Trustworthy Cyber-Physical Critical Infrastructures via Physics-Aware and AI-Powered Security

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

Oct. 14, 2021 | 11 a.m. EDT

Saman Zonouz
Rutgers University

Title: Trustworthy Cyber-Physical Critical Infrastructures via Physics-Aware and AI-Powered Security

Abstract: Critical cyber-physical infrastructures, such as the power grid, integrate networks of computational and physical processes to provide people across the globe with essential functionalities and services. Protecting these critical infrastructures’ security against adversarial parties is a vital necessity because the failure of these systems would have a debilitating impact on economic security, public health and safety. Our research aims at provision of real-world solutions to facilitate the secure and reliable operation of next-generation critical infrastructures. This requires interdisciplinary research efforts across adaptive systems and network security, cyber-physical systems, and trustworthy real-time detection and response mechanisms.

In this talk, I will focus on real past and potential future threats against critical infrastructures and embedded controllers, and discuss the challenges in design, implementation and analysis of security solutions to protect cyber-physical platforms. I will introduce novel classes of working systems that we have developed to overcome these challenges. In particular, I will present our solutions for security verification of cyber-physical controllers for safe power grid and avionics operations. I will review our results to protect additive manufacturing and 3D printer security to ensure structural integrity of the ultimate printed objects. Finally, I will briefly talk about our recent efforts in security monitoring of the controller side-channel signals for online attack detection purposes.

Bio: Saman Zonouz is an Associate Professor in the Electrical and Computer Engineering Department at Rutgers University. His research focuses on security and privacy research problems in cyber-physical systems including the attack detection and response capabilities using techniques from systems security, control theory and artificial intelligence. His research has been awarded by Presidential Early Career Awards for Scientists and Engineers (PECASE), NSF CAREER Award in Cyber-Physical Systems (CPS), Significant Research in Cyber Security by the National Security Agency (NSA), and Faculty Fellowship Award by Air Force Office of Scientific Research (AFOSR). He was invited to co-chair the NSF CPS PI Meeting as well as the NSF CPS Next Big Challenges Workshop in 2021. Saman has served as the chair and/or program committee member for several conferences (e.g., IEEE Security and Privacy, CCS, NDSS, DSN, and ICCPS). Saman obtained his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign in 2011.

Website: https://www.ece.rutgers.edu/Zonouz

Hosted by: Wenke Lee, Professor, Executive Director of IISP, and John P. Imlay Jr. Chair in Software

The Debate that Changed Programming: A Living History of Computing’s Famous Collaboration

The Debate that Changed Programming: A Living History of Computing’s Famous Collaboration

Thursday, June 17, 7 – 8:30 PM ET

There are many inflection points in the modern history of computer science. One such moment has reverberated through the decades. Save the Date for June 17 for a living history of “The Debate that Changed Programming,” with Richard DeMillo and Dick Lipton, the men who live it.

The Debate That Changed Programming: A Living History

Georgia Tech’s College of Computing Presents:

The Debate that Changed Programming:  A Living History of Computing’s Famous Collaboration

Moderated by Harry R. Lewis of Harvard University

Thursday, June 17, 2021 | 7 – 8:30 PM ET | LIVE WEBCAST

A quarter century into the modern era of computing, two young assistant professors joined forces with the legendary Alan Perlis, one of the founding fathers of American computer science, and would publish a paper challenging the conventional wisdom that computer programming should be formal and mathematical. It was a shot across the bow to Edsgar Dijkstra, Tony Hoare and many others who sought the certainty of mathematical proofs of software correctness. The paper would become a lightning rod for a debate that would continue for the better part of four decades. It moved federal funding patterns and was the backdrop for dramatic showdowns between formalists and pragmatists.

Twenty years later, those same assistant professors ended up in the College of Computing at Georgia Tech to continue their lifelong collaboration. One of them, W. Storey Professor of Computing Richard “Dick” Lipton was the first Georgia Tech computer scientist elected to the National Academy of Engineering. The other was Richard “Rich” DeMillo, who left his position as Chief Technology Officer at Hewlett-Packard to become the John P. Imlay Jr. Dean of Computing.

