April 18 - April 21: Conference
Cyber-Physical Systems Week 2017
CPS Week is the premier event on Cyber-Physical Systems. It brings together five top conferences, HSCC, ICCPS, IoTDI, IPSN, and RTAS, multiple workshops, tutorials, summits, and various exhibitions from both industry and academia. Altogether the CPS Week program covers a multitude of complementary aspects of CPS, and reunites the leading researchers in this dynamic field. CPS Week welcomes IoTDI as the newest conference member.March 27: Distinguished Seminar
Speaker: Nick Nikiforakis, Assistant Professor, Stony Brook University
Abstract forthcoming.March 20: Distinguished Seminar
Speaker: Xinming Ou, Associate Professor, University of South Florida
Abstract and speaker bio forthcoming.March 6: Distinguished Seminar
Reasoning about Internet abuse through the eyes of DNS
Speaker: Manos Antonakakis, Assistant Professor, Georgia Institute of Technology
The Domain Name System (DNS) is a critical component of the Internet. The critical nature of DNS often makes it the target of direct cyber-attacks and other forms of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit network operations. For example, modern malware and Internet fraud techniques rely upon the DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for the information stolen from the victim's computer and to manage subsequent updates to their malicious toolset.
In this talk I will discuss how we can reason about Internet abuse using DNS. First I will argue why the algorithmic quantification of DNS reputation and trust is fundamental for understanding the security of our Internet communications. Then, I will examine how DNS traffic relates to malware communications. Among other things, we will reason about data-driven methods that can be used to reliably detect malware communications that employ Domain Name Generation Algorithms (DGAs) --- even in the complete absence of the malware sample. Finally, I will conclude my talk by proving a five year overview of malware network communications. Through this study we will see that (as network security researchers and practitioners) we are still approaching the very simple detection problems fundamentally in the wrong way.February 20: Distinguished Seminar
What if Computers Understood Privacy Policies? And, What if They Knew What We Care About?
Speaker: Norman Sadeh
In today’s data-centric economy issues of privacy are becoming increasingly complex to manage. This is true for users who are often feeling helpless when it comes to understanding and managing the many different ways in which their data can be collected and used. But it is also true for developers, service providers, app store operators and regulators. A significant source of frustration has been the lack of progress in formalizing the disclosure of data collection and use practices. These disclosures today continue to primarily take the form of long privacy policies, which very few people actually read.
What if computers could actually understand the text of privacy policies? In this talk, I will report on our progress developing techniques to do just that and will discuss the development and piloting of tools that build on these technologies. This includes an overview of a compliance tool for mobile apps. The tool automatically analyzes the code of apps and compares its findings with disclosures made in the text of privacy policies to identify potential compliance violations. I will report on a study of about 18,000 Android apps. Results of the study suggest that compliance issues are widespread.
In the second part of this talk, I will discuss how using machine learning we can also build models of people’s privacy preferences and help them manage their privacy settings. This will include an overview of our work on Personalized Privacy Assistants. These assistants are intended to selectively notify their users about data collection and use practices they may find egregious and are also capable of helping their users configure available privacy settings. We will review results of a pilot involving one such assistant developed to help users manage their mobile app permissions. I will conclude with a discussion of ongoing work to extend this functionality in the context of Internet of Things scenarios.
The Legacy of Export-grade Cryptography in the 21st Century
Speaker: Nadia Heninger, Assistant Professor, University of Pennsylvania
To comply with 1990s-era US export restrictions on cryptography, early versions of SSL/TLS supported reduced-strength ciphersuites that were restricted to 40-bit symmetric keys and 512-bit RSA and Diffie-Hellman public values. Although the relevant export restrictions have not been in effect since 2000, modern implementations often maintain support for these cipher suites along with old protocol versions.
In this talk, I will discuss recent attacks against TLS (FREAK, Logjam, and DROWN) demonstrating how server-side support for these insecure ciphersuites harms the security of users with modern TLS clients. These attacks exploit a combination of clever cryptanalysis, advances in computing power since the 1990s, previously undiscovered protocol flaws, and implementation vulnerabilities.January 27: Celebration
Privacy Day 2017
Join us on January 27, 2017 for CMU Privacy Day 2017 at Carnegie Mellon University. CMU Privacy Day celebrates the International Data Privacy Day with a schedule of privacy-related events.
