrets Stolen, Fortunes Lost: Preventing Economic Espionage & Intellectual Property Theft in the 21st Century and Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. He is also writes a regular column for CSO Magazine. Prior to CyLab, Power was Director of Security Intelligence for Deloitte and Editorial Director of Computer Security Institute.

Rick Aldrich, The Importance of Law in Cybersecurity, Recent Developments and Trends in Cyberlaw

Wed, 23 Sep 2009 16:30:00 EDT

Information security professionals increasingly need to be familiar with developments in cyberlaw to ensure they comport their actions with the contours of the law. Unfortunately, with technology changing far faster than the statutes, judges are increasingly being called upon to fill in the interstices. In this interactive session, facts from actual cases will be presented in a "You Be the Judge" format to highlight important developments in recent cases and identify key trends in the case law. What is the legal efficacy of a click-through consent banner and how does this impact information security professionals? What constitutes an "interception" and what types of interceptions are legal and illegal? What law dictates whether an employer can or cannot inspect its employee's personal e-mail messages? Do individuals have to divulge their encryption keys requested to do so by border guards or law enforcement agents? Are there jurisdictional borders in cyberspace? Who has jurisdiction and how does the law apply in virtual worlds? How do extradition laws apply to cybercrimes? These and many other questions will be answered in this interactive seminar. About the speaker: Rick Aldrich is the Senior Computer Network Operations Policy Analyst for the Information Assurance Technology Analysis Center and an Associate for Booz Allen Hamilton. He has been awarded several grants by the Institute for National Security Studies to study the legal and policy implications of cybercrime and information warfare. He has multiple publications in this field, including a chapter on information warfare in the widely used textbook, National Security Law. He has taught cyberlaw at the collegiate level and has been a faculty member of the Institute for Applied Network Security. He has presented at several national and international conferences including HTCIA, Infowarcon, SANSFIRE, FiestaCrow, IA Conference of the Pacific, Southeast Cybercrime Summit, a conference on Arms Control in Cyberspace in Berlin, Germany and a forum on cyberterrorism in Bogota, Colombia. He was a primary contributor to the Cyberlaw I and II courses distributed by the Defense Department. He has a Bachelor of Science degree in Computer Science from the US Air Force Academy, a Juris Doctor from UCLA, and a Masters of Law in Intellectual Property Law from the University of Houston. He is also a CISSP.

Jerry Saulman, From Security Architecture to Implementation

Wed, 16 Sep 2009 16:30:00 EDT

From security architecture to implementation details... what matters when a customer faces a project to implement a global J2EE application? This presentation will cover some of the more pertinent concepts and details involved from real world experiences in customer environments. About the speaker: 1995 Purdue Alumni Jerry Saulman is a Senior Managing Consultant from IBM's Tivoli Software Lab Services from Austin, Texas. A 11-year IBMer, Jerry spent 9 years working on the Tivoli Global Response Team, supporting 150 products as a global troubleshooter and IT process specialist. The last two years have been spent working on the software solution products based on Maximo technologies involving architecting and delivering customer solutions to enterprise problems solved by the product set including: change and configuration management, service request management, asset management, and provisioning of Cloud computing. Jerry has presented on technical topics to thousands of IBM consultants, customers, and industry analysts at various IBM and other technical conferences in his career at IBM. Jerry has received the IBM General Manager's Award in 2001 and 2008 for his his contributions to the success of IBM and its customers. He has written numerous technical and business white papers in his career and created educational curriculum for internal and customer education. Prior to his time at IBM, Jerry was an IT analyst at the Dow Chemical Company in Midland, MI, for 3 years.

Peter Mork, Database Assurance: Anomaly Detection for Relational Databases

Wed, 9 Sep 2009 16:30:00 EDT

Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this research project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate.In this presentation, because SQL injection remains the #1 attack vector, I will first illustrate how SQL injection attacks can exfiltrate data from a database system. I will then discuss various locations within the database engine that one might monitor activity, highlighting the benefits of placing a monitor between the query optimizer and query execution engine. Next, I will describe how we use cross-feature analysis to generate profiles of legitimate behavior and how these profile are used at run-time to identify anomalous activity. Then, I will present experimental results both in terms of performance overhead and precision/recall. I will conclude with a discussion of when our techniques are most applicable and how a clever adversary might nevertheless elude our monitor. About the speaker: Dr. Peter Mork is a Senior Technology Advisor and Principal Database Research at The MITRE Corporation. At MITRE his research revolves around data management topics including metadata management, data discovery, privacy and security. He also advises the Department of Health and Human Services on strategies for sharing data, particularly in the presence of privacy constraints. He received his PhD in 2005 from the University of Washington on the topic of Peer Architectures for Knowledge Sharing.

Ragib Hasan, Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealogy of Bits with Secure Provenance

Wed, 2 Sep 2009 16:30:00 EDT

As increasing amounts of valuable information are produced and persistdigitally, the ability to determine the origin of data becomesimportant. In science, medicine, commerce, and government, dataprovenance tracking is essential for rights protection, regulatorycompliance, management of intelligence and medical data, andauthentication of information as it flows through workplace tasks.While significant research has been conducted in this area, theassociated security and privacy issues have not been explored, leavingprovenance information vulnerable to illicit alteration as it passesthrough untrusted environments.In this talk, we show how to provide strong integrity andconfidentiality assurances for data provenance information in anuntrusted distributed environment. We describe our provenance-awaresystem prototype that implements provenance tracking of data writes atthe application layer, which makes it extremely easy to deploy. Wepresent empirical results that show that, for typical real-lifeworkloads, the run-time overhead of our approach to recordingprovenance with confidentiality and integrity guarantees ranges from1% - 13%.For more details, please refer to http://dais.cs.uiuc.edu/provenance About the speaker: Ragib Hasan is a Ph.D. candidate at the Department of ComputerScience, University of Illinois at Urbana-Champaign, working withProf. Marianne Winslett. He is also co-advised by Prof. Radu Sion of StonyBrook University. His dissertation focuses on storage security ingeneral, and secure provenance, tamper-evident data storage, andterm-immutable databases in particular. His other research interestsinclude trust management, remembrance-capable systems, and computer-supported collaborative knowledge-generation. Hasan graduatedsumma-cum-laude, with a B.S. in Computer Science and Engineering, fromBangladesh University of Engineering and Technology in 2003. Hereceived his M.S. in Computer Science from the University of Illinoisat Urbana-Champaign in 2005. He is the recipient of the 2009 NSF/CRAComputing Innovation (CIFellows) Postdoctoral Fellowship, and wouldjoin the Johns Hopkins University as a postdoctoral researcher in Fall2009.

Ian Goldberg, Sphinx: A Compact and Provably Secure Mix Format

Wed, 26 Aug 2009 16:30:00 EDT

Mix networks, originally proposed in 1981, provide a way for Internetusers to send messages--such as email, blog posts, or tweets--withoutautomatically revealing their identities or their locations. In thistalk, we will describe Sphinx, a cryptographic message format used torelay anonymized messages within a mix network. It is the first schemeto support a full set of security features: compactness, efficiency,provable security, indistinguishable replies, hiding the path length andrelay position, as well as providing unlinkability for each leg of themessage's journey over the network. We will compare Sphinx to other mixformats, and will also briefly outline Sphinx's security reductionproof. About the speaker: Ian Goldberg is an Assistant Professor of Computer Science at theUniversity of Waterloo, where he is a founding member of theCryptography, Security, and Privacy (CrySP) research group. He holds aPh.D. from the University of California, Berkeley, where he discoveredserious weaknesses in a number of widely deployed security systems,including those used by cellular phones and wireless networks. He alsostudied electronic cash, as well as systems for protecting the personalprivacy of Internet users; this led to his role as Chief Scientist atZero-Knowledge Systems (now known as Radialpoint). His researchcurrently focusses on developing usable and useful technologies to helpInternet users maintain their security and privacy.

Joe Judge, Software Assurance: Motivation, Background, and Acquisition Pursuits

Wed, 22 Apr 2009 16:30:00 EDT

This Software Assurance (SwA) is a slightly different spin on the SwA presentation and discussion. The need for measurable SwA, for the purposes of presenting and assurance "case" and explained with a practitioner's point of view. Current pursuits and practices are shared with the context of what is needed from the SwA industry. About the speaker: Joe Judge is an Lead Infosec Engineer/Scientist in the Center for Integrated Intelligence Systems' (CIIS) Air Force and COCOM department. His research and project tasking are for the improvement of Information Assurance (IA) practices in USAF Airborne Networks acquisition, development and engineering.

John D'Arcy, User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach

Wed, 15 Apr 2009 16:30:00 EDT

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This study presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. The results have implications for both the research and practice of IS security. About the speaker: John D'Arcy is an Assistant Professor in the Department of Management in the Mendoza College of Business at the University of Notre Dame. Dr. D'Arcy teaches an MBA course on technology risk management and an undergraduate course on computer networking and security. After gaining a BS in Finance from The Pennsylvania State University, he worked the following four years as a cost accountant and then a financial systems analyst for Ford Motor Company. During that time, he earned an MBA from LaSalle University. He subsequently earned a PhD in Business Administration with a concentration in Management Information Systems from Temple University. Dr. D'Arcy's research interests include information assurance and security, computer ethics, and human-computer interaction. In recent papers, he has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His research also investigates individual and organizational factors that contribute to end user security behavior in the workplace. Dr. D'Arcy has published articles in journals such as Information Systems Research, Communications of the ACM, Decision Support Systems, Journal of Information System Security, and Computers & Security.

Johann-Christoph Freytag, Privacy – from accessing databases to location based services

Wed, 8 Apr 2009 16:30:00 EDT

Over the last years it has become apparent that privacy issues become moreand more important when accessing data sources either on the Web or bydatabase management systems. That is, the user does not only want to hidethe query, but also the result of that query from others. In the past theproblem of querying a database privately was solved by organizational ratherthan by technical means.In this talk we describe the problem of querying databases privately moreformally and discuss existing solutions from the area of private informationretrieval (PIR). The lack of efficiency and scalability motivated us lookfor alternative approaches using a so called "secure co-processor" (built byIBM). We introduce a set of algorithms that take advantage of the (physical)properties of the co-processor and show which algorithms are necessary toguarantee privacy for database queries. In the last part of my talk Ibriefly describe our vision how to extend the current privacy approach tolocation-based services, in particular to moving objects such as vehicles(cars). About the speaker: Johann-Christoph Freytag is a full professor for databases and informationsystems (DBIS) at the Computer Science Department of theHumboldt-Universität zu Berlin, Germany. Before joining the department in1994 he was a research staff member at the IBM Almaden Research Center(1985-1987), a researcher at the European Computer-Industry-Research Centre(ECRC, in Munich, Germany, 1987-1989), and the head of Digital's (DEC)Database Technology Center (also in Munich, 1990-1993). He holds a Ph.D. inApplied Mathematics/Computer Science from Harvard University, MA.Dr. Freytag's research interests include all aspects of query processing andquery optimization in object-relational database systems, new developmentsin the database area (such as semi-structured data, data quality, databasesand security, Semantic Web), privacy in database systems, mobile systems andmobility, and applying database technology to applications such as GIS,genomics, and bioinformatics/life science. Dr. Freytag spent two sabbaticals at IBM Research and IBM Development (1997,2001) and was a regular visitor of Microsoft Research and the SQLServergroup, Redmond, as a research scientist (2002, 2005, 2007, 2008). In thelast years he received the IBM Faculty Award 4 times for collaborative workin the areas of databases, middleware, and bioinformatics/life science. Hewas a member of the VLDB Endowment until 2007 organizing VLDB 2003 inBerlin. He heads the German database interest group of the GI (Gesellschaftfür Informatik) since 2007.URL: http://www.dbis.informatik.hu-berlin.de/http://www.dbis.informatik.hu-berlin.de/~freytag

Melissa Dark, An Analysis of Data Breach Disclosure

Wed, 1 Apr 2009 16:30:00 EDT

In the past six years, 44 states in the United States have embraced a new form of privacy and identity theft regulation – mandatory disclosure of data breach information. Information disclosure regulation is a form of legislation considered effective for issues that span consumer protection and risk and where market mechanisms would/could work effectively to shape consumer and producer behavior and bring about allocative efficiency. Informational regulation is a new approach in the data privacy milieu, but has a precedent in environmental and health policy. While data breach information disclosure policies intend to have an impact on consumer and producer behavior, little is known about the costs and benefits of these policies and whether they are in fact enhancing social welfare in the area of identity theft and privacy. This talk addresses this relatively nascent public policy phenomenon with a focus on future considerations for policy analysis in this area to determine if and how such policy may be affecting the state of information assurance and security in the USA. About the speaker: Melissa Dark is a Professor in computer and information Technology. She has been working in information assurance and security education for almost 10 years. Roughly two years ago she became interested in the effects of public policy on user behavior, where users include individuals, organizations, and nations. She is currently on fellowship to study public policy and welfare economics with the goal of applying these approaches and tools to the field of information assurance and security.

, Rick Clark, Ontario Systems

Wed, 25 Mar 2009 16:30:00 EDT

Arjan Durresi, Security for the Next Internet over Heterogeneous Environments

Wed, 11 Mar 2009 16:30:00 EDT

The networking research community is working to design the Next Generation Internet, which will meet the needs of the twenty-first century. The first requirement for the Next Generation Internet is security. Furthermore, the Internet will include heterogeneous environment, such as cellular and sensor networks. In this talk, I will present our research work related to above mentioned problems and focusing on a new security oriented Internet architecture and security solutions for heterogeneous environments.It should allow receivers to set policies for how and where they receive their information. The Next Generation Internet should be designed for mobile objects. Naming, addressing architecture, and routing have to be such that these objects can move and decide how and where they want to receive their Internet traffic with full rights of privacy of their location, if desired. In this talk, I will present our research work related to above mentioned problems and focusing on Internet architecture, mobile, wireless and security issues. About the speaker: Dr. Durresi received his B.Eng., M.Eng. and Ph.D. (all summa cum laude) in Electronics and Telecommunications, in 1986, 1991 and 1993, respectively; and a Diploma of Superior Specialization in Telecommunications from La Sapienza University in Rome, Italy and Italian Telecommunications Institute. Dr. Durresi is currently an Associate Professor with the Department of Computer and Information Science at Indiana University Purdue University at Indianapolis. Previously, he was with Louisiana State University and Ohio State University. Prior to this, he was a senior system designer at Telesoft Inc. Rome, Italy. His current research interests include network architectures, heterogeneous wireless networks, security, QoSrouting protocols, traffic management, optical and satellite networks, and biocomputing. His research has been supported by NSF, the states of Ohio and Louisiana, from university and industry sources. Dr. Durresi has authored more than seventy journal papers, and more than one hundredconference papers. He has been recipient of several best Paper Awards in international conference. Dr. Durresi serves as Area Editor of Ad Hoc Networks Journal and Journal of Network and Computer Applications. He has been key note speaker in several international conferences, including AINA2007 and NBiS2008. Dr. Durresi has organized manyinternational conferences and workshops, including the IEEEInternational Workshops on Heterogeneous Wireless Networks - HWISE, the International Workshop on Advances in Information Security - WAIS, the 23rd IEEE AINA 2009, and the 12th NBiS 2009 that will be held at IUPUI this August.

Jeremy Rasmussen, The Best Defense is Information

Wed, 4 Mar 2009 16:30:00 EST

In the course of doing security vulnerability testing for government and commercial clients over the past 10 years, our Information Security Solutions team at Sypris Electronics has seen a lot of interesting things—perhaps none more so than a recent attack witnessed on a client's network targeted by a buffer overflow on a popular application. The attack launched a trojan horse, which then dropped in another piece of malware that stealthily connected out to several sites to receive command and control. We will go down the rabbit hole with the attack (as much as I can publicly divulge), talk about our approach to the forensic investigation, and how the client was advised to implement countermeasures to provide an overall framework of security against future attacks.It is possible people may have known about this particular exploit for more than six months before it was publicly disclosed, and the vendor still has not published a patch for it. Therefore, in this talk, we will also explore the concept of responsible disclosure, information sharing (minus attribution), and how all of this possibly fits into the Presidential Comprehensive National Cybersecurity Initiative (CNCI). About the speaker: Jeremy Rasmussen is manager of the Information Security Solutions (ISS) group at Sypris Electronics, LLC in Tampa Florida. Sypris is an industry leader with more than 40 years of success in complex electronics manufacturing and engineering products and services for defense and aerospace. Mr. Rasmussen earned a B.S. in Computer Science (1991) and M.S. in Engineering Management (1994) from the University of South Florida (USF). He had experience as a software and systems engineer at Honeywell, Raytheon, and Sypris Electronics before founding the ISS group in 1999. The ISS group specializes in system vulnerability assessments, penetration testing, policy and procedure development, and security training. The ISS group has performed assessments on more than 200 different systems ranging from a small, tactical unit in the back of a Humvee to a 350,000-user WAN spanning 54 states and territories. The team continues to grow in areas targeting penetration testing, automated compliance scanning tools, and products/technologies related to the Presidential Comprehensive National Cybersecurity Initiative (CNCI).Mr. Rasmussen is an adjunct professor in the Department of Computer Science and Engineering and Department of Information Technology at USF, teaching courses in cryptography and network security, digital forensics, and ethical hacking. He also serves as chairman of the CS&E External Advisory Board. He founded the Whitehatters Computer Security Club at USF, and the team has done very well in organized Capture the Flag events, even reaching the 2007 finals of the Defcon CtF—considered the world championship of hacking. In his spare time, Mr. Rasmussen enjoys family activities, soccer, taekwondo, teaching Sunday School, traveling, and writing. He has written several articles on "Password Security", including those for the Encyclopedia of the Internet and the Handbook of Information Security. Mr. Rasmussen was also a Jeopardy! champion in 2007.Email: Jeremy_dot_Rasmussen_at_Sypris_dot_com

Mummoorthy Murugesan, Providing Privacy through Plausibly Deniable Search

Wed, 25 Feb 2009 16:30:00 EST

Query-based web search is becoming an integral part of many people's daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research tool, the anonymization was insufficient: individuals could be identified from the contentsof the queries alone Government requests for such logs serves to increase the concern. To address this problem, we propose a client-centered approach of "plausibly deniable search". Each user query is substituted with a standard, closely-related query intended to fetch the desired results. In addition, a set of k-1 cover queries are issued; these have characteristics similar to the standard query but on unrelated topics. The system provides a property that any of these k queries will produce the same of set of k queries, giving k possible topics the user could have been searching for. We use Latent Semantic Indexing (LSI) based technique to generate queries, and evaluate on the DMOZ webpage collection to show the effectiveness of the proposed approach.

Charles Killian, Mace: Systems and Language Support for Building Correct, High-Performance Networked Services

Wed, 18 Feb 2009 16:30:00 EST

Building distributed systems is particularly difficult because of theasynchronous, heterogeneous, and failure-prone environment where thesesystems must run. This asynchrony makes verifying the correctness ofsystems implementations even more challenging. Tools for buildingdistributed systems must strike a compromise between reducing programmereffort and increasing system efficiency. Mace is a C++ languageextension, compiler, runtime, and toolset, that translates a concise butexpressive distributed system specification into a C++ implementation.Mace exploits a natural decomposition of distributed systems into alayered, event-driven state machine. A key design principle of Mace isto separate each service algorithm from the implementation mechanics(serialization, dispatch, synchronization, etc.), debugging code (loggingand property testing), and its utility services (lower-level servicesproviding a specified interface). Our experience indicates thatprecisely because Mace imposes limits on the design structure ofdistributed systems, it supports the implementation of a wide variety ofhigh-level supporting tools, including model checking, simulation, livedebugging, and visualization. Mace is fully operational, has been indevelopment for four years, and has been used to build a wide variety ofInternet-ready distributed systems. This talk will describe both theMace programming language design and MaceMC, the first model checkerthat can find liveness violations in unmodified systems implementations. About the speaker: Charles KillianPurdue University, Computer ScienceWest Lafayette, INCharles Killian is an Assistant Professor in the Department of Computer Scienceat Purdue University. He completed his Ph.D. in Computer Science from theUniversity of California, San Diego under the supervision of Amin Vahdat.Before transferring to UCSD in August 2004, he completed his Masters inComputer Science from Duke University with Amin Vahdat. His research is at theboundary of systems and programming languages, focusing on ways to usecompilers and language constructs to dually bridge the gap between performanceand programming expression, and to provide high-level tools for debugging,analysis, and understanding. Over the past 4 years he has implemented the Maceprogramming language and toolkit, built numerous distributed systems, anddesigned MaceMC, the first model checker capable of finding liveness violationsin unmodified systems code.

Mehmet Sahinoglu, Quantitative Risk Assessment of Software Security and Privacy, and Risk Management with Game Theory

Wed, 11 Feb 2009 16:30:00 EST

The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation with minimal cost. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study using Java code is presented and its accuracy is veriﬁed by discrete-event or Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example as related to a PC user and a risk-management scenario using the Game Theory approach for optimal cost mitigation results. Index Terms(10)— Quantitative Risk Assessment, Cost Mitigation, Countermeasure, Security, Privacy, Management, Simulation, Threat, Vulnerability, Game Theory

Cassio Goldschmidt, The Dark Side of Software Engineering and How to Defend Against It

Wed, 4 Feb 2009 16:30:00 EST

If you create an application that runs on one or more computersconnected to a network such as the internet, your code will be attacked.Consequences of compromised systems often include loss of trust,reputation and revenue. Software will always have defects andvulnerabilities. Strikes against digital assets are unquestionably onthe rise. We can, however, make it substantially harder to find andexploit vulnerabilities by identifying insecure coding practices and developing secure alternatives.During this practical session, we'll examine in detail the principlesbehind some of the worst attack patterns seen today in the softwareindustry. Most importantly, we'll learn effective defense programmingtechniques every developer must employ when building software. About the speaker: Cassio Goldschmidt is senior manager of the product security team underthe Office of the CTO at Symantec Corporation. In this role he leadsefforts across the company to ensure the secure development of softwareproducts. His responsibilities include managing Symantec's internalsecure software development process, training, threat modeling andpenetration testing. Cassio's background includes over 12 years oftechnical and managerial experience in the software industry. Duringthe six years he has been with Symantec, he has helped to architect,design and develop several top selling product releases, conductednumerous security classes, and coordinated various penetration tests.Cassio represents Symantec on the SAFECode technical committee and(ISC)2 in the development of the CSSLP certification. He holds abachelor degree in computer science from Pontificia UniversidadeCatolica do Rio Grande Do Sul, a masters degree in software engineeringfrom Santa Clara University, and a masters of business administrationfrom the University of Southern California.

Ryan Riley, An Alternate Memory Architecture for Code Injection Prevention

Wed, 28 Jan 2009 16:30:00 EST

Code injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and transfers execution to his malicious code. In this way he can gain control of a running process or operating system due to the fact that his injected code will run at the same privilege level as the entity being attacked. At the user-level, these attacks can be used to gain access to a system through an application bug. At the kernel-level, they are commonly used to install kernel rootkits and hide an attacker's presence on a machine.In this talk I will discuss code injection with regards to the memory architecture of modern computer systems. I will compare two common memory architectures, von Neumann and Harvard, with respect to their susceptibility to code injection attacks and the advantages and disadvantages of each in practice. Based on this, I will present a third memory architecture which is immune to code injection attacks and describe implementations of it that are able to stop code injection at the user and kernel levels. My experimental results show that this architecture is able to effectively and efficiently prevent code injection attacks against unmodified operating systems and applications running on standard x86 hardware. About the speaker: Ryan Riley is a doctoral candidate and research assistant at Purdue University in West Lafayette, IN. His research interests include Operating System and Network Security, Intrusion Detection and Prevention, Virtualization Technology, Distributed Systems, and Cloud Computing . He received a bachelor's in Computer Engineering in 2004 and a master's in Computer Science in 2006. He is preparing to graduate with his Ph.D. In Computer Science in August 2009 and is hoping to enter academia.

Paul Kidwell, A Rules Based Statistical Algorithm for Keystroke Detection

Wed, 21 Jan 2009 16:30:00 EST

A rules-based statistical algorithm (RBSA) identifies packets in any TCP connection that are client keystrokes of an ssh login. The input data of the algorithm are the packet arrival times and TCP/IP headers of the connection packets at a point along the path of the connection.The algorithm is applied to all connections seen by a network monitor; ssh port 22 connections are classified as client-keystrokes or scp file transfers, and ssh keystroke connections are discovered for all otherports. This forms a network login database that can be further analyzed for network security monitoring and forensics. One application is to an "inside'' network in which the monitor sees all connections betweenthe inside and outside.The model --- which uses the packet sizes, flags, and interarrival times --- first goes through the packets identifying epochs of different activities, and then goes back and uses more detailed information forthe classification. Performance from three types of packet traces is excellent.Previous work has proceeded by forming connection summary statistics from the headers and timestamps, and classifying the connection as one with keystrokes or not using the statistics. The RBSA takes on a muchmore ambitious task of classifying each packet as a client keystroke packet or not, but in the end the classification of the connection has extremely low false positives and false negatives.One important property of the RBSA is that it does not employ packet payload, as is done in some connection-level surveillance methods, so itcannot be defeated by an attacker through payload encryption. A second important property is that the inside network can be a large enterprise,allowing monitoring and forensics across a very large number of hosts from a single device."

Chris Clifton, Measuring Privacy: A Risk-Based Approach

Wed, 14 Jan 2009 16:30:00 EST

There have been significant research developments in technology to protect privacy. Unfortunately, few of these have made the transition to practice. A large part of the problem is the lack of an accepted way to measure privacy. Legal and regulatory terms do not translate well into technological solutions, and the plethora of technical approaches do not seem to resonate with privacy advocates.This talk will discuss issues and challenges, with examples of the reason why a clear standard is difficult. A risk-based approach will be presented that allows anonymization based on controlling the potential damage from disclosure. This approach will be compared with more traditional anonymization measures, showing the difficulty of measuringthe potential for harm from those measures.This represents joint work with Mehmet Ercan Nergiz (Purdue University) and Maurizio Atzori (University of Pisa).

Ibrahim Baggili, Extending anonymity research to high-tech white collar crimes and IT Insider threat: A critical step

Wed, 10 Dec 2008 16:30:00 EST

Theories of deindividuation share common grounds, one of which is anonymity. For decades, it has been hypothesized that anonymity affects human behavior. With the rise of the popularity and development of personal computing, claims are made that individuals perceive themselves to be more anonymous in computer mediated environments. This perception may be a major factor contributing to the engagement of individuals in online antisocial behaviors and in cyber criminal activities like high-tech white collar crimes and Information Technology (IT) insider threat crimes. This talk presents an overview of the literature on anonymity and the deindividuation theory. A philosophical bind is then made between the various effects of anonymity, high-tech white collar crimes and IT insider threat crimes. These philosophical accounts may be used as a cornerstone for scientific research in the new cyber crime phenomenon. About the speaker: Ibrahim Baggili is a doctoral candidate and graduate lecturer at Purdue University, West Lafayette, Indiana, in the department of Computer and Information Technology. His research interests include cyber forensics from a technical social and psychological perspectives and finding ways of improving the scientific validity of the field. His major current research initiative focuses on the effect of anonymity and integrity on cyber crime related activities. He can be reached at baggili@purdue.edu.

Weidong Cui, Automatic Signature Generation for Unknown Vulnerabilities

Wed, 3 Dec 2008 16:30:00 EST

In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen.Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats.ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities.By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen and demonstrated that we can automatically generate the vulnerability signature for a real-world WMF vulnerability given a single malicious WMF file. About the speaker: Weidong Cui is a researcher in the Distributed Systems and Security group at Microsoft Research, Redmond. His research interests lie in the areas of systems and networking security. He received his Ph.D. in Electrical Engineering and Computer Sciences (2006) and his M.S. in Computer Science (2003) from the University of California, Berkeley, and his M.E. (2000) and B.E. (1998) in Electronic Engineering from Tsinghua University in Beijing, China.

Sylvia Osborn, The Role Graph Model and its Extensions

Wed, 19 Nov 2008 16:30:00 EST

The Role Graph Model was first introduced by Nyanchama and Osborn in 1994. It has been extended over the years to include parameterized roles, an administrative model and a delegation model. We will show how the semantics of our role graph operations differ from those of the ANSI standard. Then we will discuss how to simulate DAC, and how the underlying basic model helped us to understand and expand the model to deal with delegation. The present and future of RBAC will also be discussed. About the speaker: Sylvia Osborn received her PhD from the University of Waterloo. Since 1977 she has been a faculty member in the Computer Science Department at the University of Western Ontario in London, Ontario, Canada, for which she has briefly acted as Chair. She is the author of numerous research papers, starting in the database field in dependency theory, and object-oriented databases. More recently she has been active in research into role-based access control including administration of access control, delegation, access control in the semantic web and database intrusion detection.

