Mr. Shuva Brata Deb, EMC
Title: Challenges of developing a good security solution
Abstract: What constitutes a good security solution in today’s scenario? Why is it so difficult to get it right? The security landscape is constantly changing, hackers are increasingly becoming smarter. New security solutions are getting obsolete faster. A good security solution starts from understating the problem, choosing the right technology, making is easy to use, yet sophisticated enough to thwart the evolving threats. The talk will cover various threat vectors that hackers exploit and how they must be considered while designing the solution. I will talk about identifying the scope, factors impacting an enterprise level security design, to deployment and remediation. I will touch on the domains and concepts that need deep understating. The talk will walk over an example of an advanced malware and elaborate how complicated it can be to detect its presence. The talk will emphasize on why it’s very important for embrace an effective SDL (Security Development Lifecycle) and what constitutes a good SDL. What’s can be the role of academia, researchers and industry to make SDL as a way of life.
Bio: Shuva Brata Deb, Consultant Software Engineer at RSA, The Security Division of EMC. Shuva works as a Software Development Architect at RSA. With B.Tech, ECE from NIT, Warangal, he has 15 years of research and development experience in the field of software security.
Prof. Debin Gao, Singapore Management University
Title: Personal keystroke dynamics leakage in on-the-fly web applications
Abstract: The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this talk, we present analysis results on the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. Using the model recovered, we consider an attacker who attempts to infer the typing pattern of a victim. From our experiments involving 11 participants, we found that for each keypair with at least 20 samples, the mean of the inter-keystroke timing can be determined with an error of less than 20%.
Bio: Dr. Debin Gao is an Assistant Professor from School of Information Systems, Singapore Management University. Having obtained his PhD degree in Computer Engineering from Carnegie Mellon University, Debin is an active researcher in software and systems security for more than 10 years. He publishes in top security conferences including USENIX Security, CCS, and received the distinguished paper award in NDSS 2013. Debin also serves on program committees of many top security conferences including IEEE Symposium of Security and Privacy, International Symposium on Research in Attacks, Intrusions, and Defenses.
Dr. Saikat Guha, Microsoft Research India
Title: Towards Catching Click-Spam on Facebook Ads
Abstract: Users are increasingly influenced by liked posts and ads on Facebook. This has led to a market for black-hat promotion techniques via fake (e.g., Sybil) and compromised accounts, and collusion networks. We present a study of click-spam on Facebook, investigate sources of click-spam traffic, and design techniques to identify such clicks with high confidence. Our technique works with no apriori labeling while maintaining low false-positive rates. Using ground-truth data from Facebook ads, we find our technique identifies click-spam better than existing approaches.
Bio: Saikat Guha is a researcher at Microsoft Research India. He is broadly interested in systems approaches to improving privacy and security in online advertising. His recent projects are focused on online social networks, and mobile ecosystems. Saikat received his PhD from Cornell University in 2009. He authored the RFC that now serves as the best-practice for building TCP support in NATs and firewalls. He received his BS in computer science from Cornell University in 2003. In 2012, he was named one of MIT Technology Review's TR-35 (35 young innovators under 35).
Prof. Anupam Joshi, UMBC
Title: Context Aware, Policy based approaches to (Network) Security
Abstract: Traditional approaches to securing systems tend to be fixed and mostly non adaptive. The Policy that defines the security posture is in some sense "hardcoded". In this talk, we focus on approaches to securing systems using approaches that have declarative policies that factor in dynamically evolving context. The approach is grounded in W3C standard representation formats for knowledge and formal logic. We show instances of this approach in two different network settings -- mobile devices and intrusion detection. Specifically, we focus on how such an approach can be used to defend against advanced (persistent) threats.
