Cybersecurity Day 2018

  • The 12th annual Cyber Security Day will be held on Tuesday, October 29, 2019, in the HUB Ohio Room from 9:00 a.m. to 4:00 p.m.  Additional details coming soon!

    The Institute for Cyber Security at IUP, in collaboration with the IT Support Center, hosted the 11th annual Cyber Security Day on Tuesday, October 30, 2018, from 9:00 a.m. to 4:00 p.m. in the HUB Ohio Room.

    View the 2018 Cyber Security Day Brochure

    View the 2018 Cyber Security Day Photo Gallery

    View the 2018 Cyber Security Day Flier

    Schedule of the Event

    9:00–9:10: Opening Remarks

    Dr. Deanne Snavely, Dean, Kopchick College of Natural Sciences and Mathematics

    9:10–9:20: Welcome Message

    Dr. Francisco E. Alarcón, Chair, Department of Mathematical and Computer Sciences

    9:20–9:30: Event history, ICS work and recent achievements, and logistics.

    Dr. Waleed Farag, Professor of Computer Science and Director, Institute for Cyber Security at IUP

    9:30–10:20: NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-side SGX

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh

    10:20–10:35: A.M. Break

    10:35–11:25The Challenges of Machine Learning in Adversarial Settings

    Dr. Patrick McDaniel, the William L. Weiss Professor of Information and Communications Technology in the School of Electrical Engineering and Computer Science at the Pennsylvania State University

    11:25–12:50: Lunch Break

    12:50–1:00: Provost’s Remarks

    Dr. Tim Moerland, IUP’s Provost and Vice President for Academic Affairs

    1:00–1:50: Cybersecurity: The Future Threat and YOUR Opportunity

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive, Former White House Official

    1:50–2:00: P.M. Break

    2:00–2:50: The Changing Landscape of Cybersecurity from COMSEC to INFOSEC to Cyber Security

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    2:50–3:00: P.M. Break

    3:00–3:50: Ransomware and Cybersecurity

    Mr. Charles Olden, Systems Engineer at CISCO

    3:50–4:00: Conclusions

    Dr. Waleed Farag, Director, Institute for Cyber Security at IUP

    Biographical Information

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of PittsburghAdam Lee

    Adam Lee is currently the associate dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh. He is also an associate professor in the Department of Computer Science at the University of Pittsburgh, where he previously held the position of assistant professor (2008–14). Prior to joining the University of Pittsburgh, he received the MS (2005) and PhD (2008) degrees in Computer Science from the University of Illinois at Urbana–Champaign, and received his BS in Computer Science from Cornell University (2003). His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. Lee’s research has been supported by the NSF and DARPA, and he is an NSF CAREER award recipient. For more information, please see Adam Lee.

    Dr. Patrick McDaniel, the William L. Weiss Professor of Information and Communications Technology and Director of the Institute for Networking and Security Research at Penn State UniversityPatrick McDaniel

    Patrick McDaniel is the William L. Weiss Professor of Information and Communications Technology and director of the Institute for Networking and Security Research in the School of Electrical Engineering and Computer Science at the Pennsylvania State University. Professor McDaniel is also a fellow of the IEEE and ACM and serves as the program manager and lead scientist for the Army Research Laboratory’s Cyber-Security Collaborative Research Alliance. McDaniel’s research centrally focuses on a wide range of topics in computer and network security and technical public policy. Prior to joining Penn State in 2004, he was a senior research staff member at AT&T Labs-Research.

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive, Former White House OfficialLisa Schlosser

    Lisa Schlosser is a technology and cybersecurity executive originally from Pittsburgh, Pennsylvania, who has served in the private sector; public sector; US military; and academia. She currently serves as an elected commissioner for the City of Rehoboth Beach, Delaware. Lisa is also on the Board of Directors for VetSports; the Board of Advisors for Cylance; a consultant with Harrisburg University; on the CSFi Advisory Board; and is an instructor at Georgetown University and University of Maryland–University College. She is also an animal welfare advocate and volunteers at local dog shelters. Schlosser most recently served full-time as the federal deputy chief information officer, Executive Office of the President. In this role, she helped to oversee policy and budgeting for the $86-billion information technology portfolio. She was also asked to serve a six-month temporary detail with the Office of Personnel Management as a senior advisor/chief information officer following a major cybersecurity breach.

    Schlosser also worked as a principal deputy associate administrator and office director for the Environmental Protection Agency. Prior to EPA, Schlosser was a chief information officer and the associate chief information officer/chief information security officer, at two federal government agencies. Before joining the Federal Government, Schlosser worked in the private sector as a senior manager for Ernst & Young LLP, helping to establish the international Cyber Security Practice; and as a vice president for Global Integrity. Schlosser served in the US Army and retired as a lieutenant colonel from the US Army Reserves. Schlosser holds a BA degree in political science from Indiana University of Pennsylvania and an MS degree in administration from Central Michigan University. For more information, please see Lisa Schlosser.

