CERIAS Weekly Security Seminar - Purdue University

The number of software vulnerabilities found in modern computing systems has been on the rise for some time now. As more and more software is being developed, software testing is increasingly becoming an important part of the software development cycle, with the goal of rooting out any and all vulnerabilities before public release. However, finding software vulnerabilities is not a trivial task, especially in complex software systems with thousands of lines of code and complicated system interactions. Just a single vulnerability making its way into a software product/service can have devastating consequences, if not discovered and patched in good time.Luckily, there is a plethora of available software testing tools and techniques. One such software testing approach is called fuzzing. Fuzzing is an automated program testing technique introduced in the late-1980s, and has become a critical tool in a software tester's toolkit. Fuzzing is based on the simple idea of feeding software lots of mutated inputs and monitoring the program state for any anomalous behavior. Fuzzers have had a long and successful track record of finding software vulnerabilities. This success brought forth new and innovative approaches to improve the overall fuzzing process in all aspects. However, despite its success and widespread use, fuzzing is not a "one size fits all" approach. Software testers still have to tailor their fuzzing methodology to the software under test. Therefore, understanding the inner workings of fuzzers is absolutely vital in order to determine when and how to use them most effectively. About the speaker: Derek Dervishian works as a cybersecurity research engineer at Lockheed Martin - Advanced Technology Laboratories, an advanced applied R&D division of the Lockheed Martin corporation, specializing in cyber, autonomy, data analytics and much more. In this role, Derek has worked on several R&D projects across multiple technical areas, including vulnerability research and binary analysis.Derek graduated from Purdue University with a Bachelor's degree in Computer Engineering in December 2020. Derek is currently pursuing a Master's degree in Computer Science from the Georgia Institute of Technology.

Tracking technologies are proliferating at an increasingly high rate in apps, IoT devices, websites, and in a wide range of files. They are not only impacting privacy in wider and more harmful ways, but they have also extended far beyond the digital world and are also impacting physical safety. Such tools can certainly be very beneficial, when used responsibly and with informed awareness of the cybersecurity and privacy risks. However, when they are used without establishing technical and non-technical boundaries, and without taking risk mitigation actions, the associated surveillance activities can, and have, brought physical harms. I was an expert witness for a case a couple of years ago involving a stalker's use of his victim's smart car to find and almost fatally assault her. I'm currently an expert witness for two separate cases involving the use of Meta Pixels, Conversion APIs, cookies, and other types of tracking tech for surveillance of online activities. Virtually daily there are news articles reporting privacy invasions by digital trackers, drones, security cameras, and more. I will provide several real-life use cases, and provide discussion for the technical and non-technical capabilities that possibly could have been identified through risk assessment activities prior to making such products publicly available and informed the needed associated security and privacy capabilities, that would have supported privacy and cybersecurity protections and physical safety. About the speaker: Rebecca Herold has over 30 years of security, privacy and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: 7 ½ years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; 2 years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents;  and 3 years as a SME team member, and co-author of the internet of things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors.  Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking app and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for 9 ½ years for the Norwich University MSISA program. Since early 2018 Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

With the ever-accelerating computerization process of once strictly mechanical systems, information security threats are only expected to increase. This rapidly unfolding process calls into question whether we could promptly cope with the security threats it entails. Unfortunately, a commonly observed trend is for the computerization process to steadily advance while paying little attention to the security aspect until a security vulnerability is discovered, often by an external actor. Only then, a quest for a suitable security measure begins. In sum, security is considered only in reaction to manifest breaches. This comes at a high price, as the fix is not often found speedily after the breach. In this talk, I will explain how to take a proactive vulnerability identification and defense construction approach to better secure cyber-physical systems. I will discuss two main themes of my research: 1) vulnerability identification and 2) defense construction with a focus on the context of Controller Area Network (CAN) systems. About the speaker: Dr. Khaled Serag is a post-doctoral research assistant at Purdue University. He finished his Ph.D. at Purdue in August 2023. His broad research area is Information Security. Since he joined Purdue, he has been working closely with Dr. Dongyan Xu and Dr. Z. Berkay Celik on several Automotive and ICS Security projects. He also has industrial research experience through working with Boeing as a Cyber Security Researcher, where he was involved in several security research projects pertaining to avionic networks, mesh networks, IoT devices, and other areas.

