What: A full day of research talks in cybersecurity, featuring speakers from both WPI and industry.
When: Wednesday, October 24, 9:15-4
Where: Lower Perrault Lecture Hall, Fuller Labs, WPI campus (Directions to campus; parking passes for campus parking lots will be emailed to those who register in advance; Fuller Labs is building 11 on the parking map)
To register: email Diane Baxter (firstname.lastname@example.org). Registration is free. Lunch and light snacks will be provided.
9:20-9:30 : Welcome and intro to WPI’s cybersecurity program
9:30-10:10 : Industry talk — Scalable Network-Based Intrusion Detection (Ron Watro)
10:10-10:30 : WPI faculty talks
10:30-11:00 : break
11:00-11:40 : Industry talk — Challenges in Cybersecurity Experimentation (Scott Robertson)
11:40-noon : WPI faculty talks
noon-1:00 : lunch
1:00-1:40 : industry talk — Real-World Static Analysis Security Testing (Mellissa Elliott)
1:45-2:25 : industry talk — PEASOUP – Preventing Exploits Against Software of Uncertain Provenance (David Hyde)
2:30-3:00 : break
3:00-3:20 : WPI faculty talks
3:20-4:00 : industry talk — Cloud Computing (Joe Flynn)
Abstracts and Speaker Bios
Mellissa Elliott: Real-World Static Analysis Security Testing
An introduction to static analysis for anyone who is interested in the promise of pixie magic finding all the quality bugs and security defects in our software automatically. Unfortunately, real-world static analysis has not achieved this dream, but real bugs and vulnerabilities are being found in real software with the techniques already pioneered. Learn about the two main types of static analysis, binary vs. source; their relative advantages and shortcomings; and the long-term challenges that await computer scientists who want to make breakthroughs in this field. As a bonus, there will be a healthy serving of nightmarish worst cases for analysis found in real code to frighten you a bit.
Scott Robertson: Challenges in Cybersecurity Experimentation
Researchers from academia, government, and industry have proposed many solutions to the various network security problems that have arisen as we increasingly rely on modern information technology for everything from online shopping to defending nations. While important advances have been achieved, new vulnerabilities are regularly discovered and exploited. Part of the challenge is a lack of core principles, founded on robust empirical evidence, with which to guide cyber security research. The Cyber Measurement Campaign seeks to uncover basic principles and design tradeoffs in emerging cyber technologies through experimentation. We will discuss the infrastructure currently available for cyber experimentation, and results and challenges from initial cyber experiments.
BIO: Joseph M. Flynn is an Account Executive for Dell, Inc., managing Dell’s State Government business in New England. A former CIO and Vice President, Joe brings years of experience in highly innovative industries to help organizations and their leaders define unique, business focused solutions to complex technology programs. Joe’s focus on process improvement, open source solutions, cloud architecture and innovation methods has helped his clients save millions of dollars while realizing their technology visions.
Prior to joining Dell, Joe was the CIO at MIT Lincoln Laboratory, a founding partner of Thundercloud Consulting Group, Executive Consultant in IBM’s Strategy and Change practice, and a Vice President at Merrill Lynch in their Institutional Debt Markets group.
Joe holds an MBA from the University of Colorado, and a Bachelors Degree from William Paterson University. He has earned professional certifications in PMI, ITIL, TOGAF and Management Consulting (IBM). Joe has been invited to speak at IT Leadership events, most recently for the American Society for Industrial Security and the Gartner Symposium.
He has previously served on Gartner’s Global CIO Council, Dell’s Platinum Advisory Council and EMC’s Technical Advisory Council. He currently is an advisor to the Boston Society of Information Managers (SIM) and sits on the boards of LSI Consulting, LLC and Amerish International Corporation. Away from the office, Joe devotes time to the Workforce Opportunity Service in NYC and The Wounded Warrior Project, both organizations focused on Veteran Job training and workforce re-integration.
David Hyde: PEASOUP – Preventing Exploits Against Software of Uncertain Provenance
We often depend on software of uncertain provenance (“SOUP”) – editors, browsers, music players, programs you download from the web. Even vendor supplied software often contains third party libraries or code of unknown origin. This software is not malicious, but it is not safe either. It often has vulnerabilities that can be exploited or attacked. The PEASOUP program uses analysis, diversification and containment techniques to safely run SOUP and render the vulnerabilities unexploitable. PEASOUP takes a binary executable as input, and produces a new hardened executable. Source code is not required nor used. This talk will discuss the techniques that PEASOUP is using along with the technical challenges.
Ron Watro: Scalable Network-Based Intrusion Detection
SMITE (for Scalable Monitoring In The Extreme) is a system that detects malicious network traffic on very high speed networks. SMITE differs from Snort and similar tools in that it is not signature-based. It also avoids any requirement for training on benign traffic. SMITE is built in three stages. The first stage consists of specialized high-speed hardware designed to operate at up to 100 Gb/sec. The first stage captures features from network traffic and that data is sent to a second stage for analysis. The second stage generates event notifications (such as detection of changes in traffic statistical patterns) and these notifications are sent to a third-stage reasoning engine which diagnoses malicious activity. The SMITE system is designed to detect a range of cyber attacks while maintaining a low false alarm rate. In future work, we expect that portions of SMITE will be updated and released as additions to open source intrusion detection tools.
Bio: Ron Watro is a Lead Engineer in the Cyber Security group at Raytheon BBN Technologies. In addition to his work on the SMITE intrusion detection system, Ron currently supports research efforts to redesign network protocol security. In past work, Ron was the principal investigator for TinyPK, a DARPA project in the NEST program that developed the first public key encryption software on low-power wireless sensor networks (UCB/MICA motes). He also developed an overlay network to block traffic analysis attacks and spent several years supporting DoD initiatives for crypto key management. Previous to BBN, Ron worked 13 years at MITRE Corp. in Bedford, Massachusetts. He served as a technical editor on the international committee that developed the Common Criteria (ISO/IEC 15408) and participated in Orange Book security evaluations of a variety of commercial products ranging from mainframe computers to file server clients. He also designed and implemented algorithms for fault tolerant distributed systems and automated reasoning tools. Ron did his undergraduate work at MIT and has a doctorate in mathematics from SUNY Buffalo. In the 1980’s, he was an assistant professor in the Mathematics and Computer Science Department at Villanova University. His early research was in formal logic and set theory.