Their seminal 1979 work, “Social Processes and Proofs of Theorems and Programs,” is now part of a new collection of 46 classic papers in computer science published as a book this year from the MIT Press. Ideas That Created the Future by Harvard Professor Harry Lewis spans the intellectual birth and growth of the field – from Leibnitz and Boole to Knuth and RSA – and covers the sweeping discoveries and advancements that have come to define computer science. As Lewis points out in his introductory essay, “The fact that some computer scientists still bristle when this paper is mentioned is testament to its dialectic force.”

The College of Computing at Georgia Tech invites you to take part in a historical conversation between Rich DeMillo and Dick Lipton, two pioneers in computer science who helped shape a field that has come to reshape how we live every day.

Join the virtual fireside chat, Thursday, June 17, 2021, at 7 PM ET, for this living history – as told by the men who lived it – and hear about the experiences and their roles in this turning point in computer science.

Moderator:

Image Credits: Kathy Pham; public domain

Harry R. Lewis is Gordon McKay Research Professor of Computer Science at Harvard University. Now retired but still teaching, he also served Harvard as Dean of Harvard College and as interim Dean of Harvard’s Engineering School. He is a member of Harvard’s Theory of Computation group, and of the board of directors of the Electronic Privacy Information Center (EPIC). Lewis is editor of the recently published book Ideas That Created the Future (MIT Press, 2020), which collects forty-six classic papers in computer science that map the evolution of the field, with a context-setting introduction to each.

Living History Speakers:

Richard DeMillo is the Charlotte B. and Roger C. Warren Chair of Computer Science and Professor of Management at Georgia Tech. He founded the Center for 21st Century Universities (C21U) and was named a Lumina Foundation Inaugural Fellow in recognition of his work in higher education and C21U. He previously served as Hewlett-Packards’s first Chief Technology Officer, directed the Computer and Computation Research Division of the National Science Foundation and was the John P. Imlay Dean of Computing. He is currently chair for the new School of Cybersecurity and Privacy at Georgia Tech. 

Richard Lipton, a long-time member of the National Academy of Engineering, has held tenured faculty appointments at Yale University, the University of California at Berkeley, and Princeton University before joining the faculty in the College of Computing at Georgia Tech. For his startlingly original work, often spanning distant parts of the field, he was awarded the 2014 Knuth Prize. He is also a member of AAAS and was a Guggenheim Fellow in 1981 and a fellow of the ACM in 1997. He has had 17 graduate students and 142 academic descendants.

Global Trends in Digital Infrastructure

May 6, 1-5 pm ET

The COVID-19 pandemic has forced businesses to transform how they operate, driving extraordinary demand for digital service providers and a need for increased connectivity. Organizations that require additional infrastructure have struggled with this rapid shift in demand.

This May 6, 2021 virtual event, hosted by GT CIBERUIBS, and Equinix, will take a deep dive look at Global Trends in Digital Infrastructure with help from Senior Executives and Experts. Five trends are impacting today’s digital transformation challenges increasing the need for interconnection.

  • Digital Business: Moving to fully digitized services is now more crucial than ever. As new demand for distributed digital engagement rises, businesses need to solve remote workforce, network efficiency, and workflow latency issues.
  • Urbanization: Businesses need wider distribution of services to enhance local interaction. As population centers grow, businesses will have greater demands for distributed compute, and will need to manage the complexities of localization.
  • Cybersecurity: Cyberthreats are accelerating. As the number of user devices and cloud resources increases, organizations must solve for distributed security risks.
  • Data Volumes & Compliance: Growth of localized data is outpacing the ability to manage it. Most of the world’s ever-increasing data volumes are not being leveraged for actionable insights.
  • Business Ecosystems: Connectivity to multiple ecosystems is key to growth and innovation. API-driven application exchange issues, real-time engagement, multiparty workflows and dynamic service chains require on-demand connectivity to a variety of ecosystems at the lowest latency.