This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B)As the commercial and international space community grows to reach the projected $1T for the global economy, the vast domain of space becomes increasingly congested and contested. In this Seminar the Space Information Sharing and Analysis Center (Space ISAC) and the National Cybersecurity Center (NCC) team up to share their perspectives and insights on the intersection of cyber and space, how the game is changing, and what effect this will have on government, industry and academia. This talk will discuss the technology trends in the industry, threats to space systems, and make recommendations to students and faculty about how to navigate the landscape of space domain cybersecurity over the next five years. About the speaker: Mr. Scott Sage is the Chief Operating Officer of the National Cybersecurity Center, a national-level nonprofit organization that provides collaborative cybersecurity knowledge and services to the United States. He encourages, engages, and equips others to solve worthwhile hard problems like his most recent assignment to develop a new space cybersecurity market for Peraton Inc. He also recently developed a complicated IR sensor development from a blank sheet of paper to launch and operation in under 24 months, and his prior conception and execution of an Insider Threat and Information Warfare Behavior Based Analytics R&D project that generated 2 patents and increased interest from DoD and Intelligence Community customers. Past accomplishments include: ·      Automated Mission Impact Assessment of Network Disruptions - Patent 8347145 ·      Concept to Low Earth Orbit IR Sensor for Space Development Agency < 2 years ·      Northrop Grumman Sector Cyber and Information Operations Strategy Development ·      Industry-leading technology development for scalability in satellite C2 automation ·      Increased worldwide frequency access for Low Earth Orbit satellite communications ·      House Armed Services Committee praise for highly classified space advocacy plan ·      Conceptualized, researched and constructed unique DoD Space Order of Battle Annex ·      Highly praised Master of Science thesis addressing satellite radiation effects Before devoting his work full time to visionary growth development for Peraton, Scott managed counter- hypersonics development for Northrop Grumman, advanced cyber defense systems development for AT&T, and advanced space operations programs for aerospace companies and the US Navy. Scott has published international export material on cybersecurity issues associated with virtualization and cloud computing and developed a nation-wide R&D network for Northrop Grumman that allowed critical technologies to be brought online for use on high priority captures worth over $8.6B in future revenue. Scott has also been a Certified Information Systems Security Professional (CISSP) and Homeland Security Expert since going to work after completing 15 years of US Navy service as a Commander. Scott volunteered as the co-chair of the Space ISAC Information Sharing Working Group and co-chair for the DHS CISA Future of Space Working Group and has volunteered at Penrose hospital and the Colorado Springs Rescue Mission, along with being a leader at his church. Formal degrees include a M.S., Space Systems Electrical Engineering from the Naval Postgraduate School in Monterey, B.S., Nuclear Engineering & B.A., Journalism & Mass Communication from Iowa State University, Ames, IA. Ms. Erin M. Miller is the Executive Director of the Space Information Sharing and Analysis Center (Space ISAC). Space ISAC serves as the primary focal point for the global space industry for "all threats and all hazards." Stood up at the direction of the White House in 2019, Erin led the Space ISAC to open its operational Watch Center, alongside its Cyber Malware and Analysis Vulnerability Laboratory in Colorado Springs, CO, USA. Under Erin's leadership, Space ISAC's headquarters facility is already serving several countries to achieve its mission of security and resilience for the global space industry. Each year Space ISAC puts on the Value of Space Summit (VOSS), co-hosted with The Aerospace Corporation at the University of Colorado Colorado Springs. Erin has over a decade of experience building meaningful tech collaborations and has formed hundreds of formal partnerships between government, industry and academia to solve problems for war fighters and national security. As a serial entrepreneur in the non-profit space, she thrives in launching new programs and new organizations from stand up through building and scaling operations. Erin was the Managing Director of the Center for Technology, Research and Commercialization(C-TRAC) and brought three USAF-funded programs to bear at the Catalyst Campus for Technology & Innovation (www.catalystcampus.org). Her expertise in brokering unique partnerships using non-FAR type agreements led to the standup of the Air Force's first cyber focused (#securebydesign) design studio,AFCyberWorx at the USAF Academy, and the first space accelerator, Catalyst Accelerator, at Catalyst Campus in Colorado Springs - in partnership with Air Force Research Laboratory and AFWERX. In 2020 Erin was a recipient of the Woman of Influence award. In 2018 Erin was recognized by the Mayor of Colorado Springs as Mayor's Young Leader (MYL) of the Year Award for Technology. She is also the recipient of Southern Colorado Women's Chamber of Commerce Award for Young Female Leader in 2018. In her previous roles she developed and managed intellectual property portfolios, technology transfer strategies, export control/ITAR, secure facilities, and rapid prototyping collaborations. Erin serves on the advisory board of CyberSatGov, CyberLEO and is a board member for the Colorado Springs Chamber of Commerce & EDC. She has guest lectured at Georgetown University, United States Air Force Academy, University of Colorado at Boulder, and Johns Hopkins University. She is frequently found public speaking at notable events like, Defense Security Institute's Summits, CyberSatGov, State of the Space Industrial Base, and other forum focused on security and space resiliency and critical infrastructure.

