Podcasts about this xd

Beyond End-to-End Encryption (BE2EE) technology can protect your data in-transit and at-rest in a consistent way: NUTS may help define this new category. Last year, we presented the technology of NUTS (https://ceri.as/nuts2020). This year, we demonstrate NUTS in action with our Beta version. See secure objects move around in cyberspace without a central reference monitor in a transport agnostic way. The demo will show practical use cases that NUTS enables. The global pandemic drastically altered our way of life and Work-From-Home presents technical challenges that reveal the structural weaknesses of our largest systems. Adversarial threats are now more common place and large outages are frequent. We believe NUTS shows a new path towards a more resilient operating environment for our data. We strongly recommend viewing last year's presentation (https://ceri.as/nuts2020)to better understand the background and approach of the tech. Joining us for this session will be COL (Ret) Robert Banks, USA, PhD. who served as Deputy Director, Current Operations of U.S. Cyber Command with his insights and comments on this technology. Dr. Banks retired from the U.S. Army after a distinguished 37-yearcareer. His previous services include Chief of Operations of the Army Global Network Operation & Security Center, Command of the largest Army Helicopter Battalion of 64 Chinooks covering 8 states, and providing significant contributions at the Joint Staff Cyberspace Division, National Counterintelligence Security Center, Army Defense Industrial Base, Asymmetric Warfare Office - Electronic Warfare, National Guard Bureau, and Co-Chaired the Smart Grid Interoperability Panel, while supporting the Tri-County Electric Cooperative. He holds numerous advanced degrees including a PhD in Information Technology from George Mason University specializing in Hybrid Security Risk Assessment Models. Additionally, he holds the following certifications: CISSP, PSDGP, ITILv3, AWS-CCP, AZURE-AI.

Our reliance on Cyber-Physical Systems (CPS) is growing. As CPS infrastructure becomes exposed to the contested world through networks, CPS security becomes much more important. In a CPS, the cyber components manage the physical components. We propose that the overall goal for CPS resiliency is to have the physical systems behave properly regardless of fault and disruption. Our approach to CPS resiliency focuses on the physical components. Specifically, the inertia of the physical components provide a natural but limited resilience, and is capable of tolerating short-term disruption without affecting the health and safety of the CPS. This and the fact CPS have a large difference between physical and cyber time scales, enables a unique approach to CPS resiliency. This talk will present our approach of engineering the cyber components to be brittle against attack, which consequently forces cyber attacks and related disruptions to be short-lived and within tolerance of the physical system’s inertia.

This morning as we approach the celebration of Christmas, the birth of our Lord and Savior, let us focus upon the question raised in the old familiar Christmas Carol, “What Child is This?” “What child is this who, laid to rest, on Mary's lap, is sleeping? Whom angels greet with anthems sweet, while shepherds watch are keeping? This, this is the Christ the King, whom shepherds guard and angels sing, haste, haste, to bring him laud, The Babe, the Son of Mary!” What child is this? The confusion reigns in our own day! To put it mildly, Christmas is a little bit confusing to the watching world. The apostle Paul's words in our text may help to clear away the clutter and focus us on the greatest reality, “the Christ has come”.

Threat intelligence is interested in the entire kill chain from tools to victims. Chief among these interests are the threat actors themselves who carry out attacks and campaigns. Many different schemes exist on how to classify differet types of threat actors in order to more easily describe and understand them. This presentation focuses on the nation-state and cybercriminal classes of threat actors, how they differ, and how they overlap. Real world examples are provided to illustrate new and different ways of thinking about threat actors.

The public health sector cannot deliver efficient and safe patient care without digital interconnectivity among devices. If the healthcare system is connected, but insecure, the interconnectivity could betray patient safety, subjecting patients to uncalculated and unnecessary risks with insurmountable costs, including death. Our nation must realize the dangers imposed on patients due to the reliance on interconnectivity amongst devices and information systems. Healthcare delivery organizations are often seen and titled as safe places, places for healing, and places we trust. These entities are a repository for our most sacred personal information as well as a harbor for some of the most technologically advanced equipment; thus they have become easy targets for threat actors. Real cases of protected health information theft, ransomware, and targeted nation-state hacking prove that our nation’s healthcare systems, data, devices, and reputation are vulnerable. This presentation aims at depicting the current state of cybersecurity in healthcare delivery organizations as well as at understanding the main threats organizations face, discussion the ecosystem, industry-specific pitfalls, and the patient health attack model.