Data Privacy Day is an international effort to empower and educate people to protect their privacy and control their digital footprint. For more information, please visit StaySafeOnline.orgJanuary 23: Distinguished Seminar
Bottom Line Security - Improving Cybersecurity by Understanding Costs and Benefits
Speaker: Chris Kanich, Assistant Professor, University of Illinois at Chicago
Abstract and speaker bio forthcoming.
December 5: Distinguished Seminar
Balancing Privacy and Functionality - Secure Communication with Middleboxes
Speaker: David Naylor, PhD Candidate in the School of Computer Science
We are clearly moving toward an Internet where encryption is ubiquitous—by some estimates, more than half of all Web traffic is HTTPS, and the number is growing. This is a win in terms of privacy and security, but it comes at the cost of functionality and performance, since encryption blinds middleboxes (devices like intrusion detection systems or web caches that process traffic in the network). In this talk I will describe two recent and ongoing projects exploring techniques for including middleboxes in secure sessions in a controlled manner. The first is a protocol, developed in collaboration with Telefónica Research and called Multi-Context TLS (mcTLS), that adds access control to TLS so that middleboxes can be added to a TLS session with restricted permissions. The second, which is ongoing work with Microsoft Research, explores bringing trusted computing technologies like Intel SGX to network middleboxes.November 28: Distinguished Seminar
Instinctive Computing - A Biomorphic Approach for Security, Privacy and Intelligence
Speaker: Yang Cai
Algorithms in nature are simple and elegant yet ultimately sophisticated. All behaviors are connected to the basic instincts we take for granted. The biomorphic approach attempts to connect artificial intelligence to primitive intelligence. It explores the idea that a genuinely intelligent computers will be able to interact naturally with humans. To form the bridge, computers need the ability to recognize, understand, and even have instincts similar to living creatures. In this talk, I will introduce the theoretical models in my new book "Instinctive Computing" and a few real-world applications, including visual analytics of dynamic patterns of malware spreading, SQL and DDOS attacks, IoT data analysis in a smart building, speaker verification on mobile phones, privacy algorithms for the microwave imaging in airports and the privacy-aware smart windows for the autonomous light-rail transit vehicles in downtown Singapore.November 7: Distinguished Seminar
CARDINAL - Similarity Analysis to Defeat Malware Compiler | Glowworm: A Fast Hash for Jam-Resistant Communication
Speaker: Martin Carisle, Director of Academic Affairs and Teaching Professor, INI
Authors of malicious software, or malware, have a plethora of options when deciding how to protect their code from network defenders and malware analysts. For many static analyses, malware authors do not even need sophisticated obfuscation techniques to bypass detection, simply compiling with different flags or with a different compiler will suffice. We propose a new static analysis called CARDINAL that is tolerant of the differences in binaries introduced by compiling the same source code with different flags or with different compilers. We accomplished this goal by finding an invariant between these differences. The effective invariant we found is the number of arguments to a call, or callsite parameter cardinality (CPC). Per function, we concatenate all CPC's together and add the result into a Bloom filter. Signatures constructed in this manner can be quickly compared to each other using a Jaccard index to obtain a similarity score. We empirically tested our algorithm on a large corpus of transformed malware and found that using a threshold value of 0.15 for determining a positive or negative match yielded results with a 11% false negative rate and a 11% false positive rate. Overall, we both demonstrate that CPC's are a telling feature that can increase the efficacy of static malware analyses and point the way forward in static analyses.October 31: Distinguished Seminar
Internet privacy - Towards more transparency
Speaker: Balachander Krishnamurthy, Researcher at AT&T Labs