Recorded: 09/20/2023 CERIAS Security Seminar at Purdue University Enhancing Software Supply Chain Security in Distributed Systems Christopher Nuland, Red Hat In the aftermath of the transformative 2020Solarwinds breach, securing software supply chains has surged to the forefront of modern software development concerns. This incident underscored the imperative for innovative approaches to ensure software artifacts' integrity and authenticity. The Supply Chain Level for Software Artifacts (SLSA)framework emerged as a response, emphasizing secure software development processes for supply chains. As compliance standards, notably enforced by the National Institute of Standards and Technology (NIST), intensify the call for robust security measures, the convergence of open-source technologies presents a compelling solution.In the contemporary landscape of distributed systems, like Kubernetes, the significance of signing critical artifacts, such as container images and builds, cannot be overstated. These signatures substantiate the origin and unaltered state of the artifacts, rendering them resistant to tampering or unauthorized access. Yet, with the escalating complexity of software supply chains, bolstered by the proliferation of distributed technologies, ensuring trustworthy artifact provenance becomes more formidable.This challenge is where SigStore, an innovative technology solution, steps in. SigStore enables cryptographic signing and verification of software artifacts, offering a robust mechanism to establish the authenticity of these components. By leveraging transparency log technologies, SigStore enhances the trustworthiness of the supply chain,creating a formidable barrier against malicious alterations.This talk will discuss the popular technologies in the industry that are utilizing a zero trust software supply chain. Why this type of supply chain is important, and outline the different technologies used in conjunction with SigStore to create zero-trust supply chains within the software development and deployment lifecycle.Christopher Nuland has been involved with container technology since 2010, when he worked with Oak Ridge Labs and Purdue's CdmHub on containerizing their simulations with OpenVZ. He joined RedHat in 2018 as a container specialist in the infrastructure and application development space for primarily Fortune 100 companies across the U.S. His work has focused mainly on cloud-native migrations into k8s-based platforms, and developing secure cloud-native zero-trust supply chains for the healthcare,life sciences, and defense sectors. About the speaker: Christopher Nuland has been involved with container technology since 2010, when he worked with Oak Ridge Labs and Purdue's CdmHub on containerizing their simulations with OpenVZ. He joined RedHat in 2018 as a container specialist in the infrastructure and application development space for primarily Fortune 100 companies across the U.S. His work has focused mainly on cloud-native migrations into k8s-based platforms, and developing secure cloud-native zero-trust supply chains for the healthcare,life sciences, and defense sectors.

