IEEE Cybersecurity Development Conference

September 30-October 2, 2018 | Cambridge, MA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Register

Keynote

Posted on: March 6th, 2018 by Jessica Hedges

Keynotes

Dawn Song
Professor, University of California, Berkeley

Dawn Song is a Professor in the Department of Electrical Engineering and Computer Science at UC Berkeley. Her research interest lies in deep learning, security, and blockchain. She has studied diverse security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, distributed systems security, applied cryptography, blockchain and smart contracts, to the intersection of machine learning and security. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award, the Faculty Research Award from IBM, Google and other major tech companies, and Best Paper Awards from top conferences in Computer Security and Deep Learning. She obtained her Ph.D. degree from UC Berkeley. Prior to joining UC Berkeley as a faculty, she was a faculty at Carnegie Mellon University from 2002 to 2007.

Building and Deploying Secure Systems in Practice: Lessons, Challenges and Future Directions
9:15 am, Monday, October 1, 2018

In this talk, I will share the lessons learned during the process of designing and developing technologies for building secure systems and deploying them in practice. I will first give a few examples of our work that has been deployed in practice. Our work (in collaboration with Google) on Context-sensitive Auto-Sanitization of Web Applications helps eliminate XSS vulnerabilities from web applications and has been used to secure many high-profile applications such as GMail and Google Docs. Our work in mobile security has led to a successful startup (Ensighta Security, later acquired by FireEye, Inc). Its mobile security product and features have been deployed worldwide to protect major enterprises and institutions, and have detected numerous real-world mobile malware. Our work on new technology for secure browsing has become the core product of Menlo Security that my team has co-founded, winning numerous awards including Information Week’s 10 Innovative Network Security Startups and Forbes’ Hottest Cybersecurity startup.

Our recent work on new techniques to enable practical, privacy-preserving data analytics and machine learning has been deployed at Uber. This is one of the first real-world deployments for general privacy-preserving data analytics with differential privacy. Our most recent work on scalable and confidentiality-preserving smart contracts has led to a new venture, Oasis Labs, aiming to build the next-generation blockchain to enable fundamentally new applications on blockchain that couldn’t be built before.

From the experiences gained from these examples, I will summarize the lessons learned and discuss the challenges and future directions in building and deploying secure systems.

Kathleen Fisher

Professor, Chair of Computer Science, Tufts University

Kathleen Fisher is a Professor in and the Chair of the Computer Science Department at Tufts. Previously, she was a program manager at DARPA where she started and managed the HACMS and PPAML programs, a Consulting Faculty Member in the Computer Science Department at Stanford University, and a Principal Member of the Technical Staff at AT&T Labs Research. Kathleen’s research focuses on advancing the theory and practice of programming languages and on applying ideas from the programming language community to the problem of ad hoc data management. The main thrust of her work has been in domain-specific languages to facilitate programming with massive amounts of ad hoc data. Recently, she has been exploring synergies between machine learning and programming languages and studying how to apply advances in programming languages to the problem of building more secure systems.

Provably Eliminating Exploitable Bugs
9:30 am, Tuesday, October 2, 2018

For decades, formal methods have offered the promise of software that doesn’t have exploitable bugs. Until recently, however, it hasn’t been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. It has been proven to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and to enforce integrity and confidentiality properties. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution in the formal methods community, including increased processor speed, better infrastructure like the Isabelle/HOL and Coq theorem provers, specialized logics for reasoning about low-level code, increasing levels of automation afforded by tactic languages and SAT/SMT solvers, and the decision to move away from trying to verify existing artifacts and instead focus on co-developing the code and the correctness proof.

In this talk I will explore the promise and limitations of current formal methods techniques for producing useful software that provably does not contain exploitable bugs. I will discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quad-copters, helicopters, and automobiles.

Invited Speakers

Leslie Weiner Alger

Executive Coach and Founder, Creative Edge Leadership

Leslie Weiner Alger Is the founder of Creative Edge Leadership, an executive coaching and leadership development firm with a focus on transforming technical managers and experts into outstanding leaders. As an executive coach Leslie has extensive experience working with leaders in fields such as engineering, information technology, science, and finance; helping them to make their leadership skills as outstanding as their technical skills. Leslie draws upon her extensive leadership experience to infuse her coaching and workshops with real-world examples and strategies. With an academic background in Electrical Engineering from MIT, Leslie has 20 years experience leading large groups of engineers, IT professionals and financial analysts in a fast paced R&D environment at MIT Lincoln Laboratory (MIT LL). She also has over 15 years experience leading diverse teams in an international nonprofit organization.

