Category: Events

Synopsis:

Featuring Dr. Mike Nugent, Director of the Defense Language and National Security Education Office (DLNSEO), this panel examines opportunities for innovation and impact in the national security environment leveraging cross-cultural expertise and languages critical to national defense* to foster education and research about cyber security and privacy. Recognizing that successful cyber security and privacy studies in the 21st century must be a multilingual and multicultural space, the event also contextualizes Georgia Tech’s unique interdisciplinary strengths as a STEM-driven institution with nationally recognized language programs and recently founded School of Cybersecurity and Privacy. 

Topics addressed include

• The future of cyber security in a globally connected world
• Competencies required for the multilingual cybersecurity field
• Impactful career preparation for success in multilingual cybersecurity 
• Critical research areas that bridge languages and security in service of national, industry, and governmental needs
• Cross-cultural peace studies, national security, and cyber security
  
  The event will feature a Q&A session. It is free and open to the public with preregistration. 
  
  *National Security Education Program [NSEP] identifies 60 languages as “Critical Languages” for national security. The School of Modern Languages at Georgia Institute of Technology offers 11 of these languages: Arabic, Chinese, Farsi/Persian, Hebrew, Hindi, Korean, Japanese, Portuguese, Russian, Swahili, and Wolof. 

Welcome & Introductions: Anna Westerstahl Stenport, Professor of Global Studies; Chair, School of Modern Languages; Founding co-Director, the Atlanta Global Studies Center, Georgia Institute of Technology 

Speaker: 

• Michael Nugent, Ph.D., Director of Defense Language and National Security Education Office (DLNSEO), U.S. Department of Defense 

Roundtable responses:

• Jenny Strakovsky, Associate Director of Graduate Studies and Career Education, Teaching Faculty of German, School of Modern Languages, Georgia Institute of Technology 
• Annie Antón, Professor in (and former chair of) the School of Interactive Computing; also serves as the co-chair of the curriculum committee of the School of Cybersecurity and Privacy, Georgia Institute of Technology 
• Seymour Goodman, Regents Professor and Professor of International Affairs and Computing, Co-Director of the Center of International Strategy, Technology, and Policy in the Sam Nunn School; also serves as the co-chair of the curriculum committee of the School of Cybersecurity and Privacy, Georgia Institute of Technology 

Moderator and concluding remarks: Richard DeMillo, Interim Chair, School of Cybersecurity and Privacy; Charlotte B. And Roger C. Warren Chair of Computing, and Executive Director, Center for 21st Century Universities (C21U), Georgia Institute of Technology

Atlanta Global Studies Center: AtlantaGlobalStudies.gatech.edu

Atlanta Global Studies Center Collaboratorium series: AtlantaGlobalStudies.gatech.edu/Collaboratorium

Atlanta Global Studies Center (AGSC), a partnership of Georgia Institute of Technology and Georgia State University, is funded in part by a US Department of Education Title VI National Resource Center grant.

Mar. 9, 2021 | 12 pm EDT | LINK |

Xiaojing Liao,
Indiana University Bloomington

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

---

Title: Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence

Abstract: Program security analysis has been studied for decades. Various techniques, such as fuzzing, taint analysis, symbolic execution, have demonstrated their successes in vulnerability assessment. Today, the
availability of a large amount of program semantic data (e.g., manuals, developer documentation, related web content), and the advance of artificial intelligence technologies make it increasingly feasible to simulate human intelligence in understanding program semantics to discover software vulnerability automatically. In this talk, I will discuss my research toward in-depth and systematic semantic supports for automatic vulnerability assessment. Particularly, I will focus on two systems — Advance and Dilution — which automatically analyzes the developer’s guide to infer potential security flaws and API misuse, respectively.

Bio: Xiaojing Liao is an Assistant Professor in the Department of Computer Science at Indiana University Bloomington. Her research interests include data-driven security and privacy, with specific focuses on system security, cybercrime, as well as cyber-physical systems security and privacy. She has published papers on leading system security venues such as S&P (Oakland), Usenix Security, CCS, and NDSS. She is the recipient of the ACM SIGSAC Dissertations Award and NDSS Distinguish Paper Award.

Abstract:

Critical infrastructure, elections, and businesses are facing new trends of attacks. This talk discusses targets and TTP (Tactics, Techniques, and Procedures) of 2020 and explores what to expect for 2021.

Speaker Bio:

Mr. Hursti is considered one of the world’s foremost experts on the topic of electronic voting and critical infrastructure security, having served in all aspects of the industry sector. He is considered an authority on uncovering critical problems in electronic voting systems worldwide. In the last 15 years, Mr. Hursti has pursued this important area out of a sense of duty to his fellow citizens of the world, here are several of his critical findings and projects.