As privacy moves from a predominantly compliance-oriented approach to one that is risk-based, privacy risk modeling has taken on increased importance. While a variety of innovative pre-existing options are available for privacy consequences and a few for vulnerabilities, privacy threat models, particularly ones focused on attacks (as opposed to threat actors) remain relatively scarce. To address this gap and facilitate more sophisticated privacy risk management of increasingly complex systems, MITRE has developed the Pattern and Action Nomenclature Of Privacy Threats In Context (PANOPTIC™). By providing an empirically-driven taxonomy of privacy threat activities and actions – as well as contextual elements – to support environmental and system-specific threat modeling, PANOPTIC is intended to do for privacy practitioners what MITRE ATT&CK® has done for security practitioners. This presentation discusses the underpinnings and provides an overview of PANOPTIC and its use. About the speaker: Stuart S. Shapiro is a Principal Cyber Security and Privacy Engineer and a co-leader of the Privacy Capability in the MITRE Labs Cyber Solutions Innovation Center at the MITRE Corporation. At MITRE he has led multiple research and operational efforts in the areas of privacy engineering, privacy risk management, and privacy enhancing technologies (PETs), including projects focused on connected vehicles and on de-identification. He has also held academic positions and has taught courses on the history, politics, and ethics of information and communication technologies. His professional affiliations include the International Association of Privacy Professionals (IAPP) and the Association for Computing Machinery (ACM).

Problem: Cyber threat information is rarely codified and never connected to actual infrastructure that needs cyber protections since infrastructure is also not codified.Solution: Infrastructure Expression (IX) – Five use cases for the IX tools with methods using graph theoretics and machine learning will be presented. A full scenario on recent malware binary analysis will be presented highlighting applicability to infrastructure, creation of context specific indicators, cyber observables, and courses of actions for better cyber defenses. Background: The Idaho National Laboratory (INL) has been creating tools, methods and cyber defense capabilities using Structured Threat Information Expression (STIX) and graph database technology since 2015. INL's internal Laboratory Directed Research and Development (LDRD) project – IX - created the first codified infrastructure models in STIX. INL has open sourced these tools and uses advanced graph and machine learning methods and techniques to support critical infrastructure cyber defenses for many USG sponsors and stakeholders. About the speaker: Rita Foster is recognized nationally for research leadership in control system cyber security, briefing numerous committees in the United States Senate and House, appointed by cabinet level secretaries to serve on advisory councils and is frequently requested to provide analysis on emerging threats and impacts to critical infrastructure. She currently leads the innovation development for the infrastructure security areas: identifying research gaps that align to our agile and resilient strategies, creating partnerships, building proposals, and analyzing risk components for cyber-physical infrastructure security. These partnerships include asset owner utilities, technology providers, DOE, DHS, DOD and other government entities.  Her efforts resulted in research proposals awarded ranging from creation of automated response mitigating cyber threats, applying machine learning to firmware and malware binary code, impact analysis with physics-based modeling, asset owner consumable threat analysis and characterizations of vulnerabilities and exploits in various control systems and components.  She has over 33 years of experience in computer integration focusing on control systems applications, real-time simulations and for critical life safety related applications.Her current role at INL includes over 18 years of experience in cyber security of critical infrastructure identifying research gaps aligned with strategic direction, creating partnerships,providing capstone analysis, and thought leadership in areas of protection and defense in the energy sector.  She has mentored over 50 interns ranging from high schoolers to Ph.D. candidates using her project data and tools for dissertations. She provides outreach and education to a wide range of stakeholders and has participated in numerous exercises to identify gaps in roles and responsibilities between private industry and government.  She has managed multi-discipline teams bringing together controls system engineers, network engineers, cyber security researchers and subject matter experts for infrastructure security.  She has served as the technical lead providing initial direction and requirements for programs essential to INL's success. Her early career at INL included over 15 years of experience in independent verification and validation of large military networks for performance and security, validating of physics-based code for nuclear repositories, programming real time training simulators for nuclear operations, programming life safety systems for nuclear repositories, validated energy transmission and distribution systems and integrated divergent control systems creating supervisory control and data acquisition platforms. Prior to INL, she obtained over 8 years of experience in computer operations,programming, and data networking.