John Oritz, John Oritz, SRA International

Wed, 12 Nov 2008 16:30:00 EST

Steganography is a discipline of computer science whose aim is to conceal the existence of information. Steganography synergizes various technologies including data compression, digital signal processing, information theory, data networks, cryptography, coding theory, and the human audio and visual system. Strap on your seatbelt. I will present some key concepts of steganography, describe a number of basic and advanced spatial and transform domain techniques (with lots of pictures and sounds for the "attention-challenged"), and demonstrate these techniques using custom steganography software. The demonstrations include a Least Significant Bit (LSB) technique, High-Capacity Hiding in Jpegs, and time modulation in audio. About the speaker: John Ortiz is currently a senior computer engineering consultant for SRA International. In this position he researches information hiding techniques and steganography software, assesses the security and feasibility of advanced DoD security applications, examines and deobfuscates malware, and develops forensics tools. Prior to SRA, he spent 5 years at General Dynamics developing source code and network traffic analysis techniques and software.In a second role, Mr. Ortiz teaches a variety of computer science and electrical engineering courses at the University of Texas at San Antonio (UTSA). In particular, he developed and still teaches a Steganography course, which covers a broad spectrum of data hiding techniques in both the spatial and transform domains. For his course, Mr. Ortiz personally developed several steganographic programs for testing and analysis. Mr. Ortiz holds two master's degrees from the Air Force Institute of Technology, one in computer engineering and one in electrical engineering and a bachelor's degree in electrical engineering from Rose-Hulman Institute of Technology.

Scott Orton, The "merge" of Anti-Tamper and Information Assurance - lessons learned from the Anti-Tamper discipline

Wed, 5 Nov 2008 16:30:00 EST

Scott Orton is the Anti-Tamper (AT) subject matter expert at Raytheon and was previously responsible for establishing the DOD AT executive agency. Scott will discuss the trends in information security driving the merge of AT and IA. He will also discuss valuable lessons learned from the AT community that have applicability in IA.

Kenji Takahashi, Trends in Identity Management

Wed, 29 Oct 2008 16:30:00 EDT

Currently many initiatives are being proposed for identity management, such as OpenID, SAML, CardSpace/Information Cards, and OAuth, as its importance is becoming apparent. Identity management is as an integral part of service infrastructures to make identity available to services across organizations in a secure and privacy protected manner. The identity data are crucial to successfully providing the privileged and personalized experiences for legitimate users of services. Also it is important that the users should have strong control over their identity data to foster a socially responsible service industry. This talk will give an overview of trends in identity management, and illustrate best practices and lessons learned in real settings using case studies. The talk will also highlight standard harmonization (SAML/Liberty, OpenID, CardSpace/Information Cards, etc.) and explore the future research agenda (e.g., mobile applications). About the speaker: Kenji Takahashi is a Senior Research Engineer, Supervisor at NTT Information Sharing Platform Laboratories in Tokyo, Japan. He has been working in the IT and communication industry for more than 20 years. Dr. Takahashi was a visiting scientist at Georgia Institute of Technology and led several business incubation projects at NTT MCL in Palo Alto. Currently Dr. Takahashi is leading R&D projects for identity management for next generation networks. His research interests are in the interdisciplinary areas of security, identity, and usability. He is also very active in technical standardization, such as Liberty Alliance. Dr. Takahashi has given many talks and tutorials at international conferences. He is a co-chair of the Fourth ACM Workshop on Digital Identity Management (http://www2.pflab.ecl.ntt.co.jp/dim2008/index.html)

Federica Paci, Access Control and Resiliency for WS-BPEL

Wed, 22 Oct 2008 16:30:00 EDT

Business processes –the next generation workflows- have attracted considerable research interest in the last fifteen years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web services, there are many applications and situations requiring that people be considered as additional participants that can influence the execution of a process. Significant omissions from WS-BPEL are the specification of activities that require interactions with humans to be completed, called human activities, and the specification of authorization information associating users with human activities in a WS-BPEL business process and authorization constraints, such as separation of duty, on the execution of human activities. This talk investigates the problem of access control and resiliency for WS-BPEL processes. Access control in the context of business process means checking whether a user claiming the execution of an activity is authorized and the execution does not violate authorization constraints. Resiliency means that even if some users become unavailable, the remaining users can still complete the execution of the process according to the stated authorizations and authorization constraints. We present RBAC-WS-BPEL, an RBAC model for WS-BPEL business processes that supports the specification of resiliency constraints, authorizations and authorization constraints on business process activities. Resiliency constraints are evaluated when a WS-BPEL process is deployed, to check if there is a sufficient number of authorized users to perform the process so that authorization constraints are satisfied and the process terminates even if some users become unavailable. Authorizations and authorization constraints are evaluated whenever a user claims the execution of a business process's activity to determine if the execution of the activity by the user does not violate any authorization constraints and does not prevent some other subsequent activities from completing. About the speaker: From Febraury 2008, Dr. Federica Paci is a post-doctoral research associate at Purdue University.Paci's main research interests include access control for web services and business process, digital identity management and trust negotiations. Currently, she working on digital identity management for business process and mobile devices. Paci earned her Ph.D. in Computer Science from the University of Milan, Italy, in Febraury 2008. In Febraury 2004, she received the equivalent of a combined bachelor's/master's degree in Computer Science, also from the University of Milan.During Spring Semester of 2005 and 2006, Paci was a visiting research scholar at CS Department of Purdue University, West Lafayette, IN. Paci is the author or co-author of more than 10 conference papers and journal articles. Currently, she is co-authoring a book on Web services security. She serves as a program committee member for APWeb 2008 , IEEE Collaborative-Com 2008 and WWW 2009.

Adam Dugger, Signature Analysis Coupled With Slicing Analysis for the Validation of Software

Wed, 15 Oct 2008 16:30:00 EDT

What if you could determine exactly where, in any compiled binary, a security threat existed?Answering this question has been the fundamental goal of anti-virus software for many years past, with limited success. Instead, what if you could determine not where security threats do exist, but where they could possibly exist? This is certainly a step in the right direction for total software security -- one which puts us well on our way to being able to develop applications safe against hidden malicious code. All of this is possible with the machine code analysis methodology known as Signature Analysis.However, consider the following question: What if you could determine exactly where, in any compiled binary, a security threat might exist, and, further, precisely what this threat might affect later in the application's execution?This information can be retrieved by combining the capabilities of Code Slicing Analysis with the previously mentioned Signature Analysis. This paradigm not only assists in hardening against currently known threats, but it also identifies areas that are affected by those threats.These principles form the framework for a novel static technique for ensuring software integrity. The goal of this seminar is to present these ideas and to discuss possible future applications. About the speaker: Adam Dugger graduated from Purdue University with a double major in Computer Science and Mathematics in May of 2007. Adam now works for Arxan Defense Systems on a variety of research projects. His presentation focuses on the use of Signature Analysis coupled with Slicing Analysis for detection of malicious code. He has applied known techniques used in anti-virus scanners for use in system integrity checking.

Yuecel Karabulut, Measuring the Attack Surfaces of Enterprise Software Systems

Wed, 8 Oct 2008 16:30:00 EDT

Software vendors have traditionally focused on improving code quality forimproving software security and quality. The code quality improvement effort aims toward reducing the number of design and coding errors in software. In principle, we can use formal correctness proof techniques to identify and remove all errors in software with respect to a given specification and hence remove all its vulnerabilities. In practice, however, building large and complex software devoid of errors, and hence security vulnerabilities, remains a very difficult task. Software vendors can minimize the risk associated with the exploitation of future vulnerabilities. One way to minimize the risk is by reducing the attack surfaces of their software. A smaller attack surface makes the exploitation of the vulnerabilities harder and lowers the damage of exploitation, and hence mitigates the security risk. We believe that a complete risk mitigation strategy requires a combination of code quality efforts and attack surface measurement. SAP and CMU collaborated to develop a new attack surface measurement method for measuring the attack surfaces of SAP software systems implemented in Java. We implemented a tool and demonstrated the feasibility of our approach by measuring the attack surface of an SAP software system. In this talk, we will present the attack surface measurement method and report on its application. About the speaker: Dr. Yuecel Karabulut is a Senior Research Scientist at SAP Research in Palo Alto. He is currently member of the Platforms Research Group. Before joining this group Yuecel has worked in the Security & Trust Research Program of SAP Research, Germany where he led several SAP internal technology transfer projects and external European funded large research projects including TrustCoM and ITAIDE. His main areas of expertise include Secure Service-Oriented Architectures, Secure Business Process Composition, Application-level Virtual Machine Sandboxing, Secure Web Mashups, Language Security, Application Platform Security, Software-as-a Service (SaaS) and Multitenancy, Policy & Authorization Management, Distribute Trust Management and PKI. He has a number of conference & journal publications, and holds several patents focusing on distributed information systems, security and trust issues in open, interoperable systems. Prior to joining SAP, he worked as a Research Associate at the University of Dortmund in Germany. Yuecel received his doctoral degree and his Diploma in Informatics from the University of Dortmund, and his BSc degree in Computer Engineering from Ege University, Turkey. He serves as program committee member and chair as well as reviewer at many international conferences, workshops and journals. He holds the award of DAAD's (German Academic Exchange Service) Outstanding Student of Year 2002.

Dave Keppler, Resilient Systems for Mission Assurance

Wed, 1 Oct 2008 16:30:00 EDT

The ability for information services to continue operating despite attacks is a core enabler of mission assurance goals. Existing security techniques lack this concept of resilience and are inadequate for protecting critical services and data against targeted attacks by sophisticated adversaries. Widely implemented signature and anomaly-based detection techniques fail to keep pace with the advancement of attacker sophistication.Our objective is to develop and prototype resilience techniques that make applications impervious to the damaging effects of attacks without relying on identifying and filtering specific attacks. We employ effects-based countermeasures to impart resilience to applications, creating an environment inhospitable to attack goals, and countering previously unknown attacks on service utility, in particular, code injection and data subversion. About the speaker: David Keppler is a Senior Information Security Scientist in the Information Assurance division at The MITRE Corporation. At MITRE, David has participated in several research projects in information security, including projects on assured information sharing, active worm defense, and attribute-based access control. He currently leads a MITRE Sponsored Research project that is investigating techniques to nullify vulnerabilities in software applications via diversification and obfuscation. Prior to joining MITRE, David worked for the Air Force Research Laboratory. He received a B.S. and M.Eng. degree in Computer Science from Cornell University.

Ashish Kamra, Responding to Anomalous Database Requests

Wed, 24 Sep 2008 16:30:00 EDT

Organizations have recently shown increased interest in database activity monitoring and anomaly detection techniques to safeguard their internal databases. Once an anomaly is detected, a response from the database is needed to contain the effects of the anomaly. However, the problem of issuing an appropriate response to a detected database anomaly has received little attention so far. In this work, we propose a framework and a policy language for issuing a response to a database anomaly based on the characteristics of the anomaly. We also propose a novel approach to dynamically change the state of the access control system in order to contain the damage that may be caused by the anomalous request. We have implemented our mechanisms in the PostgreSQL DBMS and we discuss relevant implementation issues. We have also carried out an experimental evaluation to assess the performance overhead introduced by our response mechanism. The experimental results show that the techniques are very efficient. About the speaker: Ashish Kamra is a Phd candidate in School of Electrical and Computer Engineering at Purdue University. He is also enrolled in the interdisciplinary Masters in Information Security degree offered by CERIAS. Ashish received his bachelor's degree in Electronics engineering from Visvesraya Regional College of Engineering, Nagpur (India) in 2001. Prior to joining Purdue in 2004, he worked with Tata Consultancy Services at India for three years in capacity of a Systems Engineer. Ashish's broad research interests are in the area of data security and privacy. Within this, he is currently developing an intrusion detection and response mechanism for relational databases as part of his Phd thesis.

Shimon Modi, Fingerprint Sensor Interoperability: Analysis of Error Rates for Fingerprint Datasets Acquired from Multiple Fingerprint Sensors

Wed, 17 Sep 2008 16:30:00 EDT

The last decade has witnessed a huge increase in deployment of biometric systems, and while most of these systems have been single vendor, monolithic architectures the issue of interoperability is bound to arise as distributed architectures are considered for large scale deployments. The distortions and variations introduced when acquiring fingerprint images propagate from the acquisition subsystem all the way to the matching subsystem. These variations ultimately affect performance rates of the overall fingerprint recognition system. Fingerprint images captured using the same sensor technology during enrollment and recognition phases will introduce similar distortions, thus making it easier to compensate for such distortions and reducing its effect on the performance of the overall fingerprint recognition system. However, an impact on performance is expected, but unpredictable, when different fingerprint sensor technologies are used during enrollment and recognition phases. The purpose of this study was to examine the effect of sensor dependent variations and distortions, characteristics of the sensor and characteristics of the finger skin on the interoperability matching error rates of minutiae based fingerprint recognition systems. Fingerprint images were be collected from 9 different fingerprint sensors from 190 subjects for analysis of this research study. A statistical analysis framework for testing interoperability was formulated for this research, which included parametric and non-parametric tests. The statistical analysis framework tested similarity of minutiae count, similarity of image quality and similarity of performance between native and interoperable datasets. Interoperability performance analysis was conducted on each sensor dataset and also by grouping datasets based on the acquisition technology and interaction type of the acquisition sensor. The end objective of this study was to provide greater insight into the effect of a fingerprint dataset acquired from various sensors on performance measured in terms of error rates like false non match rates (FNMR) and false match rates (FMR). About the speaker: Dr. Shimon Modi is Director of Research of the Biometric Standards, Performance and Assurance Laboratory at Purdue University, and has been involved in biometrics research for over five years. He received his Ph.D. in Technology in 2008. Dr. Modi's Ph.D. dissertation was related to statistical testing and analysis of fingerprint sensor interoperability on system performance. He has a Master's degree in Technology with specialization in Information Security from the Center for Education and Research in Information Assurance and Security (CERIAS), and a Bachelor's degree in Computer Science from Purdue University. Dr. Modi's research interests reside in application of biometrics to e-authentication, statistical analysis of system performance, enterprise level information security, and standards development. Dr. Modi conducted his Master's thesis in feasibility testing of using keystroke dynamics for spontaneous password verification. Dr. Modi has co-written and contributed to 3 published books, published 9 conference proceedings, and been involved in developing a graduate level course targeted at security professionals. Dr. Modi is actively involved in biometric standards, both at the national and international level. Dr. Modi serves as a technical editor for the BioAPI-Java project, and represents Purdue University as a voting member on INCITS M1 Biometrics standards committee. Dr. Modi was a recipient of the Ross Fellowship (2005-2006) which is awarded with the intention of recruiting outstanding doctoral seeking students at Purdue University.

Dennis Moreau, Virtualization: Resource Coupling and Security across the Stack

Wed, 10 Sep 2008 16:30:00 EDT

Virtualization technology can deliver better IT asset utilization, more agile IT asset allocation, more efficient use of resources, while supporting a potentially more secure IT infrastructure. Virtualization accomplishes these benefits by leveraging mechanisms which provide a) asset isolation, b) resource sharing and c) provisioning dynamics.This session will address how to use configuration and behavioral information to address the increased complexity of security, compliance and risk assessment in virtualized environments. Comprehensive security and risk situation awareness of more dynamic, more interdependent, and more insulated assets, will allow enterprises to take fuller advantage of the promised benefits of virtualization.This session will also briefly address extension of these considerations to the cloud and utility computing infrastructures. About the speaker: As a Founder and the Chief Technology Officer for Configuresoft, Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Technology management domain. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for systems management, security compliance and configuration optimization. He works actively with the National Institute of Standards and Technology (NIST) and Mitre on the development of security configuration policy compliance standards.Dennis has over than 20 years of experience in evaluating, designing and managing complex software systems. Prior to joining Configuresoft, he was the Associate Vice President and Chief Technology Officer for Baylor College of Medicine (BCM). Dennis also has extensive experience as an IT Strategic Planning and System Architecture consultant for many commercial and governmental organizations including the DOD, NASA and IBM Corporation. He holds a doctorate in Computer Science and speaks regularly at IT management and security conferences internationally.

Gabriel Ghinita, Private Queries in Location Based Services: Anonymizers are not Necessary

Wed, 3 Sep 2008 16:30:00 EDT

Mobile devices equipped with positioning capabilities (e.g., GPS) can ask location-dependent queries to Location Based Services (LBS). To protect privacy, the user location must not be disclosed. Existing solutions utilize a trusted anonymizer between the users and the LBS. This approach has several drawbacks: (i) All users must trust the third party anonymizer, which is a single point of attack. (ii) A large number of cooperating, trustworthy users is needed. (iii) Privacy is guaranteed only for a single snapshot of user locations; users are not protected against correlation attacks (e.g., history of user movement).We propose a novel framework to support private location-dependent queries, based on the theoretical work on Private Information Retrieval (PIR). Our framework does not require a trusted third party, since privacy is achieved via cryptographic techniques. Compared to existing work, our approach achieves stronger privacy for snapshots of user locations; moreover, it is the first to provide provable privacy guarantees against correlation attacks. We use our framework to implement approximate and exact algorithms for nearest-neighbor search. We optimize query execution by employing data mining techniques, which identify redundant computations. Contrary to common belief, the experimental results suggest that PIR approaches incur reasonable overhead and are applicable in practice. About the speaker: Gabriel Ghinita is currently a Post-doctoral Research Associate with the Dept. of Computer Science, Purdue University. He holds a a PhD degree in Computer Science from the National University of Singapore. Gabriel's research interests focus on access control for collaborative environments, and privacy for spatial and relational data. In the past, he held visiting scientist appointments with the Hong Kong University, and the Chinese University of Hong Kong. Gabriel served as invited reviewer for prestigious conferences and journals, such as VLDB, ICDE, TKDE and ACM GIS.

Minaxi Gupta, Exploitable Redirects on the Web: Identification, Prevalence, and Defense

Wed, 27 Aug 2008 16:30:00 EDT

Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this work, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.This work was presented at the USENIX Workshop On Offensive Technologies (WOOT) in July, 2008. Subsequently, several online press venues have covered it, including The Washington Post, SC Magazine, and Herald Times. About the speaker: Minaxi Gupta is an Assistant Professor in the Computer ScienceDepartment at Indiana University (Bloomington). She joined IU afterfinishing her Ph.D. in Computer Science from Georgia Tech in 2004.Gupta's research interests are in Computer Networks and Security. Sheis currently working on understanding Internet's vulnerabilities andhow attackers are using them to their advantage, especially in thecontext of phishing. Her other research focus is on re-architectingthe Internet. Gupta is the recipient of the prestigious TrusteesTeaching Award (2007-2008) and Outstanding Junior Faculty Award(2006-2007) from Indiana University.

Jacob West, Static source code analysis

Wed, 16 Apr 2008 16:30:00 EDT

Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis toolWe will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. About the speaker: Jacob West manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.

Jack Jones, Shifting focus: Aligning security with risk management

Wed, 9 Apr 2008 16:30:00 EDT

With few exceptions, executive management doesn't care about security. They care about risk. In this session, Jack will discuss the differences and share his experiences in taking the information security program at a Fortune 100 financial services company from a security focus to one of risk management. This presentation will cover why the change took place, how it took place (what worked and what didn't), and the practical benefits that resulted. About the speaker: Jack Jones has been employed in technology for the past twenty-five years, and has specialized in information security and risk management for eighteen years. During this time, he's worked in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack spent over five years as CISO for a Fortune 100 financial services company where his work was recognized at the 2006 RSA Conference with ISSA's Excellence in the Field of Security Practices award. In 2007 he was selected as a finalist for the Information Security Executive of the Year, Central United States. As a member of an international ISACA task force, Jack is helping to develop global standards for IT risk management in the enterprise. He also regularly speaks at national conferences and has developed and published an innovative risk analysis framework known as Factor Analysis of Information Risk (FAIR).

Hao Chen, Exploiting Opportunistic Scheduling in Cellular Data Networks

Wed, 2 Apr 2008 16:30:00 EDT

Third Generation (3G) cellular networks utilize time-varying andlocation-dependent channel conditions to provide broadband services. They employ opportunistic scheduling to efficiently utilize spectrum under fairness or QoS constraints. Opportunistic scheduling algorithms rely on collaboration among all mobile users to achieve their design objectives. However, we demonstrate that rogue cellular devices can exploit vulnerabilities in opportunistic scheduling algorithms, such as Proprotional Fair (PF), to usurp the majority of time slots in 3G networks. Our simulations show that only five rogue device per 50-user cell can use up to 90% of the time slots, and can cause 2 seconds of end-to-end inter-packet transmission delay on VoIP applications for every user in the same cell, rendering VoIP applications useless. To defend against these attacks, we explore several detection and prevention schemes, including modifications to the PF scheduler and a secure handoff procedure.This is a joint with with Denys Ma, Radmilo Racic, and Xin Liu. About the speaker: Hao Chen is an assistant professor at the Department of Computer Science at the University of California, Davis. He received his Ph.D. in Computer Science from the University of California, Berkeley in 2004. His primary research interest is computer security, with an emphasis on wireless security, Web security, and software security. He received an NSF CAREER award for supporting his research on wireless security in 2007. More information is available at:http://www.cs.ucdavis.edu/~hchen/

Sencun Zhu, Towards Event Source Location Privacy in Wireless Sensor Networks

Wed, 26 Mar 2008 16:30:00 EDT

For sensor networks deployed to monitor and report real events, event source location privacy is an attractive and critical security property, which unfortunately is also very difficult and expensive to achieve. This is not only because adversaries may attack against sensor source privacy through traffic analysis, but also because sensor networks are very limited in resources. In this talk, we will discuss the techniques we have developed for enhancing source location privacy in sensor networks under a global adversarial model. Specifically, we will propose the notion of statistically strong source anonymity, where carefully chosen dummy traffic will be introduced to hide the real event sources. In addition, several privacy-preserving mechanisms will be employed to drop dummy messages on their roads to the base station to prevent explosion of network traffic. About the speaker: Sencun Zhu is an Assistant Professor at Department of Computer Science and Engineering and College of Information Sciences and Technology, Pennsylvania State University. He received the PhD degree in Information Technology from George Mason University in 2004. Prior to that, he received the M.S. degree from University of Science and Technology of China in 1999 and the B.S. degree from Tsinghua University in 1996. His research interests include network and systems security with focuses on ad-hoc and sensor network security, software security, and P2P security. His publications and professional services can be found in http://www.cse.psu.edu/~szhu.

Daniel Hoffman, Hacking the Mobile Workforce

Wed, 5 Mar 2008 16:30:00 EST

Companies spend millions of dollars implementing security technologies to protect their corporate networks. Laptop computers and other mobile devices lose this protection once they leave the confines of the corporate office. This presentation will define mobility-related threats, show live hacks and define best security practices to address these risks, with a particular focus on Network Access Control and NAP technologies. About the speaker: Daniel V. Hoffman is a the author of two books by Wiley Publishing "Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise," released in April and "Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control", due out in March. He is a regular speaker at events throughout the world and has been interviewed as a security expert by numerous worldwide media outlets including Forbes, Network World, Clear Channel Communications and NewsWeek.

Buzz Walsh, Managing Security Polarities

Wed, 27 Feb 2008 16:30:00 EST

There is inherent tension between network performance and security. With the rapidly evolving drive for military and economic data being accessible via Service Oriented Architectures, the import of securing such data is increasing and the consequences for a security breach often are detailed in our daily media. Complex security architectures are maturing, but broad questions remain about how to certify or accredit the transactions occurring in Net-Centric Enterprise Services. This presentation does not propose a solution and is intended to motivate discussion, collaboration and directed research. About the speaker: Buzz Walsh is the Director of Research at DoD's Information Assurance Technical Analysis Center in Herndon, VA. Dr. Walsh has published in a number of different fora including an award-winning critical analysis paper for Joint Forces Staff College, and an award-winning text for Air University that remains in its core curriculum. He has served as faculty, adjunct faculty, guest lecturer or visiting professor at the National Defense University, Joint Forces Staff College, Army War College, Army Command & General Staff College, Air University, the US Air Force Academy, Michigan State University and Grand Valley State University.

Ta-Wei "David" Wang, Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents

Wed, 20 Feb 2008 16:30:00 EST

This paper investigates the relationship between information security related disclosures in financial reports and the impacts of information security incidents through cross-sectional and cluster analysis. First, by drawing upon the theories of disclosures in the accounting literature, we examine the effect of the number of disclosures on stock price reactions to information security incidents from 1997 to 2006. Our findings suggest that first-time disclosed information security risk factors in financial reports can mitigate the impact of information security incidents on business value. Second, a cluster analysis is performed on the disclosures in financial reports before and after the incidents. The results demonstrate that companies react to information security incidents by disclosing additional and more specific risk factors in subsequent financial reports. A prediction model is also built to classify disclosures as a belonging to a firm reported in the as breached or non-breached. The model can correctly classify a disclosure with approximately 75% accuracy which help investors and auditors assess information provided by the firm. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors. About the speaker: Ta-Wei "David" Wang is currently a Ph.D. student in Management Information Systems at Krannert Graduate School of Management, Purdue University. He received his B.B.A and M.B.A from National Taiwan University in Taiwan. He is also a Certified Public Accountant in Taiwan and Certified Internal Auditor. His research interests are information security and knowledge management.

Myron Cramer, Beyond the Enclave: Evolving Concepts in Security Architectures

Wed, 13 Feb 2008 16:30:00 EST

This presentation discusses evolving concepts in security architectures. Current security architectures are based on the enclave architecture model. This model organizes and separates networked information systems into trusted, untrusted, and shared areas. Security components are located within these areas to provide the required security services based upon system requirements. While this model has many advantages in a basic client server business model, it has limitations with the evolving need to share information. This talk discusses the enclave security architecture and how it is implemented within enterprise networks. It also discusses information sharing needs that are difficult to meet within the constructs of the enclave as well as some of the security limitations of the enclave model. Potential solutions include incorporating new architectural concepts and new technologies to provide a greater variety of robust enterprise implementation options. About the speaker: Dr. Myron L. Cramer founded and manages the IA Sector. He brings over 30 years of experience in government and commercial technology programs.He is a recognized leader in advanced technology programs. His experience spans many areas of technology and operations, including information systems and software applications; operational requirements analysis; engineering research, and development.Dr. Cramer has held previous management positions with SAIC, Booz, Allen & Hamilton, and ARINC Research Corporation.As a faculty member at the Georgia Tech Research Institute, he led investigations in Competitive Information Technologies, a program addressing the competitive perspective of information technologies as they relate to government and business. This area is known as Information Warfare or Information Operations; it includes techniques and technologies to gain a competitive advantages over competitors and adversaries. As Senior Faculty Leader for the Secure Information Systems New Initiatives Group he developed new programs in network security, such as a new concept in real-time intrusion detection. He was a faculty member in "Information Revolution" research and education project addressing the consequences of the new Information Age. For commercial sponsors, he led an independent evaluation of the original internet banking application and evaluated a new internet service offering from a major regional Internet Service Provider. He founded and led GTRI's Software Process Working Group to implement Carnegie Mellon CMM software engineering processes.Dr. Cramer holds Ph.D. and Master of Science degrees in Physics from the University of Wisconsin, Madison, and is a graduate of the University of Notre Dame.

Anand Singh, What are CSO's thinking about? Top information security initiatives for 2008 and beyond …

Wed, 30 Jan 2008 16:30:00 EST

2006 and 2007 were seminal years which saw emergence of several information security threats and significant data breaches. The media focus on various incidents have made consumers much more aware of information security and hence, any significant security breach results in a significant loss of brand image.As a result, corporate boards are demanding more information security controls as a part of their risk management oversight. This has forced a rethink among the C-suite executives and has increased the importance of information security in their eyes. The CSO's are seeing an elevation in prestige and importance and are becoming empowered to contribute to the organizational strategy by defining information security as a part of organizational governance and risk management framework.The objectives of this talk are two fold. First, the focus will be on practical aspects of information security in most organizations. I will describe how Information Security is becoming a more central function and how the organizational roles and responsibilities are transforming as a result. Second, I will talk about the top information security initiatives for 2008 and what is driving those including examples and explanations of what transpired in several security breaches. Some of those initiatives are governance, wireless security, hardening of network infrastructure and data loss prevention. Throughout this talk, where applicable, I will also identify information security challenges that have not proven tractable in the hope that it will help inspire research ideas. About the speaker: Anand Singh is a manager of Information Security at Target Corporation and is responsible for providing security consulting services to the company. His team has security oversight of Target infrastructure and applications and ensures that their development and implementation is consistent with Target Security Standards and is compliant with government and industry regulations. Anand keeps a close watch on emerging threats, security trends and retail industry trends and provides senior technology leadership in the domain. Prior to joining Target, Anand was with USBank where he had executive responsibilities for disaster recovery & incident management, performance engineering, enterprise architecture and test automation. Anand extensively dealt with security issues in financial industry while working on SinglePoint initiative, a web-based banking solution for organizations that combines payment services, monitoring, imaging and fraud prevention. Anand has also worked at Parametric Technology Corporation, a leading solution provider in Product Data Management (PDM) space as a Principle Engineer and at Silicon Graphics/Cray Research as a Super Computer designer. Anand has extensive domain knowledge of retail, finance and manufacturing. He has established multiple offshore development centers and is very conversant with benefits and challenges associated with that. Because of his extensive management as well as technology background, Anand is not only able to define long term organizational strategy and vision, he is also able to advance it through tactical goals. Anand has an M.S. in Computer Science from Purdue University and B.Tech. from Institute of Technology, India with major in Computer Science and minor in Computer Engineering.

