CERIAS Weekly Security Seminar - Purdue University

Reputation systems are crucial to online platforms' health. They are prevalent across online marketplaces and social media platforms either visibly (e.g., as star ratings and badges) or invisibly as signals that feed into recommendation engines. In theory, good behavior (e.g., honest, accurate, high-quality) begets high reputation, while poor behavior is deterred and pushed off the platform.  In this talk, I will discuss how these systems seem to fulfill this mission only coarsely. On one platform, we were able to predict 2 times more suspensions than the reputation system in place using other public signals. On another study, we found that users with high reputation signals were suspended at significantly lower rates (up to 3 times less) for the same number of offenses and behavior as regular users, which suggests they may be impairing content moderation efforts. I will provide some hypotheses to explain these results and offer preliminary findings from current work. About the speaker: Alejandro is a 5th year PhD student at Carnegie Mellon University in Societal Computing, advised by Prof. Nicolas Christin. He is interested in measuring social influence in online communities adjacent to underground economies. His recent work focuses on how reputation is leveraged in anonymous marketplaces, p2p marketplaces, and cryptocurrency communities. He is a recipient of a CMU Cylab Presidential Fellowship, as well as a IEEE S&P Distinguished Paper Award. Prior to CMU, he obtained a B.S. from The Pennsylvania State University, where he worked with Prof. Peng Liu and Prof. Xinyu Xing on a variety of systems security projects. A Paraguayan native, Alejandro has been invited to talk about his work at the Paraguayan Central Bank and the Paraguayan National Police.

The frequency, materiality, and impact of cybersecurity incidents is at a level that the business world has never seen before. CISOs are at the forefront of this. The speaker has experience with developing cybersecurity products and managing IT infrastructure and security from startup to massive scale. The talk will go through the roles, responsibilities, rewards, and perils, of being a CISO in a modern enterprise software company in these turbulent times. We will explore some hard problems that need to be solved for the good guys to continue winning. About the speaker: Sanket Naik is the founder and CEO at Palosade, building modern AI-powered cyber threatintelligence solutions to defend companies from AI-weaponized adversaries. Heenjoys giving back to startups through investing and advisory roles.Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS inCS  from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

In the realm of risk, cybersecurity is a fairly new idea. Most people currently entering the cybersecurity profession do not remember a time when cybersecurity was not a major concern. Yet at the time of this writing, reliance on computers to run business operations is less than a century old. Prior to this time, operational risk was more concerned with natural disasters than man-made ones. Fraud and staff mistakes are also part of operational risk, so as dependency on computers steadily increased from the 1960s through the 1980s, a then-new joke surfaced: To err is human, but if you really want to screw things up, use a computer.Foundational technology risk management concepts have been in place since the 1970s, but the tuning and the application of these concepts to cybersecurity were slow to evolve. Yet there is no doubt that cybersecurity risk management tools and techniques have continuously improved.. Although the consequences of cybersecurity incidents have become dramatically more profound over the decades, available controls have also become more comprehensive, more ubiquitous, and more effective. This seminar is intended to make the fundamentals of cybersecurity risk management visible to those who are contributing to it, and comprehensible to those looking in from the outside. Like any effort to increasing visibility, increasing transparency in cybersecurity requires clearing out some clouds first. That is, in the tradition of Spaf's recent book on the topic*,  busting some cybersecurity management myths that currently cloud management thinking about cybersecurity and replacing them with risk management methodologies that work.*Spafford, G., Metcalf, L. and Dykstra, J. (2022). Cybersecurity Myths and Misconceptions, Avoiding the Hazards and Pitfalls that Derail Us. Addison-Wesley. About the speaker: Dr. Jennifer L. Bayuk, Ph.D. is experienced in a wide variety of cybersecurity positions, including Wall Street Chief Information Security Officer, Global Bank Operational Risk Management, Financial Services Internal Audit, Big 4 Information Systems Risk Management, Bell Labs Security Software Engineer, Risk Management Software Company Founder, and Expert Witness.Author of multiple textbooks and articles on a variety of cybersecurity topics and is a frequent contributor to Cybersecurity Conferences, Boards, Committees, and educational forums.Jennifer has created curriculum on numerous information security, cybersecurity, and technology risk topics for conferences, seminars, corporate training, and graduate-level programs. Adjunct Professor at Quinnipiac University, Kean University, and Stevens Institute of Technology.She has a BS in Computer Science and Philosophy from Rutgers University, MS (1992) in Computer Science  and a PhD (2012) in Systems Engineering from Stevens Institute of Technology.