Software Supply Chain is emerging as one of the biggest issues that enterprises are facing these days. SolarWinds, Kaseya, 3CX, the examples are way too many. These attacks rapidly multiplied in 2022.In this presentation, we will discuss the trending of software supply chain issues, the federal mandates in the form of executive orders that are impacting this space, emerging best practices and what is the fundamental tech stack to manage these issues, and lastly, what does a good supply chain security program looks like.Dr. Singh will also briefly discuss his journey from being a student at Purdue (MS, Computer Science) to his current role as Chief Information Security Officer of Alkami Technology. About the speaker: Anand is a seasoned cybersecurity executive with over 25 years of experience managing technology, security, privacy, and risk teams in a variety of verticals. His career spans Financial Services, Retail, Healthcare, Manufacturing, eCommerce, Cloud, and SaaS companies. These include UnitedHealth Group, Target Corporation, Alkami Technology, Caliber Home Loans, and PTC.He is currently the Chief Information Security Officer (CISO) at Alkami Technology. Alkami's solutions enable financial institutions to outsmart the competition by providing the nation's best Cloud, SaaS, and PI centric digital banking platform. Alkami's mission is to be the gold standard in digital banking. More than 400 FIs and 15 million end users use Alkami's solutions. Anand is also a seasoned Board director with tenures at DaVinci Academy, CISO XC, and Dallas CISO Summit. Anand holds NACD.DC, CISM, and CISSP certifications. He has a PhD in Computer Science from University of Minnesota, MS in Computer Science from Purdue University, and B.Tech. in Computer Science and Engineering from Indian Institute of Technology. Anand is a proud boilermaker and is deeply attached to Purdue's mission and its goals.

Human identity recognition is one of the key mechanisms of ensuring proper asset and information access to individuals. It became an established authentication practice for government, consumer, financial and recreational institutions in modern society. Biometrics are also increasingly used in a cybersecurity context to mitigate vulnerabilities and to ensure protection against an unauthorized access. However, with the rise of the technological advancements, such as AI and deep learning, more and more capabilities exist to infer private information of individuals and to use aggregate data mining for commercial or other purposes. This lecture will discuss how deep learning methods can enhance biometric recognition accuracy in a variety of settings: unimodal and multi-modal systems, social behavioral biometrics, and risk assessment. The lecture will further focus on risks of privacy and ethical considerations, with discussing cancellability and de-identification as two of the mechanisms to mitigate the privacy concerns. About the speaker: Prof. Gavrilova holds Full Professor with Tenure appointment at the Department of Computer Science, University of Calgary, Canada. Prof. Gavrilova research interests lie in the areas of machine intelligence, biometric recognition, image processing and GIS. Prof. Gavrilova publication list includes over 150 journal and conference papers, edited special issues, books and book chapters, including World Scientific Bestseller of the Month (2007) – "Image Pattern Recognition: Synthesis and Analysis in Biometric," Springer book (2009) "Computational Intelligence: A Geometry-Based Approach" and IGI book (2013) "Multimodal Biometrics and Intelligent Image Processing for Security Systems". She has received support from CFI, NSERC, GEOIDE, MITACS, PIMS, Alberta Ingenuity, NATO and other funding agencies. She is an Editor-in-Chief of Transactions on Computational Sciences Springer Verlag Journal series and on Editorial board of seven journals.

The roots of software piracy were propelled by the fledgling game market of the 1980's where the PC game supply chains were brittle and copying floppy disks was really easy.  This talk will walk through the history and evolution anti-cracking controls as video games moved from bedroom game development to a 220 billion dollar industry. About the speaker: Kelly FitzGerald is an Product Security Architect at the RTX CODE Center where she focuses on factory and supply chain cybersecurity and threat intelligence.  Kelly comes to RTX after 15 years at Symantec/Veritas where she worked in Product Security Vulnerability Management while doing research in medical device vulnerabilities.  Kelly lives with her husband, kind golden retriever and sassy black cat in San Diego, CA.  In her spare time she creates bad art, manipulates the memory of single player games and watches way too much educational YouTube.