Abstract:

Accurately analyzing and modeling online browsing behavior plays a key role in understanding users and technology interactions. Specifically, understanding whether users have correct perceptions of their browsing behavior will help to identify key features for models of user behavior, which will, in turn, enable realistic-looking synthetic data generation. In this work, we designed and conducted a user experiment to collect browsing behavior data from 32 participants continuously for 14 days. The collected dataset includes URLs of visited websites, actions taken on each website (such as clicking links or typing in a textbox), and timestamps of all activities. Finally, we use this new dataset to empirically address the following questions: (1) Do people have correct perceptions of their level of online behavior? (2) Do people alter their browsing behavior knowing that they are being tracked? (3) How do structural properties of browsing patterns vary across demographic groups?

Speaker Bio:

Yuliia Lut is a Ph.D. candidate in the Department of Industrial Engineering and Operations Research at Columbia University supervised by Dr. Rachel Cummings. Her research interests primarily lie at the intersection of data privacy (differential privacy) and statistics with applications in machine learning. In particular, she works on designing privacy-preserving algorithms for machine learning and statistical models, as well as developing obfuscation techniques for online privacy protection.

Abstract:

Data provenance describes the detailed history of system execution, allowing us to understand how system objects came to exist in their present state and providing means to identify the root cause of system intrusions.

My research leverages provenance analytics to empower system defenders to quickly and effectively detect and investigate malicious behaviors. In this talk, I will first present a provenance-based solution for combating the “Threat Alert Fatigue” problem that currently plagues enterprise security.

Next, I will describe an approach for performing accurate and high-fidelity attack forensics using a novel adaptation of program analysis techniques. I will conclude by discussing the promise of provenance analytics to address open security and auditing problems in complex computing systems and emerging technologies.

Stories of devastating data breaches continue to dominate headlines around the world. Equifax, Target, and Office of Personnel Management are just a few examples of high-profile data breaches over the past decade. Despite a panoply of security products and increasing investment in data security, attackers are continually finding new ways to outsmart defenses to gain access to valuable data, indicating that current security approaches are ineffective.

Bio:

Wajih Ul Hassan is a doctoral candidate advised by Professor Adam Bates in the Department of Computer Science at the University of Illinois at Urbana-Champaign. His research focuses on securing complex networked systems by leveraging data provenance approaches and scalable system design. He has collaborated with NEC Labs and Symantec Research Labs to integrate his defensive techniques into commercial security products. He received a Symantec Research Labs Graduate Fellowship, a Young Researcher in Heidelberg Laureate Forum, an RSA Security Scholarship, a Mavis Future Faculty Fellowship, a Sohaib and Sara Abbasi Fellowship, and an ACM SIGSOFT Distinguished Paper Award.

► VIDEO | February 24, 2021 12 p.m. EDT

Jon Lindsay, University of Toronto

Cosponsored by the School of History and Sociology and the School of Cybersecurity and Privacy

Abstract:

There is a huge literature about Bletchley Park, one of the most stunning success stories in intelligence history. Yet questions remain about how to explain the extent and persistence of British signals intelligence success. This case takes on renewed importance in an era of endemic cyber conflict. Indeed, the cryptologic contest of World War II, a duel between encryption and decryption machines, might be described as the first cyber conflict. This essay develops a practice-based account of the exploitation and protection of the human and machine performances that facilitate organizational control. I infer three necessary but hard to meet conditions for intelligence success and show how Bletchley park met all three of them. First, shared sociotechnical protocols for communication and computation provide the potential for deception. Second, the intelligence agency combines the strengths of both top-down management and bottom-up adaptation. Third, the intelligence target combines the weaknesses of both organizational modes. If these conditions are met, then an organization can construct a secret information channel for collection or influence, but even this success will only ever have an indirect effect on political or military outcomes. Modern intelligence operations in and through global information infrastructure depend on these same conditions, although meeting them is often more difficult. 

Bio:

Jon R. Lindsay is Assistant Professor at the Munk School of Global Affairs & Public Policy and in the Department of Political Science at the University of Toronto. His research explores the impact of emerging technology on global security. He is the author of Information Technology and Military Power (Cornell University Press, 2020), co-editor of Cross-Domain Deterrence: Strategy in an Era of Complexity (Oxford University Press, 2019) and China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain (Oxford University Press, 2015), and has published widely in international relations, technology policy, and science studies. He holds a Ph.D. in Political Science from the Massachusetts Institute of Technology and an M.S. in Computer Science and B.S. in Symbolic Systems from Stanford University. He has also served in the U.S. Navy with operational assignments in Europe, Latin America, and the Middle East.

