CERIAS Security Seminar Podcast

David Pisano, "Identity-Based Internet Protocol Network"

Wed, 24 Apr 2013 17:30:00 PDT

The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by �hiding� our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a �permissible use� policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network, all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.1 1.Extracted from �Nakamoto, G.; Durst, R.; Growney, C.; Andresen, J.; Ma, J.; Trivedi, N.; Quang, R.; Pisano, D., "Identity-Based Internet Protocol Networking," MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012 , vol., no., pp.1,6, Oct. 29 2012-Nov. 1 2012.

Rahul Potharaju, "Towards Automated Problem Inference from Trouble Tickets"

Wed, 17 Apr 2013 17:30:00 PDT

The growing demand for cloud services is driving the need to deliver an always-on and safe user experience in accessing their data and applications. Examples include web search, social networking, email, ecommerce, video streaming, data analytics and even mission-critical services such as power grid control. Such environments are required to be highly available and secure. This is often satisfied by having experts monitoring the system 24x7 to ensure that problems, if any, are resolved within a reasonable time. The need to solve a problem within the minimum time gives rise to a "whatever-it-takes-to-fix-the-problem" attitude amongst experts and produces a constant flow of informal text documenting the debugging steps taken to resolve problems. Understanding the content within this informal text at scale is the key to uncovering big problem trends that will enable us learn from mistakes and improve system design. In this talk, I will present NetSieve, a system that we built that aims to do automated problem inference from trouble tickets. Specifically, I will show you how statistical natural language processing (NLP) can be combined with knowledge representation, ontology modeling and human-guided learning to automatically analyze natural language text in trouble tickets to infer the problem symptoms, troubleshooting activities and resolution actions. I will further discuss fundamental challenges which arise when extracting meaning from such massive open-domain text corpora. Finally, I will then discuss how we applied NetSieve in a massive data center setting to automatically analyze 10K+ network trouble tickets and how we used these results to improve several key network operations.

Aaron Massey, "Regulatory Compliance Software Engineering"

Wed, 27 Mar 2013 17:30:00 PDT

Laws and regulations safeguard citizens� security and privacy. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the security and privacy of electronic health records (EHR) systems. HIPAA violations can result in millions of dollars in penalties for non-compliance. Ensuring EHR systems are legally compliant is challenging for software engineers because the laws and regulations governing EHR systems are written by policymakers with little to no understanding of software engineering. This presentation introduces the field of Regulatory Compliance Software Engineering and discusses a particular research concern within that field: How can we help software engineers seeking to assess whether security and privacy requirements for EHR systems are legally compliant?

Kristin Heckman, "Active Cyber Network Defense with Denial and Deception"

Wed, 20 Mar 2013 17:30:00 PDT

In January 2012, MITRE performed a real-time, red team/blue team cyber-wargame experiment. This presented the opportunity to blend cyber-warfare with traditional mission planning and execution, including denial and deception tradecraft. The cyber-wargame was designed to test a dynamic network defense cyber-security platform being researched in The MITRE Corporation�s Innovation Program called Blackjack, and to investigate the utility of using denial and deception to enhance the defense of information in command and control systems. The Blackjack tool failed to deny the adversary access to real information on the command and control mission system. The adversary had compromised a number of credentials without the computer network defenders� knowledge, and thereby observed both the real command and control mission system and the fake command and control mission system. However, traditional denial and deception techniques were effective in denying the adversary access to real information on the real command and control mission system, and instead provided the adversary with access to false information on a fake command and control mission system.

Emiliano DeCristofaro, "Whole Genome Sequencing: Innovation Dream or Privacy Nightmare?"

Wed, 06 Mar 2013 18:30:00 PST

Recent advances in DNA sequencing technologies have put ubiquitous availability of whole human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of whole genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, the very same progress also amplifies worrisome privacy concerns, since a genome represents a treasure trove of highly personal and sensitive information. In this talk, we will overview biomedical advances in genomics and discuss associated privacy, ethical, and security challenges. We begin to address genomic privacy by focusing on some important applications: Paternity Tests, Ancestry Testing, Personalized Medicine, and Genetic Compatibility Tests. After carefully analyzing these applications and their privacy requirements, we propose a set of efficient techniques based on private set operations. This allows us to implement, in silico, some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today. Finally, we explore a few alternatives to securely store human genomes and allow authorized parties to run tests in such a way that only the required minimum amount of information is disclosed, and present an Android API framework geared for privacy-preserving genomic testing.

Weining Yang, "Minimizing Private Data Disclosures in the Smart Grid"

Wed, 20 Feb 2013 18:30:00 PST

Smart electric meters are meters that can measure electric usage with a pretty high frequency. Smart electric meters pose a substantial threat to the privacy of individuals in their own homes. Combined with a method called non-intrusive load monitors, smart meter data can reveal precise home appliance usage information. An emerging solution to behavior leakage in smart meter measurement data is the use of battery-based load hiding. In this approach, a battery is used to store and supply power to home devices at strategic times to hide appliance loads from smart meters. A few such battery control algorithms have already been studied in the literature. In this talk, we will ?rst consider two well known battery privacy algorithms, Best Effort (BE) and Non-Intrusive Load Leveling (NILL), and demonstrate attacks that recover precise load change information, which can be used to recover appliance behavior information, under both algorithms. We will then introduce a stepping approach to battery privacy algorithms that fundamentally differs from previous approaches by maximizing the error between the load demanded by a home and the external load seen by a smart meter. By design, precise load change recovery attacks are impossible. We also propose mutual-information based measurements to evaluate the privacy of different algorithms. We implement and evaluate four novel algorithms using the stepping approach, and show that under the mutual-information metrics they outperform BE and NILL

Rahul Potharaju, "I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets"

Wed, 13 Feb 2013 18:30:00 PST

Plagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some extent through their manual application approval process, open markets such as Google's Android Market, where anyone can publish an application for others to download, are plagued by this problem. In this talk, I will show how an attacker can launch malware onto a large number of smartphone users by plagiarizing Android applications and by using elements of social engineering to increase the infection rate. Using a dataset of 158,000 smartphone applications' meta-information, I will portray the seriousness of this problem. To this end, we propose three detection schemes that rely on syntactic fingerprinting to detect plagiarized applications under different levels of obfuscation used by the attacker. Experimental analysis of 7,600 smartphone application binaries shows that the proposed schemes detect all instances of plagiarism from a set of real-world malware incidents with 0.5% false positives and scale to millions of applications using only commodity servers.

Chris Gates, "Using Probabilistic Generative Models for Ranking Risks of Android Apps"

Wed, 06 Feb 2013 18:30:00 PST

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a �stand-alone� fashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic generative models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.

Christian F. Hempelmann, "A Semantic Baseline for Spam Filtering"

Wed, 30 Jan 2013 18:30:00 PST

This paper presents a meaning-based method to spam filtering by distinguishing text without content from text with little content from text with normal content, based on the amount of meaning that can be automatically processed in the way humans do. The basic method assumes that a semantic analyzer will be able to produce less output from semantically less grammatical input text than from semantically well-formed text. The method was pilot-tested on a corpus of blog spam. Future improvements, including a method to distinguish semantically unified from semantically disparate text are sketched. The tested method, but even more the projected improvements, will open up the way to taking the spam filtering arms race to a new level very costly to spam producers.

Wahbeh Qardaji, "Differentially Private Publishing of Geospatial Data"

Wed, 23 Jan 2013 18:30:00 PST

We interact with location-aware devices on a daily basis. Such devices range from GPS-enabled cell-phones and tablets, to navigation systems. Each device can report a multitude of location data to centralized servers. Such location information, commonly referred to as geospatial data, can have tremendous benefits if properly processed and analyzed. If shared, such geo-spatial data can have significant impact for research and other uses. Sharing such information, however, can have significant privacy implications. In this talk, we will focus on the problem of releasing static geo-spatial data in a private manner. In particular, we will explore methods of releasing a synopsis of two-dimensional datasets while satisfying differential privacy. The key challenge to anonymizing geospatial datasets while satisfying differential privacy is ensuring the utility of anonymized dataset. In particular, there are two types of error that influence the utility of anonymized datasets. The first is the anonymization noise--a direct byproduct of the differential privacy mechanism. The second is a result of the granularity of data release and the nature of the dataset itself. In this talk, we will explore methods of publishing two-dimensional datasets with utility in mind. We will analyze the current state-of-the-art methods and explore alternative grid-based approaches that best balance the two sources of error.

Bilal Shebaro, "You are Anonymous!!! Then you must be Lucky"

Wed, 05 Dec 2012 18:30:00 PST

Services like online banking require high confidentiality due to the sensitivity of the data being transfered. As a result, online users have turned to anonymity services which offer identity protection and secure communication in their web transactions. While these services are secure and trustworthy, their popularity has attracted many attacks which result in the identification of the users. In addition, online applications are not developed with the users' anonymity in mind, which opens doors for more vulnerabilities. In this talk, I will present several attacks that anonymous users may not be aware of but which may jeopardize their anonymity.

Ashish Kundu, "A New Class of Buffer Overflow Attacks"

Wed, 28 Nov 2012 18:30:00 PST

In this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new" have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. We would describe how the "placement new" expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage.

Hal Aldridge, "Not the Who but the What -- New applications of Hardware Identity"

Wed, 14 Nov 2012 18:30:00 PST

An essential part of security is controlling access. Traditional access control depends on the a person's ability to prove their identity and the access control system's ability to verify their identity. For computer access, a person usually carries some combination of methods to prove their identity (password, token, and/or biometric). What if a thing needs access instead of a person? It is easy enough to embed a secret into software or hardware so a device can identify itself, but how do you ensure the integrity of that data and the identity of the device? This presentation will discuss challenges of ensuring the device is what it claims to be, how the supply chain effects the assurance level of that identity, new technologies that can be used to provide hardware based identity, and other security features than can be enabled by the secure device identity.

Jianneng Cao, "Publishing Microdata with a Robust Privacy Guarantee"

Wed, 07 Nov 2012 18:30:00 PST

Today, the publication of microdata poses a privacy threat. Vast research has striven to define the privacy condition that microdata should satisfy before it is released, and devise algorithms to anonymize the data so as to achieve this condition. Yet, no method proposed to date explicitly bounds the percentage of information an adversary gains after seeing the published data for each sensitive value therein. This paper introduces \beta-likeness, an appropriately robust privacy model for microdata anonymization, along with two anonymization schemes designed therefor, the one based on generalization, and the other based on perturbation. Our model postulates that an adversary's confidence on the likelihood of a certain sensitive-attribute (SA) value should not increase, in relative difference terms, by more than a predefined threshold. Our techniques aim to satisfy a given \beta threshold with little information loss. We experimentally demonstrate that (i) our model provides an effective privacy guarantee in a way that predecessor models cannot, (ii) our generalization scheme is more effective and efficient in its task than methods adapting algorithms for the k-anonymity model, and (iii) our perturbation method outperforms a baseline approach. Moreover, we discuss in detail the resistance of our model and methods to attacks proposed in previous research.

Vaibhav Garg, "Risk perception of information security risks online"

Wed, 31 Oct 2012 17:30:00 PDT

Perceived risk is informed by a myriad of affective assessments, nine of which have been examined rigorously for offline risk decisions. Is the risk voluntarily taken? Is the impact of the risk immediate or delayed? Does the individual understand the implications of the risk? What is the perceived effectiveness of expert systems/judgments? Does the risk appear controllable? Is the risk new or old? Is it commonly encountered or rarely available? Does it impact individuals or communities? How severe are the consequences of risk taking behavior? This research examines how these nine dimensions inform perceived risk and decision-making online. Further, I examine how the determinants of perceived risk are impinged by context and individual awareness.

Mark Guido, "Detecting Maliciousness Using Periodic Mobile Forensics"

Wed, 24 Oct 2012 17:30:00 PDT

Android Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could leave sensitive data exposed with little recourse. There is a both a breadth and depth of information that can be gained by using physical forensic acquisition techniques against an Android phone. The resulting forensic images can be mostly treated as traditional images and can be subjected to traditional forensics tools and techniques for analysis. The MITRE Innovation Project research project "Detecting Maliciousness Using Periodic Mobile Forensics" addressed the enterprise use case of installed malicious applications. The results of the research will be discussed, as well as experimentation performed using real mobile malware.

Edmund Jones, "The Boeing Company"

Wed, 17 Oct 2012 17:30:00 PDT

In this talk EJ will be speaking about a security development lifecycle necessary to address vulnerabilities in complex systems. The need for software security is clear in today's cyber world. He will be talking about the steps necessary to ensure a high level of assurance in systems to identify, mitigate, and control threats and vulnerabilities. He will be going beyond the traditional software security development lifecycle and bring real world examples. EJ is an engaging speaker so bring your questions.

Chris Kanich, "Understanding Spam Economics"

Wed, 10 Oct 2012 17:30:00 PDT

Over the past two decades, the Internet has become an essential tool in the lives of millions of people. Unfortunately, this success has also attracted cybercriminals who exploit the Internet as a platform for illicit gain. Perhaps the most familiar scam is sending unsolicited advertisements (spam), clogging inboxes and putting people's computers at risk of dangerous malware infections. Understanding the mechanisms and effectiveness of these scams is essential to building effective countermeasures to cybercrime. In this talk, I'll explain the modern spamming landscape and present research that help us better understand how spammers make their money online. One effort uses the technique of botnet infiltration to examine a spam campaign from the point of view of the spammers. Botnet infiltration allows us to measure their operation including the advertisements' effectiveness and the worldwide use of spam filtering techniques. The second effort exploits key information leaks to answer key questions about the modern affiliate marketing-based spam ecosystem, from estimating their worldwide gross revenue, to understanding customer demographics and their most popular products.

William Enck, " Defending Users Against Smartphone Apps: Techniques and Future Directions"

Wed, 03 Oct 2012 17:30:00 PDT

Smartphone security research has become very popular in response to the rapid, world-wide adoption of new platforms such as Android and iOS. Smartphones are characterized by their ability run third-party applications, and Android and iOS take this concept to the extreme, offering hundreds of thousands of "apps" through application markets. Thus, smartphone security research has focused on protecting users from apps. In this talk, I will discuss the current state of smartphone research, including efforts in designing new OS protection mechanisms, as well as performing security analysis of real apps. I will offer insight into what works, what has clear limitations, and promising directions for future research.

Marc Brooks, "Leveraging internal network traffic to detect malicious activity: Lessons learned"

Wed, 26 Sep 2012 17:30:00 PDT

The detection of malicious activity can occur at many places within an enterprise. One area that is a natural extension of perimeter based approaches is that of internal network monitoring. This talk will discuss work done to better detect malicious activity on an enterprise by monitoring internal network traffic. The state of the art will be discussed, as well as the limitations inherent in this monitoring approach. Promising results will be discussed as well as methods that were not as effective.

Jason Haas, "Global Revocation for the Intersection Collision Warning Safety Application"

Wed, 19 Sep 2012 17:30:00 PDT

Identifying and removing malicious insiders from a network is a topic of active research. Vehicular ad hoc networks (VANETs) may suffer from insider attacks; that is, an attacker may use authorized vehicles to attack other vehicles. Specifically, attackers may use their vehicles to broadcast specially formed packets that will trigger warnings in target vehicles. This malicious behavior could have a significant detrimental effect on cooperative safety applications (SAs), one of the driving forces behind VANET deployment. We propose modifications to the intersection collision warning (ICW) SA that enable a certificate authority (CA) to be offline and yet to decide to revoke a vehicle's certificates using retransmitted information that cannot repudiated. Our approach differs from previous proposals in that it is SA specific, and it is resilient to Sybil attacks. We simulate and measure the resources an attacker requires to attack a vehicle using the ICW SA without our modifications and demonstrate that our additions reduce the false positive rate arising from errors in estimated vehicle dynamics.

Sharon Chand & Chad Whitman, "Trends in cyber security consulting"

Wed, 12 Sep 2012 17:30:00 PDT

Deloitte Security & Privacy will present on recent trends in cyber security consulting, including how industry and regulatory trends are driving change to information security practices. The presentation will also include the anatomy of a cyber incident, walking through a real world example of an incident from discovery to remediation.

Ed Lopez, "The Inertia of Productivity"

Wed, 05 Sep 2012 17:30:00 PDT

Why do we implement systems and application with poor security characteristics? This talk looks at the evolution of network security as a consequence of productive change. Specifically, we will look at the challenges imposed by BYOD requirements (particularly on wireless security), the pressure on performance to meet the aggregated traffic loads of cloud/datacenter demands, the emergence of IP-based industrial controls, and a deep look into how the migration from IPv4 to IPv6 will require new network-based approaches for their security.

Lewis Shepherd, "Challenges for R&D in the Security Field"

Wed, 29 Aug 2012 17:30:00 PDT

Long-range research into information assurance and security has seen peaks and valleys over the past three decades, mirroring larger trends including the explosive growth of Internet services and declining technology R&D investment trends. A gulf threatens to develop between the scope and scale of R&D in the private sector, and in the public sector. In particular, rapid iterative advances by commercial and black-hat entities could outstrip government's ability (particularly the US Government's ability) to perform useful basic research and advanced development of innovative tools and algorithms. Yet these malignant trends are occurring at the same time as some very exciting (but unheralded) progress in critical research areas. This talk will examine these trends, explain their context, and discuss significant implications for the field of security research -- and for the advance of trustworthy computing overall.

Scott Andersen, "The New Frontier, Welcome the Cloud Brokers"

Wed, 22 Aug 2012 17:30:00 PDT

The recent and new concept of "Cloud Brokers" and Brokerage came to light with the recent release of the GSA Cloud Broker RFI. What does that mean for the cloud professionals of today (skills they need) and the cloud professionals of tomorrow (skills they are going to need).