Edward W. Felten, Electronic Voting: Danger and Opportunity

Wed, 23 Jan 2008 11:30:00 EST

Electronic voting machines have made our elections less reliable and less secure, but recent developments offer hope of a better system in the future. Current research offers the hope of a future voting system that is more reliable and more secure than ever before, at reasonable cost, by combining high-tech and low-tech methods so that each can compensate for the weaknesses of the other. This talk will sketch what this future might look like, and will highlight some of the research that may make it possible. About the speaker: Edward W. Felten is a Professor of Computer Science and Public Affairs at Princeton University, and is the founding Director of Princeton's Center for Information Technology Policy. His research interests include computer security and privacy, especially relating to media and consumer products; and technology law and policy. He has published about eighty papers in the research literature, and two books. His research on topics such as web security, copyright and copy protection, and electronic voting has been covered extensively in the popular press. His weblog, at freedom-to-tinker.com, is widely read for its commentary on technology, law, and policy.He was the lead computer science expert witness for the Department of Justice in the Microsoft antitrust case, and he has testified in other important lawsuits. He has testified before the Senate Commerce Committee on digital television technology and regulation, and twice testified about electronic voting before House committees. In 2004, Scientific American magazine named him to its list of fifty worldwide science and technology leaders. He was recently named an ACM Fellow.

Paul Syverson & Roger Dingledine, Tor: Anonymous communications for government agencies, corporations, journalists... and you

Wed, 16 Jan 2008 16:30:00 EST

What do the Department of Defense and the Electronic Frontier Foundation have in common? They have both funded the development of Tor (torproject.org), a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 1500 volunteer servers carry traffic for several hundred thousand users including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, law enforcement and government intelligence agencies who need to do operations on the Internet without being noticed, and aid workers in the Middle East who need to contact their home servers without fear of physical harm.We'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and policy and legal issues. Then we can open it up for discussion about open research questions, wider social implications, and other topics the audience wants to consider. About the speaker: Paul Syverson is a Mathematician at the U.S. Naval Research Laboratory's Center for High Assurance Computer Systems, where he has been working on the theory, design, and analysis of security and privacy systems for over eighteen years. His inventions include the award winning Onion Routing, and he is designer of all onion routing systems to date, including the latest system, Tor. Dr. Syverson has been chair of nine international conferences and workshops on security and privacy including the 2007 ACM Computer and Communications Security Conference. He is author of the book Logic, Convention, and Common Knowledge, editor of many volumes on security and privacy, and author of many dozens of papers published in refereed conferences and journals. He has served on boards and steering committees of various technical organizations and has been visiting scholar or faculty at academic institutions in the United States, England, and Italy. Degrees: PhD and MA in Philosophy (Logic), MA in Mathematics (all three from Indiana), AB in Philosophy from Cornell. More at http://www.syverson.org/Roger Dingledine is project leader for The Tor Project, a US non-profit working on anonymity research and development. While at MIT he developed Free Haven, one of the early peer-to-peer systems that emphasized resource management while maintaining anonymity for its users. He works with the Electronic Frontier Foundation, the US Navy, Voice of America, and other organizations to design and develop systems for anonymity and traffic analysis resistance. He organizes academic conferences on anonymity, speaks at such events as Blackhat, Defcon, Toorcon, CCC congresses, and What the Hack, and also does tutorials on anonymity for national and foreign law enforcement. Roger was honored in 2006 as one of the top 35 innovators under the age of 35 by Technology Review magazine. http://freehaven.net/~arma/cv.html

Eric Cole, Security in a Changing World

Wed, 9 Jan 2008 16:30:00 EST

While the world is constantly changing, the core principles of security have not changed that much, yet organizations are stilling be compromised. This talk will look at some of the problems in cyber space and some unique solutions for securing information. About the speaker: Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 years' hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and a Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books which include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The Institute for Applied Network Security. Dr. Cole has a wealth of knowledge from industry, academia, and government and has assisted with many key projects. He is an advisor to Cyberwatch, a Lockheed Martin Fellow and a frequently invited speaker at a variety of conferences and security events.

Ventkat Venkatakrishnan, CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations

Wed, 28 Nov 2007 16:30:00 EST

SQL injection attacks are one of the topmost threats for applicationswritten for the Web. These attacks are launched through specially crafted user input on web applications that use low level string operations to construct SQL queries. In this talk, I will present a novel and powerful scheme for automatically transforming web applications to render them safe against all SQL injection attacks.A characteristic diagnostic feature of SQL injection attacks is that they change the intended structure of queries issued. Our technique for detecting SQL injection is to dynamically mine the programmer-intended query structure on any input, and detect attacks by comparing it against the structure of the actual query issued. We propose a simple and novel mechanism for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs. This mechanism is theoretically well founded and is based on inferring intended queries by considering the symbolic query computed on a program run. Our approach has been implemented in a tool called CANDID that retrofits Web applications written in Java to defend them against SQL injection attacks. We report experimental results that show that our approach performs remarkably well in practice.(Joint work with Sruthi Bandhakavi, Prithvi Bisht and P. Madhusudan) About the speaker: Dr. V. N. Venkatakrishnan is an Assistant Professor ofComputer Science at the University of Illinois at Chicago. He is co-founder and co-director of the Center for Research and Instruction in Technologies for Electronic Security (RITES) at UIC. Venkat's main research expertise is in using practical program transformation techniques for systems security. Specific research areas that he works on are web application security, browser security, mobile code security and data tainting mechanisms for addressing information flow confidentiality. He received his Ph.D degree from Stony Brook University in 2004. He is the recipient of the best research paper award at ACSAC 2003, and the UIC College of Engineering teaching award in 2007.

Steve Myers, Indiana University, Wireless Router Insecurity: The Next Crimeware Epidemic

Wed, 14 Nov 2007 16:30:00 EST

The widespread adoption of home routers by the general public has added a new target for malware and crimeware authors. A router's ability to manipulate essentially all network traffic coming in to and out of a home, means that malware installed on these devices has the ability to launch powerful Man-In-The-Middle (MITM) attacks, a form of attack that has previously been largely ignored. Making matters worse, many homes have deployed wireless routers which are insecure if the attacker has geographic proximity to the router and can connect to it over its wireless channel. However, some have downplayed this risk by suggesting that attackers will be unwilling to spend the time and resources necessary, nor risk exposure to attack a large number of routers in this fashion. In this talk, we will consider the ability of malware to propagate from wireless router to wireless router over the wireless channel, infecting large urban areas where such routers are deployed relatively densely. We develop an SIR epidemiological model, and use it to simulate the spread of malware over major metropolitan centers in the US. Using hobbyist collected wardriving data from Wigle.net and our model, we show the potential for the infection of tens of thousands of routers in short periods of time is quite feasible. We consider simple prescriptive suggestions to minimize the likelihood that such attacks are ever performed. Next, we show a simple yet worrisome attacks that can easily and silently be performed from infected routers. We call this attack 'Trawler Phishing'. The attack generalizes a well understood failure of many web-sites to properly implement SSL, and allows attackers to harvest credentials from victims over a period of time, without the need to use spamming techniques or mimicked, but illegitimate web-sites, as in traditional phishing attacks, bypassing the most effective phishing prevention technologies. Further, it allows attackers to easily form data-portfolios on many victims, making collected data substantially more valuable. We consider prescriptive suggestions and countermeasure for this attack.The work on epidemiological modeling is joint work with Hao Hu, Vittoria Colizza and Alex Vespignani. The work on trawler phishing is joint work Sid Stamm. About the speaker: Steven Myers is an Assistant Professor in the School of Informatics at Indiana University, where he is also a member of the Center for Applied Cybersecurity. His research interests are in all areas of cryptography, and computer and systems security with a specific interest in phishing. He has written several papers, led panels, and given invited talks in fields ranging from Cryptography and Computer Security to Distributed Systems and Probabilistic Combinatorics. Recently he co-edited the book 'Phishing & Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft' with Markus Jakobsson (Wiley Press, 2007).Steve Myers completed his PhD (2005) in the Department of Computer Science at the University of Toronto, under the supervision of Professor Charles Rackoff. While completing his PhD he interned in the Mathematical Research division of Telcordia Technologies (formerly Belcore) doing work on secure cryptographic voting. Additionally, he worked for Echoworx Corp, an Internet startup focusing on providing usable and secure email solutions. He has consulted for a number companies and law firms on different topics related to cryptography and computer security, and is currently processing several patents related to his research.

Richard Thieme, Security, Soft Boundaries, and oh-so-subtle Strategies:How to Play Chess While the Board is Disappearing

Wed, 7 Nov 2007 16:30:00 EST

Non-state and state intelligence are converging in a context of fluid boundaries. It is increasingly difficult to know who is inside and who is not. Creating a trusted network does not resolve the most critical security problems because those problems begin at the interface of the network and the human user. The identity and intention of that human user is critical, but that is often what is most difficult to discern.This emergent world of ambiguous boundaries and multiple identities challenges our models and descriptions of the playing field. Even with a program, we can't always tell the players, because both players and program are morphing.And it's worse than that: the ethical guidelines of the past, rooted in religious systems thousand of years old, are going through the looking-glass, too, along with the structures of spirituality and religion. Identity-shift applies to God and Self as well as the social and cultural structures in which they are embedded.This speech confronts the transformation of the structures in which we live, identifies some consequences of identity-shift, and distinguishes the business of security from the myths of the security business. It points to new ways to organize our lives that complement rather than replace traditional methods of defending electronic and human networks. About the speaker: "And those who were seen dancing were thought to be insane by those who could not hear the music." - Frederick Nietzsche*Richard Thieme has been hearing the music for a long time. His track record includes hundreds of published articles, dozens of published short stories, one published book with more coming, several thousand speeches, and – in a former incarnation - hundreds of sermons, all original, all unique.In the nineteen eighties, Thieme began writing about the impact of new technologies on religious systems and images, on spirituality, on identity. He was an Episcopal priest, and it made sense to begin where he was. What he wrote sounds obvious now. But it didn't, then.He realized that his insights applied to other aspects of society and culture too. What was happening to religions was happening to everything else, a sea change of global transformation driven by new technologies of information and communication. He left the professional ministry to write and speak full time in 1993.Security and intelligence professionals often value his insights because he sees into the heart of complex issues. He takes nothing at face value and links insights to the mixed motives of the human heart, trying to amplify the unheard music playing at the edges of our lives.Mostly he delivers keynotes and closing speeches that unite the diverse themes of a conference. He has spoken in lots of venues - Sydney and Brisbane, Dublin and Amsterdam and Oslo, Israel (for Microsoft), and all around the States, including many hacker cons. Def Con is his favorite, where he spoke in 2007 for the twelfth straight year.

Abhilasha Bhargav-Spantzel, Protocols and Systems for Privacy Preserving Protection of Digital Identity

Wed, 31 Oct 2007 16:30:00 EDT

In order to support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management systems manage the digital identity life cycle of individuals that includes issuance, usage and revocation of digital identifiers.Identity management systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. One major shortcoming of current approaches is the lack of strong verification techniques for management and protection of digital identifiers. Moreover current identity management systems do not consider neither biometric nor history-based identifiers. Both biometric and history-based identifiers are increasingly becoming an integral part of an individual's identity. Such types of identity data also need to be used with other digital identifiers and protected against misuse.In this presentation I introduce a number of techniques that address the above problems. The approach is based on the concept of privacy preserving multi-factor identity verification. The main technique consists of verifying multiple identifier claims of an individual, without revealing extraneous identity information. A distinguishing feature of our approach is that we employ identity protection and verification techniques at all stages of the identity life cycle. In addition we develop techniques to use biometrics in a secure and privacy preserving manner. We also enhance our approach with the use of history-based identifiers. About the speaker: Abhilasha Bhargav-Spantzel is Computer Science PhD Student in Purdue University. She received her bachelors in Computer Science and Mathematics from Purdue in 2002. Her primary research interest is in protocols and systems for protection of digital identity in identity management systems. Her research goal is to provide techniques that perform multi-factor verification of digital identity without jeopardizing privacy. In her work she considers various forms of identity which are attributive, biometric and history based. She actively collaborates with industrial and academic initiatives for identity management tools and standards. Please refer to http://homes.cerias.purdue.edu/~bhargav for more information.

George Heron, Secure Virtualization

Wed, 24 Oct 2007 16:30:00 EDT

The potential for security to be tightly integrated into virtual machine technology is an exciting prospect. Not only does virtualization offer IT departments the opportunity to reduce costs, but it also offers increased agility. Now that application vendors are coming to understand the benefits of virtual machine technology, the technical world has also started to take note of supplementary services, such as security products and functions, which can also reside in these virtualized environments. Heron will discuss the future of security in virtualized environments and how IT professionals can take a Security Risk Management (SRM) approach to securing their virtual machines. About the speaker: George Heron is the Chief Scientist for McAfee and is responsible for providing senior technology leadership in the company, optimizing technology synergies across all security product lines, and identifying new business opportunities in promising emerging technology and security trends.Prior to joining McAfee, Heron was Chief Technology Officer at SafeNet where his focus was in bringing advanced technologies and partners together with company initiatives, and contributing insight about technology trends and new product opportunities in VPN, wireless, Internet and electronic security fields. Heron has over 30 years of management experience in software design, development methodologies and testing. He specializes in leading-edge networking and security technologies and has numerous successes in bringing new information security products from initial concept to final product launch. Heron holds an engineering degree from the Rochester Institute of Technology and has completed advanced studies in business management and computer science.

Srdjan Capkun, From Securing Navigation Systems to Securing Wireless Communication

Wed, 17 Oct 2007 16:30:00 EDT

Recent rapid development of wireless networks of sensors, actuators and identifiers dictates the digitalization of our physical world and the creation of the "internet of things". In this new internet, each wireless device will sense and provide contextual information, of which crucial component are locations of devices and objects. In this talk, we present recent research results in secure computation and verification of locations of wireless devices: we show that current localization systems are highly vulnerable to attacks and we demonstrate that out solutions can prevent these attacks. We further illustrate how location-awareness can help in solving some of the fundamental security challenges of wireless networks, e.g., enabling authenticated and confidential communication without pre-shared keys of credentials. About the speaker: Srdjan Capkun received the Dipl.Ing. Degree in Electrical Engineering / Computer Science from University of Split, Croatia (1998), and the Ph.D. degree in Communication Systems from EPFL (Swiss Federal Institute of Technology - Lausanne) (2004). He was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modeling Department (IMM), Technical University of Denmark (DTU). Since September 2006, Srdjan Capkun is an Assistant Professor in the Department of Computer Science, ETH Zurich.

Neil Daswani, What Every Engineer Needs To Know About Security And Where To Learn It

Wed, 10 Oct 2007 16:30:00 EDT

This talk discusses how engineers can go about learning what they needto know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. I'll review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. I'll present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, I'll discuss the current state of security education, and provide pointers to certification programs, books, and organizations where engineers can learn more.

David Ehinger, The Effect of Rootkits on the Corporate Environment

Wed, 26 Sep 2007 16:30:00 EDT

About the speaker: Mr. Ehinger has been an employee of Rolls-Royce and its' predecessor companies for nearly 23 years. During the first 14 years of his career Mr. Ehinger served in several engineering positions mainly in support of military products and services. In 1998 Mr. Ehinger joined the Security staff as the Technology Control Officer. In 2000 Mr. Ehinger was appointed as the first Manager of Information Technology Security for Rolls-Royce Corporation and in 2003 he was appointed as the Director of Information Technology Security for Rolls-Royce North America. Mr. Ehinger is responsible for establishing Information Security Policy for Rolls-Royce North America in cooperation with the Global Director of Information Technology Security and the Business Process Improvement staff. Mr. Ehinger evaluates the security aspects of information systems being deployed by Rolls-Royce or being used by Rolls-Royce to host company data. Mr. Ehinger is responsible for insuring that adequate controls are in place to protect company data from inappropriate disclosure.Mr. Ehinger is also responsible for conducting investigations and responding to incidents involving the company's information technology assets and supports the company's legal staff in responding to electronic discovery requests.Mr. Ehinger's education includes degrees in Mechanical Engineering at the Bachelor and Masters levels as well as a Master of Science degree in Information Assurance. Additionally Mr. Ehinger has completed several information security certifications.Mr. Ehinger has been a member for the Indiana Air National Guard for 27 years and has completed Squadron Officers School and Air Command and Staff College as well as several technical schools. He is currently the Strategic Plans Officer for the Indiana Air National Guard and serves on the Strategic Plans Staff for the Joint Forces Headquarters, Indiana.

Jill Frisby, Protecting Data Privacy: A Practical Guide to Managing Risk

Wed, 19 Sep 2007 16:30:00 EDT

Protecting valuable information assets, including personal data about employees, students, customers, and medical patients, is an enterprise-wide responsibility. Like all components of good corporate governance, it begins with senior leadership establishing a culture of awareness about the importance of safeguarding these assets, and extends through coordinated actions among all business units, divisions, and departments. When creating data privacy programs, organizations should align them with their strategic enterprise risk management objectives and follow a top-down approach to achieve the greatest benefit.This presentation will focus on a practical approach to data privacy, that seeks to understand the business needs for data and align a data privacy protection program to those needs. Effective programs prevent companies from ending up in the news, disclosing a data loss, by enabling its employees to stay vigilant for situations where data may be at risk. Topics to be discussed include:* The Goals of an Effective Data Privacy Program* Current Data Privacy Landscape* Common Privacy Program Pitfalls* Key Components of a Successful Data Privacy Program* The Top Down Data Privacy Risk Assessment* Data Privacy Roles and Responsibilities* High Level Roadmap and Ideas to Consider for Future Strategy About the speaker: Jill Frisby is a Manager in the Risk Consulting Practice with a specialty in the area of Information Security and Data Privacy. She has been the keynote presenter on Information Security for several regulatory agencies, banking associations, and industry roundtables.Jill has become an industry thought leader in the area of the Data Privacy, developing Crowe Chizek's full suite of services to help ensure initial and continuing protection and compliance. She designed a web-based tool for the facilitation of Information Systems Risk Assessments, and has helped major companies and government organizations remedy significant deficiencies in safeguarding consumer information. Jill's research and methodologies were been published in Bank Accounting and Finance in a whitepaper explaining "A Five-Step Plan for Comprehensive Information Security and Privacy" (June 2004 issue).In addition, Jill has been featured in 5 major newspapers and on three network evening television broadcasts related to her research in the area of Wireless LAN Security. These media publications were completed in conjunction with a Crowe Chizek research study, the goal of which was, upon investigation, to inform the public of the growing problems with Wireless LAN security and the ways to remedy these issuesJill currently performs assessments in the areas of:* Gramm Leach Bliley Act Compliance* Information Security Policy and Standards Development * Network Security Assessments* Internal and External Penetration Assessments* Information Systems General Controls ReviewsJill is a Certified Information Systems Auditor, Certified Information Systems Security Professional, Microsoft Certified Systems Administrator with a Specialization in Security, a Project Management Professional and a CompTia Certified Security Professional. She is a graduate of the University of Illinois, where she majored in General Engineering and minored in Technology Management.

Ron Buskey, Security issues within embedded software development

Wed, 12 Sep 2007 16:30:00 EDT

Software development processes and tools used for small communication devices have changed significantly over the years. Some of these practices and processes have resulted in improvements in quality and time to market for their target products, but in some cases have unintended results for the security and trustedness of those same products. This talk will look at several of these practices and approaches that can drive improvements in quality and productivity metrics for embedded communication software development teams yet create vulnerabilities and/or weaken the security architecture for those products. About the speaker: Ron Buskey leads a team in Motorola Labs focused on security architecture for future product platforms. This research includes techniques for trusted operation and information protection at a fundamental level so that product applications do not have to be concerned with all of the security issues. Ron is working with component providers to design and build security into the platform elements to be used in Motorola product platforms. This will produce enhanced trusted platforms that will be resistant to virus and software hacking attacks on the Motorola products. Previous to working in Motorola Labs, Mr. Buskey spent time as the security architect for the Motorola Mobile Devices Business. He also worked as the lead software engineer for Motorola's Secure Products business. Since graduating from Rochester Institute of Technology in Rochester N.Y. in 1981 with a BSEE, Ron has held software architecture, secure communications design and computer engineering assignments. Additional information can be found at http://www.motorola.com/content.jsp?globalObjectId=7577-9277

Yvo Desmedt, Applying Recreational Mathematics to Secure Multiparty Computation

Wed, 5 Sep 2007 16:30:00 EDT

The problem of a mice traveling through a maze is well known. The maze can be represented using a planar graph. We present a variant of the maze. We consider a grid vertex colored planar graph in which an adversary can choose up to t colors and remove all vertices that have these colors and their adjacent edges. We call the grid in which these vertices and adjacent edges are removed a reduced grid. The problem is that a mice must be able to move in the reduced grid from the first row to the last row, and from the first column to the last column, and this for all possible reductions. We present three types of solutions to construct such grids. The efficiency of these solutions is discussed.The problem finds its origin in the problem of secure multipartycomputation. Imagine going to a medical doctor in Iraq who needs to prescribe some medication, which might be counterindicated. The typical solution is to disclose all medical records to the doctor. If secure multiparty computation would be used, the medical doctor in Iraq only learns from the distributedmedical databases whether the medication is, or is not, counterindicated. We consider the problem of parties each having a secret belonging to a non-abelian group. The parties want to compute the product of these secrets without leaking anything that does not follow trivially from the product. Oursolution is black box, i.e., independent of the non-abelian group. This has applications to threshold block ciphers and post-quantum cryptography. About the speaker: Yvo Desmedt received his Ph.D. (Summa cum Laude) from the University of Leuven, Belgium (1984). He is presently the BT Chair of Information Security at University College London, UK. He is also a courtesy professor at Florida State University. His interests include cryptography, network security and computer security. He was program chair of ICITS 2007, co-program chair of CANS 2005, program chair of PKC 2003, the 2002 ACM Workshop on Scientific Aspects of Cyber Terrorism and Crypto '94. He is editor-in-chief of the IEE Proceedings of Information Security, editor of the Journal of Computer Security, of Information Processing Letters and of Advances in Mathematics of Communications. He has given invited lectures at several conferences and workshop in 5 different continents. He has authored over 150 refereed papers, of which 114 listed on DBLP.

Klemens Boehm, Towards Effective and Efficient Behavior-based Trust Models

Wed, 29 Aug 2007 16:30:00 EDT

Trust models have been touted to facilitate cooperation among unknown entities. In our current work, we are interested in behavior-based trust models, i.e., models that derive the trustworthiness of an entity from its behavior in previous interactions. Existing proposals in this field typically feature one specific trust model. Further, various publications exist which have proposed different centrality measures to rank individuals, i.e., compute their reputation based on feedback, and have demonstrated their effectiveness in certain (rather specific) situations. This presentation in turn proposes a framework for behavior-based trust models for open environments with the following distinctive characteristic. Based on a relational representation of behavior-specific knowledge, we propose a trust-policy algebra allowing for the specification of a wide range of trust policies. Since the evaluation of the standing of an entity requires centrality indices, we propose a first-class operator of our algebra for their computation. The presentation concludes with an objective comparison of the effectiveness of the various centrality measures in reputation systems. About the speaker: Klemens Böhm is full professor for computer science at Universität Karlsruhe (TH). Before joining Karlsruhe University in 2004, he has been a professor at Magdeburg University. Prior to that, he has been affiliated with ETH Zurich and GMD Darmstadt. His research interests are distributed information systems, e.g., Peer-to-Peer systems and Grid infrastructures, data management in ubiquitous environments, and data warehousing. Klemens puts much effort in interdisciplinary research and application-oriented projects, currently ranging from biosys-tematics to traffic-data management.

Bill Horne, Role Discovery

Wed, 22 Aug 2007 16:30:00 EDT

The first step in migrating to a role based access control (RBAC) system, is role development, in which teams of people meticulously define sets of roles that meet the needs of an organization's security and business requirements. Because it is so labor intensive, role development is the most expensive step in migrating to RBAC. In this talk, I will describe an approach called role discovery to help assist with the role development process. We attack the problem by finding simplifications of a bipartite graph that models the existing access control rules. Biclique covers of this graph are a fundamental tool in our approach. I will describe some of the theoretical background of this problem as well as some experimental results testing the approach on several real-world datasets.

Umut Topkara, Passwords Decay, Words Endure: Towards Secure and Re-usable Multiple Password Mnemonics

Wed, 25 Apr 2007 16:30:00 EDT

Human aspects of information security were identified at the early stages in the history of time shared computing. The recent surge in attacks that exploit security vulnerabilities involving human factors have also put them under the spotlight of various research fields including human-computer interaction, information security and cognitive science. The human centered vulnerabilities involve an interplay of a broad range of actors from Information Technology specialists (who might mis-configure the security hardware and software or enforce impractical security policies) to end users (who might have a poor understanding of good security practices or not know the possible impact of weak security).This talk will focus on human aspects of authentication mechanisms. I will present two methods that we have developed to reinforce the security of existing systems by improving their usability.Previous studies have repeatedly shown that users find it taxing to remember truly random passwords. Many users choose easy to guess --therefore not secure-- passwords, since they require the least effort to recall. Experienced users adopt "mnemonic phrases" to generate and easily recall more secure passwords. However, regularity in the human languages may render such passwords vulnerable against a brute force attack. In the first part of the talk, I will present a method that we developed to automatically generate mnemonic phrases which can yield secure passwords in an effort to increase the usability of text password authentication.Many computer users need to remember a multiplicity of usernames and passwords for different systems, and the users tend to reuse passwords across these systems which may have different security guarantees. In such cases remembering a different mnemonic phrase for each password does not scale and quickly becomes a challenging task. In the second part of the talk, I will present a scheme that helps the users remember a multiplicity of truly random passwords. The new scheme is applicable to an existing password authentication system without any modification, as it does not require any form of involvement from the service provider (e.g., bank, brokerage). Nor does it require the user to have any computing device at hand (not even a calculator). The scheme is such that changes to passwords do not necessitate a change in what the user remembers. Hence, passwords can be frequently changed without any additional burden on the memory of the user, thereby increasing the system's security. About the speaker: Umut Topkara is a PhD candidate at the Computer Science Department of Purdue University. His research interests lie at the confluence of Information Security, Natural Language Processing and Computer- Human Interaction, specifically their intersection in the field of Usable Security. More recently, he has also been involved in Grid Middle-ware Engineering research. His thesis advisor is Professor Mikhail J. Atallah. He got his B.Sc. and M.Sc. degrees from Computer Engineering Department of Bilkent University. He started his graduate studies at Purdue University in 2002. More information about Umut's research is available at http://www.cs.purdue.edu/homes/utopkara.

Mercan Topkara, Hiding the Message Behind the Words: Advances in Natural Language Watermarking

Wed, 18 Apr 2007 16:30:00 EDT

The Internet has become one of the main sources of knowledgeacquisition, harboring resources such as online newspapers, webportals for scientific documents, personal blogs, encyclopedias, andadvertisements. It has become a part of our daily life to search andaccess this immense amount of online information, and more recently wehave also started to contribute to this pool of information our owncreativity in the form of text, images and video. Unfortunately, it isstill an open question as to how we, as authors, can control the waythat the information we create is distributed or re-used.Rights management problems are serious for text since it is much easyfor other people to download and manipulate copyrighted text fromInternet and later re-use it free from control. There is a need for arights protection system that ``travels with the content''. Digitalwatermarking is an information hiding mechanism that embeds thecopyright information in the document. Besides traveling with thecontent of the documents, digital watermarks are also imperceptible(i.e., seamless) to the user, which makes the process of removing themfrom the document challenging.Using linguistic features for information hiding into natural language text is an exciting and new idea. This talk begins with a short surveyof existing technologies in natural language watermarking, and thenfocuses on a recently developed natural language watermarking systemthat is practical, easy-to-use and provides resilience to attacks throughthe use of ambiguity in natural language. The talk is aimed for a generalaudience, and will be self-contained covering the necessary backgroundinformation. About the speaker: Mercan Topkara is a PhD candidate at the Computer Science Departmentof Purdue University working with Mikhail J. Atallah and CristinaNita-Rotaru. She got her Bachelor of Science degree from ComputerEngineering and Information Science Department of Bilkent Universityin 2000. She started her graduate studies at Purdue University inAugust 2001. Her PhD thesis is focused on designing, building andevaluating natural language watermarking systems. Her researchinterests are within the areas of digital watermarking, statisticalnatural language processing, usable security and machine learning. Shehas previously worked as a research intern at AT&T Research Labs, IBMT. J. Watson Research, and Google Research. More information can befound at http://www.cs.purdue.edu/homes/mkarahan.

Dr. Charles P. Pfleeger, Dumb Ideas in Computer Security

Wed, 11 Apr 2007 16:30:00 EDT

Every profession goes through mistakes and unwise steps, especially in its early years. It is through trial and error that leaders and innovators of the profession are able to advance knowledge. Computer security is no exception. Both insiders' and outsiders' choices have held back and even harmed the state of computing. Of course, hindsight is usually more accurate than foresight.This talk picks a handful of ideas that in retrospect have turned out dumb, ideas such as compound complexity, single-state hardware, downloaded code, and incomplete mediation. For each idea we will see from where the idea came, why it is unwise, and why we should have known better. From these examples, we will see how better choices can be made in the future. About the speaker: Dr Charles P Pfleeger is a consultant, speaker, educator and author on computer and information system security. He has over thirty years experience in computing. A former professor of computer science at the University of Tennessee, he has done consulting and research work in the U.S. and abroad. He is now an independent consultant with the Pfleeger Consulting Group. His book, Security in Computing 4th edition, co-authored with Shari Lawrence Pfleeger, was just published by Prentice-Hall.