Bio: Anupam Joshi is the Oros Family Chair Professor of Computer Science and Electrical Engineering at the University of Maryland, Baltimore County(UMBC). He is the Director of the UMBC Center for Cybersecurity, and the Co-Technical Director of the newly announced FFRDC to support the NIST National Cybersecurity Center of Excellence. In AY 2014-2015, he is a Visiting Professor at Center of Excellence in Cyber Systems and Information Assurance, IIT Delhi and Center for Education and Research in Cybersecurity, IIIT Delhi. He obtained a B.Tech degree from IIT Delhi in 1989, and a Masters and Ph.D. from Purdue University in 1991 and 1993 respectively. His research interests are in the broad area of networked computing and intelligent systems. His primary focus has been on data management and security/privacy in mobile/pervasive computing environments, and policy driven approaches to security and privacy. He is also interested in Semantic Web and Data/Text/Web Analytics, especially their applications to (cyber) security. He has published over 200 technical papers with an h-index of 67 , filed and been granted several patents, and has obtained research support from National Science Foundation (NSF), NASA, Defense Advanced Research Projects Agency (DARPA), US Dept of Defense (DoD), NIST, IBM, Microsoft, Qualcom, Northrop Grumman, and Lockheed Martin amongst others.
Prof. Ravi Sandhu, University of Texas at San Antonio
Title: Attribute-Based Access Control Models and Beyond
Abstract: This talk will provide a perspective on attribute-based access control (ABAC). The ongoing authorization leap from rights to attributes offers numerous compelling benefits. Decisions about user, subject, object and context attributes can be made relatively independently and with suitable decentralization appropriate for each attribute. Policies can be formulated by security architects to translate from attributes to rights. Dynamic elements can be built into these policies so the outcomes of access control decisions automatically adapt to changing local and global circumstances. On the benefits side this leap is a maturation of authorization matching the needs of emerging cyber technologies and systems. On the risks side devolving attribute management may lead to attributes of questionable provenance and value, with attendant possibility of new channels for social engineering and malware attacks. We argue that the potential benefits will lead to pervasive deployment of attribute-based access control, and more generally attribute-based security. The cyber security research community has a responsibility to develop models, theories and systems which enable safe and chaos-free deployment of ABAC. This is a current grand challenge.
Bio: Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy. He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 30 security technology patents and has accumulated over 27,000 Google Scholar citations for his papers. At the Institute for Cyber Security he leads multiple teams conducting research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance and botnet analysis and detection, in collaboration with researchers all across the world
Prof. N. Balakrishnan
Title: Cyber Security - The Indian Approach
Abstract:This talk focuses on a brief discussion on the key initiatives in the area of cyber seurity in India. India started its cyber security initiatives with the IT Act 2000 with subsequent amendments to include data protection and cyber crime. India was also one of the first developing nations to create security incident analysis and early warning system through CERT-In. India has successfully launched security training and capacity building across a wide spectrum of stake holders. In order to create the awareness about security and privacy, a joint initiative between the Government and the industry was started through the Data Security Council of India. DSCI has also created a Development Security Framework (DSF) and engaged in public advocacy and in establishing Cyber Crime Investigation centres across the country. The Indian Government articulated its national security policy in 2013, the guidelines for protection of National Critical Information Infrastructure (NCIIPC) and the Telecom Security Policy. India has plans to create a National Cyber Coordination Centre for increasing the situational awareness in the cyber space.The Indian research and development initiatives through the academic institutions and research laboratories under DRDO and CDAC have resulted in several useful products for deployment within the Government sector and for use by public. A wide spectrum of research initiatives that would help investigations on cyber crime, forensics, video analytics, security incidence analysis, malware detection, and social media have been supported through Government funding. The talk would cover the current status of the initiatives and the role of stake holders.
