Tuesday, Opening Keynote, 9:00am “Emerging and Future Cybersecurity Risks for National Security”

Dr. Daniel “Rags” Ragsdale is the former Principal Director for Cyber, in the Office of the Director of Defense Research and Engineering (Research & Technology). In that role, Dr. Ragsdale is responsible for coordinating cyber modernization efforts across the Department of Defense, with specific responsibility for the establishment of policies and for supervision over cyber modernization research and engineering, technology development, prototyping, experimentation, developmental testing, and transition activities. He is also responsible for making recommendations concerning the allocation of resources and alignment of efforts across the Department.

Before his recent return to service in the Department of Defense, Dr. Ragsdale was the founding director of the Texas A&M Cybersecurity Center and a Professor of Practice in the Department of Computer Science and Engineering. In the Director role, Dr. Ragsdale was responsible for leading, coordinating, and facilitating cybersecurity research and educational activities across the University. Dr. Ragsdale had previously served as a Program Manager in the Defense Advanced Research Projects Agency (DARPA). In that capacity, he successfully led and managed a $175M research and development portfolio of classified and unclassified cybersecurity and educational programs.

Prior to joining DARPA, Colonel (retired) Ragsdale served 30 years in the U.S. Army in a wide array of operational, educational, and research and development roles. He participated in Operations Urgent Fury (Grenada), Enduring Freedom (Afghanistan) and Iraqi Freedom (Iraq). Dr. Ragsdale, also served nearly 15 years at the United States Military Academy, West Point, in a variety of teaching and research roles. He culminated his Army service as the Vice Dean for Education, the Principal Deputy to West Point’s Chief Academic Officer.

Dr. Ragsdale is a 1981 graduate from the US Military Academy. He has earned a Master of Science degree, in Computer Science, from the Naval Postgraduate School and a Ph.D., in Computer Science, from Texas A&M University.

Dr. Ragsdale is a recipient of the Colloquium for Information System Security Education (CISSE) Founder's Medal, the International Federation for Information Processing (IFIP) Outstanding Service Award, the Federal Information Systems Security Education Association (FISSEA) Educator of the Year Award, the Texas A&M Engineering Genesis Award for Multidisciplinary Research, and the US Military Academy Apgar Award for Excellence in Teaching. Among his military awards and decorations are the Secretary of Defense Medal for Outstanding Public Service, the Legion of Merit, six Meritorious Service Medals and the Bronze Star.

Dr. Ragsdale and Cynthia, his wife of thirty-seven years, raised three children. They are each currently serving in the armed force as junior Officers; one in the Army, one in the Air Force, and one in the Navy

2nd day Keynote “Cyberspace, Cybersecurity, and a New World Order”

While our focus on cybersecurity tends to be technical, to concentrate on adversary tactics, techniques, and procedures, and development of effective cyber defenses, other vital questions loom. Among them:

How did cyberspace evolve?  How did that evolution shape cybersecurity?  How do members of the international system wield cybersecurity in pursuit of their interest?  How is the international system being reshaped, and what do these changes mean for the role of the United States in an increasingly competitive world?

Samuel Sanders Visner, Chair of the Board of Directors of the Space Information Sharing and Analysis Center and adjunct professor at Georgetown University’ Program in Science and Technology in International Affairs, will offer a framework that unifies our understanding of cyberspace, cybersecurity, and the international system Using insights gained in the public, private, and academic sectors, Sam will discuss how the geopolitical environment and seek to engage conference participants in a discussion about how US interests can be managed as a changed international system develops.

Samuel Sanders Visner serves as Chair, Board of Directors, Space Information Sharing and Analysis Center and is a Technical Fellow at the Aerospace Corporation. Sam has served as Director of the National Cybersecurity Federally Funded Research and Development Center, General Manager of two cybersecurity businesses, and Chief of Signals Intelligence Programs at the National Security Agency.  Sam established at Georgetown University the cybersecurity policy, operations, and technology curriculum, and serves on the Board of Directors of Oak Ridge Associated Universities and as a consultant to the Army Science Board.  Sam has a BS degree in International Politics from Georgetown University and an MA in Telecommunications from the George Washington University.  The views expressed in Sam’s presentation represent are his own.

Lightning Talk #6, Wed. April 3rd, 2:15pm ET “Hierarchical Adversarial Inverse Reinforcement Learning”

In this talk, we will provide novel approaches for Multi-task Imitation Learning, which aims to train a policy capable of performing a distribution of tasks based on multi-task expert demonstrations, which is essential for general-purpose robots. Existing Multi-task imitation learning algorithms suffer from low data efficiency and poor performance on complex long-horizon tasks. We will describe Multi-task Hierarchical Adversarial Inverse Reinforcement Learning, which learns hierarchically-structured multi-task policies, which is more beneficial for compositional tasks with long horizons and has higher expert data efficiency through identifying and transferring reusable basic skills across tasks. Further, this approach leads to generalization to new tasks or transfer learning to similar domains. We will evaluate the performance of the proposed approach using a series of challenging multi-task settings from Mujoco, a widely-utilized environment for simulating and controlling robotic systems.

Vaneet Aggarwal received the BTech degree from the Indian Institute of Technology Kanpur, Kanpur, India, in 2005 and the MA and PhD degrees from Princeton University, Princeton, NJ, USA, in 2007 and 2010, respectively, all in Electrical Engineering. He is currently a Professor in the School of Industrial Engineering, and the School of Electrical and Computer Engineering (by courtesy) at Purdue University, where he has been since Jan 2015.