Information Flow Tracking (IFT) is a useful tool to reason about security of a system. It can be applied at different levels of abstraction - starting from operating system all the way to gate-level circuits through various representations of software and hardware. In this talk, we will focus on IFT at the register transfer level (RTL) representation of hardware and discuss how IFT can be applied to find various types of RTL security vulnerabilities. We will discuss an inductive formulation of the problem based on leakage alert and propagation alert that offers a scalable solution and micro-architecture-level design insights compared to more traditional formulations. We will end the talk by outlining some of the research challenges that we need to address to push the boundary further. About the speaker: Dr. Sayak Ray is a Security Researcher at Intel Corporation. His area of research includes tools and automation for security validation, security challenges in FPGA, heterogeneous computing and data center networking. Dr. Ray regularly publishes at design automation conferences and journals. He has served on technical program committees of various conferences such as DAC and ICCAD. Before joining Intel in 2016, he was a Post-doctoral Research Associate at Princeton University. Dr. Ray obtained his PhD from UC Berkeley in 2013. 

"What Do We Owe One Another In Cybersecurity?" As the cybersecurity ecosystem evolves, we understand more about how interconnected we are: the ripple effects from breaches, the fact that supply chains aren't discrete lines but rather a web, and that mapping our vulnerabilities is harder than we thought. In this session, Wendy Nather will talk about the concept of civic duty on the Internet — not just sporadic charity efforts or "nice to have" information sharing, but the social norms and obligations we should face together if we want a sustainable world of technology. Shared risk requires shared defense. About the speaker: Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security. She is a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative, as well as a Senior Cybersecurity Fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

For 35 years, the Internet has been bedeviled by attackers. For about as long, defenders have tried deploying various defenses; these have often been of limited utility. We look back at what has happened, focusing on the explicit or (more often) implicit assumptions behind the defenses, and why these assumptions were or were not correct. About the speaker: Steven M. Bellovin is the Percy K. and Vida L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity and Privacy Center of the university's Data Science Institute, and an affiliate faculty member at Columbia Law School. Bellovin does research on security and privacy and on related public policy issues. In his copious spare professional time, he does some work on the history of cryptography. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to the Cybersecurity Hall of Fame. Bellovin has served as Chief Technologist of the Federal Trade Commission and as the Technology Scholar at the Privacy and Civil Liberties Oversight Board. He is a member of the National Academy of Engineering and has served on the Computer Science and Telecommunications Board of the National Academies of Sciences, Engineering, and Medicine. In the past, he has been a member of the Department of Homeland Security's Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission.Bellovin is the author of Thinking Security and the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number of patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996-2002; he was co-director of the Security Area of the IETF from 2002 through 2004.More details may be found at http://www.cs.columbia.edu/~smb/informal-bio.html.

Endpoint security controls have traditionally relied on detecting malicious activity to protect devices from intrusions. But attackers often change their techniques so quickly that detection patterns must be adapted, resulting in a detection lag. Some of this limitation can be solved by using hardware-based process isolation, which isolates risky endpoint tasks from the user's data and critical parts of the operating system. One of the most interesting data sources the HP Threat Research team uses to track malware trends and behaviors are isolation traces, since they can give us an insight into techniques that have bypassed detection controls. In this presentation, we provide an overview of captured attack techniques that are currently seen in the wild. We will elaborate how attackers try to bypass email security and how users are lured to infected websites to download malware. Finally, we will share advice on how to protect against such attacks and what to look out for. About the speaker: Patrick is a malware analyst at HP with interests in a wide range of security areas. He already focused on cyber security during his studies, where he developed a particular interest in malware analysis. After graduation, he worked on a scientific project at the university and built a dynamic malware analysis system for code similarity clustering. He gained further experience in incident response and threat intelligence at a Swiss bank. Since 2021, Patrick works as a malware analayst on HP's Threat Research team. He conducts analyses of new threats, using the results to improve HP's security products and shares them with the community.