SPEAKERS Confirmed and invited

  • Dr. Richard DeMillo, Chair, School of Cybersecurity and Privacy, Professor
    Charlotte B. and Roger C. Warren Chair of Computing, and Executive Director, Center for 21st Century Universities (C21U), Georgia Institute of Technology (GaTech)
  • Mr. Tanuj Raja, Global Head, Strategic Partnerships, Google Cloud
  • Mr. CB Velayuthan, Global Managing Director, Strategic Alliance, Equinix
  • Mr. Mark H Thomas, Managing Director and CIO, Evicore
  • Mr. Olli Junnila, CTO, Nokia
    Ms. Lakshmi Sharma, Director, Product Management, Networking,Google Cloud
  • Mr. Flavio Villanustre, VP, Technology & CISO, RELX Distinguished
    Technologist, LexisNexis Risk Solutions Group
  • Mr. Michael Montoya, Chief Information Security Officer, Equinix
  • Mr. Ravi Venkatesan, Chief Technology Officer, USA Technologies Inc.
  • Mr. Chad Shaffer, Digitalization, Business Development Executive, Siemens
  • Mr. Irfan Khan, CEO and President, CLOUDSUFI

Hosts and Moderators

  • Dr. John McIntyre, Professor of Management and International Affairs
    Executive Director, Georgia Tech Center for International Business Education & Research, Scheller College of Business, Ga Tech
  • Dr. Brian Canada, Chair, Department of Computer Science,
    Associate Professor of Computational Science University of South Carolina
    Beaufort (USCB)
  • Mr. Ani Agnihotri, Co-Founder and CEO, Marshall Automation America, Inc. Managing Partner, USIBRC & Chair, UIBS

“Sensing with Random Encoding for Enhanced Security in Embedded Systems”

Friday, April 23, 2021 | 12 – 1 pm | REGISTER NOW

Kevin Hutto
Ph.D. Student – Georgia Tech ECE

Co-sponsored by the School of Cybersecurity and Privacy and the Institute for Information Security and Privacy

Abstract:

Embedded systems in physically insecure environments are subject to additional security risk via capture by an adversary. A captured microchip device can be reverse engineered to recover internal buffer data that would otherwise be inaccessible through standard IO mechanisms. We consider an adversary who has sufficient ability to gain all internal bits and logic from a device at the time of capture as an unsolved threat. In this talk we present a novel sensing architecture that enhances embedded system security by randomly encoding sensed values. We randomly encode data at the time of sensing to minimize the amount of plaintext data present on a device in buffer memory. We encode using techniques that are unintelligible to an adversary even with full internal bit knowledge. The encoding is decipherable by a trusted home server, and we show an architecture to perform this decoding. Our experimental results show the proposed architecture meets timing requirements needed to perform communications with a satellite utilizing short-burst data, such as in remote sensing telemetry and tracking applications.

Speaker Bio:

Kevin Hutto is a PhD student at the Georgia Institute of Technology in the school of Electrical and Computer Engineering. Before starting graduate school he spent five years in the US Navy serving as an officer in the engineering department on a nuclear submarine. As a student at Georgia Tech he has been part of Dr. Mooney’s Hardware/Software Codesign for Security group, working to improve security in areas historically overlooked.

Systems & Cryptography Research in Defense of Democracy

April 13, 2021 12:00 p.m | LINK

Mike Specter
Ph.D. candidate in Electrical Engineering and Computer Science at MIT

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

Abstract:

In the recent U.S. primary and presidential elections, the COVID-19 pandemic forced states to prepare for the eventuality that voters would not be able to cast their ballots safely in person. As a result, many elections administrators planned to deploy commercial internet voting systems to help facilitate remote participation in the elections. While internet voting has motivated decades of research in cryptography and systems security, the design and security guarantees of the commercially-available internet voting systems were largely unknown and intentionally obfuscated. 

In this talk, I will present my research which provided the first comprehensive security evaluation of the dominant internet voting systems used in U.S. federal elections. My analysis revealed that all such systems suffer from flaws that could allow attackers to expose a voter’s private ballot, change votes, or otherwise influence an election’s outcome. As a direct result of this work, many states altered or canceled plans to use these internet voting systems in the 2020 primary and general elections. 

Central to this research is an understanding of how the economic, regulatory, and technical attributes of actors can result in a misalignment of incentives, ultimately leading to security vulnerabilities in high-stakes systems. Expanding on this theme, I will discuss my work on two similar problem domains — practical deniable messaging protocols and encryption and surveillance — that further demonstrate how an interdisciplinary approach is crucial for solving important societally-relevant problems in cryptography and systems security.