Prior to joining Purdue, he was a Senior Member of the Technical Staff - Research for five years with AT&T Labs Research, Bedminster, NJ, USA (2010-2014). Dr. Aggarwal has been Adjunct Assistant Professor in the Department of Electrical Engineering at Columbia University (2013-2014), a VAJRA Adjunct Professor in the Department of Electrical Communications Engineering at IISc Bangalore (2018-2019), Visiting Professor at Plaksha University (2022-2023), Adjunct Professor in CS at IIIT Delhi (2022-2023), and Visiting Professor in CS at KAUST (2022-2023). Dr. Aggarwal received the Princeton University’s Porter Ogden Jacobus Honorific Fellowship in 2009, AT&T Vice President Excellence Award in 2013, AT&T Senior Vice President Excellence Award in 2014, and Purdue University’s Most Impactful Faculty Innovator award in 2020. In addiiton, he received IEEE Jack Neubauer Memorial Award in 2017, IEEE Infocom Workshop Best paper award in 2018, and Neurips Workshop Best paper award in 2021. He was an Associate Editor for the IEEE Transactions on Green Communications and Networking (2017-2020) and IEEE Transactions on Communications (2016-2021). He is currently serving on the Editorial Board of the IEEE/ACM Transactions on Networking (2019-current), and is co-Editor-in-Chief of the ACM Journal on Transportation Systems (2022-current).

TechTalk #3 Wed. April 3rd, 11:20am ET “Valid Statistical Inference for Privatized Data”

Currently, differential privacy (DP) has arisen as the stat-of-the-art method in privacy protection, seeing implementations by tech companies such as Apple, Google, and Facebook, as well as by the U.S. Census. In order to achieve a differential privacy guarantee, an analysis method must introduce additional randomness into the calculations in order to obscure the contributions of any particular individual.  While DP methods give a very strong privacy guarantee, the extra randomness makes it challenging to conduct valid statistical inference (such as unbiased estimation, confidence intervals, hypothesis tests, and Bayesian analyses). In this talk, we discuss the challenges of developing valid statistical inference on privatized data and highlight some new solutions to achieve these goals. These results can greatly improve the utility of privatized data, enabling privacy protections in settings that were previously impractical.

Dr. Awan studied at Clarion University from 2011-2014, earning a B.S. in Mathematics. He completed a M.A. in Mathematics at Brandeis University in 2016 under the advisement of Dr. Olivier Bernardi. In May of 2020, He completed his Ph.D. in Statistics at Penn State University, advised by Dr. Aleksandra Slavkovic and Dr. Matthew Reimherr. Currently, Dr. Awan is an Assistant Professor of Statistics at Purdue University. He also works as a differential privacy consultant for the federal non-profit, MITRE.

TechTalk #4 Wed. April 3rd, 1:30pm ET “Toward an Internet of Secure Things”

Cyber-Physical Systems (CPS) are typically composed of interconnected hardware and software components, which individually may not be inherently highly reliable or secure. However, several CPS applications demand a high degree of safety, security, and reliability. Thus, our grand challenge problem is

There has been enormous progress in understanding and patching various classes of vulnerabilities in large-scale distributed CPS. However, these efforts at designing and operating resilient CPS have often been stymied by the lack of understanding of the impact of any failure to the overall system, under the economic and policy constraints involved.
I will first provide the perspective on progress that has been made in securing such large-scale CPS. Then I will present our approach from two lenses. The first lens is a macroscopic one [TCNS-20, AsiaCCS-21, S&P-22] where we look at the security of interdependent CPS managed by multiple defenders that are under the threat of stepping-stone attacks. We model such systems via game-theoretic models and incorporate in them the biases in human decision-making. We present learning techniques for enhancing decision-making in multi-round setups. The second lens is that of stochastic learning [AsiaCCS-23, CVPR-23, S&P-24, CVPR-24] by many CPS devices in a distributed and collaborative manner. We show the vulnerability of such learning, from a security and a privacy standpoint, and then point out some promising defense approaches that can stay within the resource bounds of these devices.
Time permitting, I will discuss a third lens, a microscopic one [UsenixSec-18, NDSS-20, UsenixSec-20] where we look at protecting each individual device against powerful control flow attacks by bringing to low-end devices the core security principle of least privilege execution. 

Saurabh Bagchi is a Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. His research interest is in dependable computing and distributed systems. He is the founding Director of a university-wide resilience center at Purdue called CRISP (2018-present) and Director of the Army’s Artificial Intelligence Innovation Institute (A2I2) (2020-25). He serves on the IEEE Computer Society Board of Governors.
Saurabh is proudest of the 25 PhD students and about 30 Masters thesis students who have graduated from his research group and who are in various stages of building wonderful careers in industry or academia. In his group, he and his students have way too much fun building and breaking real systems. Along the way this has led to 13 best paper awards or runner-up awards at IEEE/ACM conferences and a Test of Time Award. Saurabh serves as the founder and CTO of a cloud computing startup, KeyByte (2022). Saurabh received his MS and PhD degrees from the University of Illinois at Urbana-Champaign and his BS degree from the Indian Institute of Technology Kharagpur, all in Computer Science.

Wed. 4:30pm, Closing Keynote / Weekly Security Seminar

Philippe Biondi is an executive expert in cyber security at Airbus. He is a co-creator of the SSTIC french-speaking conference. He is the author of Scapy and numerous other security related tools. He is a co-author of the Security Powertools book. He published several articles in MISC magazine. He gave several talks to security conferences (Blackhat, HITB, GreHack, CansecWest, Defcon, Syscan, etc.).

Lightning Talk #5 Wed. April 3rd, 1:10pm “Assuring High Consequence Systems at Sandia National Labs”

Our nation’s high consequence systems (HCS) are at risk from an ever-increasing digital threat. Digital technologies integrated within HCS pose unique challenges to national security by introducing unexpected behaviors that put missions at risk. These challenges are exacerbated by the growing complexity and interdependence of HCS – characteristics that enable agility and performance in HCS. Sandia’s HCS design and development responsibilities are integral to the nation’s national security missions, which must be performed reliably even under digital threat.

The United States’ national security community recognizes that we lack the technical capabilities needed to make confident, evidence-based assertions of digital assurance efficiently and across high consequence systems. The Digital Assurance for High Consequence Systems Mission Campaign (DAHCS MC, pronounced “Dax”) seeks to create this technical basis, and to discover scientific foundations that generalize such capabilities to modern engineering of HCS. With a $45M, seven-year MC, we seek to create the technical basis for efficiently assessing the digital/cyber assurance of the nation’s critical systems generally. This includes developing the science-based tools and methods to efficiently 1) characterize, assess, and manage digital risk and 2) design and construct systems with minimal digital risk. Ultimately, our goal is to develop the foundations that allow digital assurance to be incorporated into disciplined systems engineering frameworks.