Christine Task, "A Practical Beginners' Guide to Differential Privacy"

Wed, 25 Apr 2012 17:30:00 PDT

Differential privacy is a very powerful approach to protecting individual privacy in data-mining; it's also an approach that hasn't seen much application outside academic circles. There's a reason for this: many people aren't quite certain how it works. Uncertainty poses a serious problem when considering the public release of sensitive data. Intuitively, differentially private data-mining applications protect individuals by injecting noise which "covers up" the impact any individual can have on the query results. In this talk, I will discuss the concrete details of how this is accomplished, exactly what it does and does not guarantee, common mistakes and misconceptions, and give a brief overview of useful differentially privatized data-mining techniques. This talk will be accessible to researchers from all domains; no previous background in statistics or probability theory is assumed. My goal in this presentation is to offer a short-cut to researchers who would like to apply differential privacy to their work and thus enable a broader adoption of this powerful tool.

Steve Battista, "What firmware exists in your computer and how the fight for your systems will be below your operating system"

Wed, 18 Apr 2012 17:30:00 PDT

Many security professionals look to software on hardrives as the source of compromise. To detect compromises, they use systems to check the hashes of all files on disk, When a machine is compromised, they wipe the hardrive, and assume that the machine in clean. The battlefield between attackers and defenders is moving to the firmware level. This presentation will explore what firmware exists in your computer and how the fight for your systems will be below your operating system and what can be done about this.

Traian Truta, ": K-Anonymity in Social Networks: A Clustering Approach"

Wed, 11 Apr 2012 17:30:00 PDT

The proliferation of social networks, where individuals share private information, has caused, in the last few years, a growth in the volume of sensitive data being stored in these networks. As users subscribe to more services and connect more with their friends, families, and colleagues, the desire to use this information from the networks has increased. Online social interaction has become very popular around the globe and most sociologists agree that this will not fade away. Social network sites gather confidential information from their users (for instance, the social network site PacientsLikeMe collects confidential health information) and, as a result, social network data has begun to be analyzed from a different, specific privacy perspective. Since the individual entities in social networks, besides the attribute values that characterize them, also have relationships with other entities, the risk of disclosure increases. In this talk we present a greedy algorithm for anonymizing a social network and a measure that quantifies the information loss in the anonymization process due to edge generalization.

Nabeel Mohamed, "Privacy preserving attribute based group key management"

Wed, 28 Mar 2012 17:30:00 PDT

Group key management (GKM) is a fundamental building block in any secure group communication applications. In fact, successful management of group keys is critical to the security of any cryptosystem. In this talk, I will first give an overview of the traditional GKM approaches and their limitations to support current technological trends and large dynamic systems. Then I will present a new approach to GKM that is expressive and privacy preserving. The talk is based on our work appeared in ICDE 2010, CCS 2011 and CollaborateCom 2011.

Randall Brooks, "Adding a Software Assurance Dimension to Supply Chain Practices"

Wed, 21 Mar 2012 17:30:00 PDT

There is a long history of supply chain management, from which many related policies, practices, processes, and enabling artifacts have been developed and employed by those business enterprises that acquire hardware and software components from a third party. Traditionally, Supply Chain Risk Management (SCRM) has been the focal point of supply chain practices and has focused on business and contractual issues, although recent efforts have increasingly included engineering expertise for product quality evaluations. This presentation advocates the introduction of a security assurance dimension to the SCRM process. It does not, however, propose the addition of an independent, parallel track of SCRM process for security assurance evaluation, but rather practical steps for augmenting those SCRM processes that already exist. Just as is the case in legacy SCRM, the cyber dimension of SCRM is based on assessing and balancing risk vs. cost. The goal is to minimize the added costs associated with improved information assurance by efficiently incorporating relevant practices industry, government, and academia to provide a security assurance dimension into the supply chain process. SCRM-relevant industry and government practices will be presented in this paper in such a way that supply chain staff can easily make use of them, even without a background in information security. Also, it will be clearly noted when subcontract management, information assurance engineering, or other business or technical expertise may be needed to complement traditional supply chain activities in the pursuit of cyber-based SCRM. Points of discussion common to both hardware and to software component acquisition will include: 1. Acquirer business risk 2. End customer mission criticality and mission assurance 3. Subcontract management 4. Supplier secure development assessment 5. Supplier management practices for their suppliers 6. Supplier business assessment 7. Product assessment Points of discussion peculiar to hardware component acquisition will include: 1. Quality vs. counterfeiting vs. malicious alteration 2. ASICS, FPGAs, and microprocessors 3. Information storage in volatile memory 4. Information storage in non-volatile memory and permanent disk storage Points of discussion peculiar to software component acquisition will include: 1. COTS, contracted software, open source, and freeware 2. Software pedigree and provenance 3. License management of open source

Chenyun Dai, "Privacy-Preserving Assessment of Location Data Trustworthiness"

Wed, 07 Mar 2012 18:30:00 PST

Assessing the trustworthiness of location data corresponding to individuals is essential in several applications, such as forensic science and epidemic control. To obtain accurate and trustworthy location data, analysts must often gather and correlate information from several independent sources, e.g., physical observation, witness testimony, surveillance footage, etc. However, such information may be fraudulent, its accuracy may be low, and its volume may be insuf?cient to ensure highly trustworthy data. On the other hand, recent advancements in mobile computing and positioning systems, e.g., GPS-enabled cell phones, highway sensors, etc., bring new and effective technological means to track the location of an individual. Nevertheless, collection and sharing of such data must be done in ways that do not violate an individual�s right to personal privacy. Previous research efforts acknowledged the importance of assessing location data trustworthiness, but they assume that data is available to the analyst in direct, unperturbed form. However, such an assumption is not realistic, due to the fact that repositories of personal location data must conform to privacy regulations. In this work, we study the challenging problem of re?ning trustworthiness of location data with the help of large repositories of anonymized information. We show how two important trustworthiness evaluation techniques, namely common pattern analysis and con?ict/support analysis, can bene?t from the use of anonymized location data. We have implemented a prototype of the proposed privacy-preserving trustworthiness evaluation techniques, and the experimental results demonstrate that using anonymized data can signi?cantly help in improving the accuracy of location trustworthiness assessment.

Nishanth Chandran, "Cryptographic protocols in the era of cloud computing"

Wed, 29 Feb 2012 18:30:00 PST

With the advent of cloud computing, our view of cryptographic protocols has changed dramatically. In this talk, I will give an overview of some of the newer challenges that we face in cloud cryptography and outline some of the techniques used to solve these problems. In particular, a few questions that I will address are: 1) How can we store sensitive data in the cloud, in an encrypted manner, and yet allow controlled access to certain portions of this data? 2) How can we ensure reliability of data across cloud servers that may be connected by only a low-degree communication network, even when some of the servers may become corrupted? 3) How can users authenticate themselves to the cloud in a user-friendly way? This talk will assume no prior knowledge of cryptography and is based on works that appear at TCC 2012, ICALP 2010 and STOC 2010.

Ben Calloni, "Vulnerability Path and Assessment"

Wed, 22 Feb 2012 18:30:00 PST

US Government, Department of Defense, and Enterprise computer systems must be trusted to protect data with varying levels of sensitivity / security. Affordability requirements are driving the need to incorporate many diverse commercial software products of unknown quality and pedigree into said systems. While there exist many Static Code Analysis products, the depth, rigor, and coverage of these tools is incomplete and inconsistent. In addition, finding and eliminating computer flaws or weaknesses is not the same as determining true vulnerabilities. Further there is significant cost reduction that can occur if automated support for establishing the case for trust and assurance can be achieved. The collection of evolving standards known as the OMG Software Assurance (SwA) Ecosystem is supported and endorsed by AFRL, NIST, SEI, OSD/NII, and DHS Cyber Security Division among others. The SwA Ecosystem defines several standard protocols to enable interoperability for tools, services and security researchers in developing, exchanging and utilizing machine-readable content (e.g. vulnerability patterns, enumerations, rules) for security assurance of existing software based systems. This standard-based plug-and-play framework integrates software analysis and data mining tools and facilitates highly automated fact-oriented approach to assurance by providing traceability link between assurance claims and high-fidelity system facts as evidence to justify assurance claims. This presentation will focus on the work funded by AFRL and OSD/NII to addressing the Vulnerability Path Assessment piece of the Ecosystem.

Simson Garfinkel, "Forensic Carving of Network Packets with bulk_extractor and tcpflow"

Wed, 15 Feb 2012 18:30:00 PST

Using validated carving techniques, we show that popular operating systems (\eg Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from long-terminated network traffic. Such information is useful for many forensic purposes including establishment of prior connection activity and services used; identification of other systems present on the system's LAN or WLAN; geolocation of the host computer system; and cross-drive analysis. We show that network structures can also be recovered from memory that is persisted onto a mass storage medium during the course of system swapping or hibernation. We present our network carving techniques, algorithms and tools, and validate these against both purpose-built memory images and a readily available forensic corpora. These techniques are valuable to both forensics tasks, particularly in analyzing mobile devices, and to cyber-security objectives such as malware analysis.

Kelley Misata, "Digital Citizenship: A Target's View of Security and Life Online"

Wed, 08 Feb 2012 18:30:00 PST

As technological advancements continue to expand the range of information access, issues of privacy and cyber security have risen to the forefront. Technology is only one part of a larger conversation. Looking through a different lens, consider the humans behind the machines. Technology can now be used with unprecedented ease and anonymity as a malicious vehicle to harass, defame and stalk. This presentation recounts the very personal and in-depth journey of a target of cyberstalking whose efforts to navigate within the system have been met with both successes and failures. Learn the profound impact this journey has had on life online as well as off, catalyzing a shift in perspective from fear to redefining responsible digital citizenship. The conversation will provide new insights into security issues, communication, and business management, as well as the limitations of the systems currently in place.

George Vanecek, "Is it time to add Trust to the Future Internet/Web?"

Wed, 01 Feb 2012 18:30:00 PST

The future web, and Internet, are undergoing a humanization of their technologies which increasingly make their services more personalized, individualized and transparent. This is jointly fueled by the inexpensive yet easily accessible huge computing and storage capacities in clouds, the adoption of personal, mobile smart devices used across consumer/enterprise interchangeably, and the emergence of personal agents and services attaining personalized perception of the real-world and its control on behalf of the users. In this human/machine convergences, trust is being recognized as potentially playing a huge role in addressing future human/machine security, commerce and social on-line issues. However, trust has been adopted only partially and independently by certain services and not made integral in the fabric of the Internet or the web. This talk explores the technical and social issues for the establishment of a ubiquitous trust network in the Future Internet. The talk reviews necessary technologies from the Semantic Web, Intercloud, and broader Identity methodologies, and provides a number of use cases for how the Future Internet would benefit from the trust network.

Frank Tompa, "A Flexible System for Access Control"

Wed, 25 Jan 2012 18:30:00 PST

A variety of mechanisms have been used in access control systems to support enterprises' diverse security needs. For example, some enterprises might allow individual users to assign privileges on files that they own, whereas others might require that permissions be granted and revoked by security administrators only; some enterprises wish to operate under closed access policies (where permission is denied unless explicitly granted), whereas others prefer to allow access only if the number of positive authorizations exceeds the number of negative ones. We will explore two frameworks, namely creation time policies and conflict resolution policies, that together allow software vendors to support a wide variety of discretionary access control mechanisms using a single code base.

Salmin Sultana, " Secure Provenance Transmission for Data Streams"

Wed, 18 Jan 2012 18:30:00 PST

Many application domains, such as real-time financial analysis, e-healthcare systems, sensor networks, are characterized by continuous data streaming from multiple sources and through intermediate processing by multiple aggregators. Keeping track of data provenance in such highly dynamic context is an important requirement, since data provenance is a key factor in assessing data trustworthiness which is crucial for many applications. Provenance management for streaming data requires addressing several challenges, including the assurance of high processing throughput, low bandwidth consumption, storage efficiency and secure transmission. In this talk, I will discuss a novel approach to securely transmit provenance for streaming data (focusing on sensor network) by embedding provenance into the inter-packet timing domain while addressing the above mentioned issues. As provenance is hidden in another host-medium, our solution can be conceptualized as watermarking technique. However, unlike traditional watermarking approaches, we embed provenance over the inter-packet delays rather than in the sensor data themselves, hence avoiding the problem of data degradation due to watermarking. Provenance is extracted by the data receiver utilizing an optimal threshold-based mechanism which minimizes the probability of provenance decoding errors. The resiliency of the scheme against outside and inside attackers is established through an extensive security analysis. Experiments show that our technique can recover provenance upto a certain level against perturbations to inter-packet timing characteristics.

Stephen Elliott, ""Introduction to Biometrics""

Wed, 11 Jan 2012 18:30:00 PST

A discussion about biometrics, performance and error. Learn more about biometric technologies and challenges related to performance.

Apu Kapadia, "Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones"

Wed, 30 Nov 2011 18:30:00 PST

We introduce Soundcomber, a "sensory malware" for smartphones that uses the microphone to steal private information from phone conversations. Soundcomber is lightweight and stealthy. It uses targeted profiles to locally analyze portions of speech likely to contain information such as credit card numbers. It evades known defenses by transferring small amounts of private data to the malware server utilizing smartphone-specific covert channels. Additionally, we present a general defensive architecture that prevents such sensory malware attacks.

Loukas Lazos, "Jam me if you can: Mitigating the Impact of Inside Jammers"

Wed, 16 Nov 2011 18:30:00 PST

The open nature of the wireless medium leaves wireless communications exposed to interference caused by the concurrent operation of co-located wireless devices over the same frequency bands. While unintentional signal interference is managed at the physical and mac layers using an array of techniques (advanced signal processing, channel coding and error correction, spread spectrum communications, multiple access protocols, etc.), in a hostile environment, wireless communications remain vulnerable to intentional interference attacks typically referred to as jamming. Jamming can take the form of an external attack launched by "foreign" devices that are unaware of the network secrets (e.g., cryptographic credentials) or its protocols. Such external attacks are relatively easy to neutralize through a combination of cryptography-based measures and spreading techniques. In contrast, when jamming attacks are launched from compromised nodes, they are much more sophisticated in nature. These attacks exploit knowledge of network secrets (e.g., cryptographic keys and pseudo-random spreading codes) and its protocol semantics to maximize their detrimental impact by selectively and adaptively targeting critical data transmissions. In this talk, we discuss the feasibility and impact of selective jamming attacks in the presence of inside adversaries. The attacker's selectivity is considered at different granularities, namely on a per-channel basis and on a per-packet basis. We describe several mitigation methods that do not rely on the existence of shared secrets, but defeat selectivity via a combination of temporary packet hiding and uncoordinated frequency hopping.

Zhongshu Gu, "Process Implanting: A New Active Introspection Framework for Virtualization"

Wed, 09 Nov 2011 18:30:00 PST

Previous research on virtual machine introspection proposed "out-of-box" approach by moving out security tools from the guest operating system. However, compared to the traditional "in-the-box" approach, it remains a challenge to obtain a complete semantic view due to the semantic gap between the guest VM and the hypervisor. In this paper, we present Process Implanting, a new active VM introspection framework, to narrow the semantic gap by implanting a process from the host into the guest VM and executing it under the cover of an existing running process. With the protection and coordination from the hypervisor, the implanted process can run with a degree of stealthiness and exit gracefully without leaving negative impact on the guest operating system. We have designed and implemented a proof-of-concept prototype on KVM which leverages hardware virtualization. We also propose and demonstrate application scenarios for Process Implanting in the area of VM security.

Morgan Greenwood, "SureView AMP, Active Malware Protection, detecting malware anti virus solutions miss"

Wed, 02 Nov 2011 17:30:00 PDT

Learn how organization's proactivly protect against malware that traditional signature-based anti virus solutions miss.

Sheila Becker, "Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack"

Wed, 26 Oct 2011 17:30:00 PDT

Peer-to-peer real-time communication and media streaming applications optimize their performance by using application-level topology estimation services such as virtual coordinate systems. Virtual coordinate systems allow nodes in a peer-to-peer network to accurately predict latency between arbitrary nodes without the need of performing extensive measurements. However, systems that leverage virtual coordinates as supporting building blocks, are prone to attacks conducted by compromised nodes that aim at disrupting, eavesdropping, or mangling with the underlying communications. Recent research proposed techniques to mitigate basic attacks (inflation, deflation, oscillation) considering a single attack strategy model where attackers perform only one type of attack. In this work we explore supervised machine learning techniques to mitigate more subtle yet highly effective attacks (frog-boiling, network-partition) that are able to bypass existing defenses. We evaluate our techniques on the Vivaldi system against a more complex attack strategy model, where attackers perform sequences of all known attacks against virtual coordinate systems, using both simulations and Internet deployments.

Julia M. Taylor, Victor Raskin, and Eugene H. Spafford, "Ontological Semantic Technology Goes Phishing"

Wed, 19 Oct 2011 17:30:00 PDT

The talk reports on an early stage of on-going research on the application of computational semantic techniques to detect phishing, i. e., mass mailings intended to sweep up personal details for later malicious use by the phishers themselves or their potential customers. Our personal experience as targets of phishing has shown that the texts are getting increasingly polished, plausible, and sophisticated, often making it difficult even for humans to tell phishing from bona fide, if unadvised messages. In this talk, we will demonstrate, on a few examples, how Ontological Semantic Technology can help to achieve machine natural language understanding that allows the computer to match and, augmented by the best existing technologies, possibly exceed human ability to detect the meaning-based clues pointing to phishing and to reason accordingly. We will also discuss the problem of automatic phishing detection and share our thoughts on applying the most feasible and promising techniques on a large corpus of phishing emails.

Dan McWhorter and Steve Surdu, "Enterprise-Wide Intrusions Involving Advanced Threats"

Wed, 12 Oct 2011 17:30:00 PDT

Since early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat. Mandiant will draw upon investigations it has conducted over the last eighteen months to: Illustrate major differences among the attack groups Describe the tactics attackers use to breach their victims Outline the investigative approaches required to contain active attack groups Detail remediation techniques that are most successful at removing attackers from the networks. The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted � some of which have not received media attention to date.

