Cybersecurity and Continuing Education

userpic=acsacSince 1990, I have had the honor and the privilege of being the Training Chair for the Annual Computer Security Applications Conference (ACSAC), one of the three original conferences on what is now called Cybersecurity. ACSAC, which is held in early December in the sunbelt, is an approximately 200-250 person conference that brings together academics and industry to connect and talk about the application of computer security cybersecurity research. Attendance is about 25% international.

The conference, which this year takes place the week of December 5 at the beautiful Hilton Universal City in Los Angeles, consists of two days of training and workshops, followed by a two-and-a-half day technical conference. The purpose of this post is to highlight this year’s training program. Advance registration ends 11/14/2016. I encourage you, if you have an interest in cybersecurity, to attend one or more of our training courses:

Monday, December 5, 2016
M1 Understanding and Contrasting Android Malware at Runtime
Giovanni Russello, University of Auckland
M2 Program Analysis and Machine Learning to Improve Security and Privacy
Paolina Centonze, Iona College
M3 angr: Advancing Next Generation Research into Binary Analysis
Fish (Ruoyu) Wang, Yan Shoshitaishvili, and Chris Salls, UC Santa Barbara
Tuesday, December 6, 2016
T4 Practical Homomorphic Encryption
Kurt Rohloff, New Jersey Institute of Technology
T5 Big Data Analytics Over Encrypted Data
Hassan Takabi, University of North Texas
T6 Hands-On Interactive Car Hacking
Craig Smith, Theia Labs and Brendan Harris, US Dept. of Transportation Volpe Center
T7 Steganongraphy with Malware Applications
John Ortiz, Harris and UT San Antonio

Tutorials T4 and T5 are half-day, the rest are full day. Click here to register for the conference; there are discounts for locals and those staying in the conference hotel. To register at the hotel, click here. Tutorials cost $575 (full day), $300 (half day); students are $300 (full), $150 (half). Rates include a good-sized continental breakfast and lunch (I know, I’m doing local arrangements and the food as well). Rates go up after 11/14.

Here is a summary of the tutorials:

M1 – Understanding and Contrasting Android Malware at Runtime
Giovanni Russello, University of Auckland

Android is not only dominating the mobile device market (smartphones and tablets), but is also becoming predominant in mission critical support and infotainment car systems. The implication of its security issues can be very important in these areas as well. For instance, through Android malware could find its way to interact with the Can Bus system of a car. Also, Android is very relevant in Internet of Things (IoT) devices where it is being used as OS.

This course will be organised as follows. Firstly, to bring everyone up to speed, we will discuss some relevant access controller models used in Android. Then we will move into details about Android and detailing some of its internals. Next, we will study Android security mechanism and features. We will cover also recent research efforts for enhancing some aspect of Android security framework. In the last part of the course, we will focus on Android malware highlighting the attack types and providing details of some malware families. One of the common characteristics of Android malware is that most of them use reverse engineering for repackaging benign apps with malicious payloads. In view of this, we will cover some of the recent approaches that deal with app tampering detection and protecting. We will conclude with a Q&A session.

M2 – Program Analysis and Machine Learning to Improve Security and Privacy
Paolina Centonze, Iona College

Today’s software systems are large and complex.  This dramatically complicates security analysis and auditing because existing tools that perform program analysis and auditing do not easily scale to large and complex programs, and if they do so, it is at the expense of accuracy and precision.  Even though automated security analysis technologies have become a necessity, the traditional dichotomy between scalability and precision has led most security tool developers to make their analyses too conservative (with too many false positives) and/or unsound (with false negatives).  Security analyses that report overly conservative cannot be effectively used in production environments, whereas unsound analyses do not lend themselves to be used for program security certification.  In the last few years, security researchers have studied how to bypass the traditional scalability/precision dichotomy by combining Program Analysis with Machine Learning.  One approach is to inject statistical learning techniques into the program analysis algorithms in order to guide the analysis towards the production of accurate results.  An orthogonal approach consists of executing a conservative security analysis and to then apply Machine Learning to the results of the analysis in order to eliminate as many false positives as possible, possibly without eliminating the analysis’ true positives.  This approach has been shown to be very promising, to the point that numerous industrial security analysis providers have started to adopt it, with excellent results.

The course Program Analysis and Machine Learning to Improve Security and Privacy introduces the state of the art in the area of Program Security Analysis, and then show how Machine Learning can be integrated into Program Analysis either for producing better results right away, or for cleansing existing results.