Internet privacy has become a hot topic recently with the radical growth of Online Social Networks (OSN) and attendant publicity about various leakages. For the last decade we have examined aggregation of user's information by a steadily decreasing number of entities as unrelated Web sites are browsed. I will present results from several studies on leakage of personally identifiable information (PII) via Online Social Networks and popular non-OSN sites. Linkage of information gleaned from different sources presents a challenging problem to technologists, privacy advocates, government agencies, and the multi-billion dollar online advertising industry. Economics might hold the key in increasing transparency of the largely hidden exchange of data in return for access of so-called free services. I will also talk briefly about transient online social networks and doing privacy research at scale. Recently we have been pursuing data transparency by directly funding research projects around the world.October 24: Distinguished Seminar
When Electronic Privacy Gets Physical - Privacy in the Age of Sensors
Speaker: Apu Kapadia, Associate Professor at Indiana University Bloomington
As high-fidelity sensors such as always-on cameras and microphones become more common place, we will need to reconsider our notions of privacy. How will people react to constant surveillance by their peers ("sousveillance") and what technical solutions can enhance privacy in this new age? I will highlight some of our interdisciplinary research on answering and addressing these questions in the context of wearable cameras. I will also talk about how cameras can enhance privacy, e.g., by aiding populations with visual impairments with a visual assessment of their surroundings.October 17: Distinguished Seminar
Ironclad - Full Verification of Complex Systems
Speaker: Bryan Parno, Researcher, Security & Privacy Research Group, Microsoft Research
The Ironclad project at Microsoft Research is using a set of new and modified tools based on automated theorem proving to build Ironclad services. An Ironclad service guarantees to remote parties that every CPU instruction the service executes adheres to a high-level specification, convincing clients that the service will be worthy of their trust. To provide such end-to-end guarantees, we built a full stack of verified software. That software includes a verified kernel; verified drivers; verified system and cryptography libraries including SHA, HMAC, and RSA; and four Ironclad Apps. As a concrete example, our Ironclad database provably provides differential privacy to its data contributors. In other words, if a client encrypts her personal data with the database's public key, then it can only be decrypted by software that guarantees, down to the assembly level, that it preserves differential privacy when releasing aggregate statistics about the data.October 10: Distinguished Seminar
The Three T’s of a Cyber Security Program
Speaker: Jim Routh, CSO, Aetna
This session introduces essential ingredients for any cyber security program called the Three T’s of Cyber Security: Talent, Tools and Techniques. Jim Routh, the CSO for Aetna and board member of both the NH-ISAC and FS-ISAC will share his perspective on which of the three T’s is the most significant. He will share specific processes and methods in place today for Aetna demonstrating the importance of “un-conventional” controls to change the rules for threat adversaries providing specific examples of innovative use of early stage technology solutions.October 3: Distinguished Seminar
Characterizing and Mitigating AS-based Timing Attacks on the Tor Network
Speaker: Phillipa Gill, Assistant Professor, University of Massachusetts
Traffic correlation attacks to de-anonymize Tor users are possible when an adversary is in a position to observe traffic entering and exiting the Tor network. Recent work has brought attention to the threat of these attacks by network-level adversaries (e.g., Autonomous Systems). We perform a historical analysis to understand how the threat from AS-level traffic correlation attacks has evolved over the past five years. We find that despite a large number of new relays added to the Tor network, the threat has grown. This points to the importance of increasing AS-level diversity in addition to capacity of the Tor network.
We identify and elaborate on common pitfalls of AS-aware Tor client design and construction. We find that succumbing to these pitfalls can negatively impact three major aspects of an AS-aware Tor client -- (1) security against AS-level adversaries, (2) security against relay-level adversaries, and (3) performance. Finally, we propose and evaluate a Tor client -- Cipollino -- which avoids these pitfalls using state-of-the-art in network-measurement. Our evaluation shows that Cipollino is able to achieve better security against network-level adversaries while maintaining security against relay-level adversaries and performance characteristics comparable to the current Tor client.September 26 - September 28: Conference
2016 CyLab Partners Conference
The CyLab Partners Conference will be held September 26-28 at the main CMU campus in Pittsburgh, PA. Attendance is limited, exclusively, to representatives of CyLab's corporate partners and Carnegie Mellon University CyLab.