Dr. Ruby E. Booth is a principal member of the technical staff at Sandia National Laboratories, where she serves as a cybersecurity analyst and national security subject matter expert. She specializes in the interaction between human behavior and cybersecurity. She received her undergraduate degree from Rhodes College and an MS and PhD from the University of Memphis. She is a nonresident fellow of the Berkeley Risk and Security Lab and the Center for Long-Term Cybersecurity at the University of California, Berkeley.

PANEL #2, Tues. April 2nd, 2:15pm ET, “Cyber-physical Secure Lessons Learned for Different Domains”

Randall Brooks is a Principal Technical Fellow for RTX (NYSE: RTX). He is the Chief Engineer of the RTX Cyber Operations, Development and Evaluation (CODE) Center, which focuses on product cybersecurity. Randall represents the company within the US International Committee for Information Technology Standards Cyber Security 1 (CS1) and the Cloud Security Alliance (CSA). He has more than 25 years of experience in cybersecurity with a recognized expertise in software assurance (SwA) and secure development life cycles (SDLCs). In addition to holding eight patents, Randall is a CISSP, CSSLP, ISSEP, ISSAP, ISSMP, and CCSK. He graduated from Purdue University with a bachelor’s degree from the School of Computer Science.

Day 1, Tuesday 8:45am Opening Remarks

Purdue’s 13th president, Dr. Mung Chiang, is an engineer, educator, technology entrepreneur and innovator who previously served as both Purdue’s executive vice president for strategic initiatives and the John A. Edwardson Dean of the College of Engineering.
The winner of the National Science Foundation’s Alan T. Waterman Award in 2013, the highest honor presented to an American researcher under the age of 40, he also is a member of the National Academy of Inventors and the Royal Swedish Academy of Engineering Sciences.

Tuesday, 1:30pm TechTalk #1:  “How Cyber is Revolutionizing Contemporary Conflict”

Mr. Cleary will transport attendees through the annals of military history to understand how the evolution of warfare parallels the rise of new technologies. Drawing from the transformative impact of innovations like the submarine and bomber during World War II, learn not only how these advancement reshaped the modern battlefield, but how senior leadership struggled to fully understand or appreciate how these new capabilities would impact the the outcome of the war. Come listen to how cyber capabilities are similarly revolutionizing contemporary conflict and what part you can play to shape this new domain. Secure, Survive, Strike.

Christopher “Chris” Cleary is the Vice President of ManTech’s Global Cyber Practice. He directs the technical strategy to expand and enhance ManTech’s cognitive cyber innovation and capabilities business.

He joined ManTech after previously serving as The Department of the Navy’s Principal Cyber Advisor and Chief Information Security Officer, respectively.

Mr. Cleary has deep expertise in the public and private sectors and the military with more than 25 years of experience driving enterprise Cyber and Signals Intelligence (SIGINT ) innovation. He has a proven track record of accelerating technology innovation, driving revenue growth and increasing market expansion for multi-billion-dollar corporations including Leidos, Sparta (now Parsons) and Verizon.

Mr. Cleary has hands-on experience managing critical Cyber programs for U.S. Cyber Command, the Intelligence Community and other key branches of the government.

He is a graduate of the U.S. Naval Academy with a Bachelor of Science in history and a Master of Arts in National Security and Strategic Studies from the U.S. Naval War college.

Day 2, Tech Talk #2, April 3rd, 10:15am, “The Mythical LLM-Month: Creating Trustworthy Copilots for Cybersecurity”

No doubt. Last year was the year of the LLM. As we move more and more into 2024, we are seeing that almost no LLM promised last year was delivered, or when delivered, they quickly made the headlines.

We are going to show that what people have been claiming to be standalone LLMs are in fact complex software systems where LLMs are an integral part of it.  We call these systems AI Agents. A lot of solutions built are still in their infancy, and the race to get these systems up and running caused a huge impact in readiness of such systems. For example, one important aspect of AI Agents to increase their reliability is grounding, which is often forgotten in examples and demos.  Finally, most people still regard data as a second class citizen, and in reality for AI Agents based on Retrieval Augmented Generation (or RAG for short), having good data is as important or more important than a LLM. 

We will finalize this presentation showing how to merge software engineering practices from the last 50 years into this new era, where multimodal data and algorithms are integrated into vector databases, and used to create high quality copilot applications.

 

With nearly three decades in the IT and software engineering industry, Claudionor has extensive research and development experience in machine learning and deep learning techniques (including Generative AI), software systems, cybersecurity and semiconductors. As the Chief AI Officer at Zscaler, he is chartered with driving the vision and implementation of advanced AI technologies to strengthen the world’s largest security platform and propel Zscaler’s innovation engine forward.

Prior to joining Zscaler, Claudionor served as the Chief AI Officer and SVP of Engineering at Advantest, where he spearheaded the development of a Zero Trust private cloud solution tailored for the semiconductor manufacturing market, enabling it to run Machine Learning workloads. Before that, Claudionor was the VP/Fellow of AI and the Head of AI Labs at Palo Alto Networks where he led the charge in AI, AIOps and Neuro-symbolic AI, an advanced form of AI that enables reasoning, learning, and cognitive modeling, to help revolutionize time series analysis tools on a massive scale. Claudionor’s career also includes vital roles in Machine Learning and Deep Learning at Google, where he developed a state-of-the-art Deep Learning technology designed for automatic quantization and model compression which played a pivotal function in the search for subatomic particles at CERN. This work was featured in the cover page of Nature Machine Intelligence in August, 2021.

Claudionor holds a PhD in Electrical Engineering and Computer Science from Stanford University and an MBA from Ibmec in Brazil. He earned both his M.Sc in Computer Science and B.S. in Electrical Engineering from the Universidade Federal de Minas Gerais and is an Invited Professor in the Electrical and Computer Engineering Department at Santa Clara University.