Bio:

Michael A. Specter is a Ph.D. candidate in Electrical Engineering and Computer Science at MIT, advised by Gerald Jay Sussman and Danny Weitzner. His research focuses on systems security and applied cryptography, with an emphasis on problems that have an impact on public policy and society. His interdisciplinary work earned him an Pioneer Award from the Electronic Frontier Foundation, a JD Falk Award from the M3AAWG, and a Google ASPIRE PhD fellowship. His research has been extensively covered in the popular press, including by The New York Times, The New Yorker, CNN, Vice, Bloomberg, Fortune, and The Economist. 

Specter holds Master’s degrees in EECS and Technology Policy from MIT. He has held research internships with both Apple and Google, and, prior to embarking on his Ph.D., he spent five years as a research scientist in MIT’s Lincoln Laboratory where he focused on operating systems security, vulnerability discovery, and reverse engineering in the interest of national security.

Function Equivalence with Symbolic Execution

April 16, 2021 | 12 – 1 pm EDT | LINK

Kennon Bittick
Research Scientist – GTRI CIPHER

Cybersecurity and Privacy Virtual Lecture Series
Co-sponsored by the School of Cybersecurity and Privacy and the Institute for Information Security and Privacy


Abstract:

Summarizing and comparing basic blocks or functions across different binaries or between binary and source code has many applications for program verification including verifying compilation, source or binary transformations, identifying patched code, and identifying library functions. This talk will present IRAD research on using static symbolic execution to prove source and binary function equivalence, with a focus on how breaking up functions or basic blocks into smaller, composable units can make the analysis tractable and bypass many common issues with symbolic execution.

Speaker Bio:

Kennon Bittick is a research scientist in the Software Assurance branch of GTRI. He has been a key technical lead and performer on security analyses of enterprise and embedded systems and has expertise in manual reverse engineering and system analysis, application of enterprise-focused static and dynamic analysis techniques to the embedded domain, and hybrid human-computer software analysis. Kennon holds a Master’s Degree in Computer Science from Georgia Tech and is the principal investigator on a number of internal and sponsored research programs.

“Security as a Whole – An Overview of a Security Management Framework in Today’s Society”

April 9th, 2021 | 12:00pm – 1:00pm EDT | LINK

Dr.Frederick Benaben
Professeur – IMT Mines Albi

Cybersecurity Virtual Lecture Series
Co-sponsored by the School of Cybersecurity and Privacy and the Institute for Information Security and Privacy


Abstract:

The consistency and the concordance of the parallel evolutions of security (as a whole) and society (as a complex system) might be questionable. Do security management practices and tools remain appropriate and efficient for our society’s insane trajectory towards hyper-density and hyper-connection? In order to explore this question, the webinar will focus on presenting a framework for characterizing and formalizing risk and security management before delivering some significant elements of our society’s evolution. By crossing the two and assessing the adequacy of security management approaches to current societal specificities, the needs and avenues of evolution of security will be put forward. The research conducted today and for more than 15 years by Frederick Benaben aims to formalize a systemic vision of risk and crisis management, in order to define and experiment the role that technological innovations can play in the deployment and evolution of information systems dedicated to security management. In his talk, Frederick Benaben will present both a theoretical framework for global security management and technological advances for security management adapted to the evolution of our society. 

Speaker Bio:

Dr. Frederick Benaben is Full Professor (Industrial Engineering Center, IMT Mines Albi), Adjunct-Professor at Georgia Tech ISyE and Beijing JiaoTong University SEM. At IMT Mines Albi, he is the head of the research axis “Security and Crisis Management”, of the thematic group “Model-Driven Engineering” and Director of the IS/AI Engineering Master Major. He is Director of the IOMEGA-VR Lab (Immersive Technologies for Security) and Co-Director of the International Laboratory SIReN (Sentient Immersive Response Network), between IMT Mines Albi and Georgia Tech ISyE. He works on the use of data to model instable situations and support decision making and security management. Frederick Benaben is the instigator and coordinator of the works on the R-IOSuite platform for crisis management which has been semi-finalist of the 2019 IBM Call4Code competition (one of the 5 selected European software, 25 worldwide, among 5,000+ competitors). Frederick Benaben believes in imagination, in the ideas you draw on the corner of a board, in interdisciplinarity and in hard and collective work for the purpose of applied research.