Not a CyLab partner? There is still time to experience this unique conference and learn how your company can benefit from becoming a CyLab partner. Contact Associate Director of Partnership Development, Michael Lisanti at ...@andrew.cmu.edu or 412-268-1870.September 25: Conference
CyLab Recruitment Reception
An opportunity for partners to meet and recruit CyLab students. Early access to recruit CyLab students is a benefit of partnership. This pilot event will help showcase CyLab's security and privacy students from the Information Networking Institute, Electrical and Computer Engineering department, and Computer Science department.
Not a CyLab partner? There is still time to experience this unique conference and learn how your company can benefit from becoming a CyLab partner. Contact Associate Director of Partnership Development, Michael Lisanti at ...@andrew.cmu.edu or 412-268-1870.September 14 - September 16: CERT Training
Creating a Computer Security Incident Response Team
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.September 13 - June 13: CERT Training
Creating a Computer Security Incident Response Team
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.July 14: Research Talk
Retrofitting Privacy into Traditional Operating Systems
Speaker: Kaan Onarlioglu, PhD Student at Northeastern University
With the scale of sensitive information processed and stored on computers today, implementing and maintaining application-specific privacy features is inefficient and bug prone. While it would be a relatively straightforward task to build a secure computing environment from the ground up, a significant challenge is to design privacy-enhancing techniques compatible with already widely-deployed operating systems, which also do not require modifications to existing user space software. In this talk I will present two systems to retrofit novel, application-agnostic privacy features into traditional operating systems: 1) PrivExec is an operating system service that allows a "private browsing mode-like" execution platform for arbitrary applications. 2) Overhaul is a user-driven access control architecture, where access to privacy-sensitive resources is mediated based on the temporal proximity of user inputs to access requests. I will present operating system-independent designs for the two systems, and then demonstrate with concrete Linux implementations that low-complexity, low-overhead, and high-usability privacy defenses can be integrated into existing operating systems.June 21 - June 23: CERT Training
Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis. The course builds on core forensic topics to provide a process for conducting more complete incident response and forensic analysis investigations. The goal of the course is to advance collection and processing skills of the students by outlining a structured process or flow to an incident response and intrusion investigation. Students will learn the pros and cons of common evidence collection measures and forensic analysis steps, methods for organizing analysis to identify relevant evidentiary data, and common areas containing items of evidentiary value to further their investigations.June 7 - June 8: CERT Training
ATAM Evaluator Training
The SEI Architecture Tradeoff Analysis Method (ATAM) is a proven, highly effective method for systematically evaluating software architectures for fitness of purpose. The ATAM exposes architectural risks that potentially inhibit the achievement of quality attribute goals and the system's business/mission goals. Government and industry organizations have used the ATAM for more than 10 years to improve communication, expose architectural risks, clarify requirements, and produce better systems.May 25 - May 26: CERT Training
Software Architecture Design and Analysis
This two-day course provides in-depth coverage of the concepts needed to effectively design and analyze a software architecture. The essential considerations for defining any architecture are carefully examined and then illustrated through application of the SEI Attribute-Driven Design (ADD) software architecture design method. This course also explores architecture analysis in-depth and introduces the SEI Quality Attribute Workshop (QAW) and the SEI Architecture Tradeoff Analysis Method (ATAM). Through multiple exercises, participants study an application of these methods and get a chance to apply them to sample problems.May 16 - May 20: CERT Training
Advanced Incident Handling
This five-day course, designed for computer security incident response team (CSIRT) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures.April 25: Distinguished Seminar
Using Malware Analysis Results to Identify Overlooked Security Requirements
Speaker: Nancy Mead