Dr. Albert M. K. Cheng, Automatic Debugging and Verification of RTL-Specified Real-Time Systems via Incremental Satisfiability Counting and On-Time and Scalable Intrusion Detection in Embedded Systems

Wed, 28 Mar 2007 16:30:00 EDT

Abstract 1:Real-time logic (RTL) is useful for the verification of a safety assertion with respect to the specification of a real-time system. Since the satisfiability problem for RTL is undecidable, the systematic debugging of a real-time system appears impossible. With RTL, each propositional formula corresponds to a verification condition. The number of truth assignments of a propositional formula can help us determine the specific constraints which should be added or modified to derive the expected solutions. This talk describes this debugging approach and how it can be embedded into autonomous systems. We have implemented a tool called ADRTL for automatic debugging of RTL specifications. The confidence of our approach is high as we have effectively evaluated ADRTL on several existing industrial applications, including the NASA X-38 Crew Return Vehicle avionics.Abstract 2:Embedded systems are becoming ubiquitous and are increasingly interconnected or networked, making them more vulnerable to security attacks. A large class of these systems such as SCADA and PCS has real-time and safety constraints. Therefore, in addition to satisfying these requirements, achieving system security emerges as a critical challenge to ensure that users can trust these embedded systems to perform correct operations. One objective in a secure system is to identify attacks by detecting anomalous system behaviors. This part of the talk describes the challenges in the design and implementation of such intrusion detection system (IDS), addressing (1) accuracy: the IDS identifies no or as few false positives as the resource (time, space, power, etc.) and/or policy constraints allow, and no or as few false negatives as the resource and/or policy constraints allow; (2) efficiency/timeliness: the IDS does not violate the host embedded system's application deadlines and has a reasonable space overhead; (3) scalability: the IDS can scale to work with large embedded systems; and (4) power-awareness: the IDS does not significantly reduce the operational period of battery-powered embedded systems. We conclude with an outline of one of several promising embedded IDS approaches under investigation. This approach is based on automatic rule-base generation and semantic analysis. About the speaker: Albert M. K. Cheng received the B.A. with Highest Honors in Computer Science, graduating Phi Beta Kappa, the M.S. in Computer Science with a minor in Electrical Engineering, and the Ph.D. in Computer Science, all from The University of Texas at Austin, where he held a GTE Foundation Doctoral Fellowship. Dr. Cheng is currently a tenured Associate Professor in the Department of Computer Science at the University of Houston, where he is the founding Director of the Real-Time Systems Laboratory. He has served as a technical consultant for several organizations, including IBM, and was also a visiting faculty in the Departments of Computer Science at Rice University (2000) and at the City University of Hong Kong (1995).Dr. Cheng is the author/co-author of over 100 refereed publications in real-time/embedded systems and related areas, and has received numerous awards, including the U.S. National Science Foundation Research Initiation Award (now known as the NSF CAREER award). His recent paper titled ``Automatic Debugging of Real-Time Systems Based on Incremental Satisfiability Counting'' in the July 2006 issue of the IEEE Transactions on Computers has been selected as its Featured Article. He has been invited to present seminars, tutorials, and panel positions at over 30 conferences, has given invited seminars/keynotes at over 30 universities and organizations. He is and has been on the technical program committees of over 100 conferences, symposia, workshops, and editorial boards (including the IEEE Transactions on Software Engineering, 1998-2003). Currently, he is on the TPC of RTSS, RTAS, RTCSA, ESO, EC, ICEIS, ICINCO, SE, SEA, AIA, CNIS, CCN, ISC, and PDCN, and is the Program Chair of the 10th International Conference on SOFTWARE ENGINEERING AND APPLICATIONS (SEA), November 2006, Dallas, Texas. He is a Senior Member of the IEEE. Dr. Cheng is the author of the new senior/graduate-level textbook entitled Real-Time Systems: Scheduling, Analysis, and Verification (John Wiley & Sons), 2nd printing with updates, 2005.

Dan Geer, A quant looks at the future

Wed, 21 Mar 2007 16:30:00 EDT

If there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management. About the speaker: Daniel Earl Geer, Jr., Sc.D.MIT S.B. in EE & CS, 1972Harvard Sc.D. in Biostatistics, 1988Ten years in clinical and research medical computing followed by five years running MIT's Project Athena, the first distributed computing emplacement. A small stint in the Research division of the then Digital Equipment Corporation and from then on a series of entrepreneurial successes. In all entrepreneurial endeavors either a founder outright or an officer of the company.Milestones: The X Window System and Kerberos (1988), the first information security consulting firm on Wall Street (1992), convenor of the first academic conference on electronic commerce (1995), the "Risk Management is Where the Money Is" speech that changed the focus of security (1998), the Presidency of USENIX Association (2000), the first call for the eclipse of authentication by accountability (2002), principal author of and spokesman for "Cyberinsecurity: The Cost of Monopoly" (2003), and co-founder of SecurityMetrics.Org (2004) and convener of Metricon 1.0 (2006).Advisor to or Board member for a number of promising startups and their funding sources, forty-two refereed publications, one book and many book chapters, three patents, over two hundred fifty invited presentations twenty percent of which were keynotes including ten abroad, technology selection and standardization work, and five times before the US Congress of which two were lead witness. Commercial teaching history both extensive in scope and in excess of ten thousand students in the aggregate.Participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts.Frequently consulted by the business and technical press alike, frequent author of lay articles, editor or editorial board for various security publications, member of all relevant professional and trade organizations public and private, and extensive civic involvement including several service recognition awards at the national level. Skilled debater when worthy opponents are available.

Eugene Schultz, Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls

Wed, 7 Mar 2007 16:30:00 EST

Over the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages. About the speaker: Eugene Schultz, Ph.D., CISM, CISSP, is the Chief Technology Officer and Chief Information Security Officer at High Tower Software, a company that develops security event management software. He is the author/ co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 110 published papers. Gene is the Editor-in-Chief of _Computers and Security_ and is an associate editor of _Network Security_ and _Information Security Bulletin_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies. He has been professor of computer science at various universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Bhavani Thuraisingham, Assured Information Sharing between Trustworthy, Semi-trustworthy and Untrustworthy Coalition Partners

Wed, 28 Feb 2007 16:30:00 EST

Data mining is the process of posing queries and extracting patterns, often previously unknown from large quantities of data using pattern matching or other reasoning techniques. Data mining has many ap-plications in security including for national security as well as for cyber security. The threats to national security include attacking buildings, destroying critical infrastructures such as power grids and telecom-munication systems. Data mining techniques are being investigated to find out who the suspicious people are and who is capable of carrying out terrorist activities. Cyber security is involved with protecting the computer and network systems against corruption due to Trojan horses, worms and viruses. Data mining is also being applied to provide solutions such as intrusion detection and auditing. The first part of the presentation will discuss my joint research with Prof. Latifur Khan and our students at the University of Texas at Dallas on data mining for cyber security applications For example; anomaly detection techniques could be used to detect unusual patterns and behaviors. Link analysis may be used to trace the viruses to the perpetrators. Classification may be used to group various cyber attacks and then use the profiles to detect an attack when it occurs. Prediction may be used to determine potential future attacks depending in a way on information learnt about terrorists through email and phone conversations. Data mining is also being applied for intrusion detection and auditing. Other applications include data mining for malicious code detection such as worm detection and managing firewall policies.This second part of the presentation will discuss the various types of threats to national security and de-scribe data mining techniques for handling such threats. Threats include non real-time threats and real-time threats. We need to understand the types of threats and also gather good data to carry out mining and obtain useful results. The challenge is to reduce false positives and false negatives. The third part of the presentation will discuss some of the research challenges. We need some form of real-time data mining, that is, the results have to be generated in real-time, we also need to build models in real-time for real-time intrusion detection. Data mining is also being applied for credit card fraud de-tection and biometrics related applications. While some progress has been made on topics such as stream data mining, there is still a lot of work to be done here. Another challenge is to mine multimedia data including surveillance video. Finally, we need to maintain the privacy of individuals. Much research has been carried out on privacy preserving data mining. In summary, the presentation will provide an overview of data mining, the various types of threats and then discuss the applications of data mining for malicious code detection and cyber security. Then we will discuss the consequences to privacy. About the speaker: Dr. Bhavani Thuraisingham joined The University of Texas at Dallas in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center in the Erik Jonsson School of Engineering and Computer Science. She is an elected Fellow of three professional organizations: the IEEE (Institute for Electrical and Electronics Engineers), the AAAS (American Association for the Advancement of Science) and the BCS (British Computer Society) for her work in data security. She received the IEEE Computer Society's prestigious 1997 Technical Achievement Award for "outstanding and innovative contributions to secure data management."Dr Thuraisingham's work in information security and information management has resulted in over 70 journal articles, over 200 refereed conference papers and workshops, and three US patents. She is the au-thor of seven books in data management, data mining and data security including one on data mining for counter-terrorism and another on Database and Applications Security and is completing her eighth book on Trustworthy Semantic Web. She has given over 30 keynote presentations at various technical confer-ences and has also given invited talks at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. She serves (or has served) on editorial boards of leading research and industry journals and currently serves as the Editor in Chief of Computer Stan-dards and Interfaces Journal. She is also an Instructor at AFCEA's (Armed Forces Communications and Electronics Association) Professional Development Center and has served on panels for the Air Force Scientific Advisory Board and the National Academy of Sciences. Dr Thuraisingham is the Founding President of "Bhavani Security Consulting" - a company providing services in consulting and training in Cyber Security and Information TechnologyPrior to joining UTD, Thuraisingham was an IPA (Intergovernmental Personnel Act) at the National Sci-ence Foundation from the MITRE Corporation. At NSF she established the Data and Applications Secu-rity Program and co-founded the Cyber Trust theme and was involved in inter-agency activities in data mining for counter-terrorism. She has been at MITRE since January 1989 and has worked in MITRE's Information Security Center and was later a department head in Data and Information Management as well as Chief Scientist in Data Management. She has served as an expert consultant in information secu-rity and data management to the Department of Defense, the Department of Treasury and the Intelligence Community for over 10 years. Thuraisingham's industry experience includes six years of research and development at Control Data Corporation and Honeywell Inc. Thuraisingham was educated in the United Kingdom both at the University of Bristol and at the Univer-sity of Wales.

Howard Schmidt, Cyber Security and the "NEW" world enterprise

Wed, 21 Feb 2007 16:30:00 EST

As cyber security has evolved in the new world of distributedcomputingthere have been dramatic changes to the nature of our security needs. Mr.Schmidt will talk about issues that affect large enterprises, small andmedium business and end users. He will talk about common threats, and thepossibility of frameworks which would protect ourselves, our civil rightsand our privacy while ensuring improved security. About the speaker: Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.Mr. Schmidt also serves as the international president of the Information Systems Security Association (ISSA) and was the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He had served as a board member for the CyberCrime Advisory Board of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security and author of "Patrolling CyberSpace, Lessons Learned from a Lifetime in Data Security".Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems.Howard holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).Mr. Schmidt holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard is a Professor of Practice at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Senior Fellow with Carnegie Mellon's CyLab.

Stuart Shapiro, Scenario-Driven Construction of Enterprise Information Policy

Wed, 7 Feb 2007 16:30:00 EST

Information policy at the enterprise level is invariably an exercise in gaps and inconsistencies. The range of concerns—including security—is broad, the environment tends to be heterogeneous and dispersed, the contextual scope is significant, and the stakeholders are numerous. MITRE ran headlong into this problem as it set about conceiving and implementing a new enterprise IT architecture, with questions increasingly raised regarding what policies the new architecture had to be capable of supporting. The MITRE Information Policy Framework (MIPF) is the mechanism MITRE developed to answer these questions. The MIPF supports systematic, structured analysis and formulation of information policy in five areas: security, privacy, management, stewardship, and sharing. This presentation will discuss the structure and use of the MIPF, with an emphasis on security requirements. About the speaker: Dr. Stuart S. Shapiro is a Lead Information Security Scientist and a member of the Privacy Practice at the MITRE Corporation, a not-for-profit company performing contract technical research and consulting primarily for the U.S. government. At MITRE he has supported a wide range of privacy activities, including privacy impact assessments, for major government programs. Prior to joining MITRE he was Director of Privacy at CareInsite, an e-health company, where his responsibilities included both policy and technical issues revolving around privacy and security. He has also held academic positions in the U.S. and the U.K. and taught courses on the history, politics, and ethics of information and communication technologies (ICTs). His research and writing have focused on ICTs and privacy and on the history and sociology of software development. Among his professional affiliations are the Association for Computing Machinery (ACM)—including its public policy committee, USACM—and the International Association of Privacy Professionals (IAPP).

Chris Clifton, Mathematically Defining Privacy

Wed, 31 Jan 2007 16:30:00 EST

Computer systems ease the sharing and use of information,but accessibility of information leads to privacy concerns.Technology is being developed to address this issue - enablinguse of information while controlling the disclosure. But isthis enough to protect privacy? How do we even know if it isenough? This talk will survey recent developments in privacyand anonymity technology, emphasizing the variety of privacydefinitions, their benefits, and their weaknesses. About the speaker: http://www.cs.purdue.edu/people/clifton

Wojciech Szpankowski, What is Information?

Wed, 24 Jan 2007 16:30:00 EST

Information permeates every corner of our lives and shapes ouruniverse. Understanding and harnessing information holds the potential forsignificant advances. The breadth and depth of underlying concepts ofthe science of information transcend traditional disciplinary boundariesof scientific and commercial endeavors. Information can be manifestedin various forms: business information is measured in dollars; chemical information is contained in shapes of molecules; biological information stored and processed in our cells prolongs life. So what is information? In this talk we first attempt to identify the most important features of information and define it in the broadest possible sense. We subsequently turn to the notion and theory of information introduced by Claude Shannon in 1948 that served as the backbone for digital communication. We go on to bridge Shannon information with Boltzmann's entropy, Maxwell's demon, Landauer's principle and Bennett's irreversible computations. We point out, however, that while Shannon created a successful and beautiful theoryof information for communication, a wide spread application of informationtheory to economics, biology, life science and complex networks seems to bestill awaiting us. We shall discuss some examples that recently crop up inbiology, chemistry, computer science, and quantum physics. We concludewith a list of challenges for future research.We hope to put forward some educated questions, rather than answers, to the issues and tools that lay before researchers interested in information. About the speaker: Before coming to Purdue, Wojciech Szpankowski was assistant professor at the Technical University of Gdansk, and in 1984 he was assistant professor at the McGill University, Montreal. During 1992-93, he was professeur invité at INRIA, Rocquencourt, France. His research interests cover analysis of algorithms, data compression, information theory, analytic combinatorics, random structures, networking, stability problems in distributed systems, modeling of computer systems and computer communication networks, queueing theory, and operations research. His recent work is devoted to the probabilistic analysis of algorithms on words, analytic information theory, and designing efficient multimedia data compression schemes based on approximate pattern matching. He is a recipient of the Humboldt Fellowship. He has been a guest editor for special issues in IEEE Transactions on Automatic Control, Theoretical Computer Science, Random Structures & Algorithms, and Algorithmica. Currently, he is editing a special issue on "Analysis of Algorithms" in Algorithmica. He serves on the editorial boards of Theoretical Computer Science, Discrete Mathematics and Theoretical Computer Science, and the book series Advances in the Theory of Computation and Computational Mathematics.

Vipin Swarup, Research Challenges in Assured Information Sharing

Wed, 17 Jan 2007 16:30:00 EST

Assured information sharing has been a "grand challenge" problem ofinformation security for several decades. Currently, there is broadconsensus that the state-of-practice of information sharing isinadequate. One primary problem is that people on the field (e.g.,soldiers, firefighters) have mission-critical need for sensitiveinformation but are often among the least trusted principals in theirorganizations and hence do not receive the information. Anotherproblem is that data producers claim ownership of the data theyproduce and place sharing constraints on that data despite thecompeting interests of multiple parties over that data. In this talk,we highlight these and other problems and discuss a wide range oftechnical solutions that are needed. We elaborate on the need tobalance the risks of sharing data with the risks of not sharing dataand present several proposed approaches for doing so. We alsodescribe how obligation policies play an important role in addressingsome information sharing issues. About the speaker: Vipin Swarup is a Principal Scientist in the Information SecurityDivision at The MITRE Corporation. He received a B.Tech. degree inComputer Science and Engineering from IIT Bombay, and M.S. andPh.D. degrees in Computer Science from the University of Illinois atUrbana-Champaign. His doctoral work was in the area of type theoryand dealt with adding assignments to applicative programminglanguages. In 1991, he developed techniques to formally verifyvirtual machines, and he applied those techniques to an interpreterfor the Pre-Scheme programming language. In 1993, he created ahigh-assurance domain-specific programming language system called Feltfor security guard filters -- Felt has been used to express andenforce cross-domain message filtering policies in commercial securityguard products. In 1996, he co-authored a widely cited paper onmobile agent security. In 2003, he was a co-founder of the ACMWorkshop on Security of Ad Hoc and Sensor Networks.Dr. Swarup has been the principal investigator of numerous researchprojects in information security, including projects on mobile agentsecurity, security guards, intrusion detection, trust management,location-based security, and web services security. He has alsoparticipated in several other research projects including programverification, fingerprinting relational data, topologicalvulnerability analysis, network security risk management, securitypatch management, data sharing agreements, sharing models forneuroimagery, insider threat detection, etc. He currently leads aMITRE IR&D project that is investigating techniques to enhancecross-boundary information sharing.

Virginia Rezmierski, Computer-Related Incidents: Factors Related to Cause and Prevention

Wed, 10 Jan 2007 16:30:00 EST

Computer-related incidents that have the potential to destabilize, violate, or damage, the resources, services, policies, or data of the community or individual members of the community are happening in increasing numbers. Despite the news, we know that they are happening not just in academia which has been painted as insecure and wide-open, but in corporate and not-for-profit environments as well. We have inclinations about what is causing these incidents, but now we also have facts. While we look for technical fixes to the problems, the real factors that are related to the cause of these incidents may not be technical at all, but rather human. This presentation will discuss the "Computer Incident Factor Analysis and Categorization Project", CIFAC, which was carried on at the University of Michigan under funding from the National Science Foundation. Dr. Rezmierski will present the project findings and will discuss what they mean for colleges, universities, corporations, not-for-profit organizations and individuals. The presentation will include discussion of actual incidents, the statistical methodology and findings, and the recommendations put forward by the researcher team. About the speaker: Virginia completed a BA in Sociology and Political Science from the Maxwell School of Citizenship at Syracuse University in the mid 1960's. She then completed an MA in Psychopathology and Special Education from Syracuse University and taught emotionally disturbed boys for two years in the Syracuse Public Schools. She moved from New York to assume a position at the University of Michigan Children's Psychiatric Hospital in Ann Arbor. There she designed a school liaison program, did psychotherapy, and led a treatment team researching and providing therapy and education for autistic in-patient children.In the early 1970's she received her Ph.D. in Educational Psychology from the University of Michigan, with a research specialization in non-verbal communication and aggression. She worked for several years as a consultant for area schools in the management of behaviorally disordered youth. During the next five years she served as Director of Special Education for four school districts in Michigan and spoke widely at the state and national level on topics related to non-verbal communication, behavior management, and emotional disturbance. While at Syracuse University, she began her college level teaching career, providing a graduate course in child development and psychopathology. In the late 1970's she moved from program administration to full time research and teaching, providing courses at the University of Michigan-Dearborn campus in teaching methods, educational psychology, and behavior management. Her research focused on designing developmentally prescriptive interventions for troubled youth. In the early 1980's Virginia changed the direction of her career to learn more about the information technology revolution that was occurring on college and university campuses. For approximately 20 years she was the Director of the Office of Policy Development and Education at the University of Michigan, where she led a team of policy analysts researching and analyzing information technology related policy issues. She has published numerous articles regarding information technology and ethics, privacy, security, and community building. She continues to speak nationally and locally on these issues as well and has led several national research projects to examine the costs and causes associated with information technology related abuse incidents. In June, 2000, Virginia retired from her administrative responsibilities at the University of Michigan. She continues, however, to hold teaching appointments in three of the colleges at the University of Michigan. For the Ford School of Public Policy she provides a graduate course entitled: "Technology, Emerging Law, and Applied Policy". For the School of Information she provides a graduate course entitled: "Ethics and Values". She also holds an appointment at the School of Education. In 2002 she continued her research activities completing a National Science Foundation research project designed to examine the interface between systems logging and monitoring activities and student record privacy protections. Currently, she is publishing and speaking about the results of another National Science Foundation funded research project involving 36 colleges and universities and 28 corporate and not-for-profit organizations. The project investigated the causes of over 400 computer-related incidents and identified the best practices for preventing and managing such incidents.

Marc Rogers, The Psychology of Computer Deviance: How it can assist in digital evidence analysis.

Wed, 6 Dec 2006 16:30:00 EST

The talk will look at the phenomenon of deviant computer behavior and how understanding the individuals who engage in this behavior can benefit digital evidence investigations. A brief overview of the current research on computer deviance will be presented. An investigative process model will also be introduced that will assist in the investigation and analysis of computer crimes. About the speaker: Marc Rogers, Ph.D., CISSP, CCCI is the Head of the Cyber Forensics Program in the Dept. of Computer and Information Technology at Purdue University. He is an Associate Professor and also a research faculty member at the Center for Education and Research in Information Assurance and Security (CERIAS). Dr. Rogers was a senior instructor for (ISC)2, the international body that certifies information system security professionals (CISSP), is a member of the quality assurance board for (ISC)2's SCCP designation, and is Chair of the Law, Compliance and Investigation Domain of the International Common Body of Knowledge (CBK) committee. He is a former police detective who worked in the area of fraud and computer crime investigations. Dr. Rogers is the associate editor of the Journal of Digital Forensic Practice and co-editor of the Journal of Digital Forensics Security and Law, and sits on the editorial board for several other professional journals. He is also a member of various national and international committees focusing on digital forensic science and digital evidence. Dr. Rogers is the author of numerous book chapters, and journal publications in the field of digital forensics and applied psychological analysis. His research interests include applied cyber forensics, psychological digital crime scene analysis, and cyber terrorism.

Dongyan Xu, OS-Level Taint Analysis for Malware Investigation and Defense

Wed, 29 Nov 2006 16:30:00 EST

The Internet is facing threats from increasingly stealthy andsophisticated malware. Recent reports have suggested that newcomputer worms and malware deliberately avoid fast massivepropagation. Instead, they lurk in infected machines and inflictcontaminations over time, such as rootkit and backdoorinstallation, botnet creation, and data/identity theft. In defenseagainst Internet malware, the following tasks are critical: (1)raising timely alerts to trigger a malware investigation, (2)determining the break-in point of malware, i.e. the vulnerablesoftware via which the malware initially infiltrates the victim,and (3) identifying all contaminations inflicted by the malwareduring its residence in the victim. In this talk, I will presentProcess Coloring, an information flow-preserving, provenance-awareapproach to malware investigation. In particular, I willdemonstrate that through the preservation and tainting of malwarebreak-in provenance along OS-level information flows, malwareinvestigators will be able to improve the efficiency andeffectiveness of existing log-based intrusion investigation tools.Furthermore, process coloring brings the new capability of runtimemalware alert, which cannot be achieved by existing log-basedtools. I will also present results of our experiments with anumber of real-world Internet worms as well as a highlytamper-resistant implementation of process coloring usingvirtualization-based techniques. About the speaker: Dongyan Xu is an assistant professor of computer science at PurdueUniversity. He received his Ph.D. in computer science from theUniversity of Illinois at Urbana-Champaign in 2001. His currentresearch focuses on virtualization technologies and theirapplications to malware defense on the Internet and virtualdistributed computing in the cyberinfrastructure.

Richard Power, One Step Forward, Two Steps Back, or Two Steps Forward, One Step Back: A Ten Year Retrospective on Cyber Crime and Cyber Security (1996-2006)

Wed, 15 Nov 2006 16:30:00 EST

This presentation explores the evolution of cyber crime and cyber security as global issues over the past decade. It examines the growth of cyber bank robbery, cyber extortion, identity theft, economic espionage, denial of service, cyber vandalism, cyber stalking and other criminal endeavors. It also sheds a harsh light on corporate and government response to these problems: technologies, organization, professional issues, awareness and education, etc. The presentation includes a compelling timeline, explores fascinating case studies and also provides real-world cyber security recommendations for governments, businesses and families. About the speaker: Richard Power has spoken at conferences, delivered briefings and led training sessions for security and intelligence professionals, government officials, business leaders, and general audiences in over thirty countries. He has researched cyber crime and economic espionage for over a decade. As Editorial Director of the Computer Security Institute (CSI), he was widely and frequently quoted in mainstream news media. He established the CSI/FBI Computer Crime and Security Survey, testified for the U.S. Senate Permanent Sub-Committee on Investigations, and was featured on PBS Frontline. Power also authored of Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace (Que, 078972443X).Later, as Director of Global Security Intelligence for Deloitte Touche Tohmatsu (DTT), Power developed a Global Security and Crisis Management Strategy, including all aspects of personnel, physical and cyber security, for a workforce of over 100,000 people in over 100 countries.In 2005, he founded GS(3) Intelligence and Words of Power to write, speak and consultant independently.

David Zage, Mitigating Attacks Against Measurement-Based Adaptation Mechanisms in Unstructured Multicast Overlay Networks

Wed, 8 Nov 2006 16:30:00 EST

Many multicast overlay networks maintain application-specific performance goals such as bandwidth, latency, jitter and loss rate by dynamically changing the overlay structure using measurement- based adaptation mechanisms. This results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays. In this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. The attacks target the overlay network construction, maintenance, and availability and allow malicious nodes to control significant traffic in the network, facilitating selective forwarding, traffic analysis, and overlay partitioning. We propose techniques to decrease the number of incorrect or unnecessary adaptations by using outlier detection. We demonstrate the attacks and mitigation techniques in the context of a mature, operationally deployed overlay multicast system, ESM, through real- life deployments and emulations conducted on the PlanetLab and DETER testbeds, respectively. About the speaker: David Zage is a third year PhD student in the Computer Science Department at Purdue University under the supervision of Professor Cristina Nita-Rotaru. He obtained his Bachelor of Science from Purdue in 2004. He is a member of the Dependable and Secure Distributed Systems Laboratory (DS2) and his research interests include distributed systems, fault tolerance, and security.

Paula DeWitte, Developing an Operational Framework for Integrated System Security

Wed, 1 Nov 2006 16:30:00 EST

Systems are composed of multiple complex levels including the physical infrastructure, personnel or "humans-in-the-loop", administration policies and procedures, computers, networks, and the communication protocols for connectivity that tie the system into a workable unit. Each aspect is in itself a complex system. When we consider system security, we tend to focus on the electronic components—the connectivity, computers, and network—over the non-electronic. Although we rigorously implement security in the various system components, the security is rarely integrated across the boundaries of the entire system spectrum. We tend to implement security on the distinct levels of the system without considering the impact or interaction with other system levels. For example, we may fully implement encryption, passwords, and firewalls and feel that our electronic systems are secure, while the weakest link may be staff members who fall victim to social engineering techniques and unknowingly reveal sufficient information to allow a perpetrator to circumvent our best security. Or we may have fortified computer systems and well trained personnel, but neglect the fact that we are being monitored through the building's walls, floors, and windows. Without true understanding of the nature of the interactions of the system, we cannot fully understand how vulnerabilities in one level of the system such as the physical infrastructure can be exploited to allow attacks on another level such as the computer networks. By taking advantage of these vulnerabilities, perpetrators are able to circumvent even the most effective computer and network security, breach that security, and achieve their goals. We only need to consider the current challenges of insider threats or threats from coordinated attacks on the physical infrastructure and the computer networks to appreciate the need for better integrated system security. Our goal is to provide analytical tools for the real world, focusing on the decision makers who implement security policies across the system spectrum. Further, to be effective, these analytical tools must be implemented within an organizing framework that provides both an integrated view of security as well as the insight and understanding necessary to make effective security issues. This necessitates the development of step-by-step processes for analyzing and implementing security decisions. While this may seem to be a soft and less complete technical solution, it is actually implementing technology at the highest level because of the integration required to address each aspect of the system as well as the multi-disciplinary approach blending computer science, engineering, psychology, linguistics, and management in developing such analytic tools. This presentation will discuss work in progress in developing these analytical tools as well as the overarching framework for implementing integrated system security. Our intention is to understand "what can be" or "what could happen". With this insight, they can more effectively provide prevention, protection, or remediation strategies. About the speaker: Paula deWitte received a Ph.D. in Computer Science from Texas A&M University in 1989 where her dissertation work focused on retrieving useful information from physician-dictated medical records. For over twenty years, she has engaged in various research and technology development endeavors in natural language processing applications as well as systems and information integration. She has significant success in commercializing research results into fielded applications and analysis products. Her current research interests are in building natural language based tools for reducing the time required for certifying and accrediting security systems. As a mid-career redefinition, she is currently pursuing a law degree at St. Mary's Law School in San Antonio, TX where she intends to focus on technology and privacy issues. She also holds a B.S. and M.S. from Purdue University.