We must be methodical and intentional about how Artificial Intelligence (AI) systems are designed, developed, deployed, and operationalized, particularly in critical infrastructure contexts. CISA, the UK-NCSC, and our partners advocate a secure by design approach where security is a core requirement and integral to the development of AI systems from the outset, and throughout their lifecycle, to build wider trust that AI is safe and secure to use. This talk will focus on challenges and opportunities in the secure deployment, operation, and maintenance of AI software systems. The talk will use publications on the practice of coordinated vulnerability disclosure as a motivating example. About the speaker: Dr. Jonathan Spring is a cybersecurity specialist in the Cybersecurity and Infrastructure Security Agency. Working within the Cybersecurity Division's Vulnerability Management Office, his area of focus includes researching and producing reliable evidence to support effective cybersecurity policies at various levels of vulnerability management, machine learning, and threat intelligence.Prior to joining CISA, Jonathan held positions in the Computer Emergency Response Team (CERT) division of the Software Engineering Institute (SEI) at Carnegie Mellon University and was adjunct professor at the University of Pittsburgh's School of Information Sciences.

Tensor decomposition is a powerful unsupervised machine learning method used to extract hidden patterns from large datasets. This presentation aims to illuminate the extensive applications and capabilities of tensors within the realm of cybersecurity. We offer a comprehensive overview by encapsulating a diverse array of capabilities, showcasing the cutting-edge employment of tensors in the detection of network and power grid anomalies,identification of SPAM e-mails, mitigation of credit card fraud, and detection of malware. Additionally, we delve into the utility of tensors for classifying malware families, pinpointing novel forms of malware, analyzing user behavior,and utilizing tensors for data privacy through federated learning techniques. About the speaker: Maksim E. Eren is an early career scientist in A-4, Los Alamos National Laboratory (LANL) Advance Research in Cyber Systems division. He graduated Summa Cum Laude with a Computer Science Bachelor's at University of Maryland Baltimore County (UMBC) in 2020 and Master's in 2022. He is currently pursuing his Ph.D. at UMBC's DREAM Lab, and he is a Scholarship for Service CyberCorps alumnus. His interdisciplinary research interests lie at the intersection of machine learning and cybersecurity, with a concentration in tensor decomposition. His tensor decomposition-based research projects include large-scale malware detection and characterization, cyber anomaly detection,data privacy, text mining, and high performance computing. Maksim has developed and published state-of-the-art solutions in anomaly detection and malware characterization. He has also worked on various other machine learning research projects such as detecting malicious hidden code, adversarial analysis of malware classifiers, and federated learning. At LANL, Maksim was a member of the 2021 R&D 100 winning project SmartTensors, where he has released a fast tensor decomposition and anomaly detection software, contributed to the design and development of various other tensor decomposition libraries, and developed state-of-the-art text mining tools.

In the course of the talk I'll discuss current authentication challenges, the looming problem with cracking public key encryption, and short and medium term recommendations to help folks stay secure. About the speaker: Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things.  This involves technology, policy, and procedures, and impacts acquisition/development through deployment, operations, maintenance, and replacement or retirement. During his five-decade IT career, Bill has worked as an application programmer with the John Hancock Insurance company; an OS developer, tester, and planner with IBM; a research director and manager at Gartner for the Information Security Strategies service and the Application Integration and Middleware service, and served as CTO of Waveset, an identity management vendor acquired by Sun. At Trend Micro, Bill provided research and analysis of the current state and future trends in information security. He participates in the ISO/IEC 62443 standards body and the CISA ICSJWG on ICT security. He runs his own consulting business providing information security, disaster recovery, identity management, and enterprise solution architecture services. Bill has over 180 publications and has spoken at numerous events worldwide. Bill attended MIT, majoring in Mathematics. He is a member of CT InfraGard and ISACA.

Exploitations in cybersecurity continue to increase in sophistication and prevalence.  The purpose of this talk is to discuss how the evolution of malware has led to increased exploitation and then discuss ways to enhance the cybersecurity paradigm. About the speaker: Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University.  He earned his undergraduate degree in Computer Science and Master's Degrees in Computer Science, Information Systems Engineering, and Operational Art and Strategy. Solomon routinely develops new cyber security tools and presents his research, leads workshops, and delivers keynote addresses at cyber security conferences around the world.   Prior to attending Purdue, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy and Research Scholar at the University of Southern California, Los Angeles.   Solomon's previous keynote and conference engagements include: DEFCON and BlackHat USA in Las Vegas, NV, SecTor Canada, Hack in Paris and LeHack, France, HackCon Norway, ICSIS – Toronto, ICORES Italy, BruCon Belgium, CyberCentral – Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf - France, CyberSecuritySummit Texas, SANS Digital Forensics Summit, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, TakeDownCon Connecticut, Maryland, and Alabama, and AFCEA – Colorado Springs and Indianapolis.  

