Invited Speakers

V.S. Subrahmanian
Professor of Computer Science and Director of the Lab for Computational Cultural Dynamics and Director of the Center for Digital International Government at the University of Maryland, USA

TITLE :
Machine Learning, Big Data, and Cybersecurity


ABSTRACT :
As the number of malware types and variants skyrockets, companies are increasingly turning to machine learning to ensure better cybersecurity. This talk will start with an overview of efforts that link machine learning and cybersecurity together and then focus on three case studies. I will start with a case study on forecasting malware spread in 40 countries with high accuracy and the University of Maryland's Country Cyber Attack Forecasting Engine (CCAFE). The second case study will deal with advanced analytics to classify known malware into different families to support better anti-virus signatures and for appropriate malware removal methods. The third case study will look at the use of machine learning with humans in the loop in the context of the DARPA Twitter Bot Challenge.


BIOGRAPHY:
V.S. Subrahmanian is Professor of Computer Science and Director of the Lab for Computational Cultural Dynamics and Director of the Center for Digital International Government at the University of Maryland. He previously served a 6.5 year stint as Director of the University of Maryland Institute for Advanced Computer Studies. His work stands squarely at the intersection of big data analytics for increased security, policy, and business needs.

Prof. Subrahmanian is one of the world leaders in logical reasoning with uncertainty, probabilistic logics, temporal probabilistic logics, and managing huge, heterogeneous databases with incomplete and inconsistent information, and multimedia databases. He created the field of computational cultural dynamics with a suite of novel methods to analyze the behaviors of terrorist groups and applied them to making forecasts and suggesting policies to shape behaviors of groups like Hezbollah, Lashkar-e-Taiba, and Indian Mujahideen. Prof. Subrahmanian led the team that won DARPA's Twitter Influence Bot Detection Challenge under their SMISC program. Prof. Subrahmanian is one of the world leaders in the design, analysis, and application of big data analytics to real world problems so that optimal decisions can be made by governments and companies. In cyber-security, Prof. Subrahmanian developed some of the first secure query processing algorithms, flexible authentication frameworks, unexplained behavior detection and scalable detection of known threats. His Global Cyber-Vulnerability Report published in January, 2016, charracterizes cyber-risk of 44 countries by studying data on over 44 hosts per year over 2 years over 20 Billion telemetry and malware reports.

Patrick Drew McDaniel
Distinguished Professor in the School of Electrical Engineering and Computer Science at Pennsylvania State University, USA

TITLE :
Tracing the Arc of Smartphone Application Security


ABSTRACT :
The introduction of smart phones in the mid-2000s forever changed the way users interact with data and computation--and through it prompted a renaissance of digital innovation. Yet, at the same time, the architectures, applications and services that fostered this new reality fundamentally altered the relationship between users and security and privacy. In this talk I map the scientific community's evolving efforts over the last decade in evaluating smart phone application security and privacy. I consider several key scientific questions and explore the methods and tools used to answer them. By exploring several key studies, I show how our joint understanding of adversary and industry practices have matured over time, and briefly consider how these results have informed and shaped technical public policy in the United States. I conclude with a discussion of the open problems and opportunities in mobile device security and privacy.


BIOGRAPHY:
Patrick McDaniel is a Distinguished Professor in the School of Electrical Engineering and Computer Science at Pennsylvania State University, Fellow of the IEEE and ACM, and Director of the Institute for Networking and Security Research. Professor McDaniel is also the program manager and lead scientist for the Army Research Laboratory's Cyber-Security Collaborative Research Alliance. Patrick's research focuses on a wide range of topics in computer and network security and technical public policy. Prior to joining Penn State in 2004, he was a senior research staff member at AT&T Labs-Research.

Ahmad-Reza Sadeghi
Professor of Computer Science at the Technische Universität Darmstadt, Germany

TITLE :
Everything You Code Can and Will be Re-used Against You: On the Challenges of Mitigating Code-Reuse Exploits


ABSTRACT :
Memory corruption and memory disclosure vulnerabilities are still a persistent source of threats against software systems, although known for over two decades. The main problem is that modern software still contains vast amount of unsafe, legacy code. Moreover, exploitation techniques are rapidly evolving and often incorporate increasingly sophisticated techniques, which can be used to bypass all widely deployed countermeasures such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR). This has recently motivated many researchers in academia and industry to make considerable efforts on improving defenses against modern code-reuse exploits. It seems that there is a strong desire in our community to build secure systems from unsafe code! Hence, many software-hardening solutions have been proposed, some of which are based on hardware support. Recently Intel has released new specification on Control-Flow Enforcement Technology (CET) for x86/x64 to mitigate code-reuse techniques. However, even though these solutions significantly raise the bar for exploitation, new attacks are continually discovered, and no ultimate solution seems to be in sight.
This talk is a follow-up of a series of talks I have been giving on this domain. I give an overview of the continuing arms race between code-reuse attacks and mitigation techniques and their nuances, particularly the hardware-based defenses. I then highlight and discuss the effectiveness and usefulness of recent approaches. The game is not over yet.