Hal Aldridge, "Trusted Computing and Security for Embedded Systems"

Wed, 05 Oct 2011 17:30:00 PDT

Computer hardware and software that perform real-world functions such as flight control, telecommunications switching, and network routing form a class of systems called embedded systems. These embedded systems have challenges that differ from general purpose computing. The security challenges of embedded systems have become a topic of concern in critical infrastructure such as SmartGrid. This presentation will discuss the embedded systems security challenges and a possible solution, Trusted Computing. Trusted Computing provides a tight coupling of hardware and software for security which can provide significant security enhancements over software only solutions and is highly applicable to embedded systems.

Xukai Zou, "Weighted Multiple Secret Sharing"

Wed, 28 Sep 2011 17:30:00 PDT

Secret sharing is important in information and network security and has broad applications in the real world. Since an elegant secret sharing mechanism was first proposed by Shamir in 1979 (also Blakley did the similar work then), many schemes have appeared in literature. These schemes deal with either single or multiple secrets and their shares have either the same weight or different weights. Weighted shares mean that different shares have different capabilities in recovering the secret(s) -- a more (less) weighted share needs fewer (more) other shares to recover the secret(s). In this talk, we will first discuss two primary categories of (representative) methods implementing secret sharing: polynomial based, i.e., Shamir�s scheme, and Chinese Remainder Theorem (CRT) based, i.e., Mignotte's scheme. Then we present a new CRT based weighted multiple secret sharing scheme, based on the identification of a direct relation between the length (i.e., the number of bits) and the weight of shares. The new scheme can also be naturally applied to other cases such as sharing a single secret with same-weight shares and is remarkably simple and easy to implement. Compared to both Shamir's scheme and Mignotte's scheme, the new scheme is more efficient than both schemes in share computation and more efficient than Shamir's scheme (and as efficient as Mignotte's scheme) in secret recovery. One prominent and unique advantage of the new scheme is that it admits non-whole number weights which the existing schemes have not offered. Thus, the sizes of shares can vary distantly in fine-tuned granularity to fit different requirements and constraints of various devices such as sensors, PDAs, cell phones, iPads and to allow the new scheme to apply to broader applications involving wireless/sensor networks and pervasive computing.

Joe Leonard, " Methods and Techniques for Protecting Data in Real Time on the Wire"

Wed, 21 Sep 2011 17:30:00 PDT

The ongoing explosion of data and information throughout the enterprise is undeniable. Sensitive data, whether structured or unstructured, finds itself replicated and dispersed. This creates a challenge for information security professionals to prevent the flow of this information to unauthorized or inappropriate destinations. The security community has made great progress in protecting this data and information while it is at rest or in use. But ... is there more that can be done? Companies are now asking, "Who moved my data and where did it go? Was it an appropriate flow from one internal department to another? Was the flow intended for a trusted business partner? Or ... was my data heading for an unknown destination, a competitor or a pool of cybercriminals?" End point controls, access controls, database monitoring and encryption are all important components of a solid layered security approach. However tools that provide visibility and control over "data in motion" deliver critical capabilities that none of these other components can adequately address. When prioritizing various components or layers of an information security implementation, it has been argued that a solid "data in motion" component can provide 80% of the bang for 20% of the buck (and effort!) This presentation focuses on methods and techniques in wire speed detection and control of data in motion. The presentation will include: approaches to detecting simple patterns emphasizing low false positives advances in wire speed pattern matching enabling protection of specific fields or combination of fields in a database policy designs that combine network application controls with content identification and control wire speed blocking that does not require a proxy

David Zage, "What does Knowledge Discovery, Predictability, and Human Behavior have to do with Computer Security"

Wed, 14 Sep 2011 17:30:00 PDT

Vast resources are devoted to predicting human behavior in domains such as economics, popular culture, and national security, but the quality of such predictions is often poor. Thus, it is tempting to conclude that this inability to make good predictions is a consequence of some fundamental lack of predictability on the part of humans. However, recent work offers evidence that the failure of standard prediction methods does not indicate an absence of human predictability but instead reflects: 1. misunderstandings regarding which features of human dynamics actually possess predictive power 2. the fact that, until recently, it has not been possible to measure these predictive features in real world settings. This talk introduces some of the science behind these basic observations and demonstrates their utility in various case studies. We begin by considering social groups in which individuals are influenced by the behavior of others. Correctly identify and understanding the social forces in these situations can increase the extent to which the outcome of a social process can be predicted in its very early stages. This finding is then leveraged to design prediction methods which outperform existing techniques for predicting social network dynamics. We also look at the analysis of the predictability of adversary behavior in the co-evolutionary "arms races" that exist between attackers and defenders in many domains. Our analysis reveals that conventional wisdom regarding these co-evolving systems is incomplete, and provides insights which enable the development of predictive methods for computer network security.

Steven Gianvecchio, "Detecting Bots in Online Games using Human Observational Proofs"

Wed, 07 Sep 2011 17:30:00 PDT

The abuse of online games by automated programs, known as bots, has grown significantly in recent years. The conventional methods for distinguishing bots from humans, such as CAPTCHAs, are not effective in a gaming context. This talk presents a non-interactive approach based on human observational proofs for continuous game bot detection. HOPs differentiate bots from human players by passively monitoring input actions that are difficult for current bots to perform in a human-like manner. The talk describes a prototype HOP-based game bot defense system that analyzes user-input actions with a cascade-correlation neural network to distinguish bots from humans. The experimental results show that the HOP system is effective in capturing game bots in World of Warcraft, raising the bar against game exploits and forcing attackers to build more complicated bots for detection evasion in the future.

Tamir Tassa, "Non-homogeneous anonymizations"

Wed, 31 Aug 2011 17:30:00 PDT

Privacy Preserving Data Publishing (PPDP) is an evolving research field that is targeted at developing anonymization techniques to enable publishing data so that privacy is preserved while data distortion is minimized. Up until recently most of the research on PPDP considered partition-based anonymization models. The approach in such models is to partition the database records into groups and then homogeneously generalize the quasi-identifiers in all records within a group, as a countermeasure against linking attacks. We describe in this talk alternative anonymization models which are not based on partitioning and homogeneous generalization. Such models extend the set of acceptable anonymizations of a given table, whence they allow achieving similar privacy goals with much less information loss. We shall briefly review the basic models of homogeneous anonymization (e.g. k-anonymity and l-diversity) and then define non-homogeneous anonymization, discuss its privacy, describe algorithms and demonstrate the advantage of such anonymizations in reducing the information loss. We shall then discuss the usefulness of those models for data mining purposes. In particular, we will show that the reduced information loss that characterizes such anonymizations translates also to enhanced accuracy when using the anonymized tables to learn classification models. Based on joint works with Aris Gionis, Arnon Mazza, Mark Last and Sasha Zhmudyak

Scott Hollenbeck, "Provisioning Protocol Challenges in an Era of gTLD Expansion"

Wed, 24 Aug 2011 17:30:00 PDT

The number of generic top-level domains in the Internet's Domain Name System has been increasing slowly since 2000. In July 2011 the Internet Corporation for Assigned Names and Numbers (ICANN) approved a long-awaited plan to significantly increase the number of generic top-level domain names. With a specific focus on users of the Extensible Provisioning Protocol (EPP), this presentation will describe the practical challenges faced by participants in the domain name provisioning ecosystem in the face of evolving domain name management requirements.

Eric Katz, "Mobile Phones and Evidence Preservation"

Wed, 27 Apr 2011 17:30:00 PDT

Jose Fernandez, ""Semantic Security: or How I Learned to Stop Worrying and Looooooove the Internet""

Wed, 20 Apr 2011 17:30:00 PDT

My late friend Robert Garigue, a pioneer of Information Warfare and one of the most original and visionary corporate Chief Information Security Officer, first described the notion a "semantic attack" as the eventual non plus ultra in the hacking arsenal. Semantic attacks do not target directly the information-carrying or information-bearing portions of a system, but rather those components of the system that give it meaning and value; i.e. the semantic components that help us, among other things, establish and maintain truth and trust. When Garigue first coined the phrase "Hack not system, hack the belief system" many of us misinterpreted this as a cry for addressing the non-electronic non-technological "soft" components of the system, i.e. humans and their decision making cycles. In fact, social engineering, phishing attacks and other forms of internet-based cons are in some sense instances of such cyber-mediated attacks on the "meat computers" we have in our brains. However, reality is fast catching up with Science Fiction, and our decision making whether as citizens in a democracy, consumers, military leaders, politicians, businessmen and even intellectuals, is increasingly depending on Internet-based sources and systems. Our increased use and reliance on search engines, social networks, blogospheres, wikis and other non traditional media, for our daily decision making has made it such that an increased portion of the semantic system is computer-based. How are we to define, evaluate or measure the security of these new cybernetic semantic components? Join me on a highly speculative tour of "Semantic Security" (tm), a new subfield of Computer Security, ripe with lots of low-hanging, easily solvable research problems. Believe me!!

Ronda R. Henning, "FuzzyFusion™, an application architecture for multisource information fusion"

Wed, 13 Apr 2011 17:30:00 PDT

The correlation of information from disparate sources has long been an issue in data fusion research. Traditional data fusion addresses the correlation of information from sources as diverse as single-purpose sensors to all-source multi-media information. Information system vulnerability information is similar in its diversity of sources and content, and in the desire to draw a meaningful conclusion, namely, the security posture of the system under inspection. FuzzyFusion™, a data fusion model that is being applied to the computer network operations domain is presented. This model has been successfully prototyped in an applied research environment and represents a next generation assurance tool for system and network security.

Carter Bullard, "Society, Law Enforcement and the Internet: Models for Give and Take"

Wed, 06 Apr 2011 17:30:00 PDT

Krannert Auditorium, Purdue University, West Lafayette, IN The interaction of society, law enforcement and telecommunications has evolved over the last 140 years to a successful balance of give and take. Society gives, providing well-defined processes and procedures that allow the government, law enforcement and citizens regulated access to information routinely collected by telecommunications service providers. And society benefits, where its justice systems can effectively use the information in support of criminal investigations and civil dispute resolutions. Internet technology has been designed, developed and deployed without any consideration to this relationship, and the technical and social void that has emerged isactively being exploited, reducing the security of the Internet, and the natural compensatory actions threaten innovation and privacy. Our presentation discusses how a comprehensive policy regarding Internet communications identifying information (CII), could align the Internet with the existing public private partnerships that have evolved, minimizing the threats to privacy that an Internet �wiretapping� strategy alone could generate.

Kim Trieu, "Wireless Technologies and how it relates to cyber security research"

Wed, 23 Mar 2011 17:30:00 PDT

If you are interested in what cyber-related technologies will be most relevant at the time you graduate, and where many of the cutting-edge jobs will be, then this talk will be of interest. This presentation will be a high level view of where Lockheed Martin and what where we think the government is heading in terms of Cyber security and especially in wireless technologies realm such as Wi-Fi, Cellular, Wi-Max, and Zigbee communications. This presentation will also discuss the cyber capabilities in Hanover, MD and the new NexGen cyber security center in Gaithersburg. The presentation will lead into how some of our interns contributed to the cyber arena and later were hired and became permanent members of the Lockheed team. We would like the talk to be as interactive as possible to help answer questions from students and graduates on cyber security topics and how Lockheed Martin can help those starting their careers in the cyber security domain.

Michael Schearer, "Exploiting Banners for Fun and Profits"

Wed, 09 Mar 2011 18:30:00 PST

SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.

Casey Deccio, ""Modeling DNS Security: Misconfiguration, Availability, and Visualization""

Wed, 02 Mar 2011 18:30:00 PST

The Domain Name System (DNS) is one of the components most critical to Internet functionality. The ubiquity of the DNS necessitates both the accuracy and availability of responses. While the DNS Security Extensions (DNSSEC) add authentication to the DNS, they also increase the complexity of an already complex name resolution system. Many deployments have suffered from server misconfiguration or maintenance neglect which increase the likelihood of name resolution failure for a domain name, even if servers are responsive. Our research introduces metrics for quantifying DNSSEC availability and evaluates these metrics on production signed DNS zones to show the pervasiveness of misconfiguration. We present methodology for increasing robustness of name resolution in the presence of DNSSEC misconfiguration. In our survey of production signed zones, we observe that nearly one-third of the validation errors detected might be mitigated using the technique proposed in our research. As part of my talk, I will also demo an online DNS visualization tool designed to assist administrators in identifying critical issues with their DNSSEC deployments. This is joint work with researchers at UC Davis and Intel Corporation.

Jan Vitek, "A couple of results about JavaScript"

Wed, 23 Feb 2011 18:30:00 PST

This talk will summarize two recent results on JavaScript. "The Eval that Men Do": Transforming text into executable code with a function such as JavaScript�s eval endows programmers with the ability to extend applications, at any time, and in almost any way they choose. But this expressive power comes at a price. Reasoning about the dynamic behavior of programs that use this features becomes difficult. A better understanding of how eval is used could lead to increased performance and security. I will report on a large-scale study of the use of eval in JavaScript-based web applications. We have recorded the behavior 317 MB of strings given as arguments to 481,844 calls to the eval function. We provide statistics on the nature and content of strings used in eval expressions, as well as their provenance and data obtained by observing their dynamic behavior. "Flexible Access Control Policies with Delimited Histories and Revocation": Providing security guarantees for software systems built out of untrusted components requires the ability to enforce fine-grained access control policies. This is evident in Web 2.0 applications where JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over delimited histories and allows for revocation of the history, and reversion to a safe state if a violation is detected. We report on an empirical evaluation in the context of a production browser. We show examples of security policies which prevent real attacks without imposing drastic restrictions on legacy applications. We have evaluated our proposal with two non-trivial policies on 50 of the Alexa top websites with no changes to the legacy JavaScript code. Between 72% and 84% of the sites were fully functional, and only 1 site was rendered non-functional.

Fariborz Farahmand, "Understanding insiders: An analysis of risk-taking behavior *"

Wed, 09 Feb 2011 18:30:00 PST

There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders� perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.

Torsten Braun, "User and Machine Authentication and Authorization Infrastructure for Distributed Testbeds"

Wed, 26 Jan 2011 18:30:00 PST

The Wisebed wireless sensor network testbed provides a federated experimentation facility covering several European universities. For scalable management of access control we have designed and implemented a single-sign-on and attribute-based authentication and authorization infrastructure based on the Shibboleth software, which has been developed by the Internet2 Middleware Initiative. Shibboleth is usually used for protecting browser-based access of web resources. We have designed and implemented an extension to protect web services using the Simple Object Access Protocol. This extension allows both user and machine authentication for web services. As a proof of concept, we implemented a complete reservation system for sensor nodes in the Wisebed test-bed federation. Two different user interfaces based on a web page and an iPhone application have been implemented. Although implemented for Shibboleth, the architecture can be easily adapted to other authentication and authorization infrastructures.

Somesh Jha, "Retrofitting Legacy Code for Security"

Wed, 19 Jan 2011 18:30:00 PST

Research in computer security has historically advocated Design for Security, the principle that security must be proactively integrated into the design of a system. While examples exist in the research literature of systems that have been designed for security, there are few examples of such systems deployed in the real world. Economic and practical considerations force developers to abandon security and focus instead on functionality and performance, which are more tangible than security. As a result, large bodies of legacy code often have inadequate security mechanisms. Security mechanisms are added to legacy code on-demand using ad hoc and manual techniques, and the resulting systems are often insecure. This talk advocates the need for techniques to retrofit systems with security mechanisms. In particular, it focuses on the problem of retrofitting legacy code with mechanisms for authorization policy enforcement. It introduces a new formalism, called fingerprints, to represent security-sensitive operations. Fingerprints are code templates that represent accesses to security-critical resources, and denote key steps needed to perform operations on these resources. This talk develops both fingerprint mining and fingerprint matching algorithms. Fingerprint mining algorithms discover fingerprints of security-sensitive operations by analyzing source code. This talk presents two novel algorithms that use dynamic program analysis and static program analysis, respectively, to mine fingerprints. The fingerprints so mined are used by the fingerprint matching algorithm to statically locate security-sensitive operations. Program transformation is then employed to statically modify source code by adding authorization policy lookups at each location that performs a security-sensitive operation. These techniques have been applied to three real-world systems. These case studies demonstrate that techniques based upon program analysis and transformation offer a principled and automated alternative to the ad hoc and manual techniques that are currently used to retrofit legacy software with security mechanisms. Time permitting, we will talk about other problems in the context of retrofitting legacy code for security. I will also indicate where ideas from model-checking have been used in this work.

Fariborz Farahmand, "Risk Perception and Trust in Cloud"

Wed, 12 Jan 2011 18:30:00 PST

Many companies today are paying attention to cloud computing and new aspects of large-scale, distributed computing. This emerging paradigm of the information age offers exciting benefits to companies and users, but cloud computing, like any other innovation, faces challenges such as security and privacy risks. How do different stakeholders perceive these risks and the effectiveness of the mitigations? And, how are these reflected in their trust in the cloud? The answers to these questions can affect the outcome of policy debates, and the allocation of resources in controlling security issues of cloud environments. This work presents an introduction to the cloud and some of its advantages and disadvantages. It discusses the role of risk perception and trust in security and privacy challenges of the cloud. It also makes recommendations addressing these challenges.

Matthew Hashim, "Nudging the Digital Pirate: Behavioral Issues in the Piracy Context"

Wed, 01 Dec 2010 18:30:00 PST

Piracy is a significant source of concern facing software developers, music labels, and movie production companies. Firms continue to invest in digital rights management technologies to thwart piracy, but their efforts are quickly defeated by hackers and pirates. In the context of piracy, we observe a surprising phenomenon: pirates may often choose to purchase the digital good after pirating it. This is quite interesting given the minimal risk of being caught. Since piracy is often considered a victimless crime, we theorize that moral obligation may mediate other constructs from the theory of planned behavior. We believe this is a consequence of the desire for an individual to rationalize unethical behavior, especially when the crime is victimless. We also identify under what circumstances an individual might be susceptible to exogenous nudging from a software company. Salient constructs under initial purchase and piracy conversion intentions are compared to document under which situations they become relevant to the potential pirate.