Qihua Wang, Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies

Wed, 25 Oct 2006 16:30:00 EDT

A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. It states a high-level requirement about the task without the need to refer to individual steps in the task. While extremely important and widely used, separation of duty policies state only quantity requirements and do not capture qualification requirements on users involved in the task. This talk will introduce a novel algebra that enables the specification of high-level policies that combine qualification requirements with quantity requirements motivated by separation of duty considerations. A high-level policy associates a task with a term in the algebra and requires that all sets of users that perform the task satisfy the term. The syntax and semantics of the algebra, as well as the algebraic properties of its operators will be presented. The talk will also discuss results for computational problems related to thealgebra and compare the algebra with regular expressions. About the speaker: QihuaWang is a PhD student in Department of Computer Science, Purdue University. He received his Bachelor's degree in computer science from University of Science and Technology of China (USTC), in 2004. His research interest is access control policy management.

Nitin Khanna, Forensics Characterization of Printers and Image Capture devices

Wed, 18 Oct 2006 16:30:00 EDT

The falling cost and wide availability of electronic devices have led to theirwidespread use by individuals, corporations, and governments. These devices,such as computers, cell phones, digital cameras, and printers, all containvarious sensors which generate data that are stored or transmittedto another device. One example of this is a security system containing anetwork of video cameras, temperature sensors, alarms, computers, and otherdevices. In such a network, it is important to be able to trust the data fromeach of these sensors. Forensic techniques can be used to uniquely identifyeach device using the data it produces. This is different from simply securingthe data being sent across the network because we are also authenticating thesensor that is creating the data.Forensic characterization of a device allows identification of the type ofdevice, make, model, configuration, and other characteristics based solely onobservation of the data that the device produces. These characteristicsthat uniquely identify a device are called device signatures. As an example,the noise characteristics in a digital image can be used as a signature of thecamera that produced it. Similarly, the ‘‘noise'' characteristics of a printengine can be used as a signature of the printer that generated a document.This talk will present current research and techniques for forensiccharacterization of printers and image capture devices such as digitalcameras and scanners. About the speaker: Nitin Khanna is a PhD candidate in Electrical and Computer Engineering at PurdueUniversity, after finishing his Bachelor of Technology at IIT Delhi,India, in 2005. He is currently working on image forensics for digital camerasand scanners. His research interests are in image processing and multimediasecurity.

Nora Rifon, Network Security Begins at Home: Changing Consumer Behavior for i-Safety

Wed, 11 Oct 2006 16:30:00 EDT

Virus and worm attacks that spread through holes in popular consumersoftware emphasize the role the online public must play in preserving thesafety and integrity of the Internet. To protect the network commons, moreusers must engage in safe online behavior by such actions as controllingtheir private information, updating software security patches, downloadingprotective software, and filtering their email. While network securityremains an abstract notion to the general public, online consumers canunderstand the issue in terms of their personal privacy behavior, actionsthat result in the undesired disclosure of information and unwantedintrusions on their personal cyberspace. In her talk, Professor Rifon willdiscuss a social-psychological approach to understanding Internet userprivacy and security safety related behaviors. About the speaker: Nora J. Rifon is a Professor in the Department of Advertising, Public Relations, and Retailing at Michigan State University. She earned her Ph. D. in Business, and her MA and BA in Psychology. Her research interests include consumer privacy and online safety for e-commerce, social networking, and telemedicine, socially responsible marketing tactics, corporate reputation, and consumer trust. Professor Rifon received three research awards in 2004 including a three-year, $400,000 National Science Foundation award to study online consumer information safety. In 2006 she received a grant from Microsoft Research for the development of a Trustworthy Computing curriculum. Recently she served as Privacy Executive on Loan to the Department of Information Technology, State of Michigan. Her recent research examines the public/private paradox of Internet use and implications for public policy. Professor Rifon has served on the Executive Committee of the American Academy of Advertising and presently chairs the Publications Committee. She serves on the editorial review boards of The Journal of Consumer Affairs, and The Journal of Interactive Advertising, is a Research Associate of the MSU Quello Center for Telecommunication Law and Management, and a member of the MSU Cybersecurity Intitiative. Professor Rifon has published her work in journals such as Communications of the ACM, New Media and Society, The Journal of Consumer Affairs, The Journal of Advertising, Advances in Consumer Research, Government Information Quarterly, The Journal of Interactive Advertising, and The International Journal of Advertising, and in the proceedings of a variety of International conferences. Professor Rifon has served as consultant to the State of Michigan Office of the Attorney General, private law firms, and the commercial sector.

Danfeng Yao, Verification of Integrity for Outsourced Content Publishing and Database Queries

Wed, 4 Oct 2006 16:30:00 EDT

In outsourced content publishing, the data owner gives the content to a service provider who answers requests from users. Similarly, in outsourced databases, the data owner delegates a service provider to answer queries. Outsourcing enables fast and fault-tolerant delivery of information. However, since service providers in outsourced systems may not be trusted by users, the user needs to verify the integrity ofinformation obtained.First, I present a cryptographic solution for the verification of pseudonymized documents. A document can be pseudonymized by the service provider on the fly, based on the data owner's policies and the user's access permissions. Our pseudonym protocol is simple and efficient, and only requires the data owner to prepare and sign the document once.Second, I present a solution for integrity verification of database aggregate queries, such as sum and max. We design proofs of correctness and completeness of aggregate results. What makes the problem challenging is that individual data entries may be sensitive (such as in medical databases), and should not be revealed to the user. We givecryptographic protocols to support verification of query results in a privacy-preserving fashion. About the speaker: Danfeng Yao is a fifth-year graduate student in the Computer Science Department at Brown University, Providence, Rhode Island. She obtained her B.S degree from Peking University, China, and Master degrees from Princeton University and Indiana University at Bloomington. Her thesis research is focused on cryptographic protocols indecentralized trust management, under the advising of Professor Roberto Tamassia. In the summer of 2006, Danfeng interned at HP Labs, Princeton, NJ. She worked closely with Stuart Haber, Bill Horne, and Tomas Sander on various aspects of the digital redaction project, which led to two HP technical reports. Danfeng's homepage is at http://www.cs.brown.edu/people/dyao/.

Ravi Sandhu, The Secure Information Sharing Problem and Solution Approaches

Wed, 27 Sep 2006 16:30:00 EDT

The secure information sharing problem is one of the oldest and most fundamental and elusive problems in information security. Mission objectives dictate that Information must be shared and made available to authorized recipients, and yet information must be protected from leakage and subversion by malicious insiders and malicious software. The doctrine of "share but protect" indicates the inherent conflict in achieving effective secure information sharing. In this talk we demonstrate the complexity and richness of the secure information sharing problem space. We then identify some "sweet spots" that appear promising in their practical benefit and feasibility of solutions. We describe the PEI models approach to decompose security problems into the three layers of policy models (topmost), enforcement models (middle), and implementation models (bottom). We discuss how this approach can be applied to the secure information sharing problem. Finally we indicate how modern trusted computing technology can be used to solve important variations of this problem. About the speaker: Dr. Ravi Sandhu earned B.Tech. and M.Tech. degrees from IIT Bombay and Delhi respectively, and M.S. and Ph.D. degrees from Rutgers University. He is a Fellow of ACM and IEEE, and recipient of the IEEE Computer Society Technical Achievement Award. His research has focused on information security, privacy and trust, with special emphasis on models, protocols and mechanisms. His doctoral work on safety and expressive power of access control was further developed by him culminating in the Typed Access Matrix in 1992. In collaboration with Prof. Jajodia, he analyzed and reconciled confidentiality and integrity in multilevel secure databases. In 1993 he showed that Chinese Wall separation of duty policies were instances of information flow. In 1996, along with industry colleagues, he published the seminal paper on role-based access control which evolved into the 2004 NIST/ANSI standard RBAC model. In 2002, with Jaehong Park, he introduced the Usage Control model for next-generation access. Other recent activities include Information Sharing models and implementations using Trusted Computing, and the PEI (policy, enforcement and implementation) layered models method for synthesizing secure systems. Ravi has published over 160 technical papers on information security, has received over 30 research grants and has graduated 12 PhD's in his career.Ravi is the founding editor of the Synergy Lecture Series on Information Security, Privacy and Trust. Earlier, he was the founding editor-in-chief of the ACM Transactions on Information and Systems Security (TISSEC), from 1997 to 2004. He was Chairman of ACM SIGSAC from 1995 to 2003, and founded and led the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies to high reputation and prestige. He served as the security editor for IEEE Internet Computing from 1998 to 2004. In 2000 Ravi Sandhu co-founded the company now known as TriCipher and continues to serve as its Chief Scientist. He is the principal security architect of the TriCipher Armored Credential System. He is an inventor on eight security technology patents and has over fifteen patents pending. He is also the principal architect of the M.S. and Ph.D. programs in Information Security and Assurance at George Mason University.

Gene Kim, Prioritizing Processes and Controls for Effective and Measurable Security

Wed, 20 Sep 2006 16:30:00 EDT

Are your security & IT controls really effective? Do you know how your security & IT operations compare to high performers? In this presentation, Gene Kim will share the work he has been doing over the last six years with the IT Process Institute (ITPI), Software Engineering Institute, and Institute of Internal Auditors, codifying the observed practices of high-performing IT organizations. These high performers have a culture of change management, a culture of causality and a perpetual desire to detect variance before it causes a catastrophic event.Specifically, Gene will discuss the ITPI IT Controls Benchmarking Survey of practice, a recently completed research project which has quantified the value, effectiveness, efficiency and security of controls. This landmark research has uncovered an alternative approach to being an effective security executive, based on measuring security by its ability to maintain its existing commitments; integrate controls into daily IT operations (prevent); put automated controls in place to variance before loss events (detect); reduce the percent of security incidents that result in loss events (detect); and successfully investigate and conclude security investigations.Attendees will learn about the key research findings:* That high performers have 5-8x higher operational and securityeffectiveness and efficiency measures* The 20% of IT controls that have 80% of the measurable benefits, andhow to implement and the prescriptive steps to take in order to achievedefined security results* The certain processes and controls that have shown catalytic andsustaining properties, meaning that the value they add demonstrablyexceeds the cost to implement, and report out on them. About the speaker: Gene Kim is the CTO and founder of Tripwire, Inc. In 1992, heco-authored Tripwire while at Purdue University with Dr. Gene Spafford.Since then, Tripwire has been adopted by more than 5,000 enterprisesworldwide. In 2004, Kim co-founded the IT Process Institute, which isdedicated to research, benchmarking and developing prescriptive guidancefor IT operations and security management and auditors. He alsoco-authored the "Visible Ops Handbook: Implementing ITIL in FourPractical And Auditable Steps" and was a principal investigator on theIT Controls Performance Study project, completed in 2006 Kim currentlyserves on the Advanced Technology Committee for the Institute ofInternal Auditors, and was part of the team that defined changemanagement best practices for the recently released IIA GlobalTechnology Guide "Change and Patch Management Controls: Critical forOrganizational Success." Since 1999, Kim has been working with SANS, the Software EngineeringInstitute and the IIA to capture how "best in class" organizations haveIT operations, security, management, governance and audit workingtogether to solve common business objectives. Kim holds a M.S. incomputer science from University of Arizona and a B.S. in computersciences from Purdue University. Gene is certified on both ITmanagement and audit processes, possessing both ITIL Foundations andCISA certifications.

Hyogon Kim, Real-Time Visualization of Network Attacks on High-Speed Links

Wed, 13 Sep 2006 16:30:00 EDT

In this talk, we will see that malicious traffic flows such as denial-of-service attacks and various scanning activities can be visualized in an intuitive manner. A simple but novel idea of plotting a packet using its source IP address, destination IP address, and the destination port in a 3-dimensional space graphically reveals ongoing attacks. Leveraging this property, combined with the fact that only three header fields per each packet need to be examined, a fast attack detection and classification algorithm can be devised. About the speaker: Prof. Hyogon Kim is visiting Purdue University for the fall semester this year from Korea University, Seoul, Korea. He is an associate professor at Korea U., where he teaches Internet protocols and wireless communication. He received a Ph.D. from the University of Pennsylvania in 1996, and went on to Bell Communications Research (Bellcore, now Telcordia Technologies) to work on Internet protocols and architecture issues. He joined Korea University in 2003, and has been working on Internet security and wireless network performance.

Ed Finkler, A Multi-layered Approach to Web Application Defense

Wed, 6 Sep 2006 16:30:00 EDT

Defending against attacks on a web application is by nature is complex process, one that must address everything from coding practices to user management to network architecture. This talk will describe a number of techniques that, used in concert, will make your web app a much tougher cookie to crack. Primary focus will be on open-source "XAMP" setups, but the concepts should be applicable to most other systems. About the speaker: Edward Finkler is the Web and Security Archive Administrator for CERIAS. He is a member of the PHP Security Consortium, and on better days thinks of himself as an expert in web application security and interface design. His most recent project is PHPSecInfo, a PHP environment security auditing tool.

Sid Stamm, Invasive Browser Sniffing and Countermeasures

Wed, 30 Aug 2006 16:30:00 EDT

We describe the detrimental effects of browser cache/ history sniffing in the context of phishing attacks, and detail an approach that neutralizes the threat by means of URL personalization; we report on an implementation performing such personalization on the fly, and analyze the costs of and security properties of our proposed solution. About the speaker: Sid Stamm is a PhD candidate in Computer Science at Indiana University where he earned his MS in 2005. He is currently investigating context-aware phishing attacks ("spear phishing") and ways to thwart them; Sid hopes to keep ahead of the real phishers out there, and find ways to prevent such extremely deceptive social/ technical attacks. His research interests are in social engineering, identity verification, and applications of cryptographic protocols for authentication and privacy.

Ehab Al-Shaer, Ph.D., Toward Autonomic Security Policy Management

Wed, 23 Aug 2006 16:30:00 EDT

The assurance of network security is dependent not only on the protocols but also on polices that determine the functional behavior of network security devices. Network security devices such as Firewalls, IPSec gateways, IDS/IPS operate based on locally configured access control policies. However, the complexity of managing security polices, particularly in enterprise networks, poses many challenges for deploying effective security. For example, security policies are usually configured in isolation from each other, even though they are not necessarily independent as they interact with each other to form the global security policy. As a result of such ad-hoc management, policy inconsistencies and network vulnerability are created. In addition security policy might grow in size causing a significant performance overhead in security devices. A major performance gain can be achieved if policies can be dynamic optimized to adapt to traffic properties (called traffic-aware policy optimization). This talk will explain these challenges and present the recent research results in the area of automated verification, and optimization of network security polices. About the speaker: Ehab Al-Shaer is an Associate Professor and the Director of Multimedia Networking Research Lab (MNLAB)in the School of Computer Science, Telecommunications and Information System at DePaul University. He received his Ph.D. in CS from Old Dominion University, M.S. in CS from Northeastern University, and B.Sc. in CompEng from KFUPM in 1998, 1994, and 1990 respectively. His primary research areas are Network Security, Internet monitoring, fault management, and multimedia protocols. Prof. Al-Shaer has many refereed journal and conferences publications in his area. He is a Co-Editor of number of books in the area of multimedia management and Monitoring Internet Monitoring. Prof. Al-Shaer is currently the program co-chair for IM'07, the primer conference in network management. He was also the Conference Program Co-chair for MMNS'01, E2EMON'03-06. He also served as steering committee member, TPC member, guest speaker, panelist, tutorial presenter, for many IEEE/ACM conferences and industry seminars. Prof. Al-Shaer was a Guest Editor for many journals. He received a fellowship award from NASA Langley Research Center in 1997. His research is sponsored in part by NSF, Cisco, Intel, Sun Microsystems, Aramco and Aprisma.

Virgil D. Gligor, On the Evolution of Adversary Models for Security Protocols - from the Beginning to Sensor Networks

Wed, 26 Apr 2006 1:00:00 EDT

Invariably, new technologies introduce new vulnerabilities which, in principle, enable new attacks by increasingly potent adversaries. Yet new systems are more adept at handling well-known attacks by old adversaries than anticipating new ones. Our adversary models seem to be perpetually out of date: often they do not capture adversary attacks enabled by new vulnerabilities and sometimes address attacks rendered impractical by new technologies. In this talk, I provide a brief overview of adversary models beginning with those required by program and data sharing technologies, continuing with those required by computer communication and networking technologies, and ending with those required by mobile ad-hoc and sensor network technologies. I argue that mobile ad-hoc and sensor networks require new adversary models (e.g., different from those of Dolev-Yao and Byzantine adversaries). I illustrate this with adversaries that attack perfectly sensible and otherwise correct protocols of mobile ad-hoc and sensor networks. These attacks cannot be countered with traditional security protocols as they require emergent security properties. About the speaker: Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He has been at the University of Maryland since 1976, and is currently a Professor of Electrical and Computer Engineering. He is an Editorial Board member of the ACM Transactions on Information System Security, IEEE Transactions on Dependable and Secure Computing, and IEEE Transactions on Computers. Over the past three decades, his research interests ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography.

John Black, Recent Attacks on MD5

Wed, 19 Apr 2006 1:00:00 EDT

Cryptology is typically defined as cryptography (the construction of cryptographic algorithms) and cryptanalysis (attacks on these algorithms). Both are important, but the latter is more fun. Cryptographic hash functions are one of the core building blocks within both security protocols and other application domains. In the last few decades a wealth of these functions have been developed, but the two in most widespread usage are MD5 and SHA1. Recently, there has been a great deal of activity regarding the cryptanalysis of MD5. We survey the recent attacks on the MD5 hash function from the modest progress in the mid 90s to the startling recent results instigated by Xiaoyun Wang. We will look at the details of these attacks, some recent improvements, two applications, and discuss the current outlook on cryptographic hashing. About the speaker: John Black is an Assistant Professor of Computer Science at the University of Colorado at Boulder. Dr. Black's research interests lie primarily in cryptography and cryptanalysis, particularly in the construction of fast and provably-secure algorithms and in the analysis of cryptography applied to networks and computer systems. Dr. Black received his Ph.D. in Computer Science from the University of California at Davis in 2000. He is the recipient of an NSF CAREER award and a check from Donald Knuth for $2.56.

David Carroll, Identity Management Strategies and Integration Perspectives

Wed, 12 Apr 2006 1:00:00 EDT

For large government agencies and corporations there can be significant value in the use of identity, access, and rights management infrastructures or IDM. The organizations investment in directory services, authorization services, rights management, and public key systems all combine to form a sometimes complex infrastructure. The products that are deployed may be based upon standards such as WS-Security, SAML, and X509.3 but many are still hampered by proprietary vendor implementation, lack of understanding of the capability of the technology as it relates to business process, or unwise architectural decisions. This seminar will focus on how the models for IDM are maturing and comment on how the urgency to deploy solutions changes when combined with service oriented architecture. The seminar will give practical examples from the experience of working within large scale infrastructures in both corporate and government environments. It will conclude with commentary on the IDM issues and solutions revolving around the largest government identity management effort to date About the speaker: David Carroll leads the Application Security Section for the MITRE Corporations Federal Systems Security Department in McLean, Virginia. Federal Systems Security is part of the MITRE INFOSEC Center and is charged with researching and defining architecture for government agencies that must interact through outreach to the public. He specializes in security architecture and has focused for the last 7 years in identity management, access management, and user provisioning systems. He currently advises the U.S. Department of Homeland Security Chief Information Security Officer and is particularly active in areas relating to Homeland Security Presidential Directive Twelve which mandates the use of a common identity credential for all U.S. government agencies. Mr. Carroll participates in several working groups including the Federal Bridge (FBCA) PKI working group. Prior to joining MITRE he was the information security architect for Marriott International and developed their identity and access management capabilities which service over 140,000 employees worldwide. Mr. Carroll successfully integrated over 100 separate applications over a 5 year period to make the Marriott Extranet a business asset and show the capability and business value of combined identity and access management across the corporate web space. Mr. Carroll has a M.S. in Information Assurance and a B.S. in Technology Management both from the University of Maryland. His specific research interests include identity management, digital rights management, application security, identity based policy enforcement, public key systems, and identity based encryption.

Dave Ford, Chaos,Complexity, Cybernetics and Therminator:

Wed, 5 Apr 2006 1:00:00 EDT

In the days after Presidential Decision Directive 63 "Therminator: was born at NSA. This talk gives an overview of the applications of strategies from non-linear dynamics, complexity theory and elements from cybernetics in the context of reducing high-dimensional data sets (e.g. internet traffic) and explains why simple equilibrium thermodynamics is the weapon of choice. About the speaker: Dave Ford is a TAM graduate of the University of Illinois. He has worked at NSA and now is a professor at the Naval Postgraduate School.

Minaxi Gupta, Spoofing-resistant Packet Routing for the Internet"

Wed, 29 Mar 2006 0:00:00 EST

The forgery of source IP addresses, called IP spoofing, is commonly exploited to launch damaging denial-of-service (DoS) attacks in the Internet. Currently proposed spoofing prevention approaches either focus on protecting only the target of such attacks and not the routing fabric used to forward spoofed packets, or fail under commonly occurring situations like path asymmetry. We will presents a hop-wise packet marking approach that equips the routers to drop spoofed packets close to their origination. Our approach has utmost concern for immediate deployability and simulations show that it dramatically reduces the amount of spoofing possible even under partial deployment. About the speaker: Minaxi Gupta is an Assistant Professor in the department of Computer Science at Indiana University (Bloomington, IN). Her research interests are in Computer Networks and Security, particularly in the performance aspects that fall in the intersection of these areas. Minaxi received a Ph.D. in Computer Science from Georgia Tech in 2004. She also holds an M.S. in Computer Science from Georgia Tech, and an M.Sc. in Physics from the Indian Institute of Technology Mumbai.

Julie Earp, Privacy Policies in Web-based Healthcare

Wed, 22 Mar 2006 0:00:00 EST

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has resulted in the presence of very descriptive privacy policies on healthcare websites. These policies are intended to notify users about the organization's privacy practices; however, they are typically not easy to read, leading few people to actually read them. Given the fact that these policies are not optional, but required by HIPAA, they should be presented in a clear and concise manner that encourages consumers to read them. At the present time, this is not the case. This seminar will present the preliminary results of our study that compares various ways to present privacy management information to healthcare consumers. The study involved an online experiment and survey of 993 Internet users. About the speaker: Julie Earp is an Associate Professor of Information Technology in the Business Management Department of the College of Management at NCSU. She is heavily involved with the cooperative electronic commerce initiative and The Privacy Place, both which involve the College of Management and the College of Engineering. Her research focuses on Internet security and privacy issues from several different perspectives, including data management, consumer values, policy, economics and law. The ultimate goal of her work is to demonstrate the need for supporting the early stages of the software lifecycle, specifically addressing the need for novel approaches to security and privacy coverage in web-based systems. Her research recently gained international recognition as the best paper awarded by the Organizational and Communication Information Systems (OCIS) division of the Academy of Management in 2003. An extended version of this award winning paper is available at IEEE Transactions on Engineering Management. Her involvement in educational activities has included her role as co-founder and co-director of the NCSU E-Commerce Studio. The Studio is a lab in which management and computer science graduate students collaborate in multi-disciplinary teams to develop Web-based e-commerce applications for industrial partners. In keeping with her research focus, students in the Studio are taught how to develop appropriate security and privacy policies as well as systems that are in compliance with those policies. She has also been a leader in developing the Information Technology curriculum under the Business Management degree at NCSU. She has initiated, designed, and taught several courses at both the undergraduate and graduate levels.

Marina Blanton, Dynamic and Efficient Key Management for Access Hierarchies

Wed, 8 Mar 2006 0:00:00 EST

Hierarchies arise in the context of access control whenever the set of users can be modeled as a set of partially ordered classes (i.e., represented as a directed graph). In such systems, a user that belongs to a particular class inherits privileges of all of its descendant classes. The problem of key management for an access hierarchy then consists in assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via an efficient key derivation process. We propose an efficient solution to this problem with a number of important properties, some of which are: a single key per class, local handling of changes to the hierachy, and provable security against collusion. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. In addition, we give techniques to exponentially lower key derivation time for trees with only a contant increase in the space to store the hierarchy. About the speaker: Marina Blanton is a PhD candidate at Purdue University. She received her MS in CS from Purdue University in 2004 and MS in EECS from Ohio University in 2002. Her research interests lie in the areas of access control, applied cryptography, and privacy. More information is available at http://www.cs.purdue.edu/homes/mbykova.

Rafae Bhatti, A Policy Engineering Framework for Federated Access Management

Wed, 1 Mar 2006 0:00:00 EST

Federated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This talk describes the design of a policy-engineering framework, called xFederate, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only allow specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework also includes the design of an administrative model targeted at access control policy administration in a decentralized environment. Two profiles of the policy language, namely a SAML profile and a WS-Policy profile, have been developed to integrate the framework with industry standards for federation and policy-based management in the emerging Web services paradigm. The talk will include an online demo of a research prototype that illustrates the use of xFederate as an enabling technology for secure Web services with applications in federated digital libraries and federated electronic healthcare management. About the speaker: Rafae Bhatti is a PhD candidate in the Department of Electrical and Computer Engineering and affiliated with the Center for Education and Reserach in Information Assurance and Security (CERIAS) at Purdue University. His research interests include information systems security, with emphasis on design and administration of access management policies in distributed systems. In his M.S. thesis research at Purdue, he developed an XML-based policy specification framework for distributed access control. His PhD research focuses on the access management problems posed by the emerging federated paradigm of information sharing and collaboration, and on specification of XML-based security protocols for Web-based information systems. His work on XML-based access control framework for the Role Based Access Control (RBAC) model have recently been cited by the OASIS consortium in their official announcement of the RBAC standard.

Mike Burmester, Provable security in mobile ad hoc networks

Wed, 15 Feb 2006 0:00:00 EST

Mobile ad hoc networks (MANETs) are collections of wireless mobile nodes with links that are made or broken in an arbitrary way. Communication is achieved via routes whose node relay packets. Several routing algorithms have been proposed in the literature. These focus mainly on efficiency with security relegated to weak adversary models. In this talk we consider the security of distributed MANET applications in malicious adversary models. We model a MANET by a stochastic finite state machine that is subject to mobility, medium and markovian constraints and describe an adversary structure that addresses the malicious attacks that are particular to MANETS (wormhole attacks, Sybil attacks, packet dropping, selfishness). We then show how the traditional cryptographic framework for provable security can be adapted to this particular adversary structure. Finally we consider two complementary approaches that can be used to achieve provably secure routing in our adversary model: a reactive approach that traces malicious behavior and a proactive approach that tolerates malicious behavior. About the speaker: Mike Burmester is a professor at Florida State University since 2001. Earlier, he was at Royal Holloway, London University. He got his BSc from Athens University and PhD from Rome University. His research interests include key distribution, privacy, anonymity, network security and watermarking. He is a member of the International Association for Cryptological Research and a Fellow of the Institute of Mathematics and Applications.

Brian Carrier, Categories of Digital Forensic Investigation Techniques

Wed, 8 Feb 2006 0:00:00 EST

This talk examines formal concepts of digital forensic investigations. To date, the field has had an applied focus and little theory exists to formally define analysis techniques and requirements. This work defines an extended finite state machine (FSM) model and uses it to describe a computer's history, which contains the primitive and abstract states and events that existed and occurred. Using this model, categories of analysis techniques can be defined. This talk describes the model, describes the categories of analysis techniques, and compares the existing tools to the analysis technique categories. About the speaker: Brian Carrier is the author of \"File System Forensic Analysis\" and several digital forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. He is completing his Ph.D. in computer science at Purdue University. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for the @stake Response Team and Digital Forensic Labs. Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence, is a member of the Honeynet Project, a referee for the Journal of Digital Investigation, and on the committees of several conferences, workshops, and technical working groups.

Abhilasha Bhargav-Spantzel, Digital Identity Management and Theft Protection

Wed, 1 Feb 2006 0:00:00 EST

Digital identity management technology is fundamental in customizing user experience, protecting privacy, underpinning accountability and compliance in today About the speaker: Abhilasha Bhargav-Spantzel is Computer Science PhD Student in Purdue University. She received her bachelors in Computer Science and Mathematics from Purdue in 2002. Her primary research interest is in Identity Management and Theft Protection. Her research aims to provide a strong theoretical foundation on which the solutions are built as well as prototype implementations. She actively collaborates with industrial and academic initiatives for identity management tools and standards. Please refer to http://homes.cerias.purdue.edu/~bhargav for more information.