Evil has been lurking in the Internet since its inception.  The IETF recognized this, releasing RFC 3514 on the evil bit.  Unfortunately it isn't widely adopted, so we have to find our evil in other ways.  Grepping is a time honored way of finding needles in haystacks, so let's see how much evil we can find in the DNS haystack...And can we answer the question of "Why is it so easy?" About the speaker: Leigh Metcalf is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity (CERT) division. CERT is composed of a diverse group of researchers, software engineers, and security analysts who are developing cutting-edge information and training to improve the practice of cybersecurity. Before joining CERT, Leigh spent more than 10 years in industry working as a systems engineer, architect, and security specialist.

The field of cybersecurity is constantly evolving, and Device Fingerprinting (DFP) has emerged as a crucial technique for identifying network devices based on their unique traffic data.This is necessary to protect against sophisticated cyber-attacks. However,automating device classification is complex, as it involves a vast and diverse feature space derived from various network layers, such as application,transport, and physical. With the advances in machine learning and deep learning, DFP has become more accurate and adaptable, integrating multi-layered data and emphasizing the need to balance robust security measures. The study of DFP, especially in the context of emerging protocols like HTTP/2 and HTTP/3,remains a critical area of research in cybersecurity. This talk focuses on enhancing real-time threat detection while navigating the challenges of scalability. About the speaker: Dr. Sandhya Aneja is a researcher, inventor, and computer scientist with a strong passion for teaching. She is an Assistant Professor at Marist College in Poughkeepsie, NY,and was a Visiting Research Scholar at the Department of Computer Science, Purdue University. She has over 15 years of experience teaching computer science to undergraduate and graduate students at the University of Delhi and the University of Brunei.As a researcher, she contributed to developing a mobile application to facilitate the matching of interests on available mobile devices and allow exchanging of messages and files. The application allows broadcasting names and a limited number of keywords representing users' interests without any connection in a nearby region. The broadcasting region creates a mobile wireless network limited by the Wi-Fi region that is around 200 meters. She also received a US Patent on this technology.As a computer scientist, she has received project funding from the University of Delhi as PI and the Universityof Brunei as co-PI. She has extensively worked on Brunei government-funded projects with IBM Researchers. She is also a contributor to Sandia and DARPA-funded projects at Purdue University.

Advanced Persistent Threat (APT) attacks are increasingly targeting modern factory floors. Recovery from a cyberattack is a complex task that involves identifying the root causes of the attack in order to thoroughly cleanse the compromised systems and remedy all vulnerabilities. As a result, the provenance analysis, which can correlate individual attack footprints and thus "connect the dots", is very much desired. Provenance analysis has been well studied in traditional IT systems, yet the OS-level attack model, prior work employs, cannot effectively capture application semantics in physical control systems. Recent efforts have been made to develop custom provenance models that uniquely represent physical attacks in cyber-physical systems. Nevertheless, existing techniques still fall short due to their unreliable semantic recovery, inability to reconstruct process contexts, and lack of cross-domain causality tracking. In this talk, we present ICSTracker, which aims to enable provenance analysis in the new setting of industrial IoT. To recover the physical semantics of controller routines, we utilize data mining to identify function call sequences that align with specific physical actions. To establish the process contexts, we resort to the data access patterns in controller code to discover and keep track of critical state variables that are shared among multiple iterations of control logic. To uncover the methods attackers employ in exploiting digital vulnerabilities to cause physical damage, we perform a cross-domain causality analysis, associating controller operations with OS-level events through their mutual access to shared digital assets. We have implemented and tested ICSTracker in a FischerTechnic testbed. Our preliminary results are promising, demonstrating that ICSTracker can precisely capture cross-domain cyber-physical attacks in a semantics and context-aware fashion. About the speaker: Mu Zhang is an Assistant Professor with the Kahlert School of Computing at the University of Utah. Zhang works at the unique intersection between systems security and cyber-physical systems. He is the lead PI of the DARPA HACCS project Semantics-Aware Discovery of Advanced Persistent Threats in Cyber-Physical Systems, which aims to detect advanced attacks in CPS settings. He has also been key personnel on the NSF CPS Frontiers project, Software Defined Control for Smart Manufacturing Systems, and has led the technical effort to develop a security vetting system for controller programs. Zhang has extensively published in top-tier security venues (S&P, CCS, NDSS), and received an ACM SIGSOFT Distinguished Paper Award at ISSTA 2023, an ACM SIGPLAN Distinguished Paper Award at OOPSLA 2019, and a Best Paper Honorable Mention at CCS 2022.