"For Such a Time as This" Kim Hassold Radiance Women's Bible Study November 29, 2017

"For Such a Time as This" Kim Hassold Radiance Women's Bible Study November 29, 2017

For Such a Time as This Esther 2 Jez Heath

Periodic Mobile Forensics (PMF) is a MITRE research project investigating user behavioral measurement on mobile devices by applying both traditional and mobile forensics processes. We applied our research to an enterprise mobile infrastructure, where we utilize a mobile on-device agent named TractorBeam. This agent periodically collects changed storage locations from each device to allow for later image reconstruction and analysis. We collaborated with Purdue University to perform a three-month experiment where we evaluated TractorBeam's operation in a simulated operational setting to identify masquerading users (i.e., users operating the devices other than the enterprise designated mobile device user). We surmised that even if a masquerading user on an enterprise mobile device lacked malicious intent; this masquerader would still be undesirable to the enterprise. On campus, we provided a set of human-subject volunteers the following: preconfigured mobile devices with cellular voice and data plans, also with the TractorBeam agent pre-installed; a simple acceptable use policy; and deceptive project background information to stimulate normal behavior. As a result of the experiment, we collected enough data to successfully reconstruct 821 forensic images, extract over 1 million audit events, and perform masquerading user analysis. This presentation describes PMF and characterizes the collected experiment corpus, the extracted audit events, and the performance of TractorBeam throughout the protocol. Then our approach for advanced masquerading detection will be discussed.

The growing demand for cloud services is driving the need to deliver an always-on and safe user experience in accessing their data and applications. Examples include web search, social networking, email, ecommerce, video streaming, data analytics and even mission-critical services such as power grid control. Such environments are required to be highly available and secure. This is often satisfied by having experts monitoring the system 24x7 to ensure that problems, if any, are resolved within a reasonable time. The need to solve a problem within the minimum time gives rise to a "whatever-it-takes-to-fix-the-problem" attitude amongst experts and produces a constant flow of informal text documenting the debugging steps taken to resolve problems. Understanding the content within this informal text at scale is the key to uncovering big problem trends that will enable us learn from mistakes and improve system design. In this talk, I will present NetSieve, a system that we built that aims to do automated problem inference from trouble tickets. Specifically, I will show you how statistical natural language processing (NLP) can be combined with knowledge representation, ontology modeling and human-guided learning to automatically analyze natural language text in trouble tickets to infer the problem symptoms, troubleshooting activities and resolution actions. I will further discuss fundamental challenges which arise when extracting meaning from such massive open-domain text corpora. Finally, I will then discuss how we applied NetSieve in a massive data center setting to automatically analyze 10K+ network trouble tickets and how we used these results to improve several key network operations.

An essential part of security is controlling access. Traditional access control depends on the a person's ability to prove their identity and the access control system's ability to verify their identity. For computer access, a person usually carries some combination of methods to prove their identity (password, token, and/or biometric). What if a thing needs access instead of a person? It is easy enough to embed a secret into software or hardware so a device can identify itself, but how do you ensure the integrity of that data and the identity of the device? This presentation will discuss challenges of ensuring the device is what it claims to be, how the supply chain effects the assurance level of that identity, new technologies that can be used to provide hardware based identity, and other security features than can be enabled by the secure device identity.

If you are interested in what cyber-related technologies will be most relevant at the time you graduate, and where many of the cutting-edge jobs will be, then this talk will be of interest. This presentation will be a high level view of where Lockheed Martin and what where we think the government is heading in terms of Cyber security and especially in wireless technologies realm such as Wi-Fi, Cellular, Wi-Max, and Zigbee communications. This presentation will also discuss the cyber capabilities in Hanover, MD and the new NexGen cyber security center in Gaithersburg. The presentation will lead into how some of our interns contributed to the cyber arena and later were hired and became permanent members of the Lockheed team. We would like the talk to be as interactive as possible to help answer questions from students and graduates on cyber security topics and how Lockheed Martin can help those starting their careers in the cyber security domain.