Paul Thompson, Semantic Attacks and Security

Wed, 25 Jan 2006 0:00:00 EST

Attacks on computer and other networked systems can be categorized as physical, syntactic and semantic. Physical attacks seek to destroy hardware, while syntactic attacks, such as computer worms and viruses, target the network infrastructure. Semantic attacks are directed at the mind of the user of a computer system, or, more generally, any decision process in an automated system. For example, a false, or misleading, discussion group posting which leads readers of the posting to become victims of a pump-and-dump scheme, whereby the price of a company About the speaker: Paul Thompson received his Ph.D. from the University of California, Berkeley, in 1986. He is currently a research professor in Dartmouth College

Jean Camp, Net Trust: Identification Through Social Context

Wed, 18 Jan 2006 0:00:00 EST

In the nineties the disconnection between physical experience and the digital networked experience was celebrated - individuals are said to move into cyberspace, become virtual and leave the constraints of the physical realm. The increase in fraud, difficulties in securing email, and increasing prevalent browser-based attacks illustrate that the lack physical signaling information can also be costly. I introduce a trust that evaluation system, Net Trust. The trust evaluation system offered in Net Trust builds on the technical construction of networks of trust, reputation systems, and social browsing. Net Trust is explicitly a socio-technical solution; the solution employs a user About the speaker: Professor L. Jean Camp\'s core interest is in the interaction of technical, financial and social trust. It was this interest that led Prof. Camp from graduate electrical engineering research in North Carolina to the Department of Engineering and Public Policy at Carnegie Mellon, and it remained her core interests as a Senior Member of the Technical Staff at Sandia National Laboratories. At Sandia National Laboratories her work focused on computer security. She left Sandia National Laboratories to join the faculty at Harvard\'s Kennedy School. As a tenured at Indiana University

Simson Garfinkel, Cross-Drive Forensic Analysis

Wed, 11 Jan 2006 0:00:00 EST

This talk introduces cross-drive analysis (CDA), a new approach for performing analysis of forensic data sets that are too large or complex to be analyzed with today's existing tools. CDA works by performing systematic information extraction and cross-correlation across an entire data set. CDA was used to analyze 182 disk drives acquired on the secondary market; it automatically identified drives containing a high concentration of confidential financial records and three pairs of drives, each previously used by the same organization. CDA shows strong promise in allowing forensic examiners to prioritize their work and in automatically identifying members of preexisting social networks. About the speaker: Simson L. Garfinkel is a postdoctoral fellow at the Center for Research on Computation at Society at Harvard University and an instructor at the Harvard Extension School, where he teaches courses on computer security and application design. He is also a founder of Sandstorm Enterprises, a computer security firm that develops advanced computer forensic tools used by businesses and governments to audit their systems. Dr. Garfinkel has research interests in computer forensics, the emerging field of usability and security, and in personal information management. He is also interested in information policy and terrorism, and has actively published and researched in these areas since the late 1980s. Garfinkel writes a monthly column for CSO Magazine, for which he was awarded both the 2004 and the 2005 Jesse H. Neal National Business Journalism Award for Best Regularly Featured Department or Column. He wrote a weekly column for The Boston Globe between 1996 and 2000 and for Technology Review Magazine between 1998 and 2004. He was a founding contributor of Wired Magazine, and still writes for Wired on an occasional basis. Overall, Garfinkel\'s popular articles have appeared in more than 70 publications around the world. Garfinkel is the author or co-author of fourteen books on computing, published by Addison-Wesley, IDG Books, MIT Press, O\'Reilly and Associates, and Springer-Verlag. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel\'s most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies in more than a dozen languages since the first edition was published in 1991. Garfinkel received three Bachelor of Science degrees from MIT in 1987, a master\'s of science in journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005. Garfinkel\'s CV is located on the Internet at http://www.simson.net/cv. Garfinkel lives in Belmont with his wife and three children.

Jelena Mirkovic, Clouseau: A practical IP spoofing defense through route-based filtering

Wed, 7 Dec 2005 0:00:00 EST

IP spoofing accompanies many malicious activities and is even means for performing reflector DDoS attacks. Route-based filtering (RBF) enables a router to filter spoofed packets based on their incoming interface - this information is stored in an incoming table. Packets arriving on the expected incoming interface for their source address are considered legitimate, while all the other packets are filtered as spoofed. Past research has shown that RBF can be very effective when deployed at the vertex cover of the Internet AS-map (about 1500 ASes) but no practical approach has been proposed for incoming table construction. We first show that RBF achieves high effectiveness even if the number of deploying points is very small (30 chosen deployment points reduce the amount of the spoofed Internet traffic to 5%). We further show that completeness of the incoming tables is critical for filtering effectiveness - partially full tables are as good as empty. This implies that routers cannot rely on reports of a few participating domains to build their incoming tables, but instead must devise means of accurately "guessing" incoming interface information for all traffic they see. Their guessing strategy must quickly react to offending traffic and determine with high accuracy whether the reason for the offense was a route change (in which case incoming interface information must be updated) or spoofing. We next propose a protocol called Clouseau which builds accurate incoming tables at RBF routers, and keeps these tables up to date in face of frequent route changes. Clouseau infers incoming table information by applying randomized drops to offending TCP traffic and observing its retransmission behavior. No communication is required with packet sources or other RBF routers, which makes Clouseau suitable for partial deployment. The inference process is further resilient to subversion by an attacker who is familiar with the design of Clouseau. About the speaker: Jelena Mirkovic received her B.Sc at University of Belgrade, Serbia and Montenegro in 1998 and her MS and PhD at UCLA in 2000 and 2003. Since 2003, she joined University of Delaware as an assistant professor. Her research investigates distributed denial-of-service detection and defense, IP spoofing and Internet worms, and is supported by NSF and the Department of Homeland Security. ---------------------------------------------------------------------------

Stanislaw Jarecki, Secret Handshakes

Wed, 30 Nov 2005 0:00:00 EST

Secret Handshake is an authentication protocol with non-standard and strong anonymity property: Namely, the secrecy of the *affiliations* (i.e. the certificates) of party A who engages in this authentication protocol with party B will be protected against any B* (i.e. a malicious party which pretends to be B) who does not meet A's authentication criteria. This strong secrecy and anonymity protection turns out to be possible, and quite efficiently so, based on various standard cryptographic assumptions. The talk will give an overview of the problem, the various solutions, and the several efficiency and security issues involved in making such anonymous authentication schemes practical. About the speaker: Stanislaw Jarecki is a Professor in the Department of Computer Science at the University of California, Irvine. He is working on cryptography and fault tolerant distributed protocols. He received his Ph.D. in Computer Science at MIT in 2001. His thesis work was on threshold protocols, which are protocols that enable shared computation of cryptographic functions in a distributed setting. Between MIT and UCI, Stanislaw worked as a researcher at Intertrust and then as a postdoc in the cryptography and security group at Stanford. His current work includes threshold protocols, affiliation-privacy in authentication protocols, robust cryptographic protocols, and theoretical issues like secure 2-party computation.

Shouhuai Xu, Privacy-preserving Policy-driven Access Control with Mixed Credentials

Wed, 16 Nov 2005 0:00:00 EST

Access control in decentralized systems is an important problem that has not been fully understood, except perhaps that it should be based on credentials. There are mainly two research approaches towards this goal: one is to pursue powerful individual credentials yet without necessarily considering flexible access control policies, the other is to consider flexible policies yet without necessarily accommodating the useful credential schemes that have become available. This paper proposes a unified approach that simultaneously consider flexible policies and useful credentials. A first realization of this approach is the notion of assembly signatures (and identifications), which are: (1) privacy-preserving, meaning that the access requestor's privacy is ensured; (2) policy-driven, meaning that the validity of a signature is with respect to a given access control policy; (3) ``mixed credentials"-based, meaning that a signature is constructed out of various anonymous and non-anonymous credentials. (This is a joint work with Moti Yung) About the speaker: Shouhuai Xu is an assistant professor in the Department of Computer Science, University of Texas, San Antonio. He earned his PhD in computer science in 2000 from Fudan University, China. He is interested in system-oriented security design and analysis, with a current emphasis on cryptographic design and analysis. His research is funded by NSF, ARO etc. Please refer to http://www.cs.utsa.edu/~shxu for more information.

Anna Squicciarini, Privacy and anonymity in Trust Negotiations".

Wed, 9 Nov 2005 0:00:00 EST

Trust negotiation is an emerging approach for establishing trust in open systems, where sensitive interactions may often occur between entities with no prior knowledge of each other. Although several proposals today exist of systems for the management of trust negotiation, none of them provides a comprehensive approach to the problem of privacy preservation. Trust negotiation systems, however, by their very nature may represent a threat to privacy. Credentials, exchanged during negotiations, often contain sensitive personal information that thus needs to be selectively released. As we believe that trust negotiation systems must effectively address privacy issues to be widely acceptable, we have investigated privacy in the context of trust negotiations. In this talk, we will propose the main results obtained so far in the area of trust negotiation as part of the Ph.D. activity. We propose a set of privacy preserving features to be included in any trust negotiation system, such as the support for the P3P standard, as well as a number of innovative features such as a novel format to encode digital credentials specifically designed for preserving privacy. Finally, we illustrate techniques for supporting anonymous trust negotiations as part of a privacy-preserving trust negotiations, to carry on trust negotiations without revealing identity related information. About the speaker: Anna Cinzia Squicciarini is a PhD Student at the University of Milan, Italy. She received a degree in Computer Science from the University of Milan in July 2002 with full marks. During autumn 2003 Anna Cinzia has been a visiting researcher at Swedish Institute of Computer Science, Stockholm. During spring 2004 she also been research scholar at Colorado State University, Fort Collins (CO), US. Her main research interests include trust negotiations, privacy, models and mechanisms for privilege and contract management in virtual organizations. Currently, she is visiting scholar at Purdue University, West Lafayette, where she is exploring research issues related with identity management and web service access control models.

Bryant G. Tow, A Demonstration in the Need for a Layered Security Model

Wed, 26 Oct 2005 0:00:00 EDT

About the speaker: Bryant has over 15 years of experience in the IT industry both as an entrepreneur and corporate executive and has successfully built 3 high tech companies. As the current Director of Managed Security Services - North America for Unisys Corp. Bryant is responsible for all aspect of growing the security business including: thought leadership in the area of security strategy and planning, development of the security solutions, go to market strategies and the quality of delivery. Bryant has held several leadership positions in the IT security industry. o FBI

Dr. Angelos D. Keromytis, Toward Self-healing Software

Wed, 19 Oct 2005 0:00:00 EDT

As systems grow in size and complexity, our ability to protect them through manual intervention or static defenses degrades. We believe that, in addition to proper design principles and proactive mechanisms, automated reactive approaches must be employed to close the gap in the attacker vs. defender capabilities. Toward this goal, we have been examining the possibility of software systems that self-diagnose and repair themselves in the presence of previously unknown attacks and failures, with minimal or no human intervention. In this talk, I will discuss our research in self-healing software systems. I will introduce the concepts of "micro-speculation" and "error virtualization", which can be combined to provide a generic mechanism for dealing with low-level software failures and vulnerabilities. I will describe the use of these techniques in two system prototypes of self-healing software that address such vulnerabilities: the Worm Vaccine architecture and STEM (Selective Transactional EMulation). I will close the talk with a discussion of our preliminary work toward software Application Communities, groups of identical instances of an application that cooperate to improve their collective security. About the speaker: Angelos Keromytis is an Assistant Professor of Computer Science at Columbia University. He received his MS and PhD from the University of Pennsylvania, and his BS (all in Computer Science) from the University of Crete, in Greece. His research interests include network and system survivability, authorization and access control, and large-scale systems security. In a previous life, he had enough time to contribute code to the OpenBSD project. His increasingly outdated home page can be found at http://www.cs.columbia.edu/~angelos

Dan Massey, Securing the Internet's Domain Name System

Wed, 5 Oct 2005 0:00:00 EDT

This talk considers security challenges facing the Internet's Domain Name System (DNS). The DNS is one of the most widely used and least secure Internet systems. Viirtually every Internet application relies on the DNS to convert names into IP addresses and the DNS provides a wide range of other critical mappings such as identifying mail servers and locate services. But despite its importance, the original DNS design gave very little thought to security and a variety of misdirection and denial of service attacks are possible. For example, a web browser relies on the DNS to convert www.purdue.edu into an IP address. The DNS supplies the web browser with an IP address (more precisely an "A" resource record set) such as 129.82.100.64 (is this address correct?). If this address is wrong, the browser will be directed to the wrong site. If the DNS fails to return a response, the browser will not be able to load the desired web page. Currently, both the operational and research communities are making considerable efforts to improve DNS security. After nearly a decade of development, the IETF has standardized DNS Security Extensions that add public key authentication into the DNS. The hierarchical structure of the DNS is leveraged to authenticate public keys, keys can be managed offline, and the signatures allow a resolver to authenticate a response. However several open issues remain, including key revocation, support for dynamic updates, resolver security policies, incremental deployment, and commercial challenges. The DNS Security Extension enable a number of new techniques, but basic problems on denial of service remain. The research community has largely focused on denial of service attacks against critical top level servers could potentially cause considerable damage to the DNS service. This has led to proposals for replacing the DNS tree with a distributed hash table attacking a few critical top level servers. This talk will argues that, despite some major flaws, the DNS Security Extensions provide the necessary tools to build a robust and secure DNS. By using these tools appropriately, a wholesale replacement of the DNS system by other approaches can and should be avoided. About the speaker:

Ting Yu, A Framework for Identifying Compromised Nodes in Sensor Networks

Wed, 21 Sep 2005 0:00:00 EDT

Sensor networks are vulnerable to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it, and introduce arbitrary false information into the network. Most existing techniques focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. We propose an application-independent framework for identifying compromised sensor nodes. In this framework, sensor nodes may conceptually observe the activity of each other following the deployment topology of a sensor network. An alert is generated if a node observes an abnormal activity. Such alerts are collected by the base station, which further reason and finally identify compromised nodes. We develop efficient and accurate reasoning algorithms that can effectively deal with collusion and local majorities. Our algorithms are optimal in the sense that they identify the largest number of compromised nodes without introducing false positives. About the speaker: Ting Yu received his PhD from the University of Illinois at Urbana-Champaign in 2003. He is currently an assistant professor in the Department of Computer Science, North Carolina State University. His research interests include trust negotiation and management, privacy policy specification and enforcement, and data privacy.

Peter Bajcsy, Toward Hazard Aware Spaces: Knowing Where, When and What Hazards Occur

Wed, 14 Sep 2005 0:00:00 EDT

While considering all existing hazards for humans due to (a) natural disastrous events, (b) failures of human hazard attention or (c) intentional harmful behaviors of humans, we address the problem of building hazard aware spaces (HAS) to alert innocent people. We have researched and developed components of a prototype HAS system for detecting fire using wireless "smart" micro electro-mechanical systems (MEMS) sensors, such as, the MICA sensors, and spectral cameras, for instance, thermal infrared (IR), visible spectrum and multi-spectral cameras. Within this context, my presentation overviews technical challenges and prototype scientific solutions to (1) robotic sensor deployment, (2) localization of sensors and objects, (3) synchronization of sensors and cameras, (4) calibration of spectral cameras and sensors, (5) proactive camera control, (6) hazard detection, (7) human alert, (8) hazard confirmation, and (9) hazard understanding and containment. The work presented will also include theoretical and practical limitations that have to be understood when working with novel technologies. http://www.ncsa.uiuc.edu/people/pbajcsy/ About the speaker: Peter Bajcsy has earned his Ph.D. degree from the Electrical and Computer Engineering Department, University of Illinois at Urbana-Champaign, IL, 1997, M.S. degree from the Electrical Engineering Department, University of Pennsylvania, Philadelphia, PA, 1994 and Diploma Engineer degree from the Electrical Engineering Department, Slovak Technical University, Bratislava, Slovakia, 1987. He is currently with the Automated Learning Group at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign (UIUC), Illinois, working as a research scientist, and offering seminars and advising students as an adjunct assistant professor of CS and ECE Departments at UIUC. Dr. Bajcsy

Ed Finkler, Real World Web Application Security

Wed, 7 Sep 2005 0:00:00 EDT

This talk deals with practical issues of web application security, with an emphasis on open-source web service tools such as Apache, PHP, and MySQL. Recent exploits in widely-used open source web applications such as phpBB and Wordpress underline the need for web app developers to make security a primary consideration. We'll discuss the most common types of attacks and how to defend against them, both on a code, application, and network design level.

Himanshu Khurana, Minimizing Trust Liabilities in Secure Group Messaging Infrastructures

Wed, 31 Aug 2005 0:00:00 EDT

Large-scale collaborative applications are characterized by a large number of users and other processing end entities that are distributed over geographically disparate locations. Therefore, these applications use messaging infrastructures that scale to the application needs and enable users to process messages without concern for message transmission and delivery. Widespread use of these infrastructures is hindered by the need for scalable security services; viz., services for confidentiality, integrity, and authentication. Current solutions for providing security for these systems use trusted servers (or a network of servers), which consequently bear significant trust liabilities of maintaining confidentiality, integrity, and authentication of messages and keys that are processed by the servers. In this talk we look at current approaches for secure messaging in three commonly used messaging infrastructures: email, group communication, and publish/subscribe. We then show how novel encryption techniques can be used to minimize trust liabilities in these infrastructures in a scalable manner. We are in the process of developing prototypes of our solutions. We will discuss the prototype designs and present some initial experimentation results. About the speaker: Dr. Himanshu Khurana received his MS from the University of Maryland in 1999, and his PhD from the University of Maryland in 2002. He worked as a postdoctoral research at the Institute for Systems Research, University of Maryland from 2002 to 2003. Dr. Khurana is currently a Senior Security Engineer at the National Center for Supercomputing Applications. His research interests are in network and distributed system security, and he is currently working on projects in secure messaging, dynamic coalitions, web services, and wireless sensor networks. While at the University of Maryland he led the prototype development of tools for secure dynamic coalitions, which were selected for the Joint Warrior Integration Demonstration (JWID) in 2004.

Stephen Elliott, An Introduction to Biometric Technologies

Wed, 24 Aug 2005 0:00:00 EDT

This lecture provides an introduction to biometric technologies. Various technologies will be examined, including iris, face, voice, dynamic signature, fingerprint, and keystroke dynamics. An overview of assessing performance, discussing implementations, as well as system design will be covered. About the speaker: Dr. Elliott is involved in a number of activities relating to biometrics and security. He is actively involved in biometric standards, acting as Vice Chair of the International Committee for Information Technology Standards, as Secretary of INCITS M1 Biometrics Standards committee, and also Head of Delegation for the WG1 Vocabulary working group within the ISO/IEC JTC 1 SC37 committee on Biometrics. Dr. Elliott has also given numerous lectures on biometrics technologies, the latest conference presentations specifically aimed at the banking industry. Dr. Elliott is also involved in educational initiatives as they relate to biometric technologies, where he is responsible for the Biometrics Standards, Performance, and Assurance Laboratory, as well as two classes related to biometric technologies. Dr. Elliott is also involved in educational initiatives for the American National Standards Institute, is a member of Purdue University\'s e-Enterprise, Learning, and CERIAS Centers.

Sheng Zhong, PrivacyEnhancing k-Anonymization of Customer Data

Wed, 27 Apr 2005 10:30:00 EDT

In order to protect individuals' privacy, the technique of k-anonymization has been proposed to de-associate sensitive attributes from the corresponding identifiers. In this work, we provide privacy-enhancing methods for creating k-anonymous tables in a distributed scenario. Specifically, we consider a setting in which there is a set of customers, each of whom has a row of a table, and a miner, who wants to mine the en- tire table. Our objective is to design protocols that allow the miner to obtain a k-anonymous table representing the customer data, in such a way that does not reveal any extra information that can be used to link sensitive attributes to corresponding identifiers, and without requiring a central authority who has access to all the original data. We give two different formulations of this problem, with provably private solutions. Our solutions enhance the privacy of k-anonymization in the distributed scenario by maintaining end-to-end privacy from the original customer data to the final k-anonymous results. About the speaker: Sheng Zhong received his Ph.D in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory.

Marianne Winslett, Traust and PeerTrust2: Applying Trust Negotiation to Real Systems

Wed, 20 Apr 2005 10:30:00 EDT

Automated trust negotiation is an approach to authorization for open systems, i.e., systems where resources are shared across organizational boundaries. Automated trust negotiation enables open computing by assigning an access control policy to each resource that is to be made accessible to "outsiders"; an attempt to access the resource triggers a trust negotiation, consisting of the iterative, bilateral disclosure of digital credentials and related information. In our recent work in applying the TrustBuilder system for trust negotiation to real-world systems, we have encountered the need to make trust negotiation facilities available to legacy peers, which has led to the development of the Traust system. We have also encountered the need to include helpful third parties in the negotiation process, such as credential wallets, remote authorization servers, and brokers. PeerTrust2 is our effort to design a language that allows us to reason about trust negotiations involving helpful third parties, while supporting exposure control, delegation, proof hints, declarations of purpose, sensitive policies, and other potentially useful aspects of access control. In this talk, I will demonstrate Traust and describe its internal design, and then describe PeerTrust2. About the speaker: Marianne Winslett has been a professor at the University of Illinois at Urbana-Champaign since 1987. Her current research interests include security in open systems and data management for high-performance parallel scientific applications. She was an editor for ACM Transactions on Database Systems from 1994 to 2004, and has been the vice-chair of ACM SIGMOD since 2000. She received an NSF Presidential Young Investigator Award in 1989.

Mohamed Shehab, Watermarking Relational Databases

Wed, 13 Apr 2005 10:30:00 EDT

Proving ownership rights on outsourced relational databases is a crucial issue in today internet-based application environment and in many content distribution applications. In this talk, we will present mechanisms for proof of ownership based on the secure embedding of a robust imperceptible watermark in relational data. We will discuss the available watermark embedding and decoding techniques. Furthermore, we will provide a comparison between these techniques based on several dimensions such as applicability, efficiency, and security. About the speaker: Mohamed Shehab received the BSc from United Arab Emirates University in 2000. Currently he is a PhD student in electrical and computer engineering at Purdue University. His main research interests lie in information security with emphasis on rights protection, data integrity and access control. Recently, he has been also working on various topics in the areas of distributed access control and distributed secure collaboration.

Brian Carrier, Defining a Digital Forensic Investigation

Wed, 6 Apr 2005 10:30:00 EDT

Digital investigations have occurred in some form or another for many years, yet there is no scientific model of the process. After all, there are multiple ways and sequences in which evidence may be found. An investigator does not necessarily need a model to solve a case, but a scientific model is useful for developing investigation tools and technology because it allows us to define requirements and identify what areas need more attention. Further, there are guidelines for entering technical evidence into a U.S. court that may require the technical procedure to be published and have known error rates. In this talk, I will present an overview of existing process models that an investigator can use. I will then present our initial findings on a more scientific model that is based on how digital evidence is created and will show how it can be applied to the process models used by practitioners. Our event-based model allows us to more clearly define requirements for investigation tools, which will help in the development and testing process. About the speaker: Brian Carrier is a Research Assistant at CERIAS and a Computer Science Ph.D. candidate. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for its incident response team and digital forensic lab. Brian is the author of the File System Forensic Analysis book and has authored several digital forensic tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has taught forensics and incident response at SANS, FIRST, the @stake Academy, and SEARCH and is a co-author for the 2nd edition of the Honeynet Project\'s Know Your Enemy book. He has also presented at The Digital Forensics Research Workshop (DFRWS), the High Technology Crime Investigation Association (HTCIA), and the American Academy of Forensic Sciences (AAFS). Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence and a referee for the Journal of Digital Investigation.

Helen J. Wang, Vulnerability-Driven Network Filters for Preventing Known Vulnerability Attacks

Wed, 30 Mar 2005 10:30:00 EST

Software patching has not been an effective first-line defense preventing large-scale worm attacks, even when patches had long been available for their corresponding vulnerabilities. Generally, people have been reluctant to patch their systems immediately, because patches are perceived to be unreliable and disruptive to apply. To address this problem, we propose a first-line worm defense in the network stack, using shields -- vulnerability-specific, exploit-generic network filters installed in end systems once a vulnerability is discovered, and before the patch is applied. These filters examine the incoming or outgoing traffic of vulnerable applications, and drop or correct traffic that exploits vulnerabilities. Shields are less disruptive to install and uninstall, easier to test for bad side effects, and hence more reliable than traditional software patches. Further, shields are resilient to polymorphic or metamorphic variations of exploits In the Shield project, we're showing that this concept is feasible by implementing a prototype Shield framework that filters traffic at the transport layer. We have designed a safe and restrictive language to describe vulnerabilities as partial state machines of the vulnerable application. The expressiveness of the language has been verified by encoding the signatures of a number of known vulnerabilities. Our evaluation provides evidence of Shield's low false positive rate and impact on application throughput. An examination of a sample set of known vulnerabilities suggests that Shield could be used to prevent exploitation of a substantial fraction of the most dangerous ones. About the speaker: Helen J. Wang is a researcher in the Systems and Networking research group at Microsoft Research, Redmond, WA. Her research interests are in system/network security, networking, protocol architectures, mobile/wireless computing, and wide-area large scale distributed system design. She received her Ph.D. degree from the Computer Science department of U. C. Berkeley in December, 2001. Her Ph.D. thesis was on \"Scalable, robust wide-area control architecture for integrated communications\". Helen obtained her Bachelor of Science in Computer Science from U. T. Austin, and Master of Science in Computer Science from U. C. Berkeley.

Dr. Kate Cherry and Dr. Wendy Hamilton, Lockheed Martin

Wed, 23 Mar 2005 0:00:00 EST

Lockheed Martin realizes that their newly hired college graduates are an investment in Lockheed Martin's future. As a result the Company looks out for their new college hires. Dr Cherry will talk about several programs dedicated to enhancing the work experience of newly hired and vested college graduates. For instance, one program focuses on new technical graduates right out of college. Another program focuses on new graduates already thinking about a management track. A third program focuses on college graduates that have been around 3-5 years and are serious about focusing on a leadership role. Finally, Dr. Hamilton and Dr. Cherry will dish out relevant insights they gained as they forged ahead in their careers in the corporate world. About the speaker: Dr. Cherry is the Chief Security Architect for a large Intelligence Community program, focused on bringing together disconnected security functionality into a cohesive security infrastructure. Dr. Cherry

David Evans, Where's the FEEB? Effectiveness of Instruction Set Randomization

Wed, 9 Mar 2005 10:30:00 EST

Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this talk, I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under a variety of realistic conditions and can infect an ISR-protected server in under 6 minutes. Our results provide insights into properties necessary for ISR implementations to be secure and suggest ways to improve to ISR designs. I will speculate on more general architectures for using diversity that can avoid the need to keep secrets from potential attacker that is inherent in previous diversity-based defenses such as ISR and memory address randomization. About the speaker: David Evans is an Assistant Professor at the University of Virginia. He has SB, SM and PhD degrees in Computer Science from MIT. His research interests include program analysis, exploiting properties of the physical world for security, and applications of cryptography. For more information, see http://www.cs.virginia.edu/evans/

Florian Buchholz, Using process labels to obtain forensic and traceback information

Wed, 2 Mar 2005 10:30:00 EST

Much of the research in computer security, especially in digital forensics and intrusion detection, is concerned with retrieving and analyzing the information that is present on a system. In my talk I will analyze what kind of information is actually desired by a forensic investigator and examine if these needs can be fulfilled by today's operating systems. Some of the desired information is currently not present in many systems and I will make suggestions on how to supply more relevant audit data on a system and increase its quality. The second part of my talk will focus on two particular difficult categories of information that a forensic investigator might desire: user influence and origin information. I will present a model that allows a system to bind arbitrary information in the form of labels to its principals and then propagate the labels as information is exchanged among them. I will demonstrate the usefulness of the model with various case studies and discuss a proof-of-concept implementation. While my work is motivated and aimed primarily at digital forensic investigations, it has applications in other areas of computer science, in particular network traceback, intrusion detection, and access control. About the speaker: Florian Buchholz is a graduate student in the department of Computer Sciences at Purdue University. He holds a Diplom in Informatics from the Technische Universitaet Braunschweig, Germany and a Masters degree in computer science from Purdue University. He is currently working on his Ph.D. with Professor Spafford at CERIAS and plans to receive the degree in May 2005. His main research interests lie in Digital Forensics as well as system and network security.

Jintai Ding, Perturbation of Multivariable Public-key Cryptosystems

Wed, 23 Feb 2005 10:30:00 EST

Public key cryptography is an indispensable part of most modern communication systems. However, quantum computers can break cryptosystems like RSA, which are based on About the speaker: Jintai Ding is currently an associate professor in Department of Mathematical Sciences at the University of Cincinnati. He received his Ph.D. in Mathematics from Yale in 1995. He received the Zhong Jia Qing prize from the Chinese Mathematical Society in 1990 and the Sloan Dissertation Fellowship in 1994-1995. Before he moved to Cincinnati in 1998, he worked as a lecturer at the Research Institute of Mathematical Sciences of Kyoto University in Japan for three years. His early works are in quantum groups and in the last few years, his main interest is in the area of the multivariable public key cryptosystems.

