Palestras

Segunda-feira, 16 de setembro de 2024

Título: On the Security and Privacy of Wireless Systems: Threats and Defenses
foto_Guevara_Noubir

Guevara Noubir

Northeastern University

Resumo: Wireless communication systems have become ubiquitous and are now critical across a wide range of applications. This pervasive presence brings to the forefront significant challenges, not only concerning security and privacy but also in the realm of technology coexistence and spectrum sharing. In this talk, I will present vulnerabilities that we identified in the design and implementation of various wireless systems, including 3GPP 5G, Bluetooth, and avionics systems like ILS and ACARS.

We note that existing wireless security measures typically focus on end-to-end data confidentiality and integrity. However, numerous design flaws remain that expose these systems to privacy breaches and denial-of-service attacks. Such vulnerabilities can allow adversaries to track users, analyze traffic patterns, drain device batteries, and disrupt communication with minimal effort. The increasing availability of software-defined radios and open-source tools has made these attacks accessible even to non-expert adversaries.

Moreover, I will discuss advanced defense mechanisms, particularly how machine learning can be leveraged to enhance spectrum sharing and develop robust anti-jamming techniques. These innovations are crucial as we strive to secure wireless systems against both current and emerging threats.

Mini bio: Guevara Noubir is a Professor at Northeastern University (Boston, MA) within the Khoury College of Computer Sciences and currently serving as the Executive Director of Cybersecurity Programs, and the PI of Northeastern University’s NSA/DHS designated Center of Academic Excellence in Cybersecurity. He received the US National Science Foundation CAREER Award in 2005, Google Faculty Research Award on Privacy in 2016, Northeastern University Excellence in Research and Creative Activity Award 2018, best paper awards at ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2011 and 2018, and the IEEE Conference on Communications and Network Security best paper in 2016. Dr. Noubir led Northeastern University winning teams in the DARPA Spectrum Collaboration Challenge (SC2) in 2017, 2018, and finalist in 2019. He also led Northeastern’s winning team in the DARPA Spectrum Challenge collaborative scenario in 2013. Dr. Noubir chaired the technical program committee of several security conferences including the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), and IEEE Conference on Communications and Network Security. He serve(d) on the editorial boards of ACM Transaction on Privacy and Security, IEEE Transactions on Mobile Computing, Elsevier Journal on Computer Networks, and IEEE Transaction on Information Forensics and Security. His research has been funded by BAE Systems, DARPA, Draper Labs, Microsoft Research, ONR, NSA, NSF, and Raytheon. Dr. Noubir holds a PhD in Computer Science from the Swiss Federal Institute of Technology in Lausanne (EPFL) and MS in CS (diplôme d’ingénieur) from Ecole Nationale Supérieure d’Informatique et de Mathématiques Appliquées de Grenoble (ENSIMAG), France. He held research and visiting positions at CSEM SA, EPFL, Eurecom, MIT, and UNL.

Terça-feira, 17 de setembro de 2024

Título: Enabling Data-driven Innovation with Synthetic Data
foto_Vyas_Sekar

Vyas Sekar

Carnegie Mellon University

Resumo: Today in computer systems and security research, lack of access to realistic and diverse data from multiple deployments hampers innovation; e.g., products trained on data not representative of environment, there is no way to quantitatively assess products; machine learning workflows experiences data drift, and product audit/feedback is not quantitative. The result today is poor products, lack of transparency, lots of effort in debugging/reproduction/resolution, and impossibility to share insights across collaborators. 

In this talk, we will discuss our research outcomes on demonstrating the feasibility of using generative or synthetic data using Deep Generative Models   (DGMs) to address these pain points for various tasks (e.g., telemetry, anomaly detection, model training). We have identified and addressed key fidelity, scalability, and privacy challenges and tradeoffs in existing approaches. By synthesizing domain-specific insights with recent advances in machine learning and privacy, we identify design choices to tackle these challenges. In this talk, we will present some of the key results from our work in applying these techniques to systems and security-relevant datasets and use cases.

Mini Bio: Vyas Sekar is the Tan Family Professor of Electrical and Computer Engineering in the ECE Department at CMU. He is also co-founder and Chief Technologist at Rockfish Data, and the Chief Scientist at Conviva.
His research is broadly at the intersection of networks, systems, and security. His work has been recognized with the SIGCOMM Rising Star Award, NSA Science of Security prize, the Intel Outstanding Researcher Award, the SIGCOMM Test of Time Award, and multiple best paper awards.