M3 – angr: Advancing Next Generation Research into Binary Analysis
Fish (Ruoyu) Wang, Yan Shoshitaishvili, and Chris Salls, UC Santa Barbara

Software is becoming increasingly more complex, and vulnerabilities more subtle. Better approaches are required to effectively analyze modern binaries, efficiently identify deeply buried defects, and intelligently assist human analysts with specific software reversing tasks. Tons of good techniques and approaches regarding binary analysis have recently emerged from both academia and industry, many of which are fairly applicable to real-world binary research tasks. However, due to the lack of a flexible and approachable binary analysis platform, testing and applying these techniques becomes a difficult job.

angr is the next-generation binary analysis platform developed by the SecLab of University of California, Santa Barbara. It is flexible, easy to work with, cross-platform and cross-architecture, and has many techniques from academia already implemented and embedded inside. In this course, we will start about the fundamental underpinnings of angr, dynamic symbolic execution, and static binary analysis. We will then demonstrate best practices in doing symbolic execution and data dependence tracking in angr. In the end, we will show how angr can assist in bug hunting. All demos will be performed on CTF challenges and real-world programs.

T4 – Practical Homomorphic Encryption (Half Day)
Kurt Rohloff, New Jersey Institute of Technology

One of the first major breakthroughs of computer science in the 21st century is the demonstration of public-key Fully Homomorphic Encryption (FHE). FHE allows sensitive data to be encrypted such that arbitrary programs can be securely run over the encrypted data where the output, when decrypted, is equivalent to the result of running the original algorithm on the unencrypted data. Unfortunately, FHE was not practical when it was discovered – it was several orders of magnitude too inefficient to be economically feasible. This tutorial will review advances in FHE, from theory, implementation and application perspectives. In particular, the tutorial will focus on how homomorphic can be used in practice, with a focus with building on top of existing homomorphic encryption software implementations. We will particularly focus on how to design data structures and algorithms that lead to efficient and secure computing on encrypted data in real software.

T5- Big Data Analytics Over Encrypted Data (Half Day)
Hassan Takabi, University of North Texas

With increasing growth of cloud services, machine learning services can be run on cloud providers’ infrastructure, essentially offering Machine Learning as a Service (MLaaS). However, machine learning solutions require access to the raw data, which creates potential security and privacy risks. Therefore, we need to provide solutions to run machine learning algorithms on encrypted data and allow the parties to provide/ receive the service without having to reveal their sensitive data to the other parties. In this tutorial, we present state-of-the-art privacy preserving machine learning with focus on how to design and implement different machine learning algorithms, both classic and deep learning algorithms, over encrypted data. The tutorial includes an overview of cryptographic mechanisms such as homomorphic encryption and secure multiparty computation. Then, we provide a detailed explanation of how classic machine learning algorithms are implemented over encrypted data. Next, a brief overview of deep learning and its challenges in encrypted domain will be presented and discussions on how to address those challenges will be provided. Finally, some real world application scenarios will be discussed.

T6 – Hands-On Interactive Car Hacking
Craig Smith, Theia Labs and Brendan Harris, US Dept. of Transportation Volpe Center

Modern day automobiles are complex machines which can contain 60-100 embedded Electronic Control Units (ECUs) running on a Controller Area Network (CAN) bus, networks to support these units, and a host of external interfaces, both wired and wireless. A Controller Area Network (CAN bus) is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer and it is a message-based protocol, designed for multiplex electrical wiring within automobiles Wired interfaces can include Universal Serial Bus (USB), compact disks (CDs), digital video disks (DVDs), and secure digital (SD) cards. Wireless interfaces can include short range and long range connectivity, such as via Bluetooth, Wi-Fi, Radio Frequency (RF), cellular, RF from RADAR, etc. The wireless interfaces can support a host of features including: remote Tire Pressure Monitoring Systems (TPMS), telematics, and Smart key keyless entry/ignition start. Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) on the horizon. All of these forms of increased electronic control and connectivity promise tremendous benefits for efficiency, comfort, and driving safety, but also raise the risks of cybersecurity vulnerabilities and attacks.

In this class, students will learn about different vehicle networks and how they work. We will discuss Pulse-Width Modulation (PWM), K-Line protocol, CAN, FlexRay and others. This hands-on course using open source automotive tools will take a deep dive into CAN networks, how they work and how to reverse engineer them. The students will leave the class with all the knowledge necessary to start reversing automotive CAN packets and other diagnostic protocols.

T7 – Steganongraphy with Malware Applications
John Ortiz, Harris and UT San Antonio

In 2010 the FBI discovered that Russian spies had been using steganography to communicate clandestinely. In 2011, a suspected Al Qaeda member was found to possess a pornographic video with 141 hidden text files containing future plans. How many adversaries using steganography remain undiscovered? Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, many more sophisticated techniques are much less well-known.

This course introduces you to basic data hiding terminology, background, and concepts and then showcases some more advanced steganographic techniques, some with very high data hiding capacities. One technique successfully hides in a jpeg with a typical capacity of 15 to 20% and you can’t see it! Another technique boasts a 50% capacity in a bitmap. We’ll explore data compression, jpeg, cryptographic hiding,  and hidden data detection (steganalysis) techniques and concepts too. Scattered throughout the course are working demonstrations using several steganographic programs – YOU can decide their effectiveness for yourself. Can you see it? Can you hear it? We shall see … or not!