Despite the reported attacks on critical systems, operational techniques such as malware analysis are not used to inform early lifecycle activities, such as security requirements engineering. In our CERT research, we speculated that malware analysis reports (found in databases such as Rapid 7), could be used to identify misuse cases that pointed towards overlooked security requirements. If we could identify such requirements, we thought they could be incorporated into future systems that were similar to those that were successfully attacked. We defined a process, and then sponsored a CMU MSE Studio Project to develop a tool. We had hoped that the malware report databases were amenable to automated processing, and that they would point to flaws such as those documented in the CWE and CAPEC databases. It turned out to not be so simple. This talk will describe our initial proposal, the MSE Studio project and tool, student projects at other universities, and the research remaining to be done in both the requirements and architecture areas.April 18: Distinguished Seminar
Speaker: Colonel Mary Lou Hall, United States Army War College Fellow in ISP, Dietrich College
The strategic miscalculation of Iraq’s Weapons of Mass Destruction (WMD) threat in 2003 provides a staggering example of how even very experienced leaders can be blinded by the foundational psychological effects that give rise to bias. This historical example further begs the question, ‘Could modern predictive analytics, such as machine learning, close the WMD information gap, if faced today?’ Army leaders want to understand the benefits and limitations of advancements in predictive analytics as well as in behavioral psychology in order to understand the implications for decision-making competence. U.S. commanders need both a structured approach for decision-making (ways), and the ability to leverage advanced analytical capability (means) in order to achieve operational understanding (ends). This talk offers a structured approach to decision-making that embeds a methodology for Red Teaming to address foundational behavioral psychology effects. In addition, I will offer a strategy for deploying tailored technical teams to provide commanders with access to relevant data, resources and skills to perform advanced analytical methods, including machine learning. It is in applying technological advances in big data to the crucible of ground combat that the Army can fulfill its role for the nation, and maintain competitive advantage.April 4: Distinguished Seminar
Indoor Localization or - How I learned to stop worrying and love the clock
Speaker: Anthony Rowe
In this talk, I will provide a brief overview of the state-of-the-art with respect to indoor location tracking and discuss two new systems that that are able to precisely localize mobile phones as well as low-power tags. The first is a hybrid Bluetooth low-energy and near ultrasonic beaconing platform that is able to provide sub-meter accuracy to standard smartphones. The platform leverages the phone’s IMU as well as constraints derived from building floor plans to not only localize its self, but also apply range-based SLAM techniques for bootstrapping its own infrastructure. The second platform leverages emerging Chip Scale Atomic Clocks (CSACs) and ultra wide-band (UWB) radios to create distributed networks that are able to coordinate at a level that used to be only possible with large, power-hungry and cost prohibitive atomic clocks. With sub-nanosecond time synchronization accuracy and extremely low drift rates, it is possible to dramatically reduce communication guard-bands and perform accurate speed-of-light Time-of-Arrival (TOA) measurements across distributed wireless networks.March 28: Distinguished Seminar
Using Unsupervised Big-Data Analytics to Detect Sleeper Cells Among Billions of Users
Speaker: Yinglian Xie, CEO and Founder, DataVisor
Today’s consumer-facing online services are measured by the size and growth of their user account base, as users are both contributors of content as well as a channel for monetization. Despite being their backbone, these user accounts are also their “Achilles heel” — well-organized crime rings leverage compromised or fraudulent accounts to hide amongst billions of benign users, waging a variety of large-scale attacks.
In this talk, I will present the anatomy of modern attacks and the sophisticated attack techniques that we have observed across a number of services, including social networking, gaming, financial, ecommerce and other vertical markets. I will then discuss the new challenges we face to defend against these attacks in the billion user era. Finally I’ll outline the directions pursued by DataVisor through unsupervised big data analytics to detect and mitigate large attack campaigns early, without prior knowledge of attack patterns.March 21: Distinguished Seminar
Making Password Checking Systems Better
Speaker: Tom Ristenpart, Associate Professor, Cornell Tech
Most computing systems still rely on user-chosen passwords to authenticate access to data and systems. But passwords are hard to use, easy to guess, and tricky to securely store. In practice one sees high failure rates of (legitimate) password login attempts, as well as a never-ending stream of damaging password database compromises. I will present a sequence of new results that target making password authentication systems better.
We will look at how to address concerns in three areas: (1) usability by way of easy-to-deploy typo-tolerant password authentication validated using experiments at Dropbox; (2) hardening password storage against cracking attacks via our new Pythia crypto service; and, time allowing, (3) building cracking-resistant password vaults via a new cryptographic primitive called honey encryption.