Imagine All The People On A Trustworthy Internet

Apr. 1, 2021 12:30 p.m | LINK

Marshini Chetty
Assistant Professor, Department of Computer Science University of Chicago

Presented By
GVU Center Distinguished Alumni
Brown Bag Seminar Series

Abstract:

Imagine a world where the Internet caters to all types of users and hosts trustworthy content. Right now, this world seems far off for many reasons. For instance, this world would require us to think more broadly of user needs beyond an `average’ tech-savvy adult user—one who is assumed to be always online with a reliable Internet connection. Moreover, this world would require us to host content that is not misleading or manipulative in some way—content that can be evaluated at face value by various users. To achieve this lofty goal, we first need to deeply understand and catalogue different types of Internet users’ needs and also develop ways to assess and make misleading online content more apparent to end-users.

In this talk, I will present a set of case studies from my research lab that helps further the goal of a trustworthy Internet for all. I will describe various projects geared at understanding a wide variety of Internet users’ needs for online privacy and security in different contexts from children to those in developing contexts. I will also describe work that provides empirical evidence of misleading content online such as `dark patterns’ and disguised advertisements and create solutions to help users to better evaluate this content. These case studies will demonstrate how important it is to study the privacy and security needs of those who do not fit the “average” user mold and demonstrate possible solutions for helping users gain more trust in information on the Internet. I conclude with open questions for imagining an Internet which is more trustworthy and inclusive to all people.

Speaker Bio:

Marshini Chetty is an assistant professor in the Department of Computer Science at the University of Chicago where she directs the Amyoli Internet Research Laboratory (AIR lab). She specializes in human-computer interaction, usable privacy and security, and ubiquitous computing. Her work has won best paper and honorable mention awards at SOUPS, CHI, and CSCW, and she was a co-recipient of the Annual Privacy Papers for Policymakers award. Her research has been featured in the NYTimes, CNN, Washington Journal, BBC, Chicago Tribune, The Guardian, WIRED, and Slashdot. She has received generous funding from the National Science Foundation, through grants and a CAREER award, as well as the National Security Agency, Facebook, and multiple Google Faculty Research Awards. Marshini started her journey in the USA after she completed her MSc., BSc.(Hons), and BSc. in Computer Science at the University of Cape Town, South Africa (her beautiful home country). She received her PhD in Human-Centered Computing from Georgia Institute of Technology where she was advised by Prof. Rebecca Grinter. Marshini subsequently completed a postdoctoral fellowship at the College of Computing with Prof. Keith Edwards. Following another postdoctoral fellowship at ResearchICTAfrica, she also held faculty positions at University of Maryland, College Park, and Princeton University before moving to Chicago.

“Voice Biometrics and Emerging Security Threats in the Voice Channel”

Friday, April 2, 2021 | 12 – 1 pm | REGISTER NOW

Elie Khoury
Director of Research, Pindrop

Cybersecurity Virtual Lecture Series – Co-sponsored by the School of Cybersecurity and Privacy and the Institute for Information Security and Privacy

Abstract:

Voice Biometrics is the automated recognition of individuals based on their voice characteristics that are both biological and behavioral. Voice Biometrics is currently deployed in many real world applications for personalization like voice assistants (e.g. Alexa and Google Home) or authentication and fraud prevention (e.g. in call centers). During this talk, we’re going to describe how a voice biometrics system works, what are its main different components? How deep learning is helping this task? What are the current research challenges? In covid-19 era, how does wearing a mask affect the accuracy of voice biometrics? Additionally, we will focus on the emerging threats in the voice channel including deepfakes and replay attacks. We will finally describe our attempts to secure voice biometrics against those vulnerabilities.

Speaker Bio:

Dr. Elie Khoury is a Director of Research at Pindrop. He received his Master degree and his Ph.D from the University of Toulouse (France) in 2006 and 2010, respectively. Before joining Pindrop, He occupied research roles at Google (USA), Idiap Research Institute (Switzerland), University of Eastern Finland (Finland), University of Maine (France), Columbia University (USA), and Institut de Recherche en Informatique de Toulouse (France). His research interests include biometrics, mainly speaker and face recognition and anti-spoofing. His research work was published in top conferences and journals in the field of Biometrics, speech and image processing. Dr. Khoury is a regular scientific committee member at IEEE ICASSP, Interspeech and Odyssey.