BIOGRAPHY:
Ahmad-Reza Sadeghi is a full professor of Computer Science at the TU Darmstadt, Germany. He is the head of the Systems Security Lab at the Cybersecurity Research Center of TU Darmstadt. Since January 2012 he is also the director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt. He holds a Ph.D. in Computer Science from the University of Saarland, Germany. Prior to academia, he worked in R&D of Telecommunications enterprises, amongst others Ericsson Telecommunications. He has been continuously contributing to security and privacy research. For his influential research on Trusted and Trustworthy Computing he received the renowned German "Karl Heinz Beckurts" award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany.

He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).

Rinku Dewri
Associate Professor in the Department of Computer Science at University of Denver, USA

TITLE:
Building a Secure and Private Infrastructure for Health Care


ABSTRACT :
Health care is one of the largest segments in any economy. Few nations have already adopted electronic health records, while there are many that are much behind in adopting digital information technology in health care. Transitioning to electronic health records and improving the exchange of health information comes with multi-faceted benefits: flexible access to health information, interoperability across health providers, cost reduction, and providing research data to inform clinical care, public health, and biomedical research, among others.
This talk will explore some of the recent attempts at large-scale health data integration, and the challenges that remain. Following on, we will highlight some of the grand challenges that the computer science community needs to take up to facilitate an interoperable health care system. Challenges range from providing identification, authentication and privacy services, designing novel secure storage solutions, to facilitating privacy preserving middleware and user applications, and a flexible framework to help the transition of legacy systems.


BIOGRAPHY:
Rinku Dewri is an Associate Professor of Computer Science at University of Denver, USA. He obtained his Bachelors and Masters in Mathematics and Computing from the Indian Institute of Technology, Kharagpur in 2004, and then his PhD in Computer Science from Colorado State University, before joining the University of Denver in 2010. His current research interests are in private data integration in health care systems, security in the IoT, and cyber mission assurance. Earlier, he has worked on topics such as database privacy, location privacy, wireless data broadcasting, and security risk management. Some of his research contributions include dynamic risk management using Bayesian analysis, preventing query disclosures in continuous location services, location privacy models for top-K queries, and overcoming the computation and communication cost in applying commutative encryption schemes for approximate matching of demographic data.

Jeremías Sauceda
CTO at EnSoft Corp, USA

TITLE:
Using Symmetries to Secure Large Legacy Software


ABSTRACT :
Replacing large legacy software is not possible. The cost and time needed to replicate the complex requirements existing systems fulfill is astronomical. Meanwhile an adversary only needs one vulnerability to hack critical infrastructure or a cyber-physical system. These vulnerabilities took decades to accumulate, and with current technology will take decades to secure.
Solutions that exploit symmetry in software offer a different approach to securing large legacy systems much faster than is possible with current techniques. In this talk, we will explore what symmetries are and how to use them to build a new generation of highly accurate and scalable program analysis and transformation tools to secure large legacy software. We will present results from two multi-million dollar DARPA cybersecurity programs, which highlight the basic science of symmetries and the monumental engineering challenge of building tools that scale to multi-million line software.


BIOGRAPHY:
Jeremías Sauceda is currently the CTO at EnSoft Corp. His early work at EnSoft focused on using program analysis techniques to automate labor-intensive software engineering tasks for Avionics software development for the Boeing 737 and 787. These techniques were adapted for use in other cyber-mechanical systems, such as automotive systems. Today these tools are used at over 300 companies including every major aerospace, automotive, and defense company worldwide.

Jeremías is also a Co-PI on the DARPA Space/Time Analysis for Cybersecurity program. In addition, he was the Co-PI for a top-performing team on the DARPA Automated Program Analysis for Cybersecurity program, and was involved in the DARPA Software-Enabled Control program.