Quarta-feira, 18 de setembro de 2024

Título: Digital Twin Technology for Cybersecurity: Disruptor, Catalyst, or a Threat?
foto_Rasheed_Hussain_v3

Rasheed Hussain

University of Bristol

Resumo: In the face of increasingly sophisticated cybersecurity threats, traditional countermeasures are no longer sufficient to ensure the security and resilience of digital infrastructure. Emerging threats are rendering existing proactive and reactive security measures insufficient and ineffective. To this end, Digital Twin technology offers a transformative solution for digital infrastructure, providing new opportunities to enhance both security and resilience. By creating digital replicas of physical systems with a required level of fidelity, digital twins enable real-time or even anticipatory threat detection, offering unparalleled visibility into system vulnerabilities and allowing for rapid response. Beyond merely reacting to cyber incidents, digital twins empower organisations to anticipate potential cyberattacks and simulate defense strategies in a risk-free virtual environment. However, a critical question remains: Is the digital twin itself secure enough to serve as a reliable cybersecurity enabler? 

In this talk, I will explore two key areas: how digital twin technology can be leveraged as a cybersecurity enabler and why securing the digital twin is essential for its effectiveness. I will also discuss how Digital Twins can act as cybersecurity co-pilot, driving innovation and becoming an indispensable tool in the ongoing battle against cyber threats. Additionally, I will share insights from our work at the Smart Internet Lab and Bristol Digital Futures Institute (BDFI) at the University of Bristol, UK, where we are utilizing cutting-edge facilities like the Reality Emulator to harness the benefits of Digital Twin technology in telecom networks. Finally, I will address the current challenges and outline the way forward for Digital Twin technology as a cybersecurity enabler. 

Mini-bio: I am Rasheed Hussain, Ph.D. (KGSP Scholar), currently working as a Senior Lecturer at the Smart Internet Lab, and Bristol Digital Futures Institute (BDFI), University of Bristol, United Kingdom. I am also with the ESRC Center for Sociodigital Futures (CenSoF)and working on a Technical Affordance Project (TAP) [High-Performance Networks]. 

Before, I worked as an Associate Professor at the Networks and Blockchain Lab, Innopolis University, Innopolis, Russia. I have also worked with the same department as Assistant Professor and also been with System and Network Engineering (SNE), Universiteit van Amsterdam (UvA), Science Park, Amsterdam, Netherlands, and Hanyang University, South Korea.

Quinta-feira, 19 de setembro de 2024

Título: O mundo roda em software vulnerável. Como melhorar o cenário?
foto_Cristine_Hoepers

Cristine Hoepers

CERT.br

Resumo: O cenário atual, de crescente número de vulnerabilidades somado à dificuldade das organizações em aplicar correções em 100% do parque, torna urgente pensarmos em mecanismos não somente para identificar novas vulnerabilidades, mas também priorizar quais correções devem ser aplicadas de forma emergencial e quais podem aguardar. Adicionalmente, é necessário atuar de forma coordenada para que seja possível proteger as redes sem dar vantagens aos atacantes.  Esta apresentação vai discutir requerimentos regulatórios que tem surgido nesta área (CVD, VDP, SBOM, SCA), diversos frameworks e métricas de priorização existentes (CVSS, EPSS, SSVC) e a importância dos aspectos éticos e legais que precisam ser considerados ao criar ou participar em programas de Bug Bounty e CVD.

Mini Bio: Cristine Hoepers, Gerente do CERT.br, é formada em Ciências da Computação pela UFSC e Doutora em Computação Aplicada pelo INPE. É também instrutora dos cursos do CERT/CC, da Universidade Carnegie Mellon, auditora do modelo SIM3 de maturidade para CSIRTs e membro do Conselho de Administração da OpenCSIRT Foundation, que mantém o SIM3. No passado participou da Diretoria do FIRST e da Coordenação do Fórum de Boas Práticas sobre CSIRTs do Internet Governance Forum (IGF), das Nações Unidas. Em 2024 foi nomeada para o Hall da Fama de Resposta a Incidentes, do FIRST e em 2020 recebeu do M3AAWG o prêmio Mary Litynski, por seu trabalho para aumentar a resiliência da Internet.