Michael Kirkpatrick, "Security Applications for Physically Unclonable Functions"

Wed, 17 Nov 2010 18:30:00 PST

Physically unclonable functions (PUFs) are hardware structures that create unique characteristics for distinct copies of a device. Specifically, the physical nature of manufacturing a device introduces slight variations that can be neither controlled nor predicted. PUFs quantify these differences into a random one-way function. In our work, we have explored multiple application scenarios for integrating PUFs into security systems. In the first application, we propose leveraging PUFs to bind access requests to known, trusted devices. This scheme also offers a lightweight key exchange protocol that can reduce the computational cost for low-power embedded devices. In our second work, we have designed PEAR, a portable authentication token based on PUFs that allows for privacy-preserving transactions with websites. Finally, we have created PUF ROKs, which are read-once cryptographic keys based on PUFs. In this talk, we will introduce these applications, highlighting the advantages of deploying PUFs over competing technologies, as well as presenting the results of our empirical and formal analyses of these prototypes.

Nikita Borisov, "Detecting Coordinated Attacks with Traffic Analysis"

Wed, 10 Nov 2010 18:30:00 PST

Coordinated attacks, such as botnets, present a major threat to today's computing infrastructures. They are able to evade traditional detection techniques by using zero-day and polymorphic exploits, partitioning misbehavior, and encrypting communications. I will discuss our work that aims to identify coordinated activity itself by analyzing the patterns of network communication and inferring information via the available side information. First, I will discuss the detection of linked network flows that relay traffic across compromised computers, called stepping stones. We use statistical techniques to locate timing correlation between flows, aided by active perturbation of network delays to insert a specialized pattern, called a watermark. I will show that the use of watermarks provides superior detection performance over passive correlation and present two watermark designs: RAINBOW, a low-overhead watermark for enterprise-level stepping stone detection, and SWIRL, a scalable design that can be used in the wide area. I will then discuss our work on using community detection to locate groups of computers organized into a structured peer-to-peer topology. Our tool, BotGrep, finds tightly connected components in communication graphs using several graph-theoretic metrics and heuristics. It is designed to scale to very large data sets, allowing large core ISPs to detect previously unknown peer-to-peer botnets.

Trent Jaeger, "Tackling System-Wide Integrity"

Wed, 03 Nov 2010 17:30:00 PDT

Computing system compromises occur because system integrity is not managed effectively. The various parties that contribute to a system, programmers, OS distributors, and system administrators, do not account for integrity threats comprehensively, leading to recurrence of the same kinds of attacks. The problem is that we lack scalable and automated approaches for these parties to assess the integrity of their individual components that enables one to build upon the efforts of others. In this talk, I will discuss an conceptual approach to composing system-wide integrity from enforcement of multiple system layers. This approach is motivated by various work in information flow security, but we find that managing system-wide integrity requires different inferencing approaches and care in mapping actual components to the model. In particular, we will discuss methods to establish a specifications of integrity, validating the initial integrity of system components and channels, and composing systems from such components that protect runtime integrity. We will demonstrate the use of methods on Xen and Linux systems for deploying cloud computing applications. We show that accounting for integrity in component design can lead to comprehensive system-wide management.

P. Madhusudan, "The role of automata theory in software verification"

Wed, 27 Oct 2010 17:30:00 PDT

The 80s and 90s saw a revolution in hardware verification, where automata theory played a prominent role, formalizing model-checking and establishing the basis of verification using the logic-automata connection. We shift focus to software verification and ask how exactly would automata theory be useful in program analysis. Drawing from work in recent years in software verification in my research group as well as in the field, I will identify several key areas, ranging from modeling, abstraction, model-checking, interface synthesis, testing, to logical reasoning with dynamic data-structures, where automata theory promises to provide the right abstractions and yield effective tools for program analysis.

Sam King, "Trust and Protection in the Illinois Browser Operating System"

Wed, 20 Oct 2010 17:30:00 PDT

Current web browsers are complex, have enormous trusted computing bases, and provide attackers with easy access to modern computer systems. In this talk we introduce the Illinois Browser Operating System (IBOS), a new operating system and a new browser that reduces the trusted computing base for web browsers. In our architecture we expose browser-level abstractions at the lowest software layer, enabling us to remove almost all traditional OS components and services from our trusted computing base by mapping browser abstractions to hardware abstractions directly. We show that this architecture is flexible enough to enable new browser security policies, can still support traditional applications, and adds little overhead to the overall browsing experience. I will also talk briefly about some of my groups recent work in defending against malicious hardware.

Alex Liu, "Fast Regular Expression Matching using Small TCAMs for Network Intrusion Detection and Prevention Systems"

Wed, 13 Oct 2010 17:30:00 PDT

Regular expression (RegEx) matching is a core component of deep packet inspection in modern networking and security devices. Prior RegEx matching algorithms are either software-based or FPGA-based. Software-based solutions have to be implemented in customized ASIC chips to achieve high-speed, the limitations of which include high deployment cost and being hard-wired to a specific solution and thus limited ability to adapt to new RegEx matching solutions. Although FPGA-based solutions can be modified, resynthesizing and updating FPGA circuitry in a deployed system to handle RegEx updates is slow and difficult. In this talk, we present the first hardware-based RegEx matching solution that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. There are three main reasons why TCAM-based RegEx matching works well. First, a small TCAM is capable of encoding a large Deterministic Finite Automata (DFA) with carefully designed algorithms leveraging the ternary nature and first-match semantics of TCAMs. Second, TCAMs facilitate high-speed RegEx matching because TCAMs are essentially high-performance parallel lookup systems: any lookup takes constant time (i.e, a few CPU cycles) regardless of the number of occupied entries. Third, because TCAMs are off-the-shelf chips that are widely deployed in modern networking devices, it is easy to design networking devices that include our TCAM based RegEx matching solution.

Mihaela Vorvoreanu, Lorraine G. Kisselburgh, "Global Study of Web 2.0 Use in Organizations"

Wed, 06 Oct 2010 17:30:00 PDT

In this seminar, we present results from a global study about Web 2.0 use in organizations. The study, commissioned by McAfee, Inc., included a worldwide survey of over 1,000 organizational IT leaders, and in-depth interviews with industry experts. Data paint a rich picture of adoption and usage trends, as well as security concerns related to Web 2.0 technologies.

Sergey Panasyuk, "Assured Processing through Obfuscation"

Wed, 29 Sep 2010 17:30:00 PDT

In this seminar, an Obfuscation Module is discussed. This module provides a means to perform computation on untrusted computing systems while maintaining the confidentiality and integrity of the information. Being able to do so not only enables assured processing, such as running a program with certain assurances that the algorithm will remain protected, but it can also increase the defensive posture of cyber systems. When an executable is requested by the operating system, the module will apply obfuscation techniques to repackage it. Once repackaged, it will send the new executable to the host system. In this way, the untrusted system will never have access to the original executable image but a convoluted equivalent of it, protecting the confidentiality of the image and the algorithm which it implements, since it is cost prohibitive to unscramble the available executable.

Petros Mouchtaris, "Security of Mobile Ad Hoc Networks (MANETs)"

Wed, 22 Sep 2010 17:30:00 PDT

This talk will initially provide an overview of Telcordia's cyber security research. The talk will then focus on Telcordia's research in securing MANETs. MANETs are networks that do not require a fixed infrastructure (like base stations or access points) that are typically used in commercial wireless networks. In MANETs, messages are relayed from node to node from the source of a packet towards the destination. If there is a "sufficient" number of nodes covering a specific area, communication between the source and the destination can be achieved. MANETs have attracted a lot of interest in applications where fixed infrastructure may not be available or has been destroyed such as vehicle to vehicle communication, military networks, and disaster relief support. The key value of MANETs is their ability to allow nodes to join forces quickly to form a network. Achieving the potential value of MANETs in a secure manner though is a significant challenge. This talk will discuss Telcordia's research and progress in this area.

Xiaofeng Wang, "Side Channel Threats in the Software-as-a-Service Era: Challenges and Responses"

Wed, 15 Sep 2010 17:30:00 PDT

With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is a "two-part" program, with its components deployed both in the browser and in the web server. The communication between these two components inevitably leaks out the program's internal states to those eavesdropping on its web traffic, simply through the side channel features of the communication such as packet length and timing, even if the traffic is entirely encrypted. In this talk, I will present our discovery showing that such side-channel leaks are both fundamental and realistic: a set of high-profile web applications are found to disclose highly sensitive user data such as one's family incomes, health profiles, investment secrets and more through their side channels. More importantly, we found that the root causes of the problem are some fundamental characteristics of web applications: stateful communication, low entropy input for better interaction, and significant traffic distinctions. This indicates that a significant improvement of the current web-application development practice becomes necessary. As a response to this urgent call, I will also describe in this talk a new technique we developed, called Sidebuster, which facilitates detection and quantification of side-channel vulnerabilities during development of web applications.

Xeno Kovah, "Rootkits"

Wed, 08 Sep 2010 17:30:00 PDT

This talk will examine the state of current and proposed rootkits, to try and answer the following question: are rootkits stupid and lame? The speaker will provide supporting evidence that most all rootkits are eminently detectable, in theory. But theory doesn�t matter if tools for detection are not used in practice. Therefore the talk will highlight the few weaknesses in detection methodologies and many weaknesses in tools, so that the audience can think about what they could do to make the world more secure.

Ashish Kundu, "Data in the Cloud: Authentication Without Leaking"

Wed, 01 Sep 2010 17:30:00 PDT

Assurance of authenticity as well as confidentiality of data is an important problem, in cloud computing and in third-party data distribution environments. Existing data authentication schemes for structured and semi-structured data such as trees and graphs leak information, leading to privacy and confidentiality breaches. We have developed schemes for leakage-free authentication of trees and graphs. Our schemes are provably secure and efficient. In this talk, I would present these schemes as well as describe how to address the problem for disconnected trees/graphs (forests) (e.g., a set of databases). Time permitting, we would discuss some of the applications of these schemes. Our solutions have several applications in the cloud-based service offerings such as in the database and e-mail as services, storage and distribution of healthcare and biological data, and in security of social networks.

Cristina Nita-Rotaru, "Secure Network Coding for Wireless Mesh Networks"

Wed, 25 Aug 2010 17:30:00 PDT

In this talk we identify two general frameworks (inter-flow and intra-flow) that encompass several network coding-based systems proposed in wireless mesh networks. Our systematic analysis of the components of these frameworks reveals vulnerabilities to a wide range of attacks, which may severely degrade system performance. We then focus on addressing the most severe and generic attack against network coding systems, known as packet pollution attack. We show that existing cryptographic mechanisms that were proposed to solve the problem have a prohibitive cost that makes them impractical in wireless mesh networks. We propose the first practical defense mechanisms to pollution attacks in network coding for wireless mesh networks. The experimental results show that the proposed mechanisms can effectively filter out polluted packets and quickly identify and isolate attacker nodes while incurring small computation and bandwidth overhead.

Victor Raskin & Julia Taylor, ""Ontological Semantic Technology for Detecting Insider Threat and Social Engineering""

Wed, 28 Apr 2010 17:30:00 PDT

The paper describes a computational system, an application and implementation of the mature Ontological Semantic Technology, for detecting unintentional inferences in casual unsolicited and unrestricted verbal output of individuals, potentially responsible for leaked classified information to people with unauthorized access. Uses of the system for cases of insider threat and/or social engineering are discussed.

Stephen Dill, "The role of System Security Engineering in the engineering lifecycle"

Wed, 21 Apr 2010 17:30:00 PDT

This seminar will provide an overview of how Information Security (AKA Cyber Security, AKA INFOSEC) engineering, requirements analysis and security policies and other activities fit into the overall life cycle of an IT system. We will define an INFOSEC systems engineering methodology using industry best practices and we will define the major steps or key activities in that systems engineering methodology. We will also discuss what the role of Information Systems Security Engineering and the Systems Security Engineers should be in the Life Cycle processes.

Christian Hammer, "Security of JavaScript in a Browser Environment"

Wed, 14 Apr 2010 17:30:00 PDT

The power of modern websites emerges to a large extent from the ability to combine content from different sources. As an example, a site may include a Google map next to business information a user had been searching for. Combining content from possibly untrusted sites gives rise to all sorts of security concerns, as JavaScript has no concept of separating scripts from different sources. This has lead to several recent attacks like the Samy or Yamanner worms. This talk presents the state of the art in securing JavaScript for such settings and proposes a sandboxing facility for in-browser script separation.

Yvo Desmedt, "60 years of scientific research in cryptography: a reflection"

Wed, 07 Apr 2010 17:30:00 PDT

Shannon started the unclassified scientific research in cryptography with his October 1949 paper. First we briefly survey the scientific research in cryptography since then. We discuss the strengths and weaknesses of this research, attempting to present a balanced viewpoint. The lecture will also discuss the progress we have not made. We will show that not everything in modern cryptography is rosy. Besides above examples, we will also talk about the discrepancy between the massive number of applications of cryptography studied by academics and the fact most of these are being viewed as completely irrelevant to the real world.

David Bell, "Everything I Needed to Know about Security, I Learned in 1974"

Wed, 31 Mar 2010 17:30:00 PDT

The security field is an excellent illustration of the maxim that ``the more things change, the more they stay the same.'' Thus while technical details change, underlying security principles remain remarkably constant. Dr. Bell's talk ``Everything I Needed to Know about Security, I Learned in 1974'' covers the lessons he learned in his early modeling work, how they have remained valid since, and how those principles inform his view of 21st-Century challenges.

David Zage, "A Platform for Creating Efficient, Robust, and Resilient Peer-to-Peer Systems"

Wed, 24 Mar 2010 17:30:00 PDT

The rapid growth of communication environments such as the Internet has spurred the development of a wide range of systems and applications based on peer-to-peer ideologies. As these applications continue to evolve, there is an increasing effort towards improving their overall performance. This effort has led to the incorporation of measurement-based adaptivity mechanisms and network awareness into peer-to-peer applications, which can greatly increase peer-to-peer performance and dependability. Unfortunately, these mechanisms are often vulnerable to attack, making the entire solution less suitable for real-world deployment. In this work, we study how to create robust systems components for adaptivity, network awareness, and responding to identified threats. These components can form the basis for creating efficient, high-performance, and resilient peer-to-peer systems.

Pascal Meunier, "Making of the CWE Top-25, 2010 Edition"

Wed, 10 Mar 2010 18:30:00 PST

For the second time, MITRE's Common Weakness Enumeration project has released a Top-25 list. However, this year's is a much more sophisticated document, created using a systematic and more rigorous approach. It contains several sections and tables as well as profiles, and isn't only a list. I will explain what the CWE is, what the purpose of the Top-25 is, how it was created, which problems it faced and which it still faces, how it has been improved since last year, and how you can use it.

Wonjun Lee, "Detection and protection from denial of service attacks in grids by accountability agents"

Wed, 03 Mar 2010 18:30:00 PST

By exploiting existing vulnerabilities, malicious parties can take advantage of resources made available by grid systems to attack mission critical websites or the grid itself. In this paper, we present two approaches for protecting against attacks aiming at targets located outside or inside the grid. Our approach is based on special-purpose software agents, referred to as accountability agents that collect provenance and resource usage data in order to perform detection and protection. We show the effectiveness of our approach and the performance of the accountability agent based system by conducting various experiments on a grid-emulated testbed.

Kevin Hoffman, "Ribbons, A Partially-Shared Memory Programming Model"

Wed, 24 Feb 2010 18:30:00 PST

We present ribbons, a shared memory programming model that allows for more implicit sharing of memory than processes but is more restrictive than threads. Ribbons structure the heap into protection domains. Privileges between these protection domains are carefully controlled to provide the ability to fully or partially �sandbox� certain portions of a program�s computation. RibbonJ, a backwards-compatible extension of Java, is de?ned to easily create programs that leverage the ribbons model. RibbonJ is implemented within Jikes RVM, and avoids the overhead of inline security checks and read or write barriers by leveraging the memory protection mechanisms already supported in modern hardware and operating systems. This is joint work with Harrison Metzger and Professor Patrick Eugster.

Hyo-Sang Lim, "Provenance-based Data Trustworthiness Assessment in Data Streams"

Wed, 17 Feb 2010 18:30:00 PST

This talk presents a systematic approach for estimating the trustworthiness of data items in data stream environments (such as sensor networks). The approach uses the data item provenance as well as their values. To obtain trust scores, the approach exploits a cyclic framework which well reflects the inter-dependency property: the trust scores of data items affect the trust scores of network nodes, and vice versa. The trust scores of data items are computed from their value similarity and provenance similarity. The value similarity comes from the principle that �the more similar values for the same event, the higher the trust scores,� and we compute it under the assumption of normal distribution. The provenance similarity is based on the principle that �the more different provenances with similar values, the higher the trust scores,� and we compute it using the tree similarity. Since new data items continuously arrive in DSMSs, we need to evolve (i.e., recompute) trust scores to reflect those new items. As evolution scheme, we propose the batch mode for computing scores (non)periodically along with the immediate mode. Experimental results show that the approach is efficient and effective in data stream environments.

Marcus Rogers, "Dissecting Digital Data: Context & Meaning through Analytics"

Wed, 10 Feb 2010 18:30:00 PST

This talk will look at how analytics can be used to increase our understanding of what digital evidence actually means. The real value of evidence is often related to the context and meaning of the data ; not just on its mere existence. The talk will examine how analytics can be used to answer core investigative and intelligence questions and where meaning can be found.

Greg Stephens, "Detecting Insider Theft of Trade Secrets"

Wed, 03 Feb 2010 18:30:00 PST

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.

Stephen Elliott, "Applications of biometric technologies"

Wed, 20 Jan 2010 18:30:00 PST

In today's society, biometric technologies are being used in a number of different applications. This discussion will introduce the concept of biometric technologies, and outline various challenges and solutions that are being undertaken in the biometrics lab at Purdue University.

