Cyber Security/IA Day

  • The Institute for Cyber Security at IUP, in collaboration with the IT Support Center, hosted the 11th annual Cyber Security Day on Tuesday, October 30, 2018, from 9:00 a.m. to 4:00 p.m. in the HUB Ohio Room.

    View the 2018 Cyber Security Day Brochure

    View the 2018 Cyber Security Day Photo Gallery

    View the 2018 Cyber Security Day Flier

    Schedule of the Event

    9:00–9:10: Opening Remarks

    Dr. Deanne Snavely, Dean, College of Natural Sciences and Mathematics

    9:10–9:20: Welcome Message

    Dr. Francisco E. Alarcón, Chair, Department of Mathematical and Computer Sciences

    9:20–9:30: Event history, ICS work and recent achievements, and logistics.

    Dr. Waleed Farag, Professor of Computer Science and Director, Institute for Cyber Security at IUP

    9:30–10:20: NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-side SGX

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh

    10:20–10:35: A.M. Break

    10:35–11:25The Challenges of Machine Learning in Adversarial Settings

    Dr. Patrick McDaniel, the William L. Weiss Professor of Information and Communications Technology in the School of Electrical Engineering and Computer Science at the Pennsylvania State University

    11:25–12:50: Lunch Break

    12:50–1:00: Provost’s Remarks

    Dr. Tim Moerland, IUP’s Provost and Vice President for Academic Affairs

    1:00–1:50: Cybersecurity: The Future Threat and YOUR Opportunity

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive, Former White House Official

    1:50–2:00: P.M. Break

    2:00–2:50: The Changing Landscape of Cybersecurity from COMSEC to INFOSEC to Cyber Security

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    2:50–3:00: P.M. Break

    3:00–3:50: Ransomware and Cybersecurity

    Mr. Charles Olden, Systems Engineer at CISCO

    3:50–4:00: Conclusions

    Dr. Waleed Farag, Director, Institute for Cyber Security at IUP

    Biographical Information

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of PittsburghAdam Lee

    Adam Lee is currently the associate dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh. He is also an associate professor in the Department of Computer Science at the University of Pittsburgh, where he previously held the position of assistant professor (2008–14). Prior to joining the University of Pittsburgh, he received the MS (2005) and PhD (2008) degrees in Computer Science from the University of Illinois at Urbana–Champaign, and received his BS in Computer Science from Cornell University (2003). His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. Lee’s research has been supported by the NSF and DARPA, and he is an NSF CAREER award recipient. For more information, please see Adam Lee.

    Dr. Patrick McDaniel, the William L. Weiss Professor of Information and Communications Technology and Director of the Institute for Networking and Security Research at Penn State UniversityPatrick McDaniel

    Patrick McDaniel is the William L. Weiss Professor of Information and Communications Technology and director of the Institute for Networking and Security Research in the School of Electrical Engineering and Computer Science at the Pennsylvania State University. Professor McDaniel is also a fellow of the IEEE and ACM and serves as the program manager and lead scientist for the Army Research Laboratory’s Cyber-Security Collaborative Research Alliance. McDaniel’s research centrally focuses on a wide range of topics in computer and network security and technical public policy. Prior to joining Penn State in 2004, he was a senior research staff member at AT&T Labs-Research.

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive, Former White House OfficialLisa Schlosser

    Lisa Schlosser is a technology and cybersecurity executive originally from Pittsburgh, Pennsylvania, who has served in the private sector; public sector; US military; and academia. She currently serves as an elected commissioner for the City of Rehoboth Beach, Delaware. Lisa is also on the Board of Directors for VetSports; the Board of Advisors for Cylance; a consultant with Harrisburg University; on the CSFi Advisory Board; and is an instructor at Georgetown University and University of Maryland–University College. She is also an animal welfare advocate and volunteers at local dog shelters. Schlosser most recently served full-time as the federal deputy chief information officer, Executive Office of the President. In this role, she helped to oversee policy and budgeting for the $86-billion information technology portfolio. She was also asked to serve a six-month temporary detail with the Office of Personnel Management as a senior advisor/chief information officer following a major cybersecurity breach.