This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B) Commercial or defense systems are often developed first to meet a mission or customer need. Security of many of these systems is often developed at a component level by each components product team. The product teams often maintain robust security for their component within the system, but security gaps begin to form when the complete system is assembled. Adversaries will seek to exploit these gaps in the overall system design as they look for the path of least resistance to achieve their goals. These adversaries do not limit themselves to one exploitation domain and will often pivot across domains in their execution of an attack. To guard against these multi-domain threats, we as security practitioners and researchers need to work together to adjust our world view on the larger system of system security challenge that we face. This presentation begins the process of enumerating some of these gaps, how gaps came into existence, and provides potential research avenues to address them. About the speaker: Dr. Robert Denz serves as the Director of the Secure and Resilient Systems group at Riverside Research. In this role, he leads a team of researchers who ensure software provenance, security, reliability, and resilience in systems. To achieve these objectives, the Secure and Resilient Systems group conducts innovative research in formal methods, AI-driven secure waveform design, and secure operating system implementations for the Department of Defense (DoD) and Intelligence Community (IC).Dr. Denz has over 15 years of experience working on and leading cybersecurity and anti-tamper research programs for DARPA and the DoD. He was recently the Principal Investigator for DARPA Dispersed Computing, where he oversaw a multi-disciplinary team that delivered distributed resilient mesh routing protocols to the tactical edge. Dr. Denz also served as a research lead for DARPA Mission Resilient Clouds (MRC), contributed to the DARPA Clean-slate design of Resilient, Adaptive Secure Hosts (CRASH), and was an original designer of the Air Force Cross-Domain Access SecureView Hypervisor. Through these efforts, he gained extensive knowledge of x86 processor internals and secure operating systems. Dr. Denz received his PhD in secure hypervisor and kernel design from the Thayer School of Engineering at Dartmouth College in 2016. 

The challenge of building a security program is that there are too many things you could be doing, and that creates a challenge for security leaders to decide on which things they should do next.All too often companies pivot from fighting one fire to another fire. They end up cobbling together a security program with duct tape, bailing wire, and a handful of solutions implemented as a reaction to our own incidents and major headlines about other companies' breaches.  How should a CISO evaluate building their security program?In this talk, I will be exploring a mental model that CISOs can use - that I used in my 20 years as a CISO - to evaluate the state of their security program, and to identify where there are gaps in coverage.  At a high level, the framework is four dimensional, covering width (asset coverage), height (control comprehensiveness), depth (risk context), and time (maturity continuity).  I will use case studies to highlight ways the security programs often fail on one of these axes, as a means for participants to connect the programs they work on to the shortcomings others have already experienced.Most ways to evaluate a security program become frameworks with an overly strong focus on detail, but which lose the holistic view of the health of a security program, and even the "known unknowns" (we're pretty sure there is a risk, but don't have specifics) become forgotten as the focus narrows to the "known knowns" (we've documented the risk).  The "unknown unknowns," of course, almost never get visibility.Combining a mental model for assessing the overall maturity of the program, with a high level risk comparison system (the "Pyramid of Pain") allows a CISO to identify areas for improvement to mitigate risk in the future.Case studies from my time at Akamai will be shared (demonstrating not only how to quickly assess risk, but how to understand risk areas that may take years to mitigate), including the risk areas whose mitigation helped propel Akamai into the security leviathan it is today. About the speaker: Andy Ellis is a seasoned technology and business executive with deep expertise in cybersecurity, managing risk, and leading an inclusive culture. He is the founder and CEO of Duha, a boutique advisory firm focused on providing strategic consulting in the areas of Leadership, Management, Cybersecurity, Technology Risk, and Enterprise Risk Management. He is the author of 1% Leadership, Operating Partner at YL Ventures, Advisory CISO at Orca Security, and is an advisor to cyber security startups. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making. Ellis previously served as the Chief Security Officer of Akamai Technologies, where he was responsible for the company's cybersecurity strategy, including leading its initial forays into the cybersecurity market. In his twenty-year tenure at Akamai, Andy led the information security organization from a single individual to a 90+ person team, over 40% of whom were women.  Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), the SANS DMA Podcast of the Year (for Cloud Security Reinvented), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