Eugene Spafford, ""Thinking Outside the Box""

Wed, 13 Jan 2010 18:30:00 PST

Kelly Caine, " Human Factors Approaches to Preserving Privacy"

Wed, 09 Dec 2009 18:30:00 PST

Threats to privacy are not only due to traditional computer security issues; human factors issues such as unintentional disclosure of information also have an impact on privacy preservation. In this talk I will discuss two examinations of psychological aspects of privacy and how they relate to technology. First, I will present results from an investigation of everyday privacy behaviors and discuss how these naturally occurring behaviors can guide the design of privacy protective technology. Then, I will introduce the concept of misclosure, which is the unintentional disclosure of information, and provide multiple example misclosures. I will conclude by demonstrating that misclosures a) occur frequently b) occur across systems and c) may be preventable by considering human factors during design.

Andrew Scholnick, "Cyber Security Trends and Disruptors"

Wed, 02 Dec 2009 18:30:00 PST

The Director of the VeriSign iDefense Applied Vulnerability Research Labs discusses current cyber security trends identified in 2008 and manifested in 2009 from Cyber Crime, Cyber War, Cyber Espionage and Cyber Terrorism. He will then look over the horizon to identify some potential Cyber Security Disruptors; ideas or technologies coming down the pike that will fundamentally change how the security community protects its enterprise and its customers.

Gerome Miklau, "Safely Analyzing Sensitive Network Data"

Wed, 18 Nov 2009 18:30:00 PST

Social and communication networks are formed by entities (such as individuals or computer hosts) and their connections (which may be contacts, relationships, or flows of information). Such networks are analyzed to understand the influence of individuals in organizations, the transmission of disease in communities, the operation of computer networks, among many other topics. While network data can now be recorded at unprecedented scale, releasing it can result in unacceptable disclosures about participants and their relationships. As a result, privacy concerns are severely constraining the dissemination of network data and disrupting the emerging field of network science. Our recent work investigates the properties of a network that can be accurately studied without threatening the privacy of individuals and their connections. We adopt the rigorous condition of differential privacy, and develop algorithms for releasing randomly perturbed statistics about the topology of a sensitive network. This talk will focus on two basic analysis tasks: the estimation of the degree distribution of a network and the study of small structural patterns that occur in a network (sometimes called motif analysis). We show that the degree distribution of a network can be very accurately estimated by a novel technique in which constraints are applied to the noisy output to improve utility. This technique is of general interest, and can be used to boost the accuracy of differentially private output in other tasks as well. We show that studying motifs is fundamentally harder, but can be done with acceptable accuracy if the privacy condition is relaxed.

Leszek Lilien, "Some Thoughts on the Pervasive Trust Foundation for the Future Internet Architecture. A position presentation."

Wed, 11 Nov 2009 18:30:00 PST

We start with presenting motivation and goals for the Future Internet, and reviewing basics of trust in computing. The Pervasive Trust Foundation (PTF) for the Future Internet is proposed next. This includes presenting motivation for trust foundation for the Future Internet, showing placement of security services and mechanisms within the architecture, and trust considerations for security services. Inefficient operation of the PTF-based architecture is the main obstacle to making such architecture a reality. There are two classes of approaches that can reduce operational costs. First, inherent PTF properties result in automatic cost-saving. Second, additional cost-saving techniques --such as leveraging high-trust enclaves, or using enclave "insurers"-- can be used. The architectural principles presented here are a position statement, and their practical verification will require substantial research efforts.

Zahid Pervaiz, "Multi-Policy Access Control for Healthcare using Policy Machine"

Wed, 04 Nov 2009 18:30:00 PST

Access control policies in healthcare domain define permissions for users to access different medical records. A Role Based Access Control (RBAC) mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding the capabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newly implemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data.

Andre Koenig, "Security in Infrastructureless and Decentralized Communication Networks - Possibilities, Results, and Evaluation Challenges"

Wed, 28 Oct 2009 17:30:00 PDT

Infrastructureless and decentralized communication substrates such as mobile ad hoc networks and peer-to-peer systems enable setting up communication services beyond borders of contemporary wired or cellular client/server systems. Yet, due to their specific characteristics like wireless multihop data transmission and lack of central trusted instances, infrastructureless and decentralized networks are also beyond the protection of contemporary security mechanisms. This especially requires consideration in possible first responder or military application scenarios. Various new threats targeting each layer of the ISO/OSI model have been identified. Central questions regarding security include how to deal with misbehavior and how to protect information in networks without well-defined borders, consisting of devices, services, and users from multiple administrative domains. In this talk we present possible solutions for excluding misbehaving nodes from infrastructureless networks to recover the availability of the network in presence of attacks. We further present mathematical tools for governing cooperative decision processes without central trusted instances as basis for security objectives such as authentication and access control in decentralized systems. We show evaluation results based on analytical models as well as simulation and testbed studies and highlight general challenges regarding the evaluation of protocols and algorithms for infrastructureless decentralized communication networks.

Juhee Kwon, "Information Security Management and IT Executives in a Top Management Team"

Wed, 21 Oct 2009 17:30:00 PDT

As information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that human resources and policies are the most likely cause of information risks, which need to become real enterprise-wide and strategic issues. This paper examines the impacts of an IT executive�s structural status in Top Management Teams (TMTs) on information security risk management. E-Business has made it imperative for IT executives to adopt cross-functional roles due to the increased importance of securing and managing risks to information assets across the enterprise. Therefore, IT executive representation and status in a TMT is necessary to strategically and operationally conduct liaison activities between IT groups and other business units. However, there is little empirical research examining the effects of IT executives� structural status on managing information security risks. We employ logistical regression to examine the data from 2003 to 2008 with information security breach reports and executive compensation data. We augment this data with IT internal controls information provided by external auditors. Our results demonstrate high IT executive engagement and fair compensation are associated with reduced levels of both IT internal controls weaknesses and reported information security breaches. Second, we find that pay dispersion in a TMT increases the probability of information security breaches, while IT executive turnover is not significantly associated with breaches. As a comprehensive analysis across the accounting, human resources, and information systems literature, this study gives firms new insights into how they set IT executive compensation strategies as well as delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets.

Raquel Hill, "PlugNPlay Trust for Embedded Communication Systems"

Wed, 14 Oct 2009 17:30:00 PDT

Given the proliferation of malware, the integrity of embedded communication systems is becoming a growing concern. Recent compromises to systems such as ATMs and network switches and routers provide evidence of the potential security problems of embedded communication systems. Trusted communication channels that pass sensitive information should only be established after the integrity of the remote system can be assured. Security hardware, such as the Trusted Computing Group�s (TCG�s) Trusted Platform Module (TPM) provides a mechanism to measure and authenticate the integrity of individual machines. This device can be readily found in many laptops today, however we are unaware of its use as a mechanism for providing or denying communication access to services based on the integrity of remote systems. In this work, we propose PlugNPlay Trust, an integrity framework which is a drop-in solution for providing a hardware root of trust for embedded applications. The PlugNPlay Trust design exploits the static nature of embedded communication systems and independently provides remote attestation and identity verification for the host application using the TPM. This framework, coupled with the attestation and dynamic firewall exception services we authored, enables remote parties to confirm the integrity of embedded communication systems, thereby limiting the effects and the proliferation of malware in compromised systems. Although there are preexisting technologies for interfacing with the TPM directly, we implemented the first prototype for allowing or denying access to networked services based on the trustworthiness of a remote system. The PlugNPlay framework simplifies the integration of existing TPM related tools and provides a ready to use platform for trusted computing research.

Gary McGraw, "The Building Security In Maturity Model (BSIMM)"

Wed, 07 Oct 2009 17:30:00 PDT

As a discipline, software security has made great progress over the last decade. There are now at least 46 large scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008, Brian Chess, Sammy Migues and I interviewed the executives running nine initiatives using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include: Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity was used to guide the construction of the Building Security In Maturity Model (BSIMM). This talk will describe the observation-based maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works---people, process, and automation are all required. While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. Since its March release, the BSIMM is being expanded to include BSIMM Europe, BSIMM II, and BSIMM Lite. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you.

Richard Power, "Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security"

Wed, 30 Sep 2009 17:30:00 PDT

Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security: It is not enough to develop a comprehensive cyber security program that exists in isolation from the world beyond the cloud and the cables. We have to understand the political, economic and social environments that impact our ability to deliver security, as well as our own organizational cultures. We cannot wage a 21st Century struggle for hearts and minds with a 20th Century world-view anymore than we can wage a 21st Century struggle to secure information and systems with 20th Century technology. A bold new vision is needed, one that is holistic and evolves out of transformative metaphors that reframe our concepts about security.

Rick Aldrich, "The Importance of Law in Cybersecurity, Recent Developments and Trends in Cyberlaw"

Wed, 23 Sep 2009 17:30:00 PDT

Information security professionals increasingly need to be familiar with developments in cyberlaw to ensure they comport their actions with the contours of the law. Unfortunately, with technology changing far faster than the statutes, judges are increasingly being called upon to fill in the interstices. In this interactive session, facts from actual cases will be presented in a �You Be the Judge� format to highlight important developments in recent cases and identify key trends in the case law. What is the legal efficacy of a click-through consent banner and how does this impact information security professionals? What constitutes an �interception� and what types of interceptions are legal and illegal? What law dictates whether an employer can or cannot inspect its employee�s personal e-mail messages? Do individuals have to divulge their encryption keys requested to do so by border guards or law enforcement agents? Are there jurisdictional borders in cyberspace? Who has jurisdiction and how does the law apply in virtual worlds? How do extradition laws apply to cybercrimes? These and many other questions will be answered in this interactive seminar.

Jerry Saulman, "From Security Architecture to Implementation"

Wed, 16 Sep 2009 17:30:00 PDT

From security architecture to implementation details... what matters when a customer faces a project to implement a global J2EE application? This presentation will cover some of the more pertinent concepts and details involved from real world experiences in customer environments.

Peter Mork, "Database Assurance: Anomaly Detection for Relational Databases"

Wed, 09 Sep 2009 17:30:00 PDT

Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this research project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate. In this presentation, because SQL injection remains the #1 attack vector, I will first illustrate how SQL injection attacks can exfiltrate data from a database system. I will then discuss various locations within the database engine that one might monitor activity, highlighting the benefits of placing a monitor between the query optimizer and query execution engine. Next, I will describe how we use cross-feature analysis to generate profiles of legitimate behavior and how these profile are used at run-time to identify anomalous activity. Then, I will present experimental results both in terms of performance overhead and precision/recall. I will conclude with a discussion of when our techniques are most applicable and how a clever adversary might nevertheless elude our monitor.

Ragib Hasan, "Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealogy of Bits with Secure Provenance"

Wed, 02 Sep 2009 17:30:00 PDT

As increasing amounts of valuable information are produced and persist digitally, the ability to determine the origin of data becomes important. In science, medicine, commerce, and government, data provenance tracking is essential for rights protection, regulatory compliance, management of intelligence and medical data, and authentication of information as it flows through workplace tasks. While significant research has been conducted in this area, the associated security and privacy issues have not been explored, leaving provenance information vulnerable to illicit alteration as it passes through untrusted environments. In this talk, we show how to provide strong integrity and confidentiality assurances for data provenance information in an untrusted distributed environment. We describe our provenance-aware system prototype that implements provenance tracking of data writes at the application layer, which makes it extremely easy to deploy. We present empirical results that show that, for typical real-life workloads, the run-time overhead of our approach to recording provenance with confidentiality and integrity guarantees ranges from 1% - 13%. For more details, please refer to http://dais.cs.uiuc.edu/provenance

Ian Goldberg, "Sphinx: A Compact and Provably Secure Mix Format"

Wed, 26 Aug 2009 17:30:00 PDT

Mix networks, originally proposed in 1981, provide a way for Internet users to send messages--such as email, blog posts, or tweets--without automatically revealing their identities or their locations. In this talk, we will describe Sphinx, a cryptographic message format used to relay anonymized messages within a mix network. It is the first scheme to support a full set of security features: compactness, efficiency, provable security, indistinguishable replies, hiding the path length and relay position, as well as providing unlinkability for each leg of the message's journey over the network. We will compare Sphinx to other mix formats, and will also briefly outline Sphinx's security reduction proof.

Joe Judge, "Software Assurance: Motivation, Background, and Acquisition Pursuits"

Wed, 22 Apr 2009 17:30:00 PDT

This Software Assurance (SwA) is a slightly different spin on the SwA presentation and discussion. The need for measurable SwA, for the purposes of presenting and assurance "case" and explained with a practitioner's point of view. Current pursuits and practices are shared with the context of what is needed from the SwA industry.

John D'Arcy, "USER AWARENESS OF SECURITY COUNTERMEASURES AND ITS IMPACT ON INFORMATION SYSTEMS MISUSE: A DETERRENCE APPROACH"

Wed, 15 Apr 2009 17:30:00 PDT

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This study presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one�s level of morality. The results have implications for both the research and practice of IS security.

Johann-Christoph Freytag, "Privacy � from accessing databases to location based services"

Wed, 08 Apr 2009 17:30:00 PDT

Over the last years it has become apparent that privacy issues become more and more important when accessing data sources either on the Web or by database management systems. That is, the user does not only want to hide the query, but also the result of that query from others. In the past the problem of querying a database privately was solved by organizational rather than by technical means. In this talk we describe the problem of querying databases privately more formally and discuss existing solutions from the area of private information retrieval (PIR). The lack of efficiency and scalability motivated us look for alternative approaches using a so called �secure co-processor� (built by IBM). We introduce a set of algorithms that take advantage of the (physical) properties of the co-processor and show which algorithms are necessary to guarantee privacy for database queries. In the last part of my talk I briefly describe our vision how to extend the current privacy approach to location-based services, in particular to moving objects such as vehicles (cars).

Melissa Dark, "An Analysis of Data Breach Disclosure"

Wed, 01 Apr 2009 17:30:00 PDT

In the past six years, 44 states in the United States have embraced a new form of privacy and identity theft regulation � mandatory disclosure of data breach information. Information disclosure regulation is a form of legislation considered effective for issues that span consumer protection and risk and where market mechanisms would/could work effectively to shape consumer and producer behavior and bring about allocative efficiency. Informational regulation is a new approach in the data privacy milieu, but has a precedent in environmental and health policy. While data breach information disclosure policies intend to have an impact on consumer and producer behavior, little is known about the costs and benefits of these policies and whether they are in fact enhancing social welfare in the area of identity theft and privacy. This talk addresses this relatively nascent public policy phenomenon with a focus on future considerations for policy analysis in this area to determine if and how such policy may be affecting the state of information assurance and security in the USA.

, "Rick Clark, Ontario Systems"

Wed, 25 Mar 2009 17:30:00 PDT

Arjan Durresi, "Security for the Next Internet over Heterogeneous Environments"

Wed, 11 Mar 2009 17:30:00 PDT

The networking research community is working to design the Next Generation Internet, which will meet the needs of the twenty-first century. The first requirement for the Next Generation Internet is security. Furthermore, the Internet will include heterogeneous environment, such as cellular and sensor networks. In this talk, I will present our research work related to above mentioned problems and focusing on a new security oriented Internet architecture and security solutions for heterogeneous environments. It should allow receivers to set policies for how and where they receive their information. The Next Generation Internet should be designed for mobile objects. Naming, addressing architecture, and routing have to be such that these objects can move and decide how and where they want to receive their Internet traffic with full rights of privacy of their location, if desired. In this talk, I will present our research work related to above mentioned problems and focusing on Internet architecture, mobile, wireless and security issues.

Jeremy Rasmussen, "The Best Defense is Information"

Wed, 04 Mar 2009 18:30:00 PST

In the course of doing security vulnerability testing for government and commercial clients over the past 10 years, our Information Security Solutions team at Sypris Electronics has seen a lot of interesting things�perhaps none more so than a recent attack witnessed on a client�s network targeted by a buffer overflow on a popular application. The attack launched a trojan horse, which then dropped in another piece of malware that stealthily connected out to several sites to receive command and control. We will go down the rabbit hole with the attack (as much as I can publicly divulge), talk about our approach to the forensic investigation, and how the client was advised to implement countermeasures to provide an overall framework of security against future attacks. It is possible people may have known about this particular exploit for more than six months before it was publicly disclosed, and the vendor still has not published a patch for it. Therefore, in this talk, we will also explore the concept of responsible disclosure, information sharing (minus attribution), and how all of this possibly fits into the Presidential Comprehensive National Cybersecurity Initiative (CNCI).

Mummoorthy Murugesan, "Providing Privacy through Plausibly Deniable Search"

Wed, 25 Feb 2009 18:30:00 PST

Query-based web search is becoming an integral part of many people's daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research tool, the anonymization was insufficient: individuals could be identified from the contents of the queries alone Government requests for such logs serves to increase the concern. To address this problem, we propose a client-centered approach of "plausibly deniable search". Each user query is substituted with a standard, closely-related query intended to fetch the desired results. In addition, a set of k-1 cover queries are issued; these have characteristics similar to the standard query but on unrelated topics. The system provides a property that any of these k queries will produce the same of set of k queries, giving k possible topics the user could have been searching for. We use Latent Semantic Indexing (LSI) based technique to generate queries, and evaluate on the DMOZ webpage collection to show the effectiveness of the proposed approach.