Lightning Talk #7, Wed. April 3rd, 2:35pm ET “An Interview Study on Third-Party Cyber Threat Hunting Processes in the U.S. Department of Homeland Security (USENIX Security 2024)”

This talk is about cyber threat hunting, which is an emerging discipline of cybersecurity operations. Traditional cybersecurity defense is reactive. Cybersecurity operations centers keep out adversaries and incident response teams clean up after break-ins. Recently a proactive stage has been introduced: Cyber Threat Hunting (TH) looks for potential compromises missed by other cyber defenses. TH is mandated for federal executive agencies and government contractors. As threat hunting is a new cybersecurity discipline, the practices and challenges of TH have not yet been documented.  To address this gap, we conducted the first interview study of threat hunt practitioners. We obtained access and interviewed 11 threat hunters associated with the U.S. government’s Department of Homeland Security. We describe the diversity among their processes, show that their processes differ from the TH processes reported in the literature, and unify our subjects’ descriptions into a single TH process. We enumerate common TH challenges and solutions according to the subjects. The two most common challenges were difficulty in assessing a Threat Hunter’s expertise, and developing and maintaining automation. We conclude with recommendations for TH teams (improve planning, focus on automation, and apprentice new members) and highlight directions for future work (finding a TH process that balances flexibility and formalism, and identifying assessments for TH team performance). Our findings will be presented at USENIX Security 2024.

James C. Davis is an assistant professor of Electrical and Computer Engineering at Purdue University and a senior member of the IEEE. He worked for IBM from 2012-2015 and received his PhD degree from Virginia Tech in 2020. His research is published at the most prestigious venues in software engineering (e.g., ICSE, FSE) and cybersecurity (e.g., IEEE S&P, USENIX Security). His work has been recognized with three ACM SIGSOFT distinguished paper awards. His lab is supported by the US National Science Foundation, Google, Rolls Royce, and Cisco.

Panel 3, Wed. April 3rd, 3:10pm “Where Code Meets Chip”

Max DeWees is a Product Security Architect at Analog Devices, Inc. He has been with ADI for 10 years, after receiving his master’s degree in Information Security from Purdue University. Before his current role, Max led an embedded firmware product development team, creating device drivers and libraries for cryptographic hardware accelerators and secure bootloaders for silicon products in the automotive, industrial, and consumer markets. Max’s current focus is helping to define next-generation security architecture for ADI’s upcoming Intelligent Edge platforms.

Panel Discussion #1, Tues. April 2nd, 10:35am ET, “The Security and Trustworthiness of AI in the era of LLM”

Evercita Eugenio is a statistician with the Cyber Operations Research Engineering group at Sandia National Laboratories in Livermore, CA. Evercita’s research is focused on differential privacy, privacy enhancing technologies and machine learning. She is also interested in biostatistics, clinical trials and likelihood theory. Evercita received a PhD in Applied and Computational Mathematics and Statistics from the University of Notre Dame where her dissertation focused on differentially private data synthesis methods. In addition, Evercita has a MS from Oregon State University and BS from the University of Washington.

Lightning Talk #1, Tues. April 2nd, 10:15am ET “Strategies for Launching Successful Data Poisoning Attacks on Machine Learning Models”

The past decades have witnessed the astonishing predictive power of various machine learning models for different applications, but the usual assumption is that these models are deployed in a benign environment. Despite much progress, the robustness of many machine learning models under attacks remains unexplored. In this talk, I will introduce our work on data poisoning attacks, which aim to manipulate the behavior of machine learning models by injecting malicious or misleading data (i.e., adversarial samples) into the training set. I will present the methodologies we developed to systematically create adversarial samples that could skew the model’s original objectives for a series of machine learning tasks, including outcome interpretation, fair machine learning, next-item recommendation, and knowledge graph embedding. Experiments and theoretical analysis of our designed attacks provide valuable insights into the vulnerabilities of machine learning models and could inform the development of more secure and reliable machine learning systems.

Dr. Jing Gao is an Associate Professor in the Elmore Family School of Electrical and Computer Engineering of Purdue University. Before joining Purdue in January 2021, She was an Associate Professor in the Department of Computer Science and Engineering at the University at Buffalo, State University of New York. She received her PhD from Computer Science Department at University of Illinois at Urbana Champaign in 2011 under the supervision of Prof. Jiawei Han. She received M.E. and B.E. from the Computer Science and Technology Department at Harbin Institute of Technology in China.

Panel Discussion #1, Tues. April 2nd, 10:35am ET, “The Security and Trustworthiness of AI in the era of LLM”

Dr. Nate Gleason is the Program Leader for Cyber and Infrastructure Resilience (CIR) within the Energy and Homeland Security Program in the Global Security Directorate at Lawrence Livermore National Laboratory (LLNL).

Gleason joined LLNL as the founding Program Leader for CIR in January 2016 and has since helped the program grow. As Program Leader for Cyber and Infrastructure Resilience, Gleason is responsible for developing technologies and solutions that will allow the nation to progress towards a future where our critical infrastructure systems are intelligent, self-healing, and resilient to cyber and physical disruptions. CIR’s mission also works to derive 100 percent of our nation’s energy from renewable sources, eliminating its negative impact on the environment as well as reliance on foreign entities for fuel. Key sponsors for this program include the Department of Homeland Security, Department of Energy, Department of Defense, and the State of California.

Prior to joining LLNL in January 2016, Gleason spent 12 years at Sandia National Laboratories in a variety of technical and management positions including Deputy to the Vice President, Deputy Program Director for Sandia’s Homeland Security Program, Department Manager for the Advanced Systems Engineering and Deployment Department and the Systems Research and Analysis Department.

April 3rd, 2:55pm NATO Sponsored Research

Dr. Huber’s research focuses on past, present and future climate, the mechanisms that govern climate, and the different forms that climates can take on Earth and other planets. Most of his work so far has concentrated on the issue of how ‘stuff’ (e.g. passive tracers, water vapor, heat) goes from the tropics toward the Poles, and specifically with an emphasis on how these processes operated during the past greenhouse climate of the Eocene. Huber received his PhD in Earth Sciences from the University of California Santa Cruz and was an assistant professor at the Niels Bohr Institute at the University of Copenhagen before joining Purdue in 2002.