The talk will cover joint work with Anish Athayle, Devdatta Akawhe, Joseph Bonneau, Rahul Chatterjee, and Ari Juels.February 29: Distinguished Seminar
ISSTAC - Integrated Symbolic Execution for Space-Time Analysis of Code
Speaker: Corina Pasareanu
Abstract and Speaker Bio Forthcoming.Attacks relying on the inherent space-time complexity of algorithms used for building software systems are gaining prominence. When an adversary can inexpensively generate inputs that induce behaviors with expensive space-time resource utilization at the defender's end, in addition to mounting denial-of-service attacks, the adversary can also use the same inputs to facilitate side-channel attacks in order to infer some secret from the observed system behavior. Our project, ISSTAC: Integrated Symbolic Execution for Space-Time Analysis of Code, aims to develop automated analysis techniques and implement them in an industrial-strength tool that allows the efficient analysis of software (in the form of Java bytecode) with respect to these problems rapidly enough for inclusion in a state-of-the-art development process.February 15: Distinguished Seminar
Building a Software Security Program - Effective Risk Management for IT Security
Speaker: Steve Lipner, former Partner Director of Software Security, Microsoft
The growing frequency and severity of cybersecurity incidents has led government and private sector organizations to seek better ways to protect their systems and information. Many of these organizations have begun by adopting risk management frameworks as a way of structuring their approach to security. But risk management is only effective if it is informed by deep understanding of attacks and the ways to defend against them. The history and structure of successful software security programs shows how technical understanding can be integrated into risk management decisions. This talk will summarize the history of a typical software security program and outline principles by which understanding of attacks and defenses combined with continuous improvement leads to effective risk management.February 8: Distinguished Seminar
The Global DDoS Threat Landscape
Speaker: Scott Iekel-Johnson, Sr. Product Manager, Arbor Networks
Distributed Denial of Service (DDoS) attacks continue to grow in size, frequency, and complexity, and can affect any resource on the Internet, from the largest to the smallest, at any time. Motivations for attacks vary widely, from the personal to online activism to political or economic espionage to organized crime. In spite of their pervasiveness, the commercial or political sensitivities of DDoS attack targets often mean that the precise nature and impact of these attacks are hidden from view. Likewise, network operators are frequently reluctant to share details of their defense strategies for fear of giving attackers an added advantage. While understandable, this results in a siloing of expertise, preventing effective collaboration between network operators and the security research community to provide better strategies to defeat these attacks. Arbor Networks has been working with network operators, both service providers and enterprises, for the last 15 years to develop effective protection strategies for these attacks. This talk will pull back the curtain on DDoS attack experience and practice, providing an overview of Arbor Network's latest research into DDoS attack trends and discuss current operational best practices for how global network operators detect and mitigate DDoS attacks.January 28: Celebration
Data Privacy Day 2016
Join us on January 28, 2016 for CMU Privacy Day 2016 at Carnegie Mellon University. CMU Privacy Day celebrates the International Data Privacy Day with an exciting schedule of privacy-related events.
Data Privacy Day is an international effort to empower and educate people to protect their privacy and control their digital footprint. For more information, please visit StaySafeOnline.orgJanuary 25: Distinguished Seminar
Don’t Be Tomorrow’s Boiled Frog - Cyber Risk Appetite for Executives
Speaker: Earl Crane, Founder and CEO, Emergent Network Defense, Inc.
The past few years have seen a focus on cybersecurity risk management by executive leadership that increasingly have a fiduciary requirement to establish a risk appetite and manage their cybersecurity risk profile. High-profile retail breaches like Target demonstrated the inherent risks of third party connections. Destructive corporate breaches like those at Sony, Sands Casino, and Saudi Aramco demonstrated the initiative of nation-states to attack private corporations for political reasons. The root cause of every one of these breaches can be attributed not to technical failures, but to a failure in governance—a shortcoming to manage cybersecurity risks. Cybersecurity risk appetite is quickly becoming an integrated function to an organizations holistic enterprise risk management program. Organizations frequently have many of the right technical tools deployed to manage cybersecurity risk, but are not instrumented and deployed in the most effective way. This talk will provide real-world insights to instrumenting cybersecurity risk appetite as a risk management tool.