5:15 pm, Monday, October 1, 2018
Birds of a Feather Session: Women in Cybersecurity

Dr. Hamed Okhravi

Senior Staff, MIT Lincoln Laboratory

Dr. Hamed Okhravi is a Senior Staff member at the Cyber Security Division of MIT Lincoln Laboratory, where he leads programs and conducts research in the area of systems security. He is the recipient of 2014 MIT Lincoln Laboratory Early Career Technical Achievement Award and 2015 Team Award for his work on cyber moving target research. He is also the recipient of an honorable mention (runner-up) at the 2015 NSA’s 3rd Annual Best Scientific Cybersecurity Paper Competition. He has served as a program chair for the ACM CCS Moving Target Defense (MTD) workshop and as a program committee member for a number of academic conferences and workshops including ACM CCS, NDSS, RAID, ACNS, and IEEE SecDev. Dr. Okhravi earned his MS and PhD in electrical and computer engineering from University of Illinois at Urbana-Champaign in 2006 and 2010, respectively.

5:15 pm, Monday, October 1, 2018
Birds of a Feather Session: Moving Target Defenses: Where to Next? (Session Lead)

Prof. Marco Carvalho

Dean of the College of Engineering and Science and Professor of Computer Science, Florida Institute of Technology

Marco M. Carvalho is a Professor in Computer Sciences at the Florida Institute of Technology, in Melbourne, FL/USA. He graduated in Mechanical Engineering at the University Brasilia (UnB Brazil), where he also completed his M.Sc. in Mechanical Engineering with specialization in dynamic systems. Dr. Carvalho also holds a M.Sc. in Computer Science from the University of West Florida and a Ph.D. in Computer Science from Tulane University, with specialization in Machine Learning and Data Mining. At Florida Tech, Dr. Carvalho is the Dean of the College of Engineering and Science, and the Executive Director of the Harris Institute for Assured Information. Dr. Carvalho is the Principal Investigator of several research projects in the areas of cyber security, moving target defense, distributed and federated defense systems, and tactical communication systems. Dr. Carvalho can be contacted at mcarvalho@fit.edu.

5:15 pm, Monday, October 1, 2018
Birds of a Feather Session: Moving Target Defenses: Where to Next? (Session Co-Lead)

Dr. Andrew Gearhart

Senior Data Scientist, Johns Hopkins University Applied Physics Laboratory

Dr. Gearhart is a member of the Senior Technical Staff at the Johns Hopkins University Applied Physics Laboratory and has research interests in machine learning and software diversification. He is passionate about projects involving automated image and text analysis, and has been co-leading a research effort into the underlying science of software diversity for the past several years. Dr. Gearhart holds a PhD in computer science from the University of California, Berkeley and undergraduate degrees in psychology, mathematics, and computer science from the University of Delaware.

5:15 pm, Monday, October 1, 2018
Birds of a Feather Session: Moving Target Defenses: Where to Next? (Session Co-Lead)

Ms. Rosalie McQuaid

Department Head, MITRE

Rosalie M. McQuaid is the Department Head of the Cyber Resiliency Department of MITRE’s Cyber Solutions Technical Center and has been in the field of cyber and information security since 1991. In addition, Ms. McQuaid is the focal point for MITRE’s cyber resilience work area, has led MITRE’s cyber network defense support to Air Force Research Lab (AFRL) in Rome NY, and has been a Principal Investigator in MITRE’s Innovation program. Ms. McQuaid joined MITRE in 1984 and has spent her career on cyber security, information and mission assurance, and network and protocol technology. She has served as principal investigator of multiple research projects including security information management, mission assurance for airborne networks and data exfiltration detection. She has successfully transitioned multiple research results to operational use via a range of approaches including successful participation in multiple large-scale experiments and integrated demonstrations. She has worked with NSA providing secure configuration guidance and network analysis tool development and the Air Force in the development of cyber network defense capabilities. Currently, Ms. McQuaid is focused on moving MITRE and the community forward toward the implementation of cyber resilience in our systems and architectures and developing systems resilient to the highest tier adversary during times of wartime crises.

5:15 pm, Monday, October 1, 2018
Birds of a Feather Session: Moving Target Defenses: Where to Next? (Session Co-Lead)