PANEL: Where Code Meets Chip

Dr. Nathaniel Husted serves as Chief Scientist for Cyber and Electromagnetic Warfare (EW) Technologies in the Expeditionary EW division at Naval Surface Warfare Center – Crane in southern Indiana. His duties focus on growing Crane’s workforce in the area of Cyber/EW, developing infrastructure to enable left-of-acquisition Cyber/EW activities, and helping bridge the gap between the Cyberspace and EMSO communities. Prior to his current role as Chief Scientist he served as the national Cybersecurity Engineering lead for a major new Navy program and as the first program officer (acting) for Expeditionary Cyber at the Office of Naval Research (ONR). He obtained a B.S. from Purdue University at the Indianapolis campus and a Ph.D. in Informatics from Indiana University. His research focused on the intersection of Computer Security and Complex Systems with further contributions in the areas of applied cryptography and the macroeconomics of information security. He has contributed to the Linux Kernel and Buildroot open-source projects. His most recent internally funded project culminated in a hardware-in-the-loop, high assurance, flight system for teaching Crane’s workforce cybersecurity and formal assurance concepts. The project leverages Kerbal Space Program and the Rust programming language; it is available at: https://github.com/NSWC-Crane/kerbx-flightsystems. He currently has returned to ONR to support the Expeditionary Cyber portfolio as a strategic technical advisor.

Tuesday, April 2nd 4:35pm, Course Preview: MGT 480-W/ MGT 492-W “Cybersecurity Awareness and Strategies to Enhance Resilience of Recovery and Response Operations During Disaster”

Dr. Umit Karabiyik (Dr. K) is an Associate Professor in the Department of Computer and Information Technology at Purdue University. Prior to his appointment at Purdue, Dr. K was an Assistant Professor in the Department of Computer Science at Sam Houston State University from 2015 to 2018. Dr. K received his M.S. and Ph.D. degrees from Florida State University in 2010 and 2015, respectively. His research interests broadly lie in Digital Forensics, Cybersecurity, Forensic Intelligence, User and Data Privacy, Artificial Intelligence in Security, Privacy and Forensic Applications. He has secured federal and industrial funding from the U.S. National Institute of Justice, U.S. Department of Homeland Security, U.S. Federal Emergency Management Agency, U.S. Bureau of Justice Assistance, The National Air and Space Intelligence Center (NASIC), and Lockheed Martin Corporation. Dr. K has developed and delivered several mobile and IoT forensics training courses and technical assistance for law enforcement and justice system professionals. He is an Associate Editor-in-Chief for the Journal of Digital Forensics, Security and Law, Topic Editor for MDPI’s Electronics journal, Junior Editorial Board Member of the Journal of Surveillance, Security and Safety, conference chair and/or technical program committee member of high-quality international conferences in Digital Forensics, Cybersecurity, and Networking.

PANEL #2, Tues. April 2nd, 2:15pm ET, “Cyber-physical Secure Lessons Learned for Different Domains”

Doug Kiehl is a Senior Director at Eli Lilly and Company and leads the Disruptive/Transformative Technologies Team (DT3) and Digital Twin Center of Excellence with focus on digital transformation, automation, extractables/leachables and next-gen bioprocess. He serves as a member of the United States Pharmacopeia (USP) Packaging and Distribution Expert Committee, Chair for the Product Quality Research Institute (PQRI) Steering Committee, PhRMA Topic Lead for the International Council for Harmonisation (ICH) Q3E Guidance Expert Working Group, Board of Directors for the Extractables/Leachables Safety Information Exchange (ELSIE) Consortium, Chair for the International Society for Optics and Photonics (SPIE) Defense and Commercial Sensing Conference, Executive Governing Council for the Nano-Bio Materials Consortium (NBMC/SEMI) and founding member of the Biomolecule Reactivity Consortium.  He has published his work in several peer-reviewed and trade journals, and has organized, chaired and presented at numerous conferences.

Dr. Mark J. Lewis is president and chief executive officer of the Purdue Applied Research Institute (PARI), the nonprofit applied research arm of Purdue University with a particular focus on national security, economic security and food security for the United States. A renowned researcher, professor and former deputy undersecretary of defense, Lewis brings a wealth of national security, scientific and academic experience to the institute. 

Lewis came to Purdue from his post as executive director of the National Defense Industrial Association’s Emerging Technologies Institute, a nonpartisan think tank focused on technologies that are critical to the future of national defense. This institute provides research and analyses to inform the development and integration of emerging technologies into the defense industrial base.

Before this, Lewis was director of defense for research and engineering in the Defense Department, overseeing technology modernization for the services and defense agencies, as well as the acting deputy undersecretary of defense for research and engineering. In that role, he was the Pentagon’s senior-most scientist, managing a $17 billion budget that included the Defense Advanced Research Projects Agency, the Missile Defense Agency, the Defense Innovation Unit, the Space Development Agency, Federally Funded Research and Development Centers (FFRDC) and the Defense Department’s basic and applied research portfolio.

From 2012 to 2019, Lewis was the director of the Science and Technology Policy Institute, an FFRDC that supported the Executive Office of the President and other executive branch agencies in forming national science and technology policy.

Lewis is a professor emeritus at the University of Maryland, where he served as the Willis Young Jr. Professor and chair of the Department of Aerospace Engineering until 2012. A faculty member at Maryland for 25 years, he taught and conducted basic and applied research in hypersonic aerodynamics, advanced propulsion and space vehicle design and optimization. Best known for his work in hypersonics, Lewis’ research has spanned the aerospace flight spectrum from the analysis of conventional jet engines to entry into planetary atmospheres. From 2004 to 2008, Lewis was the Air Force’s chief scientist, the principal scientific adviser to the chief of staff and secretary of the Air Force. As the longest-serving chief scientist in Air Force history, his primary areas of focus included hypersonics, space launch, energy, sustainment, advanced propulsion, basic research and workforce development. From 2010 to 2011, he was president of the American Institute of Aeronautics and Astronautics.

Lewis attended the Massachusetts Institute of Technology, where he received his bachelor of science in aeronautics and astronautics, bachelor of science in Earth and planetary science (1984), and master of science (1985) and doctor of science (1988) in aeronautics and astronautics. He is the author of more than 320 publications and has advised more than 60 graduate students. He has served on boards for NASA and the Defense Department, including two terms on the Air Force Scientific Advisory Board.

