Prof. Daphne Yao
Department of Computer Science
Virginia Tech, USA
Title: Deployable Security Beyond Detection Accuracy: Gaps, Successes, and Opportunities
Bio:
Dr. Danfeng (Daphne) Yao is a Professor of Computer Science at Virginia Tech. She is a Turner Faculty Fellow and CACI Faculty Fellow. Her research interests include building cyber defenses, as well as machine learning for digital health, with a shared focus on accuracy and deployment. Her tool CryptoGuard helps large software companies and Apache projects harden their cryptographic code. Her patents on anomaly detection are extremely influential in the industry, cited by patents from major cybersecurity firms and technology companies, including FireEye, Symantec, Qualcomm, Cisco, IBM, SAP, Boeing, and Palo Alto Networks. Dr. Yao is an IEEE Fellow for her contributions to enterprise data security and high-precision vulnerability screening. She received the prestigious ACM CODASPY Lasting Research Award. She is also an ACM Distinguished Scientist. Previously, she received the NSF CAREER Award and ARO Young Investigator Award. Dr. Yao is the ACM SIGSAC Vice Chair and has been a member of the ACM SIGSAC executive committee since 2017. Daphne received her Ph.D. from Brown University (Computer Science), Master’s from Princeton University (Chemistry) and Indiana University (Computer Science), B.S. from Peking University in China (Chemistry).
Abstract:
Security defenses addressing real-world needs and gaps are extremely valuable. However, such research is often deemed as not novel by academia. This talk aims to encourage our community to re-examine this long-held belief. I will first use the evolution of anomaly-based intrusion detection approaches over the last 35 years to illustrate the multi-faceted challenges associated with building deployable advanced defenses. I will discuss the real-time deployability of popular graph-based forensic approaches for advanced persistent threats (APT) and whether or not lightweight graph-free solutions could be achieved. I will also share my research journey designing and producing a high-precision tool CryptoGuard for scanning cryptographic vulnerabilities in large Java projects. That work led us to publish multiple benchmarks used for systematically assessing state-of-the-art academic and commercial solutions, as well as helping a large software company integrate our detection into their code screening routine. This talk will also discuss the impact of large language models (LLM) on software security and point out the urgent need for systematically characterizing LLM’s security capabilities, e.g., for security code and exploit generation. Broadening research styles by promoting deployment-inspired work will drive our field toward maturity.
Kenneth Rohde
Cyber Security Research and Development Department
Idaho National Laboratory, USA
Title: An Old Guys Perspective of Cyber – Journey through INL cyber research
Bio:
Kenneth Rohde is a member of the Cyber Security Research and Development Department at the Idaho National Laboratory (INL) in Idaho Falls, Idaho. Mr. Rohde has over 20 years of experience in cybersecurity associated with Industrial Control Systems (ICS) assessments and training. His most recent research work focuses on Electric Vehicles (EVs) and the associated grid infrastructure to support high-power and distributed EV charging systems. This work is sponsored by the Department of Energy (DOE) Vehicle Technologies Office (VTO) and the Office of Cybersecurity, Energy Security, and Emergency Response (CESER).
Abstract:
This keynote presentation will explore the evolution of cybersecurity at Idaho National Laboratory (INL), tracing its history and highlighting its adaptation to the ever-changing landscape of critical infrastructure protection. INL’s expertise has grown alongside the rise of emerging technologies, with a particular focus on the challenges and opportunities presented by electric vehicles (EVs) and their charging infrastructure. From safeguarding the power grid against sophisticated cyberattacks to ensuring the integrity of EV charging networks, INL researchers are at the forefront of securing this new era of transportation. We will discuss some of our recent breakthroughs and ongoing research efforts, providing a glimpse into the cutting-edge technologies shaping the future of cybersecurity. We’ll also touch on the potential risks and vulnerabilities that accompany these advancements, prompting thoughtful consideration of the evolving cybersecurity landscape.
Prof. Kevin Butler
Department of Electrical and Computer Engineering
University of Florida, USA
Title: Unsafe at any G? Implications of unintended functionality in telecommunications networks and devices for CPS environments
Bio:
I am Director of the Florida Institute for Cybersecurity Research and a University Term Professor. I also direct the Center for Privacy and Security for Marginalized and Vulnerable Populations (PRISM), a National Science Foundation Frontiers project. I am also a member of the Computing Research Association’s Community Computing Council. I joined the University of Florida in 2014 as part of the UF Rising to National Preeminence Hiring Program and was the Arnold and Lisa Goldberg Rising Star Associate Professor in Computer Science prior to promotion to Professor. My research focuses on the security of computing devices, systems, networks, and users of computing technology. Recent work in my group has included securing embedded systems and protocols, mobile device security and privacy, cellular device and network security, side channel analysis, establishing the trustworthiness of data and maintaining its provenance, protection of Internet traffic and examination of censorship, and attacks and defenses against the cloud infrastructure, and needs of marginalized and vulnerable users, particularly populations with impairments and survivors of abuse. Some of my other research areas of interest include securing Internet routing, malware propagation, applied cryptosystems, adversarial machine learning, cyber-physical systems, and trustworthy computing. I received a National Science Foundation CAREER award in 2013, and was named International Educator of the Year within the Herbert Wertheim College of Engineering in 2017 for my work on developing global standards for securing digital financial services in the developing world. From 2017-2022 I was co-chair of the International Telecommunications Union’s Security, Infrastructure, and Trust Working Group as part of the Financial Inclusion Global Initiative. I am a Senior Member of the IEEE and ACM. I was technical program co-chair of the 2022 USENIX Security Symposium and conference general chair for ACSAC 2020 and ACSAC 2021. I am also an affiliate faculty member of the Center for Children and Families within the University of Florida’s Levin College of Law.
Abstract:
Telecommunication networks have been the focus of some of the earliest hacking attempts. An enduring challenge over the past 50 years has been a lack of accessibility to these networks, which are important to assess given the reliance on them by many cyber-physical systems. In this talk, we’ll discuss some of our recent efforts to better understand the telephony side of mobile-capable devices and approaches to better understand cellular telephony infrastructure.