Charles Killian, "Mace: Systems and Language Support for Building Correct, High-Performance Networked Services"

Wed, 18 Feb 2009 18:30:00 PST

Building distributed systems is particularly difficult because of the asynchronous, heterogeneous, and failure-prone environment where these systems must run. This asynchrony makes verifying the correctness of systems implementations even more challenging. Tools for building distributed systems must strike a compromise between reducing programmer effort and increasing system efficiency. Mace is a C++ language extension, compiler, runtime, and toolset, that translates a concise but expressive distributed system specification into a C++ implementation. Mace exploits a natural decomposition of distributed systems into a layered, event-driven state machine. A key design principle of Mace is to separate each service algorithm from the implementation mechanics (serialization, dispatch, synchronization, etc.), debugging code (logging and property testing), and its utility services (lower-level services providing a specified interface). Our experience indicates that precisely because Mace imposes limits on the design structure of distributed systems, it supports the implementation of a wide variety of high-level supporting tools, including model checking, simulation, live debugging, and visualization. Mace is fully operational, has been in development for four years, and has been used to build a wide variety of Internet-ready distributed systems. This talk will describe both the Mace programming language design and MaceMC, the first model checker that can find liveness violations in unmodified systems implementations.

Mehmet Sahinoglu, "Quantitative Risk Assessment of Software Security and Privacy, and Risk Management with Game Theory"

Wed, 11 Feb 2009 18:30:00 PST

The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation with minimal cost. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study using Java code is presented and its accuracy is veri?ed by discrete-event or Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example as related to a PC user and a risk-management scenario using the Game Theory approach for optimal cost mitigation results. Index Terms(10)� Quantitative Risk Assessment, Cost Mitigation, Countermeasure, Security, Privacy, Management, Simulation, Threat, Vulnerability, Game Theory

Cassio Goldschmidt, "The dark side of software engineering and how to defend against it"

Wed, 04 Feb 2009 18:30:00 PST

If you create an application that runs on one or more computers connected to a network such as the internet, your code will be attacked. Consequences of compromised systems often include loss of trust, reputation and revenue. Software will always have defects and vulnerabilities. Strikes against digital assets are unquestionably on the rise. We can, however, make it substantially harder to find and exploit vulnerabilities by identifying insecure coding practices and developing secure alternatives. During this practical session, we'll examine in detail the principles behind some of the worst attack patterns seen today in the software industry. Most importantly, we'll learn effective defense programming techniques every developer must employ when building software.

Ryan Riley, "An Alternate Memory Architecture for Code Injection Prevention"

Wed, 28 Jan 2009 18:30:00 PST

Code injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and transfers execution to his malicious code. In this way he can gain control of a running process or operating system due to the fact that his injected code will run at the same privilege level as the entity being attacked. At the user-level, these attacks can be used to gain access to a system through an application bug. At the kernel-level, they are commonly used to install kernel rootkits and hide an attacker's presence on a machine. In this talk I will discuss code injection with regards to the memory architecture of modern computer systems. I will compare two common memory architectures, von Neumann and Harvard, with respect to their susceptibility to code injection attacks and the advantages and disadvantages of each in practice. Based on this, I will present a third memory architecture which is immune to code injection attacks and describe implementations of it that are able to stop code injection at the user and kernel levels. My experimental results show that this architecture is able to effectively and efficiently prevent code injection attacks against unmodified operating systems and applications running on standard x86 hardware.

Paul Kidwell, "A Rules Based Statistical Algorithm for Keystroke Detection"

Wed, 21 Jan 2009 18:30:00 PST

A rules-based statistical algorithm (RBSA) identifies packets in any TCP connection that are client keystrokes of an ssh login. The input data of the algorithm are the packet arrival times and TCP/IP headers of the connection packets at a point along the path of the connection. The algorithm is applied to all connections seen by a network monitor; ssh port 22 connections are classified as client-keystrokes or scp file transfers, and ssh keystroke connections are discovered for all other ports. This forms a network login database that can be further analyzed for network security monitoring and forensics. One application is to an "inside'' network in which the monitor sees all connections between the inside and outside. The model --- which uses the packet sizes, flags, and interarrival times --- first goes through the packets identifying epochs of different activities, and then goes back and uses more detailed information for the classification. Performance from three types of packet traces is excellent. Previous work has proceeded by forming connection summary statistics from the headers and timestamps, and classifying the connection as one with keystrokes or not using the statistics. The RBSA takes on a much more ambitious task of classifying each packet as a client keystroke packet or not, but in the end the classification of the connection has extremely low false positives and false negatives. One important property of the RBSA is that it does not employ packet payload, as is done in some connection-level surveillance methods, so it cannot be defeated by an attacker through payload encryption. A second important property is that the inside network can be a large enterprise, allowing monitoring and forensics across a very large number of hosts from a single device."

Chris Clifton, "Measuring Privacy: A Risk-Based Approach"

Wed, 14 Jan 2009 18:30:00 PST

There have been significant research developments in technology to protect privacy. Unfortunately, few of these have made the transition to practice. A large part of the problem is the lack of an accepted way to measure privacy. Legal and regulatory terms do not translate well into technological solutions, and the plethora of technical approaches do not seem to resonate with privacy advocates. This talk will discuss issues and challenges, with examples of the reason why a clear standard is difficult. A risk-based approach will be presented that allows anonymization based on controlling the potential damage from disclosure. This approach will be compared with more traditional anonymization measures, showing the difficulty of measuring the potential for harm from those measures. This represents joint work with Mehmet Ercan Nergiz (Purdue University) and Maurizio Atzori (University of Pisa).

Ibrahim Baggili, "Extending anonymity research to high-tech white collar crimes and IT Insider threat: A critical step"

Wed, 10 Dec 2008 18:30:00 PST

Theories of deindividuation share common grounds, one of which is anonymity. For decades, it has been hypothesized that anonymity affects human behavior. With the rise of the popularity and development of personal computing, claims are made that individuals perceive themselves to be more anonymous in computer mediated environments. This perception may be a major factor contributing to the engagement of individuals in online antisocial behaviors and in cyber criminal activities like high-tech white collar crimes and Information Technology (IT) insider threat crimes. This talk presents an overview of the literature on anonymity and the deindividuation theory. A philosophical bind is then made between the various effects of anonymity, high-tech white collar crimes and IT insider threat crimes. These philosophical accounts may be used as a cornerstone for scientific research in the new cyber crime phenomenon.

Weidong Cui, "Automatic Signature Generation for Unknown Vulnerabilities"

Wed, 03 Dec 2008 18:30:00 PST

In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen and demonstrated that we can automatically generate the vulnerability signature for a real-world WMF vulnerability given a single malicious WMF file.

Sylvia Osborn, "The Role Graph Model and its Extensions"

Wed, 19 Nov 2008 18:30:00 PST

The Role Graph Model was first introduced by Nyanchama and Osborn in 1994. It has been extended over the years to include parameterized roles, an administrative model and a delegation model. We will show how the semantics of our role graph operations differ from those of the ANSI standard. Then we will discuss how to simulate DAC, and how the underlying basic model helped us to understand and expand the model to deal with delegation. The present and future of RBAC will also be discussed.

John Oritz, "John Oritz, SRA International"

Wed, 12 Nov 2008 18:30:00 PST

Steganography is a discipline of computer science whose aim is to conceal the existence of information. Steganography synergizes various technologies including data compression, digital signal processing, information theory, data networks, cryptography, coding theory, and the human audio and visual system. Strap on your seatbelt. I will present some key concepts of steganography, describe a number of basic and advanced spatial and transform domain techniques (with lots of pictures and sounds for the �attention-challenged�), and demonstrate these techniques using custom steganography software. The demonstrations include a Least Significant Bit (LSB) technique, High-Capacity Hiding in Jpegs, and time modulation in audio.

Scott Orton, "The "merge" of Anti-Tamper and Information Assurance - lessons learned from the Anti-Tamper discipline"

Wed, 05 Nov 2008 18:30:00 PST

Scott Orton is the Anti-Tamper (AT) subject matter expert at Raytheon and was previously responsible for establishing the DOD AT executive agency. Scott will discuss the trends in information security driving the merge of AT and IA. He will also discuss valuable lessons learned from the AT community that have applicability in IA.

Kenji Takahashi, "Trends in Identity Management"

Wed, 29 Oct 2008 17:30:00 PDT

Currently many initiatives are being proposed for identity management, such as OpenID, SAML, CardSpace/Information Cards, and OAuth, as its importance is becoming apparent. Identity management is as an integral part of service infrastructures to make identity available to services across organizations in a secure and privacy protected manner. The identity data are crucial to successfully providing the privileged and personalized experiences for legitimate users of services. Also it is important that the users should have strong control over their identity data to foster a socially responsible service industry. This talk will give an overview of trends in identity management, and illustrate best practices and lessons learned in real settings using case studies. The talk will also highlight standard harmonization (SAML/Liberty, OpenID, CardSpace/Information Cards, etc.) and explore the future research agenda (e.g., mobile applications).

Federica Paci, "Access Control and Resiliency for WS-BPEL"

Wed, 22 Oct 2008 17:30:00 PDT

Business processes �the next generation workflows- have attracted considerable research interest in the last fifteen years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web services, there are many applications and situations requiring that people be considered as additional participants that can influence the execution of a process. Significant omissions from WS-BPEL are the specification of activities that require interactions with humans to be completed, called human activities, and the specification of authorization information associating users with human activities in a WS-BPEL business process and authorization constraints, such as separation of duty, on the execution of human activities. This talk investigates the problem of access control and resiliency for WS-BPEL processes. Access control in the context of business process means checking whether a user claiming the execution of an activity is authorized and the execution does not violate authorization constraints. Resiliency means that even if some users become unavailable, the remaining users can still complete the execution of the process according to the stated authorizations and authorization constraints. We present RBAC-WS-BPEL, an RBAC model for WS-BPEL business processes that supports the specification of resiliency constraints, authorizations and authorization constraints on business process activities. Resiliency constraints are evaluated when a WS-BPEL process is deployed, to check if there is a sufficient number of authorized users to perform the process so that authorization constraints are satisfied and the process terminates even if some users become unavailable. Authorizations and authorization constraints are evaluated whenever a user claims the execution of a business process�s activity to determine if the execution of the activity by the user does not violate any authorization constraints and does not prevent some other subsequent activities from completing.

Adam Dugger, "Signature Analysis Coupled With Slicing Analysis for the Validation of Software"

Wed, 15 Oct 2008 17:30:00 PDT

What if you could determine exactly where, in any compiled binary, a security threat existed? Answering this question has been the fundamental goal of anti-virus software for many years past, with limited success. Instead, what if you could determine not where security threats do exist, but where they could possibly exist? This is certainly a step in the right direction for total software security -- one which puts us well on our way to being able to develop applications safe against hidden malicious code. All of this is possible with the machine code analysis methodology known as Signature Analysis. However, consider the following question: What if you could determine exactly where, in any compiled binary, a security threat might exist, and, further, precisely what this threat might affect later in the application�s execution? This information can be retrieved by combining the capabilities of Code Slicing Analysis with the previously mentioned Signature Analysis. This paradigm not only assists in hardening against currently known threats, but it also identifies areas that are affected by those threats. These principles form the framework for a novel static technique for ensuring software integrity. The goal of this seminar is to present these ideas and to discuss possible future applications.

Yuecel Karabulut, "Measuring the Attack Surfaces of Enterprise Software Systems"

Wed, 08 Oct 2008 17:30:00 PDT

Software vendors have traditionally focused on improving code quality for improving software security and quality. The code quality improvement effort aims toward reducing the number of design and coding errors in software. In principle, we can use formal correctness proof techniques to identify and remove all errors in software with respect to a given specification and hence remove all its vulnerabilities. In practice, however, building large and complex software devoid of errors, and hence security vulnerabilities, remains a very difficult task. Software vendors can minimize the risk associated with the exploitation of future vulnerabilities. One way to minimize the risk is by reducing the attack surfaces of their software. A smaller attack surface makes the exploitation of the vulnerabilities harder and lowers the damage of exploitation, and hence mitigates the security risk. We believe that a complete risk mitigation strategy requires a combination of code quality efforts and attack surface measurement. SAP and CMU collaborated to develop a new attack surface measurement method for measuring the attack surfaces of SAP software systems implemented in Java. We implemented a tool and demonstrated the feasibility of our approach by measuring the attack surface of an SAP software system. In this talk, we will present the attack surface measurement method and report on its application.

Dave Keppler, "Resilient Systems for Mission Assurance"

Wed, 01 Oct 2008 17:30:00 PDT

The ability for information services to continue operating despite attacks is a core enabler of mission assurance goals. Existing security techniques lack this concept of resilience and are inadequate for protecting critical services and data against targeted attacks by sophisticated adversaries. Widely implemented signature and anomaly-based detection techniques fail to keep pace with the advancement of attacker sophistication. Our objective is to develop and prototype resilience techniques that make applications impervious to the damaging effects of attacks without relying on identifying and filtering specific attacks. We employ effects-based countermeasures to impart resilience to applications, creating an environment inhospitable to attack goals, and countering previously unknown attacks on service utility, in particular, code injection and data subversion.

Ashish Kamra, "Responding to Anomalous Database Requests"

Wed, 24 Sep 2008 17:30:00 PDT

Organizations have recently shown increased interest in database activity monitoring and anomaly detection techniques to safeguard their internal databases. Once an anomaly is detected, a response from the database is needed to contain the effects of the anomaly. However, the problem of issuing an appropriate response to a detected database anomaly has received little attention so far. In this work, we propose a framework and a policy language for issuing a response to a database anomaly based on the characteristics of the anomaly. We also propose a novel approach to dynamically change the state of the access control system in order to contain the damage that may be caused by the anomalous request. We have implemented our mechanisms in the PostgreSQL DBMS and we discuss relevant implementation issues. We have also carried out an experimental evaluation to assess the performance overhead introduced by our response mechanism. The experimental results show that the techniques are very efficient.

Shimon Modi, "Fingerprint Sensor Interoperability: Analysis of Error Rates for Fingerprint Datasets Acquired from Multiple Fingerprint Sensors"

Wed, 17 Sep 2008 17:30:00 PDT

The last decade has witnessed a huge increase in deployment of biometric systems, and while most of these systems have been single vendor, monolithic architectures the issue of interoperability is bound to arise as distributed architectures are considered for large scale deployments. The distortions and variations introduced when acquiring fingerprint images propagate from the acquisition subsystem all the way to the matching subsystem. These variations ultimately affect performance rates of the overall fingerprint recognition system. Fingerprint images captured using the same sensor technology during enrollment and recognition phases will introduce similar distortions, thus making it easier to compensate for such distortions and reducing its effect on the performance of the overall fingerprint recognition system. However, an impact on performance is expected, but unpredictable, when different fingerprint sensor technologies are used during enrollment and recognition phases. The purpose of this study was to examine the effect of sensor dependent variations and distortions, characteristics of the sensor and characteristics of the finger skin on the interoperability matching error rates of minutiae based fingerprint recognition systems. Fingerprint images were be collected from 9 different fingerprint sensors from 190 subjects for analysis of this research study. A statistical analysis framework for testing interoperability was formulated for this research, which included parametric and non-parametric tests. The statistical analysis framework tested similarity of minutiae count, similarity of image quality and similarity of performance between native and interoperable datasets. Interoperability performance analysis was conducted on each sensor dataset and also by grouping datasets based on the acquisition technology and interaction type of the acquisition sensor. The end objective of this study was to provide greater insight into the effect of a fingerprint dataset acquired from various sensors on performance measured in terms of error rates like false non match rates (FNMR) and false match rates (FMR).

Dennis Moreau, "Virtualization: Resource Coupling and Security across the Stack"

Wed, 10 Sep 2008 17:30:00 PDT

Virtualization technology can deliver better IT asset utilization, more agile IT asset allocation, more efficient use of resources, while supporting a potentially more secure IT infrastructure. Virtualization accomplishes these benefits by leveraging mechanisms which provide a) asset isolation, b) resource sharing and c) provisioning dynamics. This session will address how to use configuration and behavioral information to address the increased complexity of security, compliance and risk assessment in virtualized environments. Comprehensive security and risk situation awareness of more dynamic, more interdependent, and more insulated assets, will allow enterprises to take fuller advantage of the promised benefits of virtualization. This session will also briefly address extension of these considerations to the cloud and utility computing infrastructures.

Gabriel Ghinita, "Private Queries in Location Based Services: Anonymizers are not Necessary"

Wed, 03 Sep 2008 17:30:00 PDT

Mobile devices equipped with positioning capabilities (e.g., GPS) can ask location-dependent queries to Location Based Services (LBS). To protect privacy, the user location must not be disclosed. Existing solutions utilize a trusted anonymizer between the users and the LBS. This approach has several drawbacks: (i) All users must trust the third party anonymizer, which is a single point of attack. (ii) A large number of cooperating, trustworthy users is needed. (iii) Privacy is guaranteed only for a single snapshot of user locations; users are not protected against correlation attacks (e.g., history of user movement). We propose a novel framework to support private location-dependent queries, based on the theoretical work on Private Information Retrieval (PIR). Our framework does not require a trusted third party, since privacy is achieved via cryptographic techniques. Compared to existing work, our approach achieves stronger privacy for snapshots of user locations; moreover, it is the first to provide provable privacy guarantees against correlation attacks. We use our framework to implement approximate and exact algorithms for nearest-neighbor search. We optimize query execution by employing data mining techniques, which identify redundant computations. Contrary to common belief, the experimental results suggest that PIR approaches incur reasonable overhead and are applicable in practice.

Minaxi Gupta, "Exploitable Redirects on the Web: Identification, Prevalence, and Defense"

Wed, 27 Aug 2008 17:30:00 PDT

Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this work, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects. This work was presented at the USENIX Workshop On Offensive Technologies (WOOT) in July, 2008. Subsequently, several online press venues have covered it, including The Washington Post, SC Magazine, and Herald Times.

Jacob West, "Static source code analysis"

Wed, 16 Apr 2008 17:30:00 PDT

Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis tool We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.

Jack Jones, "Shifting focus: Aligning security with risk management"

Wed, 09 Apr 2008 17:30:00 PDT

With few exceptions, executive management doesn�t care about security. They care about risk. In this session, Jack will discuss the differences and share his experiences in taking the information security program at a Fortune 100 financial services company from a security focus to one of risk management. This presentation will cover why the change took place, how it took place (what worked and what didn�t), and the practical benefits that resulted.