A recipient of the Air Force Exemplary, Meritorious and Exceptional Civilian Service Awards and of the Secretary of Defense Outstanding Public Service Award, Lewis was also the 1994 AIAA National Capital Young Scientist/Engineer of the Year; received the IECEC/AIAA Lifetime Achievement Award, the AIAA Dryden Lectureship Award, and the AFA Theodore von Karman Award; and is an Aviation Week and Space Technology Laureate. He is a member of the International Academy of Astronautics, a fellow of the American Society of Mechanical Engineers, a fellow of the Royal Aeronautical Society and an honorary fellow of the American Institute of Aeronautics and Astronautics.

Lightning Talk #8, Wed. April 3rd, 4:10pm ET, “Packing Arithmetic to Improve Security and Performance of Privacy Technologies”

Use cases in privacy like identification, authentication, private transactions, and verifiable/secure computation rely on cryptography to handle secrets. However, incompatibility of the application front-end and cryptographic back-end operations leads to efficiency and security bottlenecks.

1. For instance, in the zero-knowledge (ZK) domain, Boolean circuits generate auxiliary information like hashes and Merkle trees in privacy-preserving cryptography, blockchain systems, and outsourced computation. However, ZK back-ends support arithmetic only over large fields -- not Boolean arithmetic.
2. Likewise, in secure computation, it is challenging to evaluate Boolean circuits securely using homomorphic cryptosystems like Ring-LWE and Paillier-type schemes that only support large arithmetic.

Arithmetic packing, our information-theoretic invention, resolves these incompatibilities. It is a versatile intermediate representation that implements vector instructions for application front-ends using a single large back-end arithmetic. This invention has led to faster and more secure MPC and ZK technologies.

This talk will introduce arithmetic packings, their applications, our new combinatorial and algebraic complexity-theoretic framework to investigate these new packing problems, and optimal packing constructions relying on computer-assisted search.

Maji is an Associate Professor in the Department of Computer Science at Purdue University. He is interested in Cryptography and Algorithms, particularly Secure Computation and Information-theoretic Cryptography. Among others, his current research makes zero-knowledge and secure computation technologies faster and safer.

Lightning Talk #3, Tues. April 2nd, 4:15pm ET, “Debugging and Explaining Unfairness in Machine Learning Models”

Algorithmic decision-making systems are increasingly being used to automate consequential decisions in many high-stakes application domains. There is a growing concern that these systems are not transparent, and perpetuate systemic biases reflected in training data. Such discriminatory outcomes violate human rights and undermine public trust in automated decision-making systems. To render these systems more explainable and trustworthy, I will describe our efforts toward making the decisions of AI-based systems less biased. I will present Gopher, a causal data-based explanation mechanism, which allows us to diagnose the outcomes of a machine learning model and detect subsets of the training data most responsible for biased decisions. Gopher quantifies and efficiently approximates the causal responsibility of training data subsets and prunes the huge search space to generate compact, interpretable, and causal explanations for biased model predictions. Experimental evaluation over several real-world datasets in the fair ML literature demonstrates that our system is effective and efficient in generating interpretable explanations for debugging root causes of model bias.

Dr. Pradhan is an Assistant Professor in the Department of Computer & Information Technology at Purdue University in West Lafayette, Indiana. Her research interests are in the areas of data management and data science. Her research is driven by the need to build trustworthy and responsible decision-making systems. More recently, Dr. Pradhan has been building systems that facilitate explainability, fairness, and accountability of data-driven decision-making systems.

Before joining Purdue CIT, Dr. Pradhan held a Postdoctoral Researcher position in the Halıcıoğlu Data Science Institute at the University of California San Diego, and was a Visiting Assistant Professor in the Department of Computer Science at Purdue University. She has a Ph.D. in Computer Science from Purdue University, and a B.S. and M.S. in Mathematics and Computing from the Indian Institute of Technology (IIT) Kharagpur, India.

Panel: Where Code Meets Chip

Anand Raghunathan received the B. Tech. degree in Electrical and Electronics Engineering from the Indian Institute of Technology, Madras, India, and the M.A. and Ph.D. degrees in Electrical Engineering from Princeton University, Princeton, NJ. He is currently the Silicon Valley Professor and Chair of the VLSI area in the School of Electrical and Computer Engineering at Purdue University. He serves as Associate Director of the $36M SRC/DARPA Center for Brain-inspired Computing (C-BRIC) and founding co-director of the Purdue/TSMC Center for a Secured Microelectronics Ecosystem (CSME). His research explores brain-inspired computing, energy-efficient and high-performance machine learning, system-on-chip design and computing with post-CMOS devices. He holds a Distinguished Visiting Chair at the Indian Institute of Technology, Madras, where he is helping establish a Center for Computational Brain Research. He is a co-founder of High Performance Imaging, Inc., a company commercializing Purdue innovations in the area of computational imaging. Before joining Purdue, he was a Senior Researcher and Project Leader at NEC Laboratories America and held a visiting position at Princeton University.

Prof. Raghunathan has co-authored a book, eight book chapters, and over 300 refereed journal and conference papers, holds 29 U.S patents and 16 international patents, and has presented over 50 invited talks. His work has received 9 best paper awards, 1 design contest award and 7 best paper nominations at premier IEEE and ACM conferences, and over 21507 citations (h-index: 77). He received a Patent of the Year Award (recognizing the invention that achieved the highest impact), and two Technology Commercialization Awards from NEC. At Purdue, he received the College of Engineering Faculty Excellence Award for Research, the Qualcomm Faculty Award and the IBM Faculty Award. He was chosen by MIT’s Technology Review among the TR35 (top 35 innovators under 35 years, across various disciplines of science and technology) in 2006, for his work on “making mobile secure”. He also received the Distinguished Alumnus Award from IIT Madras. Prof. Raghunathan has chaired five premier IEEE/ACM conferences (DAC, CASES, ISLPED, VTS, VLSI Design), and served on the editorial boards of various IEEE and ACM journals in his areas of interest. He received the IEEE Meritorious Service Award and Outstanding Service Award. He is a Fellow of the IEEE and Golden Core Member of the IEEE Computer Society.