    Schlosser also worked as a principal deputy associate administrator and office director for the Environmental Protection Agency. Prior to EPA, Schlosser was a chief information officer and the associate chief information officer/chief information security officer, at two federal government agencies. Before joining the Federal Government, Schlosser worked in the private sector as a senior manager for Ernst & Young LLP, helping to establish the international Cyber Security Practice; and as a vice president for Global Integrity. Schlosser served in the US Army and retired as a lieutenant colonel from the US Army Reserves. Schlosser holds a BA degree in political science from Indiana University of Pennsylvania and an MS degree in administration from Central Michigan University. For more information, please see Lisa Schlosser.

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    Glenn LillyGlenn Lilly received his BA in philosophy and mathematics from West Virginia University in 1985. He received his PhD in mathematics (special functions and combinatorics) from the University of Kentucky in 1991. He joined the National Security Agency in 1991, where he has held a variety of positions in design and evaluation. Currently, he is the technical director for the NSA’s Cryptographic Assurance Operations organization within Cybersecurity Solutions. A primary focus of his is workforce technical health; he is a senior advocate for IC PRIDE, the Intelligence Community-wide LGBTQ+ affinity network group. For the five years prior to joining Cryptographic Assurance Operations, he was chief of the Mathematics Research Group. He has one patent, US Patent Serial 09/799,432, “Device For and Method of One-Way Cryptographic Hashing” for the SHA-2 family of hashing algorithms.

    Mr. Charles Olden, Systems Engineer at CISCO

    Charles OldenCharles Olden is a systems engineer with Cisco Systems. He specializes in providing network and security designs for US public sector higher-education, K-12, and local government customers. He is an IT professional that has been in the industry for over 20 years. He is a native of western Pennsylvania and resides in the greater Pittsburgh area. His ultimate goal is to help businesses of all sizes transform how they connect, communicate and collaborate.

    Titles and Abstracts

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh

    • Title: NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-side SGX
      • Abstract: With the rising popularity of file-sharing services such as Google Drive and Dropbox in the workflows of individuals and corporations alike, the protection of client-outsourced data from unauthorized access or tampering remains a major security concern. Existing cryptographic solutions to this problem typically require server-side support, involve non-trivial key management on the part of users, and suffer from severe re-encryption penalties upon access revocations. This combination of performance overheads and management burdens makes this class of solutions undesirable in situations where performant, platform-agnostic, dynamic sharing of user content is required. We present NeXUS, a stackable filesystem that leverages trusted hardware to provide confidentiality and integrity for user files stored on untrusted platforms. NeXUS is explicitly designed to balance security, portability, and performance: it supports dynamic sharing of protected volumes on any platform exposing a file access API without requiring server-side support, enables the use of fine-grained access control policies to allow for selective sharing, and avoids the key revocation and file re-encryption overheads associated with other cryptographic approaches to access control. This combination of features is made possible by the use of a client-side Intel SGX enclave that is used to protect and share NeXUS volumes, ensuring that cryptographic keys never leave enclave memory and obviating the need to re-encrypt files upon revocation of access rights. We implemented a NeXUS prototype that runs on top of the AFS filesystem and show that it incurs modest overheads for a variety of common file and database operations. 

    Dr. Patrick McDaniel, the William L. Weiss Professor and Director of the Institute for Networking and Security, Penn State University

    • Title: The Challenges of Machine Learning in Adversarial Settings
      • Abstract: Advances in machine learning have enabled to new applications and services to process inputs in previously unthinkably complex environments. Autonomous cars, data analytics, adaptive communication and self-aware software systems are now revolutionizing markets and blurring the lines between computer systems and real intelligence. In this talk, I consider evolving use of machine learning in security-sensitive contexts and explore why many systems are vulnerable to non-obvious and potentially dangerous manipulation. Here, we examine sensitivity in any application whose misuse might lead to harm—for instance, forcing adaptive network in an unstable state, crashing an autonomous vehicle or bypassing an adult content filter. I explore the use of machine learning in this area particularly in light of recent discoveries in the creation of adversarial samples and defenses against them, and posit on future attacks on machine learning. The talk is concluded with a discussion of the unavoidable vulnerabilities of systems built on probabilistic machine learning, and outline areas for offensive and defensive research in the future

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive. Former White House Official

    • Title: Cybersecurity: The Future Threat and YOUR Opportunity
      • Abstract: This session will discuss the real hacking threats to our mobile phones, the Internet, and our ability to use new apps. What would happen if you could not text, or use Instagram, or any other application you use today? What can you do to protect yourself—and to get on a career path that will help you to investigate cyber hacks and cyber crime scenes?