Hao Chen, "Exploiting Opportunistic Scheduling in Cellular Data Networks"

Wed, 02 Apr 2008 17:30:00 PDT

Third Generation (3G) cellular networks utilize time-varying and location-dependent channel conditions to provide broadband services. They employ opportunistic scheduling to efficiently utilize spectrum under fairness or QoS constraints. Opportunistic scheduling algorithms rely on collaboration among all mobile users to achieve their design objectives. However, we demonstrate that rogue cellular devices can exploit vulnerabilities in opportunistic scheduling algorithms, such as Proprotional Fair (PF), to usurp the majority of time slots in 3G networks. Our simulations show that only five rogue device per 50-user cell can use up to 90% of the time slots, and can cause 2 seconds of end-to-end inter-packet transmission delay on VoIP applications for every user in the same cell, rendering VoIP applications useless. To defend against these attacks, we explore several detection and prevention schemes, including modifications to the PF scheduler and a secure handoff procedure. This is a joint with with Denys Ma, Radmilo Racic, and Xin Liu.

Sencun Zhu, "Towards Event Source Location Privacy in Wireless Sensor Networks"

Wed, 26 Mar 2008 17:30:00 PDT

For sensor networks deployed to monitor and report real events, event source location privacy is an attractive and critical security property, which unfortunately is also very difficult and expensive to achieve. This is not only because adversaries may attack against sensor source privacy through traffic analysis, but also because sensor networks are very limited in resources. In this talk, we will discuss the techniques we have developed for enhancing source location privacy in sensor networks under a global adversarial model. Specifically, we will propose the notion of statistically strong source anonymity, where carefully chosen dummy traffic will be introduced to hide the real event sources. In addition, several privacy-preserving mechanisms will be employed to drop dummy messages on their roads to the base station to prevent explosion of network traffic.

Daniel Hoffman, "Hacking the Mobile Workforce"

Wed, 05 Mar 2008 18:30:00 PST

Companies spend millions of dollars implementing security technologies to protect their corporate networks. Laptop computers and other mobile devices lose this protection once they leave the confines of the corporate office. This presentation will define mobility-related threats, show live hacks and define best security practices to address these risks, with a particular focus on Network Access Control and NAP technologies.

Buzz Walsh, "Managing Security Polarities"

Wed, 27 Feb 2008 18:30:00 PST

There is inherent tension between network performance and security. With the rapidly evolving drive for military and economic data being accessible via Service Oriented Architectures, the import of securing such data is increasing and the consequences for a security breach often are detailed in our daily media. Complex security architectures are maturing, but broad questions remain about how to certify or accredit the transactions occurring in Net-Centric Enterprise Services. This presentation does not propose a solution and is intended to motivate discussion, collaboration and directed research.

Ta-Wei "David" Wang, "Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents"

Wed, 20 Feb 2008 18:30:00 PST

This paper investigates the relationship between information security related disclosures in financial reports and the impacts of information security incidents through cross-sectional and cluster analysis. First, by drawing upon the theories of disclosures in the accounting literature, we examine the effect of the number of disclosures on stock price reactions to information security incidents from 1997 to 2006. Our findings suggest that first-time disclosed information security risk factors in financial reports can mitigate the impact of information security incidents on business value. Second, a cluster analysis is performed on the disclosures in financial reports before and after the incidents. The results demonstrate that companies react to information security incidents by disclosing additional and more specific risk factors in subsequent financial reports. A prediction model is also built to classify disclosures as a belonging to a firm reported in the as breached or non-breached. The model can correctly classify a disclosure with approximately 75% accuracy which help investors and auditors assess information provided by the firm. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors.

Myron Cramer, "Beyond the Enclave: Evolving Concepts in Security Architectures"

Wed, 13 Feb 2008 18:30:00 PST

This presentation discusses evolving concepts in security architectures. Current security architectures are based on the enclave architecture model. This model organizes and separates networked information systems into trusted, untrusted, and shared areas. Security components are located within these areas to provide the required security services based upon system requirements. While this model has many advantages in a basic client server business model, it has limitations with the evolving need to share information. This talk discusses the enclave security architecture and how it is implemented within enterprise networks. It also discusses information sharing needs that are difficult to meet within the constructs of the enclave as well as some of the security limitations of the enclave model. Potential solutions include incorporating new architectural concepts and new technologies to provide a greater variety of robust enterprise implementation options.

Anand Singh, "What are CSO's thinking about? Top information security initiatives for 2008 and beyond �"

Wed, 30 Jan 2008 18:30:00 PST

2006 and 2007 were seminal years which saw emergence of several information security threats and significant data breaches. The media focus on various incidents have made consumers much more aware of information security and hence, any significant security breach results in a significant loss of brand image. As a result, corporate boards are demanding more information security controls as a part of their risk management oversight. This has forced a rethink among the C-suite executives and has increased the importance of information security in their eyes. The CSO's are seeing an elevation in prestige and importance and are becoming empowered to contribute to the organizational strategy by defining information security as a part of organizational governance and risk management framework. The objectives of this talk are two fold. First, the focus will be on practical aspects of information security in most organizations. I will describe how Information Security is becoming a more central function and how the organizational roles and responsibilities are transforming as a result. Second, I will talk about the top information security initiatives for 2008 and what is driving those including examples and explanations of what transpired in several security breaches. Some of those initiatives are governance, wireless security, hardening of network infrastructure and data loss prevention. Throughout this talk, where applicable, I will also identify information security challenges that have not proven tractable in the hope that it will help inspire research ideas.

Edward W. Felten, "Electronic Voting: Danger and Opportunity"

Wed, 23 Jan 2008 18:30:00 PST

Electronic voting machines have made our elections less reliable and less secure, but recent developments offer hope of a better system in the future. Current research offers the hope of a future voting system that is more reliable and more secure than ever before, at reasonable cost, by combining high-tech and low-tech methods so that each can compensate for the weaknesses of the other. This talk will sketch what this future might look like, and will highlight some of the research that may make it possible.

Paul Syverson & Roger Dingledine, "Tor: Anonymous communications for government agencies, corporations, journalists... and you"

Wed, 16 Jan 2008 18:30:00 PST

What do the Department of Defense and the Electronic Frontier Foundation have in common? They have both funded the development of Tor (torproject.org), a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 1500 volunteer servers carry traffic for several hundred thousand users including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, law enforcement and government intelligence agencies who need to do operations on the Internet without being noticed, and aid workers in the Middle East who need to contact their home servers without fear of physical harm. We'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and policy and legal issues. Then we can open it up for discussion about open research questions, wider social implications, and other topics the audience wants to consider.

Eric Cole, "Security in a Changing World"

Wed, 09 Jan 2008 18:30:00 PST

While the world is constantly changing, the core principles of security have not changed that much, yet organizations are stilling be compromised. This talk will look at some of the problems in cyber space and some unique solutions for securing information.

Ventkat Venkatakrishnan, "CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations"

Wed, 28 Nov 2007 18:30:00 PST

SQL injection attacks are one of the topmost threats for applications written for the Web. These attacks are launched through specially crafted user input on web applications that use low level string operations to construct SQL queries. In this talk, I will present a novel and powerful scheme for automatically transforming web applications to render them safe against all SQL injection attacks. A characteristic diagnostic feature of SQL injection attacks is that they change the intended structure of queries issued. Our technique for detecting SQL injection is to dynamically mine the programmer-intended query structure on any input, and detect attacks by comparing it against the structure of the actual query issued. We propose a simple and novel mechanism for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs. This mechanism is theoretically well founded and is based on inferring intended queries by considering the symbolic query computed on a program run. Our approach has been implemented in a tool called CANDID that retrofits Web applications written in Java to defend them against SQL injection attacks. We report experimental results that show that our approach performs remarkably well in practice. (Joint work with Sruthi Bandhakavi, Prithvi Bisht and P. Madhusudan)

Steve Myers, Indiana University, "Wireless Router Insecurity: The Next Crimeware Epidemic"

Wed, 14 Nov 2007 18:30:00 PST

The widespread adoption of home routers by the general public has added a new target for malware and crimeware authors. A router's ability to manipulate essentially all network traffic coming in to and out of a home, means that malware installed on these devices has the ability to launch powerful Man-In-The-Middle (MITM) attacks, a form of attack that has previously been largely ignored. Making matters worse, many homes have deployed wireless routers which are insecure if the attacker has geographic proximity to the router and can connect to it over its wireless channel. However, some have downplayed this risk by suggesting that attackers will be unwilling to spend the time and resources necessary, nor risk exposure to attack a large number of routers in this fashion. In this talk, we will consider the ability of malware to propagate from wireless router to wireless router over the wireless channel, infecting large urban areas where such routers are deployed relatively densely. We develop an SIR epidemiological model, and use it to simulate the spread of malware over major metropolitan centers in the US. Using hobbyist collected wardriving data from Wigle.net and our model, we show the potential for the infection of tens of thousands of routers in short periods of time is quite feasible. We consider simple prescriptive suggestions to minimize the likelihood that such attacks are ever performed. Next, we show a simple yet worrisome attacks that can easily and silently be performed from infected routers. We call this attack 'Trawler Phishing'. The attack generalizes a well understood failure of many web-sites to properly implement SSL, and allows attackers to harvest credentials from victims over a period of time, without the need to use spamming techniques or mimicked, but illegitimate web-sites, as in traditional phishing attacks, bypassing the most effective phishing prevention technologies. Further, it allows attackers to easily form data-portfolios on many victims, making collected data substantially more valuable. We consider prescriptive suggestions and countermeasure for this attack. The work on epidemiological modeling is joint work with Hao Hu, Vittoria Colizza and Alex Vespignani. The work on trawler phishing is joint work Sid Stamm.

Richard Thieme, "Security, Soft Boundaries, and oh-so-subtle Strategies:How to Play Chess While the Board is Disappearing"

Wed, 07 Nov 2007 18:30:00 PST

Non-state and state intelligence are converging in a context of fluid boundaries. It is increasingly difficult to know who is inside and who is not. Creating a trusted network does not resolve the most critical security problems because those problems begin at the interface of the network and the human user. The identity and intention of that human user is critical, but that is often what is most difficult to discern. This emergent world of ambiguous boundaries and multiple identities challenges our models and descriptions of the playing field. Even with a program, we can't always tell the players, because both players and program are morphing. And it's worse than that: the ethical guidelines of the past, rooted in religious systems thousand of years old, are going through the looking-glass, too, along with the structures of spirituality and religion. Identity-shift applies to God and Self as well as the social and cultural structures in which they are embedded. This speech confronts the transformation of the structures in which we live, identifies some consequences of identity-shift, and distinguishes the business of security from the myths of the security business. It points to new ways to organize our lives that complement rather than replace traditional methods of defending electronic and human networks.

Abhilasha Bhargav-Spantzel, "Protocols and Systems for Privacy Preserving Protection of Digital Identity"

Wed, 31 Oct 2007 17:30:00 PDT

In order to support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management systems manage the digital identity life cycle of individuals that includes issuance, usage and revocation of digital identifiers. Identity management systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. One major shortcoming of current approaches is the lack of strong verification techniques for management and protection of digital identifiers. Moreover current identity management systems do not consider neither biometric nor history-based identifiers. Both biometric and history-based identifiers are increasingly becoming an integral part of an individual's identity. Such types of identity data also need to be used with other digital identifiers and protected against misuse. In this presentation I introduce a number of techniques that address the above problems. The approach is based on the concept of privacy preserving multi-factor identity verification. The main technique consists of verifying multiple identifier claims of an individual, without revealing extraneous identity information. A distinguishing feature of our approach is that we employ identity protection and verification techniques at all stages of the identity life cycle. In addition we develop techniques to use biometrics in a secure and privacy preserving manner. We also enhance our approach with the use of history-based identifiers.

George Heron, "Secure Virtualization"

Wed, 24 Oct 2007 17:30:00 PDT

The potential for security to be tightly integrated into virtual machine technology is an exciting prospect. Not only does virtualization offer IT departments the opportunity to reduce costs, but it also offers increased agility. Now that application vendors are coming to understand the benefits of virtual machine technology, the technical world has also started to take note of supplementary services, such as security products and functions, which can also reside in these virtualized environments. Heron will discuss the future of security in virtualized environments and how IT professionals can take a Security Risk Management (SRM) approach to securing their virtual machines.

Srdjan Capkun, "From Securing Navigation Systems to Securing Wireless Communication"

Wed, 17 Oct 2007 17:30:00 PDT

Recent rapid development of wireless networks of sensors, actuators and identifiers dictates the digitalization of our physical world and the creation of the "internet of things". In this new internet, each wireless device will sense and provide contextual information, of which crucial component are locations of devices and objects. In this talk, we present recent research results in secure computation and verification of locations of wireless devices: we show that current localization systems are highly vulnerable to attacks and we demonstrate that out solutions can prevent these attacks. We further illustrate how location-awareness can help in solving some of the fundamental security challenges of wireless networks, e.g., enabling authenticated and confidential communication without pre-shared keys of credentials.

Neil Daswani, "What Every Engineer Needs To Know About Security And Where To Learn It"

Wed, 10 Oct 2007 17:30:00 PDT

This talk discusses how engineers can go about learning what they need to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. I'll review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. I'll present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, I'll discuss the current state of security education, and provide pointers to certification programs, books, and organizations where engineers can learn more.

David Ehinger, "The Effect of Rootkits on the Corporate Environment"

Wed, 26 Sep 2007 17:30:00 PDT

Jill Frisby, "Protecting Data Privacy: A Practical Guide to Managing Risk"

Wed, 19 Sep 2007 17:30:00 PDT

Protecting valuable information assets, including personal data about employees, students, customers, and medical patients, is an enterprise-wide responsibility. Like all components of good corporate governance, it begins with senior leadership establishing a culture of awareness about the importance of safeguarding these assets, and extends through coordinated actions among all business units, divisions, and departments. When creating data privacy programs, organizations should align them with their strategic enterprise risk management objectives and follow a top-down approach to achieve the greatest benefit. This presentation will focus on a practical approach to data privacy, that seeks to understand the business needs for data and align a data privacy protection program to those needs. Effective programs prevent companies from ending up in the news, disclosing a data loss, by enabling its employees to stay vigilant for situations where data may be at risk. Topics to be discussed include: * The Goals of an Effective Data Privacy Program * Current Data Privacy Landscape * Common Privacy Program Pitfalls * Key Components of a Successful Data Privacy Program * The Top Down Data Privacy Risk Assessment * Data Privacy Roles and Responsibilities * High Level Roadmap and Ideas to Consider for Future Strategy

Ron Buskey, " Security issues within embedded software development"

Wed, 12 Sep 2007 17:30:00 PDT

Software development processes and tools used for small communication devices have changed significantly over the years. Some of these practices and processes have resulted in improvements in quality and time to market for their target products, but in some cases have unintended results for the security and trustedness of those same products. This talk will look at several of these practices and approaches that can drive improvements in quality and productivity metrics for embedded communication software development teams yet create vulnerabilities and/or weaken the security architecture for those products.

Yvo Desmedt, "Applying Recreational Mathematics to Secure Multiparty Computation"

Wed, 05 Sep 2007 17:30:00 PDT

The problem of a mice traveling through a maze is well known. The maze can be represented using a planar graph. We present a variant of the maze. We consider a grid vertex colored planar graph in which an adversary can choose up to t colors and remove all vertices that have these colors and their adjacent edges. We call the grid in which these vertices and adjacent edges are removed a reduced grid. The problem is that a mice must be able to move in the reduced grid from the first row to the last row, and from the first column to the last column, and this for all possible reductions. We present three types of solutions to construct such grids. The efficiency of these solutions is discussed. The problem finds its origin in the problem of secure multiparty computation. Imagine going to a medical doctor in Iraq who needs to prescribe some medication, which might be counterindicated. The typical solution is to disclose all medical records to the doctor. If secure multiparty computation would be used, the medical doctor in Iraq only learns from the distributed medical databases whether the medication is, or is not, counterindicated. We consider the problem of parties each having a secret belonging to a non-abelian group. The parties want to compute the product of these secrets without leaking anything that does not follow trivially from the product. Our solution is black box, i.e., independent of the non-abelian group. This has applications to threshold block ciphers and post-quantum cryptography.

Klemens Boehm, "Towards Effective and Efficient Behavior-based Trust Models"

Wed, 29 Aug 2007 17:30:00 PDT

Trust models have been touted to facilitate cooperation among unknown entities. In our current work, we are interested in behavior-based trust models, i.e., models that derive the trustworthiness of an entity from its behavior in previous interactions. Existing proposals in this field typically feature one specific trust model. Further, various publications exist which have proposed different centrality measures to rank individuals, i.e., compute their reputation based on feedback, and have demonstrated their effectiveness in certain (rather specific) situations. This presentation in turn proposes a framework for behavior-based trust models for open environments with the following distinctive characteristic. Based on a relational representation of behavior-specific knowledge, we propose a trust-policy algebra allowing for the specification of a wide range of trust policies. Since the evaluation of the standing of an entity requires centrality indices, we propose a first-class operator of our algebra for their computation. The presentation concludes with an objective comparison of the effectiveness of the various centrality measures in reputation systems.

Bill Horne, "Role Discovery"

Wed, 22 Aug 2007 17:30:00 PDT

The first step in migrating to a role based access control (RBAC) system, is role development, in which teams of people meticulously define sets of roles that meet the needs of an organization's security and business requirements. Because it is so labor intensive, role development is the most expensive step in migrating to RBAC. In this talk, I will describe an approach called role discovery to help assist with the role development process. We attack the problem by finding simplifications of a bipartite graph that models the existing access control rules. Biclique covers of this graph are a fundamental tool in our approach. I will describe some of the theoretical background of this problem as well as some experimental results testing the approach on several real-world datasets.