Wenke Lee, Architectural Considerations for Anomaly Detection

Wed, 9 Feb 2005 10:30:00 EST

The most commonly used intrusion detection system (IDS) performance metrics are detection rate and false alarm rate. From a usability point of view, a very important measurement is Bayesian detection rate, which indicates how likely there is an intrusion when the IDS outputs an alert. It depends on detection rate, false alarm rate, and base rate (the prior probability of intrusion). Typically, an anomaly detection system has a low Bayesian detection rate because it has a non-zero false alarm rate and the base rate in the target environment is very low. We argue that we need better system architecture to improve Bayesian detection rate. The main objective is to increase the base rate of data stream analyzed by complex detection modules. The general principle is to use layered architecture. One approach is to use a cascade of successively more complex detection modules. We show that base rate increases from one layer to the next. In many cases, the overall false alarm rate of the cascade can be very low. We describe a worm detection system with cascade architecture. In DSC, the lower layer module identifies hosts with

Vitaly Shmatikov, Obfuscated Databases: Definitions and Constructions

Wed, 2 Feb 2005 10:30:00 EST

I will present some new definitions and constructions for privacy in large databases. In contrast to conventional privacy mechanisms that aim to prevent any access to individual records, our techniques are designed to prevent indiscriminate harvesting of information while enabling some forms of legitimate access. We start with a simple construction for an obfuscated database that is provably indistinguishable from a black-box lookup oracle (in the random oracle model). Some attributes of the database are designated as "key," the rest as "data." The database behaves as a lookup oracle if, for any record, it is infeasible to extract the data fields without specifying the key fields, yet, given the values of the key fields, it is easy to retrieve the corresponding data fields. We then generalize our constructions to a larger class of queries, and achieve a privacy property we call "group privacy." It ensures that users can retrieve individual records or small subsets of records from the database by identifying them precisely. The database is obfuscated in such a way that queries returning a large subset of records are computationally infeasible. This is joint work with Arvind Narayanan. About the speaker: Vitaly Shmatikov is an assistant professor in the Department of Computer Sciences at the University of Texas at Austin. Prior to joining UT, he worked as a computer scientist at SRI International. Vitaly\'s research focuses on tools and formal methods for automated analysis and verification of secure systems, as well as various aspects of anonymity and privacy. Vitaly received his PhD in 2000 from Stanford University, with thesis on \"Finite-State Analysis of Security Protocols.\"

Keith Frikken, Hidden Access Control Policies with Hidden Credentials

Wed, 19 Jan 2005 10:30:00 EST

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice's credentials satisfy Bob's access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. We present efficient protocols that protect both sensitive credentials and sensitive policies. That is, Alice gets the resource only if she satisfies the policy, Bob does not learn anything about Alice's credentials (not even whether Alice gained access or not), and Alice learns neither Bob's policy structure nor which credentials caused her to gain access. About the speaker: Keith Frikken is a doctoral student in computer science at Purdue University. His research interests are are in security and databases. His specific interests in security include: secure protocols, privacy, and access control.

Cristina Nita-Rotaru, Survivable routing in wireless ad hoc networks

Wed, 12 Jan 2005 10:30:00 EST

In an ad hoc wireless network nodes not in direct range communicate via intermediate nodes. Thus, a significant concern is the ability to route in the presence of Byzantine failures which include nodes that drop, fabricate, modify, replay, or mis-route packets in an attempt to disrupt the routing service. In this talk we will present ODSBR, our on-demand Byzantine resilient routing protocol for ad hoc wireless networks. The protocol relies on an adaptive probing technique that detects a malicious link after $log n$ faults have occurred, where $n$ is the length of the path. Problematic links are avoided by using a weight-based mechanism that multiplicatively increases their weights and by using an on-demand route discovery protocol that finds a least weight path to the destination. Our protocol bounds the amount of damage that an attacker or a group of colluding attackers can cause to the network. We demonstrate through simulation the effectiveness of ODSBR, in mitigating Byzantine attacks. Our analysis of the impact of these attacks versus the adversary's effort gives insights into their relative strengths, their interaction and their importance when designing secure routing protocols. Finally, we show how the technique used by ODSBR can be applied to hybrid wireless networks consisting of cellular and ad hoc 802.11 wireless networks. About the speaker: Cristina Nita-Rotaru is an Assistant Professor in the Department of Computer Sciences and a member of CERIAS (Center for Education and Research in Information Assurance and Security) at Purdue University. She conducts her research within the Dependable and Secure Distributed Systems Laboratory (DS2). . Her research interests lie in designing distributed systems, network protocols and applications that are dependable and secure, while maintaining acceptable levels of performance. Current research focuses on : * designing intrusion-tolerant architectures for distributed services that scale to wide-area networks * investigating survivable routing in wireless ad hoc networks * providing access control mechanisms for secure group communication. Her work is funded by the Center for Education and Research in Information Security and Assurance (CERIAS), by the Defense Advanced Research Projects Agency (DARPA), and by the National Science Foundation (NSF). Cristina Nita-Rotaru holds a Ph.D in Computer Science from Johns Hopkins University and a M Sc. from Politehnica University of Bucharest, Romania.

Dennis Fetterly, Using Statistical Analysis to Locate Spam Web Pages

Wed, 8 Dec 2004 16:30:00 EST

Commercial web sites are more dependant than ever on being placed prominently within the result pages returned by a search engine to be successful. "Spam" web pages are web pages that are created for the sole purpose of misleading search engines and misdirecting traffic to target sites. Certain classes of spam pages, in particular those that are machine-generated, diverge in some of their properties from the properties of web pages in general. As a result, these pages can be identified through statistical analysis. We have examined a variety of such properties, including linkage structure, page content, and page evolution, and have found that outliers in the statistical distributions of these properties are predominantly caused by web spam. Joint work with Mark Manasse and Marc Najork. About the speaker: Dennis Fetterly is a Technologist in Microsoft Research\'s Silicon Valley lab, which he joined in May, 2003. His research interests include a wide variety of web related topics including web crawling, the evolution and clustering of pages on the web, and identifying spam web pages.

William Winsborough, Attribute-Based Access Control

Wed, 1 Dec 2004 16:30:00 EST

Basing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an convenient, expressive, and well-understood framework in which to work with authorization policy. This talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. It will then discuss efficient and effective evaluation of RT policies that are stored in a distributed manner. After discussing these basics, the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We will consider several such properties of RT policies, many of which we will see can be decided efficiently. For other properties, we will see that the complexity depends on the subset of RT in which the policy is expressed. This part of the talk will conclude by discussing some prospects for continued research in this area. Finally, the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. This research was funded by DARPA and the NSF. About the speaker: William H. Winsborough is a Research Associate Professor in the Center for Secure Information Systems at George Mason University. He received his PhD at the University of Wisconsin-Madison in 1989. Dr. Winsborough\'s current research interests are in computer security and privacy in distributed systems, with an emphasis on policy-based techniques. He is particularly interested in techniques for managing the sharing of resources across multiple organizations or the whole Internet while protecting them from misuse. Dr. Winsborough is Program Co-chair of the 2005 IEEE Workshop on Policy in Distributed Systems and Networks (Policy 2005). He is the author of 34 refereed research articles and papers, the most recent of them in the Journal of the ACM. His seminal article in Automated Trust Negotiation has been cited 34 times according to citeseer. Two patents have been awarded based on Dr. Winsborough\'s research, and he received a DARPA award for Excellence in Industrial Research in 2003.

Indrakshi Ray, An Anonymous Fair-Exchange E-Commerce Protocol

Wed, 17 Nov 2004 16:30:00 EST

Many business transactions over the Internet involve the exchange of digital products between two parties -- electronic mails, digital audio and video, electronic contract signing and digital signatures, to name a few. Often these transactions occur between players that do not always have identifiable place of doing business and hence do not trust each other. Consequently, there exists ample scope for any of the parties involved, to misbehave and gain advantage over the other party. To overcome this problem researchers have proposed protocols that ensure fairness, that is, no party can gain an advantage even if the party misbehaves. Most works in this area focus on gathering evidence during the protocol execution that is used later, in case of a dispute. The actual handling of the dispute is done manually, after the protocol execution, and is outside the scope of the protocol. However, in an electronic commerce environment, where the merchants and customers may disappear quickly, such "after-the-fact" protection may be inadequate. In this work we propose an e-commerce protocol for trading digital products over the Internet. The novel features of our protocol include: (1) ensuring fair exchange, (2) not requiring manual dispute resolution in case of unfair behavior by any party, (3) assuring each party that the item he is about to receive is indeed the correct one, (4) not requiring the active involvement of a trusted third party unless a problem occurs, and (5) ensuring anonymity for the customer. About the speaker: Indrakshi Ray is an Assistant Professor of Computer Science at Colorado State University. She received her Ph.D. from George Mason University in the area of Information Technology. Her research spans the areas of computer security, e-commerce, database systems and formal methods. Her research is currently supported by grants from the Airforce Office of Scientific Research, the Airforce Research Laboratory, the Federal Aviation Administration and the National Science Foundation. She was the Program Chair for the 17th IFIP WG 11.3 Conference on Data and Applications Security. She is a Program Committee Member for numerous conferences in Computer Security and Database Technology, such as, ACM Conference on Computer and Communications Security, ACM Symposium on Access Control Models and Technologies, and Extending Database Technology.

James Joshi, GTRBAC: A Generalized Temporal Role Based Access Control Model

Wed, 10 Nov 2004 16:30:00 EST

A key issue in computer system security is to protect information against unauthorized access. Emerging workflow-based applications in healthcare, manufacturing, the financial sector, and e-commerce inherently have complex, time-based access control requirements. To address the diverse security needs of these applications, a Role Based Access Control (RBAC) approach can be used as a viable alternative to traditional discretionary and mandatory access control approaches. The key features of RBAC include policy neutrality, support for least privilege, and efficient access control management. However, existing RBAC approaches do not address the growing need for supporting time-based access control requirements for these applications. In this talk, I will present a Generalized Temporal Role Based Access Control (GTRBAC) model that combines the key features of the RBAC model with a powerful temporal framework. The proposed GTRBAC model allows specification of a comprehensive set of time-based access control policies, including temporal constraints on role enabling, user-role and role-permission assignments, and role activations. The model provides an event-based mechanism for providing context based access control, as well as expressing dynamic access control policies, which are crucial for developing secure workflow-based enterprise applications. I will discuss various design guidelines for managing complexity of policy specification as well as an XML-based GTRBAC policy specification language. About the speaker: James Joshi is an assistant professor in the department of Information Science and Telecommunications at the University of Pittsburgh. He is a founder and coordinator of the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS), which has recently been designated as a National Center of Academic Excellence in Information Assurance Education jointly by the NSA and DHS. He received his PhD degree from Purdue University in 2003. He is currently supported by the NSF for establishing security tracks in the University of Pittsburgh. His areas of interest include Access Control Models, Security and Privacy of Distributed Multimedia Systems, and Systems Survivability. He serves as a program committee member in several conferences including ACM Symposium on Access Control Models and Technologies, International Symposium on Multimedia Software Engineering, ACM Workshop on Multimedia Databases, and Annual International Conference on Mobile and Ubiquitous Systems. He was a Program Co-Chair for IEEE Workshop in Information Assurance.

Abe Singer, Towards Mining Syslog Data

Wed, 3 Nov 2004 16:30:00 EST

Syslog is the primary source of information about intrusion-related activity on a Unix system. Searching for known messages and patterns in syslog data is easy to do, and many tools are available for doing so. However, information and patterns that are not already "known" -- those that have not been seen or derived already, may provide even more information about attacks and intrusions. Data mining techniques can help us discover and analyze that information, but, the general lack of structure in syslog data makes it impossible to apply these techniques directly to the data. To address the problem, we are researching methods of generating patterns from an archive of system logs which can uniquely identify syslog messages by the variant and invariant elements of the messages. Once syslog messages can be uniquely identified, data mining techniques for use in intrusion detection or forensic analysis will be far more useful. About the speaker: Abe Singer is a Computer Security Researcher with the Security Technologies Group at the San Diego Supercomputer Center. Involved with both operational security and research, his work involves growing SDSC logging infrastructure and analysis capabilities, participating in incident response and investigation, and working with the Teragrid Security Working Group. Mr. Singer\'s current research is in analysis of syslog data and data mining of logs for security. In addition to his work at SDSC, Mr. Singer is an occasional consultant and expert witness, and runs the San Diego Regional Information Watch (www.sdriw.org).

Ari Takanen, Robustness testing - black-box testing for software security

Wed, 27 Oct 2004 16:30:00 EDT

The robustness testing method is based on systematic creation of a very large number of communication protocol messages containing exceptional data elements and structures simulating malicious attacks or corrupted traffic. The method provides a proactive way of assessing software robustness and security. Robustness here is defined as the ability of software to tolerate exceptional input and stressful environment conditions. A piece of software which is not robust fails when facing such circumstances. In the worst case, a malicious intruder can take advantage of robustness shortcomings to deny service from authentic users or to compromise the system running the piece of software. As part of one robustness testing usage scenario, namely security assessment, also the communication process from security vulnerability discovery to vulnerability elimination will be explored. This research was originally initiated in PROTOS project at the University of Oulu, Finland. About the speaker: Ari Takanen, founder and CEO of Codenomicon has since 1998 been researching information security issues in security-critical environments. His work at Codenomicon and at the OUSPG (University of Oulu) aims to ensure that new technologies are accepted by the general public by providing means of measuring and ensuring quality in networked software. Ari Takanen is one of the people behind the PROTOS research that studied information security and reliability errors in e.g. WAP, SNMP, LDAP and SIP implementations. His company, Codenomicon Ltd. provides automated tools with a systematic approach to test a multitude of interfaces on mission critical software.

Dan Thomsen, Information Flow Analysis in Security Enhanced Linux

Wed, 13 Oct 2004 16:30:00 EDT

Most people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In particular how can you show the policy is correct? The focus of this seminar is to look at tools and techniques for showing that the mandatory security policy based on type enforcement meets its objectives. The approach breaks down the security policy objectives so that they can be studied in terms of information flows. The policies are specified for the Security Enhanced Linux type enforcement mechanism. Type enforcement and mandatory access control will also be discussed. About the speaker: Dan Thomsen is a Senior Research Scientist at Tresys Technology. In his seventeen year career, Mr. Thomsen has provided contributions to a wide range of computer security programs. They include the increasing the security and survivability of the Joint Battlespace Infosphere, security assessment for the Cougaar agent system, development of the high security LOCK multilevel security platform, secure database research, and Internet vulnerability analysis. Mr. Thomsen was also the principle investigator responsible for the creation of the Napoleon policy management framework. Mr. Thomsen has published over twenty technical papers on computer security topics including type enforcement and role based access control. Mr. Thomsen currently serves as the program chair for the Annual Computer Security Applications Conference (ACSAC). Mr. Thomsen has a M.S. in Computer Science from the University of Minnesota and a B.A in Computer Science and Math from the University of Minnesota - Duluth. He is a senior member of IEEE and a member of IFIP working group 11.3 on Data and Application Security.

Gail-Joon Ahn, Secure Information Sharing within a Collaborative Environment

Wed, 15 Sep 2004 16:30:00 EDT

The Internet is uniquely and strategically positioned to address the needs of a growing segment of population in a very cost-effective way. It provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. Several organizations have transited from their old and disparate business models based on ink and paper to a new, consolidated ones based on digital information on the Internet. However, information sharing on the Internet usually occurs in broad, highly dynamic network-based environments, and formally accessing the resources in a secure manner poses a difficult challenge. Balancing the competing goals of collaboration and security is difficult because interaction in collaborative systems is targeted towards making people, information, and resources available to all who need it, whereas information security seeks to ensure the integrity of these elements while providing it only to those with proper authorization. As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. This talk addresses the issue of how to advocate selective information sharing in collaborative systems through access control schemes while minimizing the risks of unauthorized access proposing a delegation framework. It also introduces a systematic approach to specify delegation and revocation policies using a set of rules. The feasibility of the proposed framework is also discussed through policy specification, enforcement, and a proof-of-concept implementation. About the speaker: Gail-Joon Ahn is an assistant professor of Software and Information Systems Department at University of North Carolina at Charlotte and a coordinator of Laboratory of Information Integration, Security and Privacy which has been designated as a Center of Academic Excellence in Information Assurance Education by National Security Agency. His principal research and teaching interests are in information and systems security. Ahn received PhD and MS degrees from George Mason University, Fairfax, Virginia, and BS degree in Computer Science from SoongSil University, Seoul, Korea. His research foci include access control, security architecture for distributed objects, and secure e-commerce systems and his research has been supported by NSF, NSA, DoD, Bank of America, Hewlett Packard, Microsoft and Robert Wood Johnson Foundation. Ahn is currently an information director of ACM Special Interest Group on Security, Audit and Control (SIGSAC).

Jason Crampton, Administrative Scope and Role-Based Administration

Wed, 8 Sep 2004 16:30:00 EDT

Role-based access control (RBAC) has received considerable attention in recent years, resulting in several important theoretical models and increasing use in commercial products. Nevertheless, role-based administration, the use of role-based techniques to control RBAC systems, has been less widely studied. We will consider the problem of controlling the propagation of authorization information in computer systems in general, and in role-based systems in particular. We will then introduce the concept of administrative scope, an intuitive notion corresponding to the set of role(s) that can be controlled by a given role, and demonstrate how this can be used as the fundamental unit in the development of a family of administrative models for RBAC systems. We compare the characteristics of these models with the well-known ARBAC97 administrative model. We conclude by discussing how administrative scope can be used to provide an administrative framework for more complex RBAC models. About the speaker: Jason Crampton is a lecturer in the Information Security Group at Royal Holloway, University of London. His main research interests are role-based access control, with particular emphasis on role-based administration, authorization constraints, and the use of partial order theory in access control and information security. He is on the editorial board of the Information Security Technical Report and is an Associate Research Fellow at Birkbeck, University of London.

Dave Ford, Application of Thermodynamics to Computer Network Defense

Wed, 25 Aug 2004 16:30:00 EDT

When the Presidential Decision Directive (PDD 63)regarding protection of critical infrastructure was issued the mandate of the National Security Agency was to undertake research to enhance infrastructure defense. Years later, this is still a hot topic. Of the PDD 63 work undertaken by NSA math research community, THERMINATOR is perhaps the most widely known in the unclassified arena. This overview talk explains what pedagogical thermodynamics is and how it applies to datasets and their dynamics. As an example, the concept of dataset temperature will be developed in some detail. The obstacles of state space reconstruction and its dimensional reduction will also be addressed (and even solved!)in many cases of practical interest. About the speaker: Dave Ford is a TAM graduate of the University of Illinois. He has worked at NSA and now is a professor at the Naval Postgraduate School.

Sam Wagstaff, Cryptanalysis of Diffie-Hellman and Pohlig-Hellman

Wed, 23 Jan 2002 16:30:00 EST

We describe the Diffie-Hellman key-exchange protocol and the Pohlig-Hellman cipher. We discuss discrete logarithms and the cryptanalysis of these two systems. We also describe the Mental Poker protocol. About the speaker: Before coming to Purdue, Professor Wagstaff taught at the Universities of Rochester, Illinois, and Georgia. He spent a year at the Institute for Advanced Study in Princeton. His research interests are in the areas of cryptography, parallel computation, and analysis of algorithms, especially number theoretic algorithms. He and J. W. Smith of the University of Georgia have built a special processor with parallel capability for factoring large integers.

Sam Wagstaff, Information Theory

Wed, 22 Aug 2001 16:30:00 EDT

We discuss the history and basic facts of Information Theory and give simple applications to cryptography and data security. About the speaker: Before coming to Purdue, Professor Wagstaff taught at the Universities of Rochester, Illinois, and Georgia. He spent a year at the Institute for Advanced Study in Princeton. His research interests are in the areas of cryptography, parallel computation, and analysis of algorithms, especially number theoretic algorithms. He and J. W. Smith of the University of Georgia have built a special processor with parallel capability for factoring large integers.

Gary McGraw, Building Secure Software

Wed, 10 Jan 2001 16:30:00 EST

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners don't know what the problem is. It's the software! Internet-enabled software applications, especially custom applications, present the most common security risk encountered today, and are the target of choice for real hackers. This talk is all about software security risk and how to manage it. The trick is to begin early, know your threats (including language-based flaws and pitfalls), design for security, and subject your design to thorough objective risk analyses and testing. This talk covers material that software practitioners, including architects and languages researchers, can use to avoid security problems and produce more secure Internet-based code. About the speaker: Gary McGraw is the Vice President of Corporate Technology at Cigital (formerly Reliable Software Technologies) where he pursues research in software security while leading the Software Security Group. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He has written over sixty peer-reviewed technical publications, consults with major e-commerce vendors including Visa, Ericsson, and the Federal Reserve, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST\'s Advanced Technology Program. Dr. McGraw serves on the Boards of Counterpane, Finjan, NetCertainty, and ChainMail, Inc. He also chairs the National Infosec Research Council\'s Malicious Code Infosec Science and Technology Study Group. Dr. McGraw is a noted authority on mobile code security and co-authored both Java Security (Wiley, 1996) and Securing Java (Wiley, 1999) with Prof. Ed Felten of Princeton. Dr. McGraw also co-authored Software Fault Injection (Wiley 1998) with Jeff Voas. Dr. McGraw is currently writing a book entitled Building Secure Software (Addison-Wesley, 2001). He regularly contributes to popular trade publications and is often quoted in national press articles.

Peter Stephenson, Investigating Computer Security Incidents

Wed, 8 Nov 2000 16:30:00 EST

The studies all say that 70% to 80% of information security incidents involve "insiders". However, today, it is becoming increasingly difficult to pinpoint exactly what we mean by an insider. Complicating the issue, law enforcement is increasingly overloaded and the FBI has gone on record as saying that the victims of such incidents should begin their own investigation. The good news is that the victim will likely be in a position to respond much more rapidly than will law enforcement. The bad news is if the victim does not respond correctly, evidence may be irretrievably lost or damaged limiting or eliminating the effective response by law enforcement at a later point. Where law enforcement is not to be involved, such errors can have a devastating effect on civil litigation. This seminar will explore the resources available for investigating a computer security incident, discuss the investigative process, explore the underlying legal issues and specific laws and introduce some forensic techniques that a victim may use to preserve evidence correctly. About the speaker: Peter Stephenson is the director of technology for the global security practice of Netigy Corporation. He has been in technology-related positions for over 35 years, and has operated his own consulting practice for 15 years. He is the author of 13 books on computer topics, the most recent of which is Investigating Computer-Related Crime published by CRC Press. He has contributed over 400 articles to trade publications and is a regular columnist for Auerbach\'s \"Information Security Journal\" and \"SC InfoSecurity News\". He currently is a PhD student at Oxford Brookes University in Oxford, England.

Wenke Lee, Developing Data Mining Techniques for Intrusion Detection: A Progress Report

Wed, 11 Oct 2000 16:30:00 EDT

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework. In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions. About the speaker: Wenke Lee is an Assistant Professor in the Computer Science Department at North Carolina State University. He received his Ph.D. in Computer Science from Columbia University and B.S. in Computer Science from Zhongshan University, China. His research interests include network security, data mining, and workflow management. He is a Principle Investigator (PI) for research projects in intrusion detection and network management, with funding from DARPA, North Carolina Network Initiatives, Aprisma Management Technologies, and HRL Laboratories. He received a Best Paper Award (applied research category) at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99), and Honorable Mention (runner-up) for Best Paper Award (applied research category) at both KDD-98 and KDD-97. He is a member of ACM and IEEE.

Richard Stotts, Jerome Webb & Matthew Beebe, Richard Stotts, Jerome Webb & Matthew Beebe

Wed, 4 Oct 2000 16:30:00 EDT

About the speaker: Colonel Richard Stotts Bio Jerome Webb Mr. Jerome A. Webb is Chief of the Air Force Information Warfare Center\'s Computer Threat Analysis Section (AFIWC/IOAIC). IOAIC\'s mission is to provide threat data for the Air Force\'s Computer Network Operations mission, through the real time analysis of computer intrusions and development of a threat warning capability to protect against future intrusions. Mr. Webb is recognized as one of the leading authorities of computer-based threats in the Department of Defense. He is a council member of the Joint Information Warfare Threat Analysis Working Group and part of the working committee responsible for writing the National Intelligence Estimate for Defensive Information Warfare. He has written dozens of papers on computer threat issues. Mr. Webb began his civil service career in the Foreign Technology Division (FTD), Wright-Patterson AFB immediately after his graduation from the University of Michigan in December, 1980. After serving as a photo interpreter at FTD for five years, Mr. Webb left civil service to become a commercial cartographer. He reentered civil service in 1989 as an imagery analyst for the 544th Intelligence Squadron at Offutt AFB, where he became an expert on strategic defensive air-to-air missile systems. In 1991, he accepted a position with IOAIC as a computer threat analyst. He assumed the role of Section Chief in 1996. Mr. Webb claims San Antonio as his home. He shares most of his spare time with his children and two shelties. His favorite hobbies are biking, reading, and \"surfing the web.\" Matthew Beebe Capt Matthew Beebe is a Countermeasures Engineer at the Air Force Information Warfare Center at Kelly AFB in San Antonio, Texas and serves as the program manager for the Automated Security Incident Measurement (ASIM) program. As such, Matt has responsibility for the development, sustainment and deployment support of the entire Air Force network intrusion detection system infrastructure. Over the last two years Matt has spearheaded the efforts to upgrade the Air Force\'s IDS system from ASIM 2.0 to ASIM 3.0, a multi-million dollar program encompassing over 150 systems deployed worldwide. With the upgrade to ASIM 3.0 and the new Common Intrusion Detection Director System (CIDDS), the Air Force has a state of the art, hierarchical network security monitoring infrastructure which provides commanders and decision makers with unparalleled cyber-situational awareness. Matt is a native of southeastern lower Michigan and is a graduate of Michigan Technological University in Houghton, Michigan

John Richardson, Evolving the Internet

Wed, 20 Sep 2000 16:30:00 EDT

What's wrong with today's Internet? If TCP/IP has won, what's left to be done? In truth, we've only just begun ... to understand the how the Internet is evolving, the impact of our staggering demand for information, and how a whole set revolutionary technologies will change the Internet's foundation. This talk skims the waves - it highlights some of the key changes on the horizon and explains why they will be important. Some key trends we'll touch on include: overlay networks like voice-over-IP, media overlays, and security overlays; quality-of-service and how to manage it; peer-to-peer networking - what's driving it and how it may change the Internet completely; and security protocols - how they're being used and why they're not everywhere. This will be a technical talk, focused on how things work and why these trends are interesting. Don't expect to walk away with a new set of tools, but do expect to come away with a better understanding of how things work and a some new ideas about some emerging technologies that may just change everything. About the speaker: Mr. Richardson is the Director of the Trusted Networking Architecture group at Intel Corporation. His organization explores and develops advanced technology for security and network services for the Internet. Since joining Intel in 1992, Mr. Richardson has been responsible for various communication technologies, including an active role in Intel\'s early Internet activities, and an architectural role in Intel\'s cable and other broadband technology efforts. Prior to his tenure with Intel, Mr. Richardson worked in development of database management tools and at Bell Laboratories on UNIX operating system development. Mr. Richardson holds a BS in Electrical Engineering and Computer Science from MIT and an MS in Computer Science from Northwestern University.

Eugene Spafford, The Challenge of Secure Software

Wed, 13 Sep 2000 16:30:00 EDT

Despite decades of advances in computer science and software engineering, our computing systems seem to be less and less trustworthy. Each week seems to bring new stories of computer viruses, invasions of privacy, serious bugs in common software platforms, and network intrusions. The trend seems to be getting worse instead of better. Why is that? And is there hope for safer systems for day-to-day use in e-commerce and government? In this talk, we will examine some of the factors that have led to this distressing state of events. Included will be a discussion of some rules for designing secure software, and an examination of why the current Internet marketplace encourages those rules to be ignored. The clear solution is not one of technology -- but of consumer action. Audience feedback is encouraged. About the speaker: Dr. Eugene Spafford is a Distinguished Professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy), a professor of Nuclear Engineering (courtesy), and a Professor of Political Science (courtesy). He serves on several advisory and editorial boards. Spafford's current research interests are primarily in information security, computer crime investigation, and information ethics. He is generally recognized as one of the senior leaders in the field of computing. Spaf (as he is known to his friends, colleagues, and students) is the founder and Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security). He was the founder and director of the (superseded) COAST Laboratory.

Jens Palsberg, Static Checking of Interrupt-Driven Software

Wed, 6 Sep 2000 16:30:00 EDT

Resource-constrained devices are becoming ubiquitous. Examples include cell phones, palm pilots, and digital thermostats. It can be difficult to fit required functionality into such a device without sacrificing the simplicity and clarity of the software. Increasingly complex embedded systems require extensive brute-force testing, making development and maintenance costly. This is particularly true for system components that are written in assembly language. Static checking has the potential of alleviating these problems, but until now there has been little tool support for programming at the assembly level. In this paper we present the design and implementation of a static checker for interrupt-driven Z86-based software with hard real-time requirements. For six commercial microcontrollers, our checker has produced upper bounds on interrupt latencies and stack sizes, as well as verified fundamental safety and liveness properties. Our approach is based on a known algorithm for model checking of pushdown systems, and produces a control-flow graph annotated with information about time, space, safety, and liveness. Each benchmark is approximately 1000 lines of code, and the checking is done in a few seconds on a standard PC. Our tool is one of the first to give an efficient and useful static analysis of assembly code. It enables increased confidence in correctness, significantly reduced testing requirements, and support for maintenance throughout the system life-cycle. Joint work with Dennis Brylow and Niels Damgaard. About the speaker: Jens Palsberg received a Ph.D. in Computer Science from University of Aarhus, Denmark in 1992. In 1992-1996 he was a visiting scientist at various institutions, including MIT. In 1996 he joined the faculty at Purdue University where he is an Associate Professor of Computer Science. His research interests are programming languages, compilers, software engineering, and software security. He has authored over 50 technical papers in these areas. His 1994 book with Michael Schwartzbach is entitled Object-oriented Type Systems. In 1998 he received the National Science Foundation Faculty Early Career Development Award, and in 1999 he received the Purdue University Faculty Scholar award. Dr. Palsberg\'s research has been supported by NSF, DARPA, IBM, and British Telecom. He is a member of the editorial board of IEEE Transactions on Software Engineering.