 This is a hybrid event. Students are encouraged to attend in person: STEW 209. Operational technology (OT) and industrial control systems (ICS) need innovative cybersecurity solutions that go beyond compliance-based security controls in order to be more resilient against increasing cyber threats.  This talk describes MITRE Infrastructure Susceptibility Analysis (ISA) that helps ICS/OT organizations to effectively assess risk and prioritize mitigations. About the speaker: As a science and technology leader and strategist, Dr. Wen Masters' career has spanned 30+years with government, academia, R&D centers, and not-for-profit organizations, leading impactful science and technology research and development.                    Currently, Wen is Vice President for Cyber Technologies at the MITRE Corporation, a not-for-profit organization that manages six federally funded research and development centers with a mission to solve problems for a safer world. In this role, Wen drives MITRE's cybersecurity strategy, champions for MITRE's cybersecurity capabilities, and oversees MITRE's innovation centers with a team of 1,200 professionals developing innovative technologies that address the nation's toughest cyber challenges to deliver capabilities for sponsors and public.Before joining MITRE, Wen was Deputy Director of Research at Georgia Tech Research Institute.She oversaw research in data science, information science, communications, computational science and engineering, quantum information science, and cybersecurity.Prior to Georgia Tech, Wen spent more than two decades as a federal government civilian and a member of the Senior Executive Service of America at the Office of Naval Research (ONR) and the National Science Foundation (NSF). At NSF, she served as the Lead Program Director for the Math Priority Area and a Managing Director for two Mathematical Sciences Institutes. At ONR,she led the Navy's Integrated Science and Technology research and development portfolio in applied mathematics, computer science and engineering, information science, communications,machine learning and artificial intelligence, electronics, and electrical engineering, as well as their applications for war fighting capabilities and national security. For the impact of her efforts, the Navy honored Wen with many awards, including the Distinguished Civilian Service Medal, the highest honorary award given by the Secretary of the Navy.                    Before her long career in the federal government, Wen worked at the Jet Propulsion Laboratory in Pasadena, California where she was responsible for orbit determination for NASA's deep space exploration missions, including Magellan, Galileo, and Cassini.                    Wen is a member of the National Academy of Sciences Naval Studies Board, Board of Trustees of the UCLA Institute for Pure and Applied Mathematics, and External Advisory Board of the Texas A&M University Global Cyber Research Institute.

During the last several years, there has been growing concern that the development of quantum computers could undermine the public-key cryptography that is a fundamental pillar of security on the Internet. Recently, the U.S. Government's National Institute of Standards and Technology has released draft standards for post-quantum encryption algorithms that can replace the existing, and potentially vulnerable public-key encryption. But while the future of encryption will depend on new algorithms,there are many other factors that will influence security in the decades to come. In 2022, the National Academies of Sciences, Engineering, and Medicine released a report on "The Future of Encryption" that examines factors including technical aspects of cryptography, societal and policy considerations, and product engineering. The report presents a series of findings that apply broadly, and paints three alternative future scenarios for the future of encryption. This presentation, based largely on the Academies report, will provide researchers, engineers, and policy professionals with context in which to view future developments and concepts for prioritizing future actions. About the speaker:  Steve Lipner is the executive director of SAFECode, an industry nonprofit focused on software security assurance. He was previously partner director of software security at Microsoft where he was the creator and long-time leader of the Security Development Lifecycle (SDL) and was responsible for software integrity policies and government security evaluations. Steve also serves as the chair of the U.S.Government's Information Security and Privacy Advisory Board. He has more than a half century of experience in cybersecurity as researcher, engineer, and development manager and is named as coinventor on twelve U.S. patents. He is a member of the National Academy of Engineering and chaired the Academies' Committee on the Future of Encryption. Steve's CV is available at www.stevelipner.org.

Courtney Falk will discuss his ongoing research into Pod People, the ongoing search-engine optimization spam campaign. This talk combines threat hunting and threat intelligence with real-world applications including insights into how cybercriminals work and how organizations can collaborate. All publicly-accessible indicators collected by this project are published online to contribute to the good of the commons. About the speaker: Dr. Courtney Falk is an information security professional with over fifteen years of experience in the government, academic, and public sectors.  He earned his doctorate of philosophy from Purdue University in the interdisciplinary information security program.  When Courtney is not researching critical infrastructure for Purdue, he enjoys painting miniature figures and playing tabletop war games.