The use of sophisticated digital systems to control complex physical components in real-time has grown at a rapid pace. These applications range from traditional stand-alone systems to highly-networked cyber-physical systems (CPS), spanning a diverse array of software architectures and control models. Examples include city-wide traffic control, robotics, medical systems, autonomous vehicular travel, green buildings, physical manipulation of nano-structures, and space exploration. Since all these applications interact directly with the physical world and often have humans in the loop, we must ensure their robustness, security, and physical safety. Obviously, the correctness of these real-time systems and CPS depends not only on the effects or results they produce, but also on the time at which these results are produced. For instance, in a CPS consisting of a multitude of vehicles and communication components with the goal to avoid collisions and reduce traffic congestions, formal safety verification and response time analysis are essential to the certification and use of such systems. This seminar introduces two key elements for building robust real-time systems: regularity-based virtualization and functional reactive programming.Real-time resource partitioning (RP) divides hardware resources (processors, cores, and other components) into temporal partitions and allocates these partitions as virtual resources (physical resources at a fraction of their service rates) to application tasks. RP can be a layer in the OS or firmware directly interfacing the hardware, and is a key enabling technology for virtualization and cloud computing. Open, virtualized real-time systems make it easy to securely add and remove software applications as well as to increase resource utilization and reduce implementation cost when compared to systems which physically assign distinct computing resources to run different applications. The first part of this talk will describe ways based on the Regularity-based Resource Partition Model (RRP) to maintain the schedulability of real-time tasks as if they were scheduled on dedicated physical resources and increase the utilization of the physical multi-resources.The benefits of using the functional (reactive) programming (FRP) over the imperative programming style found in languages such as C/C++ and Java for implementing embedded and real-time software are several. The functional programming paradigm allows the programmer to intuitively describe safety-critical behaviors of the system and connect its components, thus lowering the chance of introducing bugs in the design phase, resulting in a robust and secure implementation. Its stateless nature of execution does not require the use of synchronization primitives like mutexes and semaphores, thus reducing the complexity in programming on parallel and multi-core platforms. Hence, FRP can potentially transform the way we implement next-generation real-time systems and CPS. However, accurate response time analysis of FRP-based controllers remains a largely unexplored problem. The second part of this talk will explore a framework for accurate response time analysis, scheduling, and verification of embedded controllers implemented in FRP. About the speaker: Dr. Albert Cheng, a U.S. Department of State Fulbright Specialist (2019-2024), is a full professor and former interim associate chair of computer science and a full professor of electrical and computer engineering at the University of Houston in Houston, Texas.  He was a visiting professor at Rice University and the City University of Hong Kong.  He received the B.A. degree with highest honors in computer science, graduating Phi Beta Kappa, the M.S. degree in computer science with a minor in electrical engineering, and the Ph.D. degree in computer science, all from The University of Texas at Austin, Austin, Texas.Prof. Cheng is a Distinguished Member and Speaker of the ACM, an Honorary Member of the Institute for Systems and Technologies of Information, Control and Communication, and a Fellow of the Institute of Physics. An author of over 270 publications, Prof. Cheng is an Associate Editor of the IEEE Transactions on Knowledge and Data Engineering (TKDE) and the ACM Computing Surveys (CSUR). His research interests center on the design, specification, analysis, optimization, formal verification, scheduling, and implementation of embedded and real-time systems, real-time virtualization, cyber-physical systems/Internet of things, real-time machine learning, knowledge-based systems, functional reactive systems, and security.He received the 2015 University of Houston's Lifetime Faculty Award for Mentoring Undergraduate Research.  He implemented in C the first model checker, co-invented by ACM Turing Award winner E. Allen Emerson, augmented with semantics-based analysis for rule-based expert systems. He authored the popular textbook Real-Time Systems: Scheduling, Analysis, and Verification. Prof. Cheng is the Founder and CEO of AMKC Informatics, LLC.Speaker's website:Professor Albert M. K. Cheng's Homepage (uh.edu)