Pascal Meunier, The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events

Wed, 30 Aug 2000 16:30:00 EDT

Information about the incidence of security breaches is difficult to obtain. Emergency situations are not favorable to the maintenance of records, the security breaches are embarrassing and possibly damaging, and disclosing information about the incidents may reveal some sensitive information. Moreover, the nature of the incident and its cause are not always fully known. Because of this, the frequency and cost is difficult to assess by type of incident. The IRDB project attempts to provide a framework to record incident information and duration. Besides email and cost recording, it provides a dynamic classification of incidents. In the IRDB, incidents have a risk type and an attack type. The risk type expresses the consequences of the attack (e.g., root access). The attack type identifies kinds of attacks (e.g., SANS top ten). Each type is itself classified by properties. With this system, we hope that 1) organizations using the same type classification can directly share data; 2) organizations not using the same type classification can translate data based on the properties of the types; 3) statistical data from many different organizations can be assembled to present a coherent picture of incident costs and frequencies on a national scale. By making the type classification dynamic, it is hoped that the severity of future, currently unknown types of attacks can be rapidly assessed. About the speaker: Pascal began managing the Vulnerabilities Database and Incident Response Database projects as a graduate student. He joined CERIAS in a research scientist capacity in May of this year. Pascal graduated from Purdue with a M.Sc. in computer sciences, which he added to his previous Ph.D. in Biophysics from the University of Qu

John Steven Reel, The Future of Information Security Technologies

Wed, 23 Aug 2000 16:30:00 EDT

Information security, and the technologies that provide such security, are a very hot topic throughout the information technology and business communities today. This presentation opens with a consideration of the current network environment. It answers the questions "where are these technologies?" and "where are the gaps in the technologies that are being addressed?" especially as they impact security. Next, the presentation considers the field of network security technologies. It addresses the good, the bad and the undecided aspects of the field today. After setting the stage with this background information, the presentation identifies the most important trends that will impact the network security industry in the coming few years: the federal government finally cares, the vanishing network perimeter, and the opportunity to achieve ubiquitous encryption. Toward the end of the presentation, Dr. Reel presents two "killer" security-related applications. Finally, the presentation closes with a discussion of the major needs in the information security field. About the speaker: Dr. Reel has BS and Ph.D. degrees in Computer Science. He spent over 9 years with the National Security Agency developing network-based software for deployment around the world. In 1995, he joined Trident Data Systems (now Veridian Corporation) in their San Antonio operation. For 3.5 years, he worked in an advanced research and development facility dedicated to information security technology development and assessment. Since September 1998, he has been the Chief Technology Officer of Veridian\'s Information Security business unit. In 1998 he and five teammates were awarded a patent on a new technology to protect communications circuits from malicious use. In addition to his dissertation, \"Radiant Object-Oriented Analysis and Design\", he has had one article published by IEEE Software Magazine (Critical Success Factors in Software Projects, May/June 1999). Further, he has given numerous talks and authored many white papers on IA/IO/IW/IP/IS concepts and technologies. Dr. Reel represents Veridian on the External Advisory Board for the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. In addition, he serves as an advisor to the Security Panel of the President\'s Committee of Advisors on Science and Technology (PCAST) as well as the Emerging Technology Panel for the San Antonio Chamber of Commerce.

Rick Davis, The Holy Grail of E-Business Risk Management: Creating and Sustaining the Insurable Standard for E-Business Security and Assurance

Fri, 28 Apr 2000 16:30:00 EDT

In order for e-commerce and e-business to grow at the fullest extent possible, higher levels of trust and accountability need to become established. The corporate buyers who rely on reliable structures need to hold those who build and support commercial network initiatives (call them "infrastructure and service providers") responsible for things that go wrong. Downtime, outages, viruses, data integrity, data confidentiality and hacker damage are some of the losses that providers need to prevent and absorb in a proactive manner. Today it is the ecommerce buyer / user who get stuck holding the bag. In the near future it will be the provider who will be held responsible. There is a world of difference between information security and e-business risk management. Traditional info security just looks at the technical / network controls that ecommerce relies on. Ebusiness risk management takes a multi-disciplinary approach that instills controls throughout the enterprise, not just in the technology. This multi-disciplinary approach addresses the legal, operational, financial and technical controls that must be present in all ebusiness environments. Addressing an aspect of the financial controls, insurance is a necessary element in all ebusiness risk management strategies. If a loss occurs (which it always will - there's no such thing as a 100% perfect system), a specialized insurance policy is the financial mechanism that will allow the ecommerce provider to absorb the loss and pay for the damages. About the speaker: Rick is a recognized pioneer in the e-business risk management industry. Rick is widely acknowledged for creating the world\'s first e-risk insurability standard for underwriting e-business exposures. Since graduating from Stanford University in 1991, Rick has developed asset protection strategies for mission-critical e-business environments. He has been an executive manager in the Electronic Commerce / Internet / Information Security industry his entire career and has specialized in creating multi-disciplinary e-business risk management solutions (combining information security, traditional risk management and insurance) for nearly four years. Aon Corporation (world\'s 2nd largest risk management and insurance broker) recently hired Rick as Vice President of Sherwood Insurance, an Aon-owned wholesale broker. Under the Sherwood banner, Rick is responsible for defining the Aon corporate e-business risk management initiative and creating a consulting practice that will be delivered to Aon\'s Global 2000 customers.

Michael G. Fleming & Victor Maconachy, Information Assurance Challenges for the 21st Century

Fri, 21 Apr 2000 16:30:00 EDT

In today's increasingly dependent and interdependent global information society, information assurance for systems is gaining tremendous importance. Individuals, governments, and societies are insisting on secure and safe communications environments. The solution to providing those assurances lies in the formation of partnerships between and among business, academia and government. Mr. Fleming will present an overview of a model for such partnerships, to include critical elements for the success of those joint ventures. Dr. Maconachy will briefly discuss the cognitive and social implications related to moving towards a global security-based enteprise. About the speaker: Michael G. Fleming is Chief of the Information Assurance Solutions Group and has also served as Chief of the INFOSEC Customer Service and Engineering Group, Deputy Chief of Network Security Group, Chief of Network Security Systems Engineering Office, Chief of Network Security Products Office, as well as served in a variety of technical and program management positions in Communications Security and Signals Intelligence. He received his BS in Electrical Engineering from Purdue University, his MS in Administrative Science from Johns Hopkins University, and attended and graduated from the National War College. Victor Maconachy currently serves as the program manager of the National INFOSEC Education and Training Program (NIETP) within the National Security Agency. He is implementing a multidimensional, interagency program which provides direct support and guidance to the services, major DoD components, Federal agencies and the greater national Information Infrastructure. This program fosters the development and implementation of INFOSEC training programs, as well as graduate and undergraduate education curricula. In this capacity he serves on several national level government working groups, as well as in an advisory capacity to several universities. In this position, Dr. Maconachy is the principal architect for several national INFOSEC training standards in the classified community. During April, 1999 Dr. Maconachy was appointed Co-chair of the Critical Information Coordination Committee for Personnel and Training. The Committee is implementing Presidential Decision Directive 63.

Terran Lane, Machine Learning Techniques for Anomaly Detection in Computer Security

Fri, 7 Apr 2000 16:30:00 EDT

With the recent phenomenal growth of the availability and connectivity of computing resources and the advent of e-commerce, more valuable and private data is being stored online than ever before. But with greater value and availability comes greater threat. In this talk we examine the information security problem of anomaly detection --- recognizing the occurrence of ``out of the ordinary'' events which may prove to be hazardous. We evaluate this problem as a machine learning task and describe the application of two machine learning techniques: instance-based learning (IBL) and hidden Markov models (HMMs). This work focuses on anomaly detection at the user level (as opposed to the network or system call level), which introduces a number of interesting and complex issues from a machine learning standpoint. In particular, we explore privacy, resource constraints, non-stationarity (a.k.a. concept drift), and performance issues and give empirical analyses based on real user data. We close with some thoughts on extensions to this work and on other areas of application. About the speaker: graduated from Ballard High School (Louisville, KY) in 1990 and entered the department of Electrical and Computer Engineering (then the department of Electrical Engineering) at Purdue University (West Lafayette, IN) in the fall of that year. I have been here ever since, attaining my bachelor\'s (BSCEE == Bachelor of Science in Computer and Electrical Engineering) in May of 1994. I immediately plunged into the PhD program, and am currently working toward that degree under the direction of Professor Carla Brodley. Some notes on my Research are available.

Padgett Peterson, Implications of Mobile Code on Microsoft Platforms

Fri, 31 Mar 2000 16:30:00 EST

With the advent of mobile code (excutable programs that are carried on web pages and inside E-Mail) in everyday use, the capability to include malicious software without the recipient's knowlege has been implicit. From the first crude examples ("Concept", 1995) through the "Russian New Year" exploits (1997-98), to the current surprises (Bubbleboy, 1999) there has been a continual advance in sophistication. Despite attempts by the manufacturer to provide mitigation, these patches are little known or applied and often apply only to the latest versions and not the bulk of the installed base. We shall examine the built-in capabilities that make this possible, the probable rationale behind such decisions, and the implication for future events. About the speaker: Mr. Peterson is currently the principal corporate information security architect for Lockheed-Martin Corporation. With over thirty years experience in computers, cryptography, and malicious software, he has written BIOS-level antivirus freeware (\"DIskSecure\", 1990) and macro-based WORD macro protection (\"Macrolist\", 1996). A frequent speaker at security conferences he is an internationally recognized expert in the field. He also collects Pontiacs

Judy Hochberg, Automatic identification of classified documents

Fri, 25 Feb 2000 16:30:00 EST

How can one automatically identify classified documents? This is a vital question for the Department of Energy (DOE), which is reviewing millions of classified documents for possible declassification, and for Los Alamos National Laboratory (LANL), which is checking its unclassified computing storage systems for the presence of classified documents. The DOE, having already developed an expert rule system for automatic document classification, provided LANL with a small set of documents with which to explore a statistical classifier as an alternative. We represented documents as vectors of character trigram frequencies, used a chi-square statistic to select the optimal trigrams, and trained a linear classifier to distinguish classified and unclassified documents. Results ranged from 60% to 87% accuracy, depending on the training set size and other variables. In contrast, the LANL effort started "from scratch" and needed to be moved rapidly into large-scale production. We implemented an expert system tailored to the classified documents of most concern to LANL. The talk will discuss the practical issues that arose in canvassing large amounts of files in a variety of formats, and the security issues involved in the sampling, analysis, and notification processes. About the speaker: Judy Hochberg is a staff scientist at Los Alamos National Laboratory. She received a B.A. in linguistics from Harvard and a Ph.D. in linguistics from Stanford. Before joining the Laboratory in 1989, she was a post-doctoral researcher at the University of Chicago, then a visiting Assistant Professor at Northwestern University. She has published in journals including Computers and Security, IEEE Transactions in Pattern Analysis and Machine Intelligence, and Language. She has been an R&D 100 award winner and a national finalist in the Johns Hopkins National Search for Computing to Assist Persons with Disabilities. Judy is interested in all manifestations of human language, including document analysis -- text and images -- and speech.

Clay Shields, Tracing Denial-of-Service Attacks; or why we may never know who attacked Yahoo et. al.

Fri, 18 Feb 2000 16:30:00 EST

The recent spate of attacks against Yahoo and other sites with large on-line presences brought denial-of-service attacks into the public consciousness. The methods used in these attacks make it very difficult, if not impossible, to locate the source of the attacks. The problem lies not only in finding the particular computers used to launch the attacks, but also in finding the individuals controlling those computers. I will discuss the attacks that occurred, why it is so difficult to track the intruders, research work that attempt to make it possible do so, and open research problems in the area. CERIAS has on-going work related to the problem of tracking intruders across the Internet, and I expect this to be an evolving and interesting area of research in the future. About the speaker: Clay was born in Washington, D.C, and spent much of his childhood living overseas as required by the career of his stepfather, who was a covert agent for the CIA. Clay got an undergraduate degree in electrical engineering from the University of Virginia, and after a year as a computer programmer on Capitol Hill, joined the U.S. Army. As an infantry officer with the 101st Airborne Division, Clay served overseas with the peace-keeping force in the Sinai Peninsula, earning a commendation for liaison work with the Egyptian and Israeli military. Because sitting in a muddy foxhole with a rifle was not intellectually challenging enough, Clay left the Army to return to graduate school. He attended the University of California at Santa Cruz, and for his dissertation he studied computer networking, particularly multicast routing and network security issues. With the ink not yet dry on his PhD, Clay took a job as an assistant professor in computer science at Purdue University, not so much for easy access to corn, but to be associated with CERIAS and to continue his research into network security. Clay is particularly interested in finding ways to exploit existing protocols, in designing secure protocols and in finding ways to keep careful track of what is happening in a network while maintaining user privacy and anonymity.

Gerald Thomas, Commercial High-Resolution Satellite Imagery Polic

Fri, 11 Feb 2000 16:30:00 EST

In October of 1999, Denver based Space Imaging launched the world's first very-high resolution commercial satellite, IKONOS 2, into polar orbit around the earth. For the first time in history, sub-1 meter near real time digital imagery is now available for virtually the entire globe to anyone with a credit card and access to the internet. This talk will explore: (1) the policy history around the US government's decision to let this technology "go commercial," (2) the status of current US remote sensing policy and some remaining policy issues that still need to be addressed, and (3) the potential implications of this information revolution for national security, law enforcement, privacy, and several other issues. About the speaker: Dr. Gerald Thomas is an assistant professor of political science at Purdue University where he teaches and does research in the area of public policy. His current research interests focus at the intersection of environmental policy and science and technology policy. He has published on the topics of environmental security, US national security policy, and US space policy.

Victor Raskin, NLP for IAS: Overview and Implementations

Fri, 4 Feb 2000 16:30:00 EST

This paper explores a promising interface between natural language processing (NLP) and information assurance and security (IAS). More specifically, it is devoted to possible applications of the accumulated considerable resources in NLP to IAS. The paper is of a mixed theoretical and empirical nature. Of the four possible venues of applications, (i) memorizing randomly generated passwords with the help of automatically generated funny jingles, (ii) natural language watermarking, (iii) using the available machine translation (MT) systems for (additional) encryption of text messages, and (iv) downgrading, or sanitizing, classified information in networks, two venues, (i) and (iv), have been at least partially implemented, and the remaining two, (ii) and (iii), are being implemented to the proof-of-concept level. We feel that it is important, however, even at this early stage, to review for the information security community what NLP can do for it and to invite feedback and further efforts and ideas in this direction. About the speaker: Victor Raskin founded the Interdepartmental Program in Linguistics at Purdue and chaired it in 1979-99. He also founded the Natural Language Processing (NLP) Laboratory at Purdue in 1986 and has coordinated it ever since. He is the author of 16 books and close to 200 articles on natural language processing (computational linguistics), linguistic and semantic theory, philosophy of language and science, and various applications of linguistics and computational linguistics to adjacent areas, including to information security. Together with Sergei Nirenburg, Director, Computing Research Laboratory, New Mexico State University, he has developed a ground-breaking ontological semantic approach to NLP that, for the first time, provides near-comprehensive semantic capabilities to NLP systems and thus ensures their accuracy. He has been a PI, co-PI, and PI-level consultant for a large number of NLP research grants since 1966 in his native Russia, Israel, and this country, most recently on the interface of NLP and information security. Professor Raskin has served on the CERIAS Internal Advisory Board since its inception. The presentation is based on joint research with Mikhail J. Atallah, Craig J. McDonough, and Sergei Nirenburg

Gene Kim, Open Source Issues and Opportunities for Tripwire

Fri, 21 Jan 2000 16:30:00 EST

Tripwire has a long history of openly available source, having been created at Purdue University in 1992 as a publicly available security tool. It has been created into an industrial strength tool, and has been successful in protecting critical enterprise processes in business and government. One of the decisions we made was to use a conventional shrink-wrapped software model -- in other words, source code was no longer readily available to the public. Without question, this has been a smooth and successful transition. Tripwire v2.0 provided a variety of additional compelling features so that customers have embraced the new product. However, there were some things that happened along the way that didn't quite go as planned. And some things were just were downright surprising. This presentation will address some of the consequences of having a closed source product, and describe some issues in considerable detail. Then, possible "open source" opportunities will be presented, with all sorts of benefits discussed, evaluated, and some discarded. Some perceived dangers are mulled over, and also evaluated. Audience participation will be encouraged. About the speaker: Gene Kim is the chief technology officer and co-founder of Tripwire(tm), Inc. In 1992 at Purdue University, he co-authored the Tripwire file integrity assessment software with Dr. Gene Spafford. Kim is widely published on computer security, operating systems and networking in Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.

Wenliang Du & Mahesh Tripunitara, Security Relevancy Analysis on the Registry of Windows NT 4.0 (for Wenliang Du)

Fri, 19 Nov 1999 16:30:00 EST

Many security breaches are caused by inappropriate inputs crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we sure do not want to put such constraint on every input, instead, we only want to restrict the access to the security relevant inputs. The goal of this paper is to investigate how to identify which inputs are relevant to system's security. We have formulated the problem as an security relevancy problem, and deploy static analysis technique to identify security relevant inputs. Our approach are based on dependency analysis technique, it identifies if the behavior of any security critical action depends on certain input. If such a dependency relationship exists, we say that the input is security relevant, otherwise, we say the input is security non-relevant. We have applied this technique to a security analysis project initiated by Microsoft Windows NT security group. The project is intended to identify security relevant registry keys (a special kind of input) in Windows NT operating system. The results produced from this approach is proved to be useful to enhance Windows NT security. We will report our experience and results from this project in the paper. Thwarting Denial of Service Attacks against Communication Protocols with Backward Compatible Changes: A Case Study(for Mahesh Tripunitara) We will discuss a novel approach to building safeguards against denial of service attacks against communication protocols. Our approach involves changes to the relevant communication protocol subject to the following constraint: the protocol that results from the change must be backward compatible with the unchanged protocol. That is, an entity that employs the changed protocol must be able to communicate with an entity that employs the unchanged version. We will look at a specific problem in this context. The problem involves a class of denial of service attacks against IP. The class is called ARP (Address Resolution Protocol) cache poisoning and involves an attacker introducing a spurious IP to Ethernet mapping in a victim's ARP cache. We will discuss the solution and some implementation aspects of it. Apart from being backward compatible, our solution has two favourable properties: it is implemented as middleware, and is asynchronous About the speaker: Mahesh Tripunitara is a PhD student of computer science at Purdue, a member of CERIAS and an advisee of Prof. Gene Spafford. At dawn, he commutes 85 miles to campus, during the day, he dreams of graduation, and during the night he snoozes at his desk. He performed part of this work during a 9-month exile at AT&T Labs, 2500 miles away. Portions of this work will be presented at the upcoming Annual Computer Security Applications Conference (ACSAC'99). Wenliang (Kevin) Du is a PhD student of computer science at Purdue, a member of CERIAS and an advisee of Prof. Gene Spafford. His most recent research involves security testing and security analysis of software, with the focus on COTS software. He got his Bachelor's degree from the University of Science and Technology of China. He got his first industry work experience from Microsoft, where part of this work was performed. Portions of this work will be presented at the upcoming Annual Computer Security Applications Conference (ACSAC'99).

Mahesh Tripunitara, Thwarting Denial of Service Attacks against Communication Protocols with Backward Compatible Changes: A Case Study

Fri, 19 Nov 1999 0:00:00 EST

We will discuss a novel approach to building safeguards against denial of service attacks against communication protocols. Our approach involves changes to the relevant communication protocol subject to the following constraint: the protocol that results from the change must be backward compatible with the unchanged protocol. That is, an entity that employs the changed protocol must be able to communicate with an entity that employs the unchanged version. We will look at a specific problem in this context. The problem involves a class of denial of service attacks against IP. The class is called ARP (Address Resolution Protocol) cache poisoning and involves an attacker introducing a spurious IP to Ethernet mapping in a victim's ARP cache. We will discuss the solution and some implementation aspects of it. Apart from being backward compatible, our solution has two favourable properties: it is implemented as middleware, and is asynchronous. About the speaker: Mahesh Tripunitara is a PhD student of computer science at Purdue, a member of CERIAS and an advisee of Prof. Gene Spafford. At dawn, he commutes 85 miles to campus, during the day, he dreams of graduation, and during the night he snoozes at his desk. He performed part of this work during a 9-month exile at AT&T Labs, 2500 miles away. Portions of this work will be presented at the upcoming Annual Computer Security Applications Conference (ACSAC\'99).

Donn Parker, Information Security, a Folk Art in Need of an Upgrade

Fri, 12 Nov 1999 16:30:00 EST

Information security is an inarticulate, incoherent, incomplete, incorrect folk art attempting to preserve confidentiality, integrity, and availability (CIA) of information from destruction, disclosure, use, and modification (DDUM). This CIA/DDUM framework is the equivalent of alchemy in the middle ages when the elements consisted of fire, water, earth, and air. We must have security based on a coherent and complete framework model for stopping irrational cybercriminals. We must replace security risk reduction, an unmeasurable negative goal, with achieving standards of due care consistent with the new view of security as an enabling function. About the speaker: Donn B. Parker (1929-2021), an emeritus senior consultant at SRI Consulting, has spent 30 of his 47 years in the computer field doing research on computer crime, and consulting, writing, and lecturing on information security. He is the founder at SRI of I-4 serving more than 75 of the largest multinational corporations in their security for 14 years. He has written six books. His newest book, "Fighting Computer Crime: A New Framework for Protecting Information," (Wiley, 1998) is an international best seller. He received the ISSA Individual Achievement Award, the United States National Computer Systems Security Award, the Aerospace Computer Security Distinguished Lecturer Award, and the MIS Infosecurity Magazine Lifetime Achievement Award. In September 1999, The Information Security Magazine profiled him as a pioneer in information security.

Michael Santarcangelo, eInfrastructure Security

Fri, 5 Nov 1999 16:30:00 EST

This presentation will teach participants how to develop secure infrastructures in eCommerce by discussing security impacts to business applications, Netcentric security elements, and real stories from client experience. The presentation includes a thorough discussion of risk assessment methodology. About the speaker: Mr. Santarcangelo is a consultant in the Security Technologies Specialty for Andersen Consulting. He has three years of experience designing and implementing integrated security solutions for fortune 100 clients. Recent projects include implementing a security solution to automate user administration and on-going management across several platforms for a large computer hardware provider, and leading a web security architecture team for a large telecommunications company. Mr. Santarcangelo has experience with several leading security software packages (including Cybercop Scanner, ISS Scanner, Axent ESM), NT management tools, and UNIX and network security issues.

James R. C. Hansen, Computer Forensics Examinations in the Consulting Arena

Fri, 29 Oct 1999 16:30:00 EDT

As use of information technology continues to expand, the need to identify and preserve electronic evidence becomes a paramount. Once strictly the domain of law enforcement agencies, computer forensic examination has become a common part of litigation. Mr. Hansen will discuss a evolution of computer forensics, some of the ongoing legal and technical challenges that face a service provider in this area. Mr. Hansen will review a number of recent cases, and identify current trends in this area. About the speaker: Mr. Hansen joined Trident Data Systems in 1998 to develop a line of network incident response and computer forensic services. Under his direction, Trident has become one of the premier US providers of computer forensics investigation to law enforcement agencies, financial institutions, technology firms, and a variety other clients. Mr. Hansen joined Trident from the United States Air Force, where as a Special Agent he most recently served as the Deputy Director, Computer Crime Investigations Division of the Air Force Office of Special Investigations. In this capacity, he provided guidance and oversight of all investigations into the penetration of Air Force and select Department of Defense computer systems worldwide, and was assisted in the development of the nation's premier computer forensics laboratory. During his eleven years with the OSI, Mr. Hansen conducted counterintelligence investigations, protective service operations, directed a counter-narcotics operations team, and performed several high profile undercover operations

David Aucsmith, Balancing Big Brother

Fri, 15 Oct 1999 16:30:00 EDT

This talk addresses the issue of reconciling the needs of law enforcement and national security with the continuing evolution of computer and communications technology. It will describe the needs of both the law enforcement and national security communities including their current technical requirements and solutions. It will then describe technological trends and show how technical imperatives will render current solutions ineffective. It concludes with a description of possible directions that may be used to meet both law enforcement and national security needs while accounting for both technical evolution and social rights. About the speaker: David Aucsmith is the chief technologist for data and communications security technology at Intel Corporation. He is responsible for research, development and deployment of data and communications security technologies and products, in both hardware and software. Additionally, he is responsible for technical policy issues regarding security technology and serves as Intel's technical interface to regulatory organizations. He is currently working on industry standard architectures for the application and interoperability of data security technologies for communications, electronic commerce, and content protection. Previously, he was the architect of Intel's Common Data Security Architecture (CDSA), which is now an Open Group standard. Prior to joining Intel, David was the manager of Trusted Systems Development at Sequent Computer Systems. There he was chief architect and manger of the team that developed the first TCSEC compliant B1 level symmetric multiprocessor secure computer system. He earned MS degrees in CS from Georgia Tech, and in Nuclear Physics from NPS, and held the rank of Lieutenant Commander in the US Navy.

Edward J. Delp, Image and Video Watermarking: An Overview

Fri, 10 Sep 1999 16:30:00 EDT

In the past several years there has been an explosive growth in digital imaging technology and applications. Digital images and video are now widely distributed on the Internet and via CD-ROM. One problem with a digital image is that an unlimited number of copies of an "original" can be easily distributed and/or forged. This presents problems if the image is copyrighted. The protection and enforcement of intellectual property rights has become an important issue in the "digital world." Many approaches are available for protecting digital images and video; traditional methods include encryption, authentication and time stamping. In this talk we describe algorithms for image authentication and forgery prevention known as digital watermarking. A digital watermark is a signal that is embedded in a digital image or video sequence that allows one to establish ownership, identify a buyer or provide some additional information about the digital content. In this talk we will review the current state of watermarking and describe some of the open research problems. About the speaker: Edward J. Delp was born in Cincinnati, Ohio. He received the B.S.E.E. (cum laude) and M.S. degrees from the University of Cincinnati, and the Ph.D. degree from Purdue University. From 1980-1984, Dr. Delp was with the Department of Electrical and Computer Engineering at The University of Michigan, Ann Arbor, Michigan. Since August 1984, he has been with the School of Electrical and Computer Engineering at Purdue University where he is a Professor of Electrical and Computer Engineering.He is a Fellow of the IEEE, a Fellow of the SPIE, and a Fellow of the Society for Imaging Science and Technology (IS&T). His research interests include image and video compression, multimedia security, medical imaging, multimedia systems, communication and information theory. Dr. Delp has also consulted for various companies and government agencies in the areas of signal and image processing, robot vision, pattern recognition, and secure communications. More information about Professor Delp may be found in his online bio.

Gene Spafford, Twelve Challenges in Information Security Research

Fri, 3 Sep 1999 16:30:00 EDT

Current research in information security at many labs are largely focused on traditional themes: firewalls, intrusion detection, cryptography, and computer viruses. However, there are other challenges that need to be addressed to provide a basis for protecting our information infrastructure. About the speaker: Dr. Eugene Spafford is a Distinguished Professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy), a professor of Nuclear Engineering (courtesy), and a Professor of Political Science (courtesy). He serves on several advisory and editorial boards. Spafford's current research interests are primarily in information security, computer crime investigation, and information ethics. He is generally recognized as one of the senior leaders in the field of computing. Spaf (as he is known to his friends, colleagues, and students) is the founder and Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security). He was the founder and director of the (superseded) COAST Laboratory.

Clay Shields, KHIP - A Scalable Protocol for Secure Multicast Routing

Fri, 27 Aug 1999 16:30:00 EDT

Multicast routing is a service that provides for efficient many-to-many communication in a network. Traditionally, secure multicast protocols have used existing multicast routing services and relied on cryptographic protection of the messages sent to provide security. Much previous work in the area has been on methods of establishing a shared key between members subscribing to the multicast group. Some problems with this approach are that any network member can receive the encrypted traffic, and that the multicast routing protocol itself is subject to attacks which allow for effective denial-of-service attacks against the group members. I present Keyed-HIP (KHIP), a protocol for secure, hierarchical, multicast routing that changes the multicast model to prevent non-group members from receiving the secure traffic, and limits the effectiveness of denial of service attacks against the multicast group. KHIP also provides an efficient mechanism for distributing data encryption keys to all members of the group. While the type of security provided by KHIP is not necessary in all cases, for some applications the traditional model of multicast security may be lacking. About the speaker: Clay was born in Washington, D.C, and spent much of his childhood living overseas as required by the career of his stepfather, who was a covert agent for the CIA. Clay got an undergraduate degree in electrical engineering from the University of Virginia, and after a year as a computer programmer on Capitol Hill, joined the U.S. Army. As an infantry officer with the 101st Airborne Division, Clay served overseas with the peace-keeping force in the Sinai Peninsula, earning a commendation for liaison work with the Egyptian and Israeli military. Because sitting in a muddy foxhole with a rifle was not intellectually challenging enough, Clay left the Army to return to graduate school. He attended the University of California at Santa Cruz, and for his dissertation he studied computer networking, particularly multicast routing and network security issues. With the ink not yet dry on his PhD, Clay took a job as an assistant professor in computer science at Purdue University, not so much for easy access to corn, but to be associated with CERIAS and to continue his research into network security. Clay is particularly interested in finding ways to exploit existing protocols, in designing secure protocols and in finding ways to keep careful track of what is happening in a network while maintaining user privacy and anonymity.