Events


Past events with a recording are labeled with ► VIDEO


UPCOMING EVENTS

“War by Other Means”

Time: 12:00 pm – 1:00 pm

Harri Hursti
Co-founder Nordic Innovation Labs  

Cybersecurity Lecture Series
Presented by the School of Cybersecurity and Privacy,
and Institute for Information Security and Privacy 

Abstract:

Critical infrastructure, elections, and businesses are facing new trends of attacks. This talk discusses targets and TTP (Tactics, Techniques, and Procedures) of 2020 and explores what to expect for 2021.

Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence

Time: 12:00 pm – 1:00 pm

Xiaojing Liao
Indiana University Bloomington

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

Abstract:Program security analysis has been studied for decades. Various techniques, such as fuzzing, taint analysis, symbolic execution, have demonstrated their successes in vulnerability assessment. Today, the
availability of a large amount of program semantic data…

Event: 21st-Century Cybersecurity: The Critical Role of Critical Languages in Advancing Multilingual and Cross-cultural National Security Approaches, Competencies, and Perspectives

Time: 9:30 am – 11:00 am

Synopsis:

Featuring Dr. Mike Nugent, Director of the Defense Language and National Security Education Office (DLNSEO), this panel examines opportunities for innovation and impact in the national security environment leveraging cross-cultural expertise and languages critical to national defense* to foster education and research about cyber security and privacy…

Age of Deception: Intelligence and Cybersecurity in International Relations

Time: 12:00 pm – 1:00 pm

Jon R. Lindsay,
University of Toronto

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

Abstract: This talk will provide an overview of a book project in progress entitled, Age of Deception. The book attempts to synthesize a decade of cyber research by arguing that cyber conflict is helpfully understood as intelligence by other means. I will unpack this claim by…


PAST EVENTS

“Recent Insights from Analysis Users’ Web Browsing Behavior “

Friday, February 26th, 2021 | 12:00pm – 1:00pm | LINK Yuliia Lut Ph.D. Candidate, Columbia University  Cybersecurity Lecture SeriesPresented by the School of Cybersecurity and Privacy,and the School of Electrical and Computer Engineering Abstract: Accurately analyzing and modeling online browsing behavior plays a key role in understanding users and technology interactions. Specifically, understanding whether users have correct perceptions of their browsing behavior will help to identify key features for models of user behavior, which will, in turn, enable realistic-looking synthetic data generation. In this work, we designed and conducted a user experiment to collect browsing behavior data from 32 participants continuously for 14 days. The collected dataset includes URLs of visited websites, actions taken on each website (such as clicking links or typing in a textbox), and timestamps of all activities. Finally, we use this new dataset to empirically address the following questions: (1) Do people have correct perceptions of their level of…

Continue Reading “Recent Insights from Analysis Users’ Web Browsing Behavior “

► VIDEO |Detecting and Investigating System Intrusions with Provenance Analytics

► VIDEO| February 25, 2021 | 11AM EDT Wajih Hassan,University of Illinois Abstract: Data provenance describes the detailed history of system execution, allowing us to understand how system objects came to exist in their present state and providing means to identify the root cause of system intrusions. My research leverages provenance analytics to empower system defenders to quickly and effectively detect and investigate malicious behaviors. In this talk, I will first present a provenance-based solution for combating the “Threat Alert Fatigue” problem that currently plagues enterprise security. Next, I will describe an approach for performing accurate and high-fidelity attack forensics using a novel adaptation of program analysis techniques. I will conclude by discussing the promise of provenance analytics to address open security and auditing problems in complex computing systems and emerging technologies. Stories of devastating data breaches continue to dominate headlines around the world. Equifax, Target, and Office of Personnel…

Continue Reading ► VIDEO |Detecting and Investigating System Intrusions with Provenance Analytics

► VIDEO | The First Cyber Campaign: Bletchley Park and the ‘Extraordinary’ Conditions for Intelligence Success

► VIDEO | February 24, 2021 12 p.m. EDT Jon Lindsay, University of Toronto Cosponsored by the School of History and Sociology and the School of Cybersecurity and Privacy Abstract: There is a huge literature about Bletchley Park, one of the most stunning success stories in intelligence history. Yet questions remain about how to explain the extent and persistence of British signals intelligence success. This case takes on renewed importance in an era of endemic cyber conflict. Indeed, the cryptologic contest of World War II, a duel between encryption and decryption machines, might be described as the first cyber conflict. This essay develops a practice-based account of the exploitation and protection of the human and machine performances that facilitate organizational control. I infer three necessary but hard to meet conditions for intelligence success and show how Bletchley park met all three of them. First, shared sociotechnical protocols for communication and…