The power of modern websites emerges to a large extent from the ability to combine content from different sources. As an example, a site may include a Google map next to business information a user had been searching for. Combining content from possibly untrusted sites gives rise to all sorts of security concerns, as JavaScript has no concept of separating scripts from different sources. This has lead to several recent attacks like the Samy or Yamanner worms. This talk presents the state of the art in securing JavaScript for such settings and proposes a sandboxing facility for in-browser script separation.

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This study presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one’s level of morality. The results have implications for both the research and practice of IS security.

If you were stranded on a rarely used road during the height of the blizzard, what would your reaction be if after hours of waiting you saw headlights in the distance? JOY, JOY, JOY! Jesus is the rescuer. This is why we sing, Joy to the world

Hope for Such a Time as This Vision 411

Hope for Such a Time as This Vision 411

Computer-related incidents that have the potential to destabilize, violate, or damage, the resources, services, policies, or data of the community or individual members of the community are happening in increasing numbers. Despite the news, we know that they are happening not just in academia which has been painted as insecure and wide-open, but in corporate and not-for-profit environments as well. We have inclinations about what is causing these incidents, but now we also have facts. While we look for technical fixes to the problems, the real factors that are related to the cause of these incidents may not be technical at all, but rather human. This presentation will discuss the "Computer Incident Factor Analysis and Categorization Project", CIFAC, which was carried on at the University of Michigan under funding from the National Science Foundation. Dr. Rezmierski will present the project findings and will discuss what they mean for colleges, universities, corporations, not-for-profit organizations and individuals. The presentation will include discussion of actual incidents, the statistical methodology and findings, and the recommendations put forward by the researcher team.

IP spoofing accompanies many malicious activities and is even means for performing reflector DDoS attacks. Route-based filtering (RBF) enables a router to filter spoofed packets based on their incoming interface - this information is stored in an incoming table. Packets arriving on the expected incoming interface for their source address are considered legitimate, while all the other packets are filtered as spoofed. Past research has shown that RBF can be very effective when deployed at the vertex cover of the Internet AS-map (about 1500 ASes) but no practical approach has been proposed for incoming table construction. We first show that RBF achieves high effectiveness even if the number of deploying points is very small (30 chosen deployment points reduce the amount of the spoofed Internet traffic to 5%). We further show that completeness of the incoming tables is critical for filtering effectiveness - partially full tables are as good as empty. This implies that routers cannot rely on reports of a few participating domains to build their incoming tables, but instead must devise means of accurately "guessing" incoming interface information for all traffic they see. Their guessing strategy must quickly react to offending traffic and determine with high accuracy whether the reason for the offense was a route change (in which case incoming interface information must be updated) or spoofing. We next propose a protocol called Clouseau which builds accurate incoming tables at RBF routers, and keeps these tables up to date in face of frequent route changes. Clouseau infers incoming table information by applying randomized drops to offending TCP traffic and observing its retransmission behavior. No communication is required with packet sources or other RBF routers, which makes Clouseau suitable for partial deployment. The inference process is further resilient to subversion by an attacker who is familiar with the design of Clouseau.

Basing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an convenient, expressive, and well-understood framework in which to work with authorization policy. This talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. It will then discuss efficient and effective evaluation of RT policies that are stored in a distributed manner. After discussing these basics, the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We will consider several such properties of RT policies, many of which we will see can be decided efficiently. For other properties, we will see that the complexity depends on the subset of RT in which the policy is expressed. This part of the talk will conclude by discussing some prospects for continued research in this area. Finally, the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. This research was funded by DARPA and the NSF.

Wonder: Learning to wonder again at the gift of life. HYMNS & SONGS: `O Come, All Ye Faithful `Hark! The Herald Angles Sing `What Child is This? `Away in a Manger `O Holy Night `In the Bleak Midwinter `Silent Night