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    • Title: The changing landscape of cybersecurity from COMSEC to INFOSEC to Cyber Security
      • Abstract: The field of cybersecurity is growing ever more complex with the advent of new technologies and new applications. However, cybersecurity finds its roots in the tenets of information security: Confidentiality, Integrity, Availability, and Non-repudiation. This talk will cover some of the mechanisms used to provide these services (for instance, encryption to provide confidentiality) and some of the challenges new or forecasted technologies pose. The talk will provide a broad-brush overview, accessible to the non-practitioner, and aims to be the first cybersecurity talk to discuss the Eastern painted turtle.

    Mr. Charles Olden, Systems Engineer at CISCO

    • Title: Ransomware and Cybersecurity
      • Abstract: Businesses are losing the battle to secure their networks due to the complexity of IT solutions, the increasing diversity of the threat landscape and the fragmentation of today's security offerings. There has clearly been an evolution of the threat landscape over the past few decades from simple viruses and worms to very sophisticated malware and advanced persistent threats. Attackers are increasingly more well-funded and are improving their approaches to the point where hacking has become industrialized. There is a very vibrant, shadow industry that is outpacing the information security industry in terms of revenue generation, but profit is not the only driver in the hacking business. Nation states are becoming main actors in developing exploits for cyberwarfare and espionage. 

    For more information about Cybersecurity Day at IUP, please contact Dr. Waleed Farag, Director, Institute for Cyber Security, at farag@iup.edu, 724-357-7995. 

  • Each year, the Institute for Cyber Security, in collaboration with IT Support Services, hosts Cyber Security Day (known previously as Information Assurance Day). This day-long event features nationally recognized security experts as well as speakers from regional law enforcement, the government, the security industry, and academia. Cyber Security Day is open to all IUP members, the public, community colleges, and neighboring universities.

    The 2018 Cyber Security Day was held on October 30, in the Ohio Room at the HUB (IUP main campus).  

    View the 2018 Cybersecurity Day Page

    View the 2018 Cybersecurity Day Photo Gallery

  • Cybersecurity Day 2017
    The Institute for Cybersecurity at IUP, in collaboration with the IT Support Center and the Computer Science Department, hosted the tenth annual Cybersecurity Day on Thursday, October 26, 2017, from 9:00 a.m. to 4:00 p.m. in the Stouffer Auditorium.
    Information Assurance Day 2016
    The Institute for Information Assurance at IUP, in collaboration with the IT Support Center and the Computer Science Department, will host the  ninth annual Information Assurance Day on Thursday, November 3, 2016 in the Ohio Room at the HUB.
    Information Assurance Day 2014
    The Institute for Information Assurance at IUP, in collaboration with the IT Support Center and the Computer Science Department, will host the seventh annual Information Assurance Day on Thursday October 30, 2014, from 8:45 a.m. to 4:30 p.m. in the Ohio Room at the HUB.
    Information Assurance Day 2013
    The Institute for Information Assurance at IUP, in collaboration with the Computer Science Department, will host the sixth annual Information Assurance Day on November 7, 2013, from 8:30 a.m.–4:00 p.m. at the Ohio Room in the HUB at IUP.
    Information Assurance Day 2012
    The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the fifth annual Information Assurance Day on November 1, 2012, from 9:00 a.m.– 4:00 p.m., at the Delaware Room in the HUB at IUP.
    Information Assurance Day 2011
    The Computer Science Department, in collaboration with the Institute of Information Assurance at IUP, will host the fourth annual Information Assurance Day on November 10, 2011, at the Delaware Room in the HUB at IUP.
    Information Assurance Day 2010
    The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the third annual Information Assurance Day on November 9, 2010, from 9:00 a.m.– 4:30 p.m., in Studio 210, Fisher Auditorium at IUP.
    Information Assurance Day 2009
    The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the second annual Information Assurance Day on November 5, 2009, from 9:00 a.m.– 4:30 p.m., in the Susquehanna Room in the HUB at IUP.
    Information Assurance Day 2008
    The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the first annual Information Assurance Day on November 7, 2008, from 9:00 a.m.– 4:30 p.m., in Johnson Hall Room 247 at IUP.