Bio: Prof. N. Balakrishnan received his B.E. (Hons.) in Electronics and Communication from the University of Madras in 1972 and Ph.D. from the Indian Institute of Science in 1979. He then joined the Department of Aerospace Engineering as an Assistant Professor. He is currently a Professor at the Department of Aerospace Engineering and at the Supercomputer Education and Research Centre. He has held the positions of Associate Director of the Indian Institute of Science during September 2005 to March 2014; Chairman, Division of Information Sciences during 1999-2005; Chairman, Supercomputer Education and Research Centre during 1994-2001. His areas of research where he has several publications in the international journals and international conferences include Numerical Electromagnetics, High Performance Computing and Networks, Polarimetric Radars, Aerospace Electronic Systems, Information Security, Complex Social Networks and Digital Library. He has received many awards including the Padmashree by the President of India, 2002, Prof S N Mitra Memorial Award, 2013 of the Indian National Academy of Engineering, IETE Diamond Jubilee Medal 2013, Homi J. Bhabha Award for Applied Sciences, 2004, JC Bose National Fellowship in 2007, the Alumni Award for Excellence in Research for Science & Engineering by IISc, 2001, Millennium Medal of the Indian National Science Congress in 2000, PhD (Honoris Causa) from Punjab Technical University in 2003, the CDAC-ACS Foundation Lecture Award in 2008 and the Academy Excellence Award, Defence Research and Development Organization in 2009. He was the NRC Senior Resident Research Associate at the National Severe Storms Laboratory, Norman, Oklahoma, U.S.A. from 1987-1989. He was a visiting research scientist at the University of Oklahoma in 1990, Colorado State University in 1991 and is a Visiting Professor at Carnegie Mellon University from 2000 till 2006. He is an Honorary Professor in Jawaharlal Nehru Centre for Advanced Scientific Research (JNCASR). He is a Fellow of The World Academy of Sciences (TWAS), Indian National Science Academy, Indian Academy of Sciences, Indian National Academy of Engineering, National Academy of Sciences and Institution of Electronics & Telecommunication Engineers. He is one of the Directors of Industrial Finance Corporation of India, Data Security Council of India (Currently its Chairman), Bharat Sanchar Nigam Limited (BSNL) and a member of the Council of CDAC, a member of the Council of the Indian Statistical Institute Kolkata, Member of the Joint Advisory Board of Carnegie Mellon University at Qatar, and Member of the Board of Governors of IIT Kharagpur. He was in the past, a member of the National Security Advisory Board and the Board of Governors of IIT Delhi and of IIT Madras, and Director of the Central Bank of India and CDOT-Alcatel Research Centre at Chennai. He was also one of the Directors of the Bharat Electronics Limited (BEL), and a Part-Time Member of the Telecom Regulatory Authority of India.
Dr. Sachin Lodha
Title: Future Tense of Data Privacy
Abstract: IoT is poised to be the major source of big data. As billions of IoT entities collect, aggregate and process data fragments pertinent to their service, privacy risks are expected to skyrocket to an unprecedented level. No wonder ensuring respect for individual privacy has become a paramount concern for the IoT systems. However there are several challenges that we need to address. For example, data evolves and passes through multiple administrative domains involving multiple stakeholders, thus making the control of data flow and usage nearly impossible. Given that juxtaposition of multiple, and seemingly unrelated, points of data can become personal information as events are reviewed in the spatiotemporal context, the definition of what is to be considered as Personally Identifiable Information (PII), the cornerstone of almost all privacy regulations worldwide, itself starts getting trickier. Therefore privacy schemes need to take a holistic approach involving not only advanced cryptography, protocols but also the behavior and contexts of the entities involved. In this session, we will discuss the challenges and technological progress on these fronts.
Bio: Sachin Lodha is part of TCS's Corporate Technology Office and heads the Applied Algorithms Group. Currently this group is actively working on problems pertaining to data center optimization, smart workforce allocation, and enterprise crowd sourcing. Further data privacy is one of their major initiatives. Efforts on this front have yielded several award winning Privacy Enhancing Technologies (PETs) that are now part of TCS MasterCraft product suites. Sachin Lodha graduated with a B.Tech. in Computer Science and Engineering from the Indian Institute of Technology, Mumbai, in 1996 and received his Ph.D. in Computer Science from Rutgers University, New Brunswick, New Jersey, USA, in 2002. Since then he is with TCS Innovation Labs - TRDDC in Pune. He has contributed to several research articles; some of them have appeared in international conferences and journals. Sachin was also TCS's principal investigator for the TCS-Stanford collaboration on data privacy.