Lightning Talk #2, Tues. April 2nd, 12:05pm “Security of AI-enabled CPS and Leveraging LLM to Improve AI-enabled CPS Security”

This talk focuses on the safe integration of Artificial Intelligence (AI) with Cyber Physical Systems (CPS), specifically about unmanned aerial vehicles (UAVs). Because they combine physical components and computer algorithms, UAVs are considered a CPS. UAVs have seen significant expansion in a variety of missions in recent years, including infrastructure inspection, thanks to their great mobility and sophisticated sensing capabilities. The potential to integrate AI with CPS is made possible by the development of AI algorithms and technology. Due to potential vulnerabilities in the underlying AI models, this integration raises new security and safety issues. Malicious actors may exploit these weaknesses causing major security and safety concerns. Therefore, it is imperative to guarantee the safe integration of AI and UAVs while bolstering their resistance against hostile settings. To find potential vulnerabilities and related countermeasures, we will first examine the data sensing and processing pipeline of important sensors used in AI-enabled UAV operations in this presentation. The talk will also cover the use of Large Language Models to improve this integration’s security.

Ashok Vardhan Raja is an Assistant Professor of Cybersecurity in the department of Computer Information Technology and Graphics for the College of Technology at Purdue University Northwest. His research is on secure integration of Artificial Intelligence (AI) and Cyber Physical Systems (CPS) such as UAVs for robust operations. He is expanding his current work by using Swarm of UAVs to address security issues and to other domains in the integration of AI and CPS.

Joel Rasmus is the managing director for Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS); one of the largest and top-ranking interdisciplinary academic institute in North America focusing on cyber and cyber-physical assurance, security, privacy and resiliency. Rasmus joined Purdue in 2002, bringing with him more than 15 years of experience in project management. At CERIAS Rasmus developed a strategic partnership program that provides a formalized link between the University and industry. The program fosters tech transfer, basic and applied collaborative research, professional consultation and targeted student recruitment mechanisms. The CERIAS Strategic Partnership Program has led to unprecedented industry-academic integration with a number of commercial research programs. Rasmus also spearheaded successful CERAIS initiatives that lead to commercial partners opening local offices at the Purdue Research Park to further leverage and integrate their daily R&D and cyber management practices into CERIAS.

Panel Discussion #1, Tues. April 2nd, 10:35am ET, “The Security and Trustworthiness of AI in the era of LLM”

Dr. Rayz’ primary research interests lie in natural language understanding, knowledge discovery and representation, and computational recognition of salient information in texts, as well as in uncertainty management. These belong in the domain of Artificial Intelligence, in the areas of Natural Language Processing, and Cognitive Science on the one hand, and Imprecision Management on the other.

Her long-term research interest and goal are to enable people to communicate with computers informally, using (eventually, any) natural language, with the full understanding of what is said, and perhaps what is more important, of what is left unsaid. While knowledge representation, reasoning, machine learning and computational linguistics are not new areas and have received considerable attention, combining the meaning extracted from natural language texts with our knowledge of the world, represented in some conceptual form, with built-in fuzziness, vagueness, and uncertainty, where necessary, while remaining factually correct when desired—this computational task has not been fully resolved.  Her current research attempts to come closer to an understanding of how to construct such a model, and modeling and detecting humor has turned out to be a convenient and visible entry into it as well as a good testing mechanism.

PANEL #2, Tues. April 2nd, 2:15pm ET, “Cyber-physical Secure Lessons Learned for Different Domains”

Dave Rottier is the Chief Engineer for System Software Technology and Embedded Product Cybersecurity in Integrated Components & Solutions at Caterpillar, Inc. He leads a global team of engineering fellows, engineering managers, and engineers responsible for developing strategies and processes for embedded product cybersecurity, platform software, common service and network solutions, system diagnostics, and development and process tools.
Dave has over 25 years of experience at Caterpillar and started his career as a leader within electronics for engine systems and machine systems. His experience in electronic systems led to advanced opportunities in information systems including telematics, displays, and embedded cybersecurity. Dave was named Chief Engineer of Embedded Product Cybersecurity in 2021.



Dave earned a Bachelor of Science in electrical engineering from Michigan Technological University, holds two patents, and is a certified DMAIC and DMEDI Black Belt.

 

PANEL #2, Tues. April 2nd, 2:15pm ET, “Cyber-physical Secure Lessons Learned for Different Domains”

Michael D. Sangid received his B.S. (2002), M.S. (2005), PhD (2010) in Mechanical Engineering from the University of Illinois at Urbana-Champaign (UIUC).  After his Master’s degree, Dr. Sangid spent two years working in Indianapolis, IN for Rolls-Royce Corporation.  Dr. Sangid is a professor at Purdue University in the School of Aeronautics and Astronautics with a courtesy appointment in Materials Engineering, where he continues his work on building computational materials models for failure of structural materials with experimental validation efforts focused at characterization of the stress/strain evolution at the microstructural scale during in situ loading.  He is a recipient of the ASME Orr, TMS Early Career Faculty Fellow, NSF CAREER, and the AFOSR, ONR, and DARPA Young Investigator/Faculty Awards.  He is currently serving as an editor of the International Journal of Fatigue.  Dr. Sangid has started and serves as the Executive Director of the Hypersonics Advanced Manufacturing Technology Center, which is the first contract of the Purdue Applied Research Institute.  Dr. Sangid is also the director of the Purdue Institute of National Security.

Panel Discussion #1, Tues. April 2nd, 10:35am ET, “The Security and Trustworthiness of AI in the era of LLM”

Dr. Greg Shannon is the Chief Cybersecurity Scientist for Idaho National Laboratory’s National and Homeland Security Directorate and is the Chief Science Officer for the Cybersecurity Manufacturing Innovation Institute (CyManII) based at the University of Texas at San Antonio. His research focuses on applications of formal methods to ensure security and resilience properties in cyber-physical systems such as energy-intensive manufacturing and critical infrastructure. To promote more structured awareness of vulnerabilities in cyber-physical systems, he is a co-chair of the newly established CWE-CAPEC special interest group for Industrial Control Systems and Operational Technology. Greg is a member of the U.S. Air Force Science Advisory Board, is a founding board member for Women in Cybersecurity, and has served as the Assistant Director for Cybersecurity Strategy at the White House Office of Science and Technology Policy. Previous to joining INL, he was the Chief Scientist for the CERT Division in the Software Engineering Institute at Carnegie Mellon University. He received a BS in Computer Science from Iowa State University and earned a PhD in Computer Sciences at Purdue University.