Continue Reading ► VIDEO | The First Cyber Campaign: Bletchley Park and the ‘Extraordinary’ Conditions for Intelligence Success

Security and Privacy of Internet Voting in U.S. Elections

Feb. 19, 2021 | 12 pm EDT | LINK | Michael A. Specter, Massachusetts Institute of Technology Cybersecurity Lecture SeriesPresented by the Institute for Information Security and Privacy and the School of Cybersecurity and Privacy Abstract: Election security is ​hard​–elections themselves are complex socio-technical systems that encompass cryptography, systems security, and public policy. Providing a transparent, safe, and private voting system remains a complicated problem, motivating a number of research papers in both cryptography and systems security. Unfortunately, COVID-19, overseas voters, and accessibility concerns have forced the U.S. States to increasingly turn to untested forms of Internet voting to facilitate remote participation. Despite these systems’ newfound importance to the democratic process, there has been little public documentation on their security and privacy properties, a problem worsened by voting system vendors’ record of hostility toward independent security research. In this talk, Specter will present his research evaluating the security of the dominant…

Continue Reading Security and Privacy of Internet Voting in U.S. Elections

Provably Secure Indistinguishability Obfuscation

February 16, 2021, 11 am EDT | Virtual Talk LINK Aayush Jain University of California, Los Angeles Presented by the School of Cybersecurity and Privacy and the School of Computer Science Abstract: In this talk, we will cover some exciting progress on the problem of Indistinguishability Obfuscation (proposed by Barak et. al. 2001). In a nutshell, an Indistinguishability Obfuscation scheme is an efficient compiler that takes as input a program and outputs a new program with the same input-behavior and only a polynomial slowdown, but in addition, we have the guarantee that the new program reveals minimal information about the original program.  If realized securely and efficiently, such an obfuscation scheme would have huge consequences to both theory and practice. However, until now we did not know if it exists under any reasonably well-believed conjecture. Our work places iO onto “terra-firma”, by giving a construction that is as secure as several…

Continue Reading Provably Secure Indistinguishability Obfuscation

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

February 12, 2021, 12 pm EDT | Virtual Talk LINK Beliz KaleliPh.D. Researcher, Boston University Abstract   To make their services more user friendly, online social media platforms automatically identify text that corresponds to URLs and render it as clickable links. In this paper, we show that the techniques used by such services to recognize URLs are often too permissive and can result in unintended URLs being displayed in social network messages. Among others, we show that popular platforms (such as Twitter) will render text as a clickable URL if a user forgets a space after a full stop at the end of a sentence, and the first word of the next sentence happens to be a valid Top Level Domain. Attackers can take advantage of these unintended URLs by registering the corresponding domains and exposing millions of Twitter users to arbitrary malicious content. To characterize the threat that unintended…

Continue Reading To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

► VIDEO | Foundations of Blockchain Systems

► VIDEO | February 11, 2021, 12 pm EDT | Julian LossUniversity of Maryland Abstract: One of the most successful applications of modern cryptography has been its use in electronic and digital payment systems. In traditional systems, a trusted authority handles all payments (e.g., a bank or a credit card company). More recently, blockchain systems have emerged as a trust-free and increasingly popular alternative. In a blockchain system, users jointly emulate the trusted authority by running a distributed protocol to agree on the transaction history of users (i.e., the blockchain). Making blockchain systems a secure and scalable environment poses many new and fascinating challenges that require solutions from both cryptography and distributed computing. In my talk, I will explain the different areas of my research and their importance as components that make up a blockchain system. For each of these areas, I will also list some of the open questions that…

Continue Reading ► VIDEO | Foundations of Blockchain Systems

Zero-Knowledge for Everything and Everyone

February 5, 2021, 12 pm EDT | Virtual Talk LINK Presented by, David HeathPh.D. Researcher, Georgia Tech Abstract   Zero-Knowledge (ZK) Proofs are important cryptographic objects that allow an untrusted prover to demonstrate to an untrusted verifier the truth of some statement while revealing nothing additional. ZK can potentially be used for complex applications, such as allowing a company to securely conduct an external audit of its records or allowing a code bounty hunter to prove the existence of a software bug without directly showing the vulnerability. Unfortunately, complex ZK applications are difficult to build in practice; existing ZK protocols require statements to be encoded as circuits, and it is difficult to express complex statements as simple circuits. To bring complex ZK applications to practice, developers need a more expressive design language.  Rather than providing a new design language, we provide an infrastructure that allows existing languages to run in ZK.…