Feb. 19, 2021 | 12 pm EDT | LINK |

Michael A. Specter,
Massachusetts Institute of Technology

Cybersecurity Lecture Series
Presented by the Institute for Information Security and
Privacy and the School of Cybersecurity and Privacy

---

Abstract: Election security is ​hard​–elections themselves are complex socio-technical systems that encompass cryptography, systems security, and public policy. Providing a transparent, safe, and private voting system remains a complicated problem, motivating a number of research papers in both cryptography and systems security.

Unfortunately, COVID-19, overseas voters, and accessibility concerns have forced the U.S. States to increasingly turn to untested forms of Internet voting to facilitate remote participation. Despite these systems’ newfound importance to the democratic process, there has been little public documentation on their security and privacy properties, a problem worsened by voting system vendors’ record of hostility toward independent security research.

In this talk, Specter will present his research evaluating the security of the dominant Internet voting systems currently used in U.S. federal elections. We will present an introduction to cryptography in remote voting, and show how all U.S.-deployed systems suffer from flaws that could easily undermine an election by exposing any voter’s private ballot, changing their vote, or otherwise control the outcome. As a direct result of this work, many states have altered or canceled plans to use these systems. The talk will conclude with a discussion of emerging challenges at the intersection of applied cryptography, systems security, and public policy.

Bio: Michael A. Specter is a Ph.D. candidate in Electrical Engineering and Computer Science at MIT, advised by Gerry Sussman and Danny Weitzner. He is a member of the Internet Policy Research Initiative, the Caltech/MIT Voting Technology Project, and a research affiliate with Google’s Android Security and Privacy Team. Specter’s doctoral research centers on how to leverage insights from economics, public policy, and law to guide applied cryptography and systems security research. His work has included the discovery of vulnerabilities in ​election​ ​systems​, the development of new cryptographic protocols for ​deniable​ messaging, the analysis of law enforcement’s proposals to regulate encryption​, and improvements to Google’s Linux kernel fuzzer ​Syzkaller​. Specter is a recipient of the ​EFF Pioneer Award​ and the M3AAWG JD Falk Award, and his work has been featured in ​The New York Times​, ​The New Yorker​, ​CNN​, ​Vice​, ​Bloomberg​, ​Fortune​, and ​The Economist​. Most recently, he was a contributor to the EFF-led ​Amicus Brief to the Supreme Court on the need to reform the Computer Fraud and Abuse Act​. He has held research internships at both Google and Apple and holds both a master’s in EECS and in Technology Policy from MIT. Prior to embarking on his Ph.D., Specter was a research scientist in MIT’s Lincoln Laboratory, a research facility affiliated with the U.S. Air Force, where he focused on operating systems security, vulnerability discovery, and reverse engineering in the interest of national security.

February 16, 2021, 11 am EDT | Virtual Talk LINK

Aayush Jain
University of California, Los Angeles

Presented by the School of Cybersecurity and Privacy and the School of Computer Science

Abstract: In this talk, we will cover some exciting progress on the problem of Indistinguishability Obfuscation (proposed by Barak et. al. 2001). In a nutshell, an Indistinguishability Obfuscation scheme is an efficient compiler that takes as input a program and outputs a new program with the same input-behavior and only a polynomial slowdown, but in addition, we have the guarantee that the new program reveals minimal information about the original program. 

If realized securely and efficiently, such an obfuscation scheme would have huge consequences to both theory and practice. However, until now we did not know if it exists under any reasonably well-believed conjecture. Our work places iO onto “terra-firma”, by giving a construction that is as secure as several well-studied mathematical problems that are widely believed to be extremely hard to solve. 

In this talk, we will hear about indistinguishability obfuscation, why it is useful, how it can be constructed, and future work.

Bio: Aayush Jain is a final year PhD student, advised by Amit Sahai at UCLA. He is interested in research questions in cryptography and their wonderful connections with related areas in computer science. 

His most notable contribution is the first construction of Program Obfuscation whose security rests upon four well-studied hard problems.  This problem was widely considered to be one of the most consequential open problems in cryptography. His work on this problem has been the subject of an invited tutorial at FOCS 2020, an article in Quanta magazine, and a Simons Institute Workshop. His research is recognized by a Google PhD Fellowship (2018-present), a Dean’s Fellowship (2016), and the 2020 Symantec Outstanding Graduate Research Award at UCLA.