Fireside Chat, Tues. April 2nd, 3:30pm

Ms. Heidi Shyu is the Under Secretary of Defense for Research and Engineering (OUSD(R&E)). In this role, she serves as the Chief Technology Officer for the Department of Defense (DoD), mandated with ensuring the technological superiority of the U.S. military, and is responsible for the research, development, and prototyping activities across the DoD enterprise. She also oversees the activities of the Defense Advanced Research Projects Agency (DARPA), the Missile Defense Agency (MDA), the DoD Laboratory and Engineering Center enterprise, and the Under Secretariat staff focused on developing advanced technology and capability for the U.S. military.

Previously, she served as the Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA (ALT)), from September 2012 to January 2016. Prior to this, she was Acting ASA (ALT) beginning in June 2011 and appointed the Principal Deputy in November 2010. As the ASA (ALT), she served as the Army Acquisition Executive, the Senior Procurement Executive, the Science Advisor to the Secretary of the Army, and the Army’s Senior Research and Development official. She had principal responsibility for all Department of the Army matters related to logistics. Ms. Shyu also led the execution of the Army’s acquisition function and the acquisition management system. Her responsibilities included providing oversight for the life cycle management and sustainment of Army weapons systems and equipment from research and development through test and evaluation, acquisition, logistics, fielding, and disposition.

Prior to her government service, Ms. Shyu was the Vice President of Technology Strategy for Raytheon Company’s Space and Airborne Systems.

Ms. Shyu holds a Bachelor of Science in mathematics from the University of Brunswick in Canada, a Master of Science degree in mathematics from the University of Toronto, and a Master of Science degree in Electrical Engineering with a focus on System Sciences along with the Engineer’s Degree from UCLA. She received an Honorary Doctorate of Science from the University of New Brunswick. She is also a graduate of the UCLA Executive Management Course Program.

A member of the Air Force Scientific Advisory Board from 2000 to 2010, she served as the Vice Chair from 2003 to 2005 and Chair from 2005 to 2008. Ms. Shyu is a member of the National Academy of Engineering and an American Institute of Aeronautics and Astronautics (AIAA) Honorary Fellow.

Fireside Chat, Tues. April 2nd, 3:30pm

Eugene H. Spafford is a professor of Computer Sciences at Purdue University, a professor of Philosophy (courtesy appointment), and is Executive Director Emeritus of the Center for Education Research Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Spaf has written extensively about information security, software engineering, and professional ethics. He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of most major infosec-related journals.

Lightning Talk #4, Wed. April 3rd, 11:00am ET “Three-body Problem in Privacy Protection: Chaos or New Hope?”

Local differential privacy (LDP) has been widely integrated into commercial use for privatized data collection and analytical tasks. The beauty of LDP not only comes from its rigorous privacy guarantee but also its elegance in an adjustable balance between privacy and utility to satisfy various user and application demands. However, when putting LDP in a real-world scenario, the privacy-utility trade-off becomes fragile when an attacker aims to alter data utility by attempting to manipulate the LDP result. With this new security perspective, we have a new three-body problem in LDP, i.e., the relationships among security, privacy, and utility are uncertain. The consequences are profound from discouraging adoption of the privacy-friendly technologies to harming Internet freedom by suppressing the voice of target groups. In this talk, I will briefly introduce our exploratory work on the contribution to the understanding of the security dimension of LDP and my ongoing NSF CAREER project on a new hope of leveraging machine intelligence to handle the complexity and eventually creating accountable, transparent, and user-friendly “AI for privacy”.

Dr. Wenhai Sun is an Assistant Professor in the Department of Computer and Information Technology at Purdue University. He holds two PhDs from the Department of Computer Science at Virginia Tech and the School of Telecommunications Engineering at Xidian University.  His research interest mainly lies in designing and developing next-generation secure and accountable networked systems that prioritize the privacy and utility needs of users by leveraging interdisciplinary research including AI/ML, cryptography, trusted hardware, and software engineering. He has published papers in top security, AI, and networking conferences and prestigious journals, such as USENIX Security, NeurIPS, IEEE INFOCOM, IEEE TIFS, IEEE TDSC, IEEE TPDS, and IEEE TSC. He is the recipient of the prestigious NSF CAREER Award. He won the Distinguished Paper Award in ACM ASIACCS 2013. Dr. Sun is a Senior Member of IEEE.

Panel Discussion #1, Tues. April 2nd, 10:35am ET, “The Security and Trustworthiness of AI in the era of LLM”

Lin Tan’s research interests include software dependability, software-AI synergy, and software text analytics. Some of her research focuses are leveraging machine learning and natural language processing techniques to improve software dependability, and using software approaches to improve the dependability of machine learning systems. Prior to joining Purdue, she was a Canada Research Chair and an associate professor at the University of Waterloo.

Panel 3, Wed. April 3rd, 3:10pm “Where Code Meets Chip”

Dave (Jing) Tian is an Assistant Professor in the Department of Computer Science at Purdue University working on systems security and a faculty at the PurSec Lab,
where he and his colleagues supervise over 30 Ph.D. students covering all layers of systems security.
His research involves embedded systems security, operating systems security, trusted and confidential computing, and hardware security and trust.
He has published 50+ peer-reviewed conference papers and journals,
including over 25 top-tier security conference papers (IEEE S&P, USENIX Security, ACM CCS, ISOC NDSS).
His research is funded by ONR, DARPA, NSF, Intel, Lockheed Martin, Rolls-Royce, etc.
He received an NSF CAREER award in 2022.

PANEL #2, Tues. April 2nd, 2:15pm ET, “Cyber-physical Secure Lessons Learned for Different Domains”