Umut Topkara, "Passwords Decay, Words Endure: Towards Secure and Re-usable Multiple Password Mnemonics"

Wed, 25 Apr 2007 17:30:00 PDT

Human aspects of information security were identified at the early stages in the history of time shared computing. The recent surge in attacks that exploit security vulnerabilities involving human factors have also put them under the spotlight of various research fields including human-computer interaction, information security and cognitive science. The human centered vulnerabilities involve an interplay of a broad range of actors from Information Technology specialists (who might mis-configure the security hardware and software or enforce impractical security policies) to end users (who might have a poor understanding of good security practices or not know the possible impact of weak security). This talk will focus on human aspects of authentication mechanisms. I will present two methods that we have developed to reinforce the security of existing systems by improving their usability. Previous studies have repeatedly shown that users find it taxing to remember truly random passwords. Many users choose easy to guess --therefore not secure-- passwords, since they require the least effort to recall. Experienced users adopt "mnemonic phrases" to generate and easily recall more secure passwords. However, regularity in the human languages may render such passwords vulnerable against a brute force attack. In the first part of the talk, I will present a method that we developed to automatically generate mnemonic phrases which can yield secure passwords in an effort to increase the usability of text password authentication. Many computer users need to remember a multiplicity of usernames and passwords for different systems, and the users tend to reuse passwords across these systems which may have different security guarantees. In such cases remembering a different mnemonic phrase for each password does not scale and quickly becomes a challenging task. In the second part of the talk, I will present a scheme that helps the users remember a multiplicity of truly random passwords. The new scheme is applicable to an existing password authentication system without any modification, as it does not require any form of involvement from the service provider (e.g., bank, brokerage). Nor does it require the user to have any computing device at hand (not even a calculator). The scheme is such that changes to passwords do not necessitate a change in what the user remembers. Hence, passwords can be frequently changed without any additional burden on the memory of the user, thereby increasing the system's security.

Mercan Topkara, "Hiding the Message Behind the Words: Advances in Natural Language Watermarking"

Wed, 18 Apr 2007 17:30:00 PDT

The Internet has become one of the main sources of knowledge acquisition, harboring resources such as online newspapers, web portals for scientific documents, personal blogs, encyclopedias, and advertisements. It has become a part of our daily life to search and access this immense amount of online information, and more recently we have also started to contribute to this pool of information our own creativity in the form of text, images and video. Unfortunately, it is still an open question as to how we, as authors, can control the way that the information we create is distributed or re-used. Rights management problems are serious for text since it is much easy for other people to download and manipulate copyrighted text from Internet and later re-use it free from control. There is a need for a rights protection system that ``travels with the content''. Digital watermarking is an information hiding mechanism that embeds the copyright information in the document. Besides traveling with the content of the documents, digital watermarks are also imperceptible (i.e., seamless) to the user, which makes the process of removing them from the document challenging. Using linguistic features for information hiding into natural language text is an exciting and new idea. This talk begins with a short survey of existing technologies in natural language watermarking, and then focuses on a recently developed natural language watermarking system that is practical, easy-to-use and provides resilience to attacks through the use of ambiguity in natural language. The talk is aimed for a general audience, and will be self-contained covering the necessary background information.

Dr. Charles P. Pfleeger, "Dumb Ideas in Computer Security"

Wed, 11 Apr 2007 17:30:00 PDT

Every profession goes through mistakes and unwise steps, especially in its early years. It is through trial and error that leaders and innovators of the profession are able to advance knowledge. Computer security is no exception. Both insiders' and outsiders' choices have held back and even harmed the state of computing. Of course, hindsight is usually more accurate than foresight. This talk picks a handful of ideas that in retrospect have turned out dumb, ideas such as compound complexity, single-state hardware, downloaded code, and incomplete mediation. For each idea we will see from where the idea came, why it is unwise, and why we should have known better. From these examples, we will see how better choices can be made in the future.

Dr. Albert M. K. Cheng, "Automatic Debugging and Verification of RTL-Specified Real-Time Systems via Incremental Satisfiability Counting and On-Time and Scalable Intrusion Detection in Embedded Systems"

Wed, 28 Mar 2007 17:30:00 PDT

Abstract 1: Real-time logic (RTL) is useful for the verification of a safety assertion with respect to the specification of a real-time system. Since the satisfiability problem for RTL is undecidable, the systematic debugging of a real-time system appears impossible. With RTL, each propositional formula corresponds to a verification condition. The number of truth assignments of a propositional formula can help us determine the specific constraints which should be added or modified to derive the expected solutions. This talk describes this debugging approach and how it can be embedded into autonomous systems. We have implemented a tool called ADRTL for automatic debugging of RTL specifications. The confidence of our approach is high as we have effectively evaluated ADRTL on several existing industrial applications, including the NASA X-38 Crew Return Vehicle avionics. Abstract 2: Embedded systems are becoming ubiquitous and are increasingly interconnected or networked, making them more vulnerable to security attacks. A large class of these systems such as SCADA and PCS has real-time and safety constraints. Therefore, in addition to satisfying these requirements, achieving system security emerges as a critical challenge to ensure that users can trust these embedded systems to perform correct operations. One objective in a secure system is to identify attacks by detecting anomalous system behaviors. This part of the talk describes the challenges in the design and implementation of such intrusion detection system (IDS), addressing (1) accuracy: the IDS identifies no or as few false positives as the resource (time, space, power, etc.) and/or policy constraints allow, and no or as few false negatives as the resource and/or policy constraints allow; (2) efficiency/timeliness: the IDS does not violate the host embedded system's application deadlines and has a reasonable space overhead; (3) scalability: the IDS can scale to work with large embedded systems; and (4) power-awareness: the IDS does not significantly reduce the operational period of battery-powered embedded systems. We conclude with an outline of one of several promising embedded IDS approaches under investigation. This approach is based on automatic rule-base generation and semantic analysis.

Dan Geer, "A quant looks at the future"

Wed, 21 Mar 2007 17:30:00 PDT

If there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management.

Eugene Schultz, "Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls"

Wed, 07 Mar 2007 18:30:00 PST

Over the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages.

Bhavani Thuraisingham, "Assured Information Sharing between Trustworthy, Semi-trustworthy and Untrustworthy Coalition Partners"

Wed, 28 Feb 2007 18:30:00 PST

Data mining is the process of posing queries and extracting patterns, often previously unknown from large quantities of data using pattern matching or other reasoning techniques. Data mining has many ap-plications in security including for national security as well as for cyber security. The threats to national security include attacking buildings, destroying critical infrastructures such as power grids and telecom-munication systems. Data mining techniques are being investigated to find out who the suspicious people are and who is capable of carrying out terrorist activities. Cyber security is involved with protecting the computer and network systems against corruption due to Trojan horses, worms and viruses. Data mining is also being applied to provide solutions such as intrusion detection and auditing. The first part of the presentation will discuss my joint research with Prof. Latifur Khan and our students at the University of Texas at Dallas on data mining for cyber security applications For example; anomaly detection techniques could be used to detect unusual patterns and behaviors. Link analysis may be used to trace the viruses to the perpetrators. Classification may be used to group various cyber attacks and then use the profiles to detect an attack when it occurs. Prediction may be used to determine potential future attacks depending in a way on information learnt about terrorists through email and phone conversations. Data mining is also being applied for intrusion detection and auditing. Other applications include data mining for malicious code detection such as worm detection and managing firewall policies. This second part of the presentation will discuss the various types of threats to national security and de-scribe data mining techniques for handling such threats. Threats include non real-time threats and real-time threats. We need to understand the types of threats and also gather good data to carry out mining and obtain useful results. The challenge is to reduce false positives and false negatives. The third part of the presentation will discuss some of the research challenges. We need some form of real-time data mining, that is, the results have to be generated in real-time, we also need to build models in real-time for real-time intrusion detection. Data mining is also being applied for credit card fraud de-tection and biometrics related applications. While some progress has been made on topics such as stream data mining, there is still a lot of work to be done here. Another challenge is to mine multimedia data including surveillance video. Finally, we need to maintain the privacy of individuals. Much research has been carried out on privacy preserving data mining. In summary, the presentation will provide an overview of data mining, the various types of threats and then discuss the applications of data mining for malicious code detection and cyber security. Then we will discuss the consequences to privacy.

Howard Schmidt, "Cyber Security and the "NEW" world enterprise"

Wed, 21 Feb 2007 18:30:00 PST

As cyber security has evolved in the new world of distributed computing there have been dramatic changes to the nature of our security needs. Mr. Schmidt will talk about issues that affect large enterprises, small and medium business and end users. He will talk about common threats, and the possibility of frameworks which would protect ourselves, our civil rights and our privacy while ensuring improved security.

Stuart Shapiro, "Scenario-Driven Construction of Enterprise Information Policy"

Wed, 07 Feb 2007 18:30:00 PST

Information policy at the enterprise level is invariably an exercise in gaps and inconsistencies. The range of concerns�including security�is broad, the environment tends to be heterogeneous and dispersed, the contextual scope is significant, and the stakeholders are numerous. MITRE ran headlong into this problem as it set about conceiving and implementing a new enterprise IT architecture, with questions increasingly raised regarding what policies the new architecture had to be capable of supporting. The MITRE Information Policy Framework (MIPF) is the mechanism MITRE developed to answer these questions. The MIPF supports systematic, structured analysis and formulation of information policy in five areas: security, privacy, management, stewardship, and sharing. This presentation will discuss the structure and use of the MIPF, with an emphasis on security requirements.

Chris Clifton, "Mathematically Defining Privacy"

Wed, 31 Jan 2007 18:30:00 PST

Computer systems ease the sharing and use of information, but accessibility of information leads to privacy concerns. Technology is being developed to address this issue - enabling use of information while controlling the disclosure. But is this enough to protect privacy? How do we even know if it is enough? This talk will survey recent developments in privacy and anonymity technology, emphasizing the variety of privacy definitions, their benefits, and their weaknesses.

Wojciech Szpankowski, "WHAT IS INFORMATION?"

Wed, 24 Jan 2007 18:30:00 PST

Information permeates every corner of our lives and shapes our universe. Understanding and harnessing information holds the potential for significant advances. The breadth and depth of underlying concepts of the science of information transcend traditional disciplinary boundaries of scientific and commercial endeavors. Information can be manifested in various forms: business information is measured in dollars; chemical information is contained in shapes of molecules; biological information stored and processed in our cells prolongs life. So what is information? In this talk we first attempt to identify the most important features of information and define it in the broadest possible sense. We subsequently turn to the notion and theory of information introduced by Claude Shannon in 1948 that served as the backbone for digital communication. We go on to bridge Shannon information with Boltzmann's entropy, Maxwell's demon, Landauer's principle and Bennett's irreversible computations. We point out, however, that while Shannon created a successful and beautiful theory of information for communication, a wide spread application of information theory to economics, biology, life science and complex networks seems to be still awaiting us. We shall discuss some examples that recently crop up in biology, chemistry, computer science, and quantum physics. We conclude with a list of challenges for future research. We hope to put forward some educated questions, rather than answers, to the issues and tools that lay before researchers interested in information.

Vipin Swarup, "Research Challenges in Assured Information Sharing"

Wed, 17 Jan 2007 18:30:00 PST

Assured information sharing has been a "grand challenge" problem of information security for several decades. Currently, there is broad consensus that the state-of-practice of information sharing is inadequate. One primary problem is that people on the field (e.g., soldiers, firefighters) have mission-critical need for sensitive information but are often among the least trusted principals in their organizations and hence do not receive the information. Another problem is that data producers claim ownership of the data they produce and place sharing constraints on that data despite the competing interests of multiple parties over that data. In this talk, we highlight these and other problems and discuss a wide range of technical solutions that are needed. We elaborate on the need to balance the risks of sharing data with the risks of not sharing data and present several proposed approaches for doing so. We also describe how obligation policies play an important role in addressing some information sharing issues.

Virginia Rezmierski, "Computer-Related Incidents: Factors Related to Cause and Prevention"

Wed, 10 Jan 2007 18:30:00 PST

Computer-related incidents that have the potential to destabilize, violate, or damage, the resources, services, policies, or data of the community or individual members of the community are happening in increasing numbers. Despite the news, we know that they are happening not just in academia which has been painted as insecure and wide-open, but in corporate and not-for-profit environments as well. We have inclinations about what is causing these incidents, but now we also have facts. While we look for technical fixes to the problems, the real factors that are related to the cause of these incidents may not be technical at all, but rather human. This presentation will discuss the "Computer Incident Factor Analysis and Categorization Project", CIFAC, which was carried on at the University of Michigan under funding from the National Science Foundation. Dr. Rezmierski will present the project findings and will discuss what they mean for colleges, universities, corporations, not-for-profit organizations and individuals. The presentation will include discussion of actual incidents, the statistical methodology and findings, and the recommendations put forward by the researcher team.

Marc Rogers, " The Psychology of Computer Deviance: How it can assist in digital evidence analysis."

Wed, 06 Dec 2006 18:30:00 PST

The talk will look at the phenomenon of deviant computer behavior and how understanding the individuals who engage in this behavior can benefit digital evidence investigations. A brief overview of the current research on computer deviance will be presented. An investigative process model will also be introduced that will assist in the investigation and analysis of computer crimes.

Dongyan Xu, "OS-Level Taint Analysis for Malware Investigation and Defense"

Wed, 29 Nov 2006 18:30:00 PST

The Internet is facing threats from increasingly stealthy and sophisticated malware. Recent reports have suggested that new computer worms and malware deliberately avoid fast massive propagation. Instead, they lurk in infected machines and inflict contaminations over time, such as rootkit and backdoor installation, botnet creation, and data/identity theft. In defense against Internet malware, the following tasks are critical: (1) raising timely alerts to trigger a malware investigation, (2) determining the break-in point of malware, i.e. the vulnerable software via which the malware initially infiltrates the victim, and (3) identifying all contaminations inflicted by the malware during its residence in the victim. In this talk, I will present Process Coloring, an information flow-preserving, provenance-aware approach to malware investigation. In particular, I will demonstrate that through the preservation and tainting of malware break-in provenance along OS-level information flows, malware investigators will be able to improve the efficiency and effectiveness of existing log-based intrusion investigation tools. Furthermore, process coloring brings the new capability of runtime malware alert, which cannot be achieved by existing log-based tools. I will also present results of our experiments with a number of real-world Internet worms as well as a highly tamper-resistant implementation of process coloring using virtualization-based techniques.

Richard Power, "One Step Forward, Two Steps Back, or Two Steps Forward, One Step Back: A Ten Year Retrospective on Cyber Crime and Cyber Security (1996-2006)"

Wed, 15 Nov 2006 18:30:00 PST

This presentation explores the evolution of cyber crime and cyber security as global issues over the past decade. It examines the growth of cyber bank robbery, cyber extortion, identity theft, economic espionage, denial of service, cyber vandalism, cyber stalking and other criminal endeavors. It also sheds a harsh light on corporate and government response to these problems: technologies, organization, professional issues, awareness and education, etc. The presentation includes a compelling timeline, explores fascinating case studies and also provides real-world cyber security recommendations for governments, businesses and families.

David Zage, "Mitigating Attacks Against Measurement-Based Adaptation Mechanisms in Unstructured Multicast Overlay Networks"

Wed, 08 Nov 2006 18:30:00 PST

Many multicast overlay networks maintain application-specific performance goals such as bandwidth, latency, jitter and loss rate by dynamically changing the overlay structure using measurement- based adaptation mechanisms. This results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays. In this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. The attacks target the overlay network construction, maintenance, and availability and allow malicious nodes to control significant traffic in the network, facilitating selective forwarding, traffic analysis, and overlay partitioning. We propose techniques to decrease the number of incorrect or unnecessary adaptations by using outlier detection. We demonstrate the attacks and mitigation techniques in the context of a mature, operationally deployed overlay multicast system, ESM, through real- life deployments and emulations conducted on the PlanetLab and DETER testbeds, respectively.

Paula DeWitte, "Developing an Operational Framework for Integrated System Security"

Wed, 01 Nov 2006 18:30:00 PST

Systems are composed of multiple complex levels including the physical infrastructure, personnel or �humans-in-the-loop�, administration policies and procedures, computers, networks, and the communication protocols for connectivity that tie the system into a workable unit. Each aspect is in itself a complex system. When we consider system security, we tend to focus on the electronic components�the connectivity, computers, and network�over the non-electronic. Although we rigorously implement security in the various system components, the security is rarely integrated across the boundaries of the entire system spectrum. We tend to implement security on the distinct levels of the system without considering the impact or interaction with other system levels. For example, we may fully implement encryption, passwords, and firewalls and feel that our electronic systems are secure, while the weakest link may be staff members who fall victim to social engineering techniques and unknowingly reveal sufficient information to allow a perpetrator to circumvent our best security. Or we may have fortified computer systems and well trained personnel, but neglect the fact that we are being monitored through the building�s walls, floors, and windows. Without true understanding of the nature of the interactions of the system, we cannot fully understand how vulnerabilities in one level of the system such as the physical infrastructure can be exploited to allow attacks on another level such as the computer networks. By taking advantage of these vulnerabilities, perpetrators are able to circumvent even the most effective computer and network security, breach that security, and achieve their goals. We only need to consider the current challenges of insider threats or threats from coordinated attacks on the physical infrastructure and the computer networks to appreciate the need for better integrated system security. Our goal is to provide analytical tools for the real world, focusing on the decision makers who implement security policies across the system spectrum. Further, to be effective, these analytical tools must be implemented within an organizing framework that provides both an integrated view of security as well as the insight and understanding necessary to make effective security issues. This necessitates the development of step-by-step processes for analyzing and implementing security decisions. While this may seem to be a soft and less complete technical solution, it is actually implementing technology at the highest level because of the integration required to address each aspect of the system as well as the multi-disciplinary approach blending computer science, engineering, psychology, linguistics, and management in developing such analytic tools. This presentation will discuss work in progress in developing these analytical tools as well as the overarching framework for implementing integrated system security. Our intention is to understand �what can be� or �what could happen�. With this insight, they can more effectively provide prevention, protection, or remediation strategies.