Continue Reading Zero-Knowledge for Everything and Everyone

Discovering Ad-driven Social Engineering Campaigns at Scale

January 29, 2021, 12 pm EDT | Virtual Talk LINK Presented by Phani VadrevuAssistant Professor, University of New Orleans Abstract   Malicious ads often use social engineering (SE) tactics to coax users into downloading unwanted software, purchasing fake products or services, or giving up valuable personal information. These ads are often served by low-tier ad networks that may not have the technical means (or simply the will) to patrol the ad content they serve to curtail abuse. This lecture will describe a system for large-scale automatic discovery and tracking of SE Attack Campaigns delivered via Malicious Advertisements (SEACMA). The system aims to be generic, allowing us to study the SEACMA ad distribution problem without being biased towards specific categories of ad-publishing websites or SE attacks. Professor Vadrevu will share thoughts on methods to find potential research ideas to focus on in the area of social engineering and web security drawing from…

Continue Reading Discovering Ad-driven Social Engineering Campaigns at Scale

Grid Cybersecurity Strategy in an Attacker-Defender Model

January 22, 2021, 12 pm EDT | Virtual Talk LINK Presented by, Yu-Cheng ChenPh.D. student at Georgia Institute of Technology in the School of Electrical and Computer Engineering Abstract   With enough computing power and time, an attacker can figure out a password or secret key. This talk addresses modeling the behavior of the attacker and the defender in order to analyze the evolution of cyber-attacks. Chen will introduce an approach that can help cyber-security managers optimize their defense strategies. The analysis provides mathematical proofs and insight into when access controls (such as passwords, internet protocol addresses, and session keys) should be reset to minimize the probability of a successful attack.  Speaker Bio Yu-Cheng Chen is a 5th year Ph.D. student at Georgia Institute of Technology in the School of Electrical and Computer Engineering. He graduated from the University of Washington with a double Bachelor’s Degree in Electrical Engineering and Computer…

Continue Reading Grid Cybersecurity Strategy in an Attacker-Defender Model

Securing Democracy in the Fourth Industrial Revolution

January 15, 2021, 12 pm EDT | Virtual Talk LINK Presented by, L. Jason AnastasopoulosAssistant Professor in Public Administration and Policy and Political Science at the University of Georgia AbstractIn this talk I will be discussing some of my research which focuses on designing systems needed to secure democracy and democratic political institutions, such as elections, in the interconnected digital world of the “fourth industrial revolution.”  Speaker BioJason is an upcoming fellow at the Safra Center for Ethics at Harvard University and an Assistant Professor at the School of Public and International Affairs, the Department of Statistics (by courtesy) and the Institute for Artificial Intelligence at the University of Georgia. was also recently selected to serve as the Microsoft Visiting Professor of Information Technology Policy at Princeton University. His research uses behavioral and institutional approaches to understand the threats that emerging technologies pose to democratic institutions, international security and international…

Continue Reading Securing Democracy in the Fourth Industrial Revolution

► VIDEO | 2020 PIT / UN CONVENING | ELECTION SECURITY

► VIDEO | Dec. 2, 2020 | The election may be over, but its shadow still remains. For the last year election security has been a leading concern for governments and constituents. PIT practitioners have been right in the thick of it, working to stanch disinformation, protect voting infrastructure, and make the path to the polls easier. https://www.youtube.com/watch?v=V3pcFrQSa-Y&t=169s Our speakers will discuss the role of PIT in election security – what we’ve learned during this election cycle, and how we can use the information in the future. Moderator: Maurice Turner, Election Security Expert Speakers: Bruce Schneier, Fellow & Adjunct Lecturer in Public Policy, Harvard’s Kennedy School of Government Richard DeMillo, Chair, School of Cybersecurity and Privacy, Charlotte B. and Roger C. Warren Professor of Computing, Georgia Tech; Jake Braun, Executive Director Cyber Policy Initiative, Harris School of Public Policy, University of Chicago; Robin Carnahan, Fellow, Beeck Center for Social Impact…

Continue Reading ► VIDEO | 2020 PIT / UN CONVENING | ELECTION SECURITY

► VIDEO | GT Computing Fireside Chat: Rich DeMillo hosts Kabir Barday

► VIDEO | Nov. 19, 2020 | As part of a new entrepreneurship initiative, the College of Computing is hosting a monthly virtual speaker series with various alumni and faculty around different topics. Rich DeMillo, chair of the School of Cybersecurity and Privacy, will host a fireside chat on entrepreneurship and cybersecurity with Kabir Barday, CS 09, founder and CEO of OneTrust on Nov. 19, 7 p.m. EDT. The talks are open for GT Computing students and alumni to participate, and start with a fireside chat followed by audience Q&A.

Continue Reading ► VIDEO | GT Computing Fireside Chat: Rich DeMillo hosts Kabir Barday