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    Glenn LillyGlenn Lilly received his BA in philosophy and mathematics from West Virginia University in 1985. He received his PhD in mathematics (special functions and combinatorics) from the University of Kentucky in 1991. He joined the National Security Agency in 1991, where he has held a variety of positions in design and evaluation. Currently, he is the technical director for the NSA’s Cryptographic Assurance Operations organization within Cybersecurity Solutions. A primary focus of his is workforce technical health; he is a senior advocate for IC PRIDE, the Intelligence Community-wide LGBTQ+ affinity network group. For the five years prior to joining Cryptographic Assurance Operations, he was chief of the Mathematics Research Group. He has one patent, US Patent Serial 09/799,432, “Device For and Method of One-Way Cryptographic Hashing” for the SHA-2 family of hashing algorithms.

    Mr. Charles Olden, Systems Engineer at CISCO

    Charles OldenCharles Olden is a systems engineer with Cisco Systems. He specializes in providing network and security designs for US public sector higher-education, K-12, and local government customers. He is an IT professional that has been in the industry for over 20 years. He is a native of western Pennsylvania and resides in the greater Pittsburgh area. His ultimate goal is to help businesses of all sizes transform how they connect, communicate and collaborate.

    Titles and Abstracts

    Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh

    • Title: NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-side SGX
      • Abstract: With the rising popularity of file-sharing services such as Google Drive and Dropbox in the workflows of individuals and corporations alike, the protection of client-outsourced data from unauthorized access or tampering remains a major security concern. Existing cryptographic solutions to this problem typically require server-side support, involve non-trivial key management on the part of users, and suffer from severe re-encryption penalties upon access revocations. This combination of performance overheads and management burdens makes this class of solutions undesirable in situations where performant, platform-agnostic, dynamic sharing of user content is required. We present NeXUS, a stackable filesystem that leverages trusted hardware to provide confidentiality and integrity for user files stored on untrusted platforms. NeXUS is explicitly designed to balance security, portability, and performance: it supports dynamic sharing of protected volumes on any platform exposing a file access API without requiring server-side support, enables the use of fine-grained access control policies to allow for selective sharing, and avoids the key revocation and file re-encryption overheads associated with other cryptographic approaches to access control. This combination of features is made possible by the use of a client-side Intel SGX enclave that is used to protect and share NeXUS volumes, ensuring that cryptographic keys never leave enclave memory and obviating the need to re-encrypt files upon revocation of access rights. We implemented a NeXUS prototype that runs on top of the AFS filesystem and show that it incurs modest overheads for a variety of common file and database operations. 

    Dr. Patrick McDaniel, the William L. Weiss Professor and Director of the Institute for Networking and Security, Penn State University

    • Title: The Challenges of Machine Learning in Adversarial Settings
      • Abstract: Advances in machine learning have enabled to new applications and services to process inputs in previously unthinkably complex environments. Autonomous cars, data analytics, adaptive communication and self-aware software systems are now revolutionizing markets and blurring the lines between computer systems and real intelligence. In this talk, I consider evolving use of machine learning in security-sensitive contexts and explore why many systems are vulnerable to non-obvious and potentially dangerous manipulation. Here, we examine sensitivity in any application whose misuse might lead to harm—for instance, forcing adaptive network in an unstable state, crashing an autonomous vehicle or bypassing an adult content filter. I explore the use of machine learning in this area particularly in light of recent discoveries in the creation of adversarial samples and defenses against them, and posit on future attacks on machine learning. The talk is concluded with a discussion of the unavoidable vulnerabilities of systems built on probabilistic machine learning, and outline areas for offensive and defensive research in the future

    Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive. Former White House Official

    • Title: Cybersecurity: The Future Threat and YOUR Opportunity
      • Abstract: This session will discuss the real hacking threats to our mobile phones, the Internet, and our ability to use new apps. What would happen if you could not text, or use Instagram, or any other application you use today? What can you do to protect yourself—and to get on a career path that will help you to investigate cyber hacks and cyber crime scenes?

    Dr. Glenn Lilly, Technical Director for the NSA’s Cryptographic Assurance Operations

    • Title: The changing landscape of cybersecurity from COMSEC to INFOSEC to Cyber Security
      • Abstract: The field of cybersecurity is growing ever more complex with the advent of new technologies and new applications. However, cybersecurity finds its roots in the tenets of information security: Confidentiality, Integrity, Availability, and Non-repudiation. This talk will cover some of the mechanisms used to provide these services (for instance, encryption to provide confidentiality) and some of the challenges new or forecasted technologies pose. The talk will provide a broad-brush overview, accessible to the non-practitioner, and aims to be the first cybersecurity talk to discuss the Eastern painted turtle.

    Mr. Charles Olden, Systems Engineer at CISCO

    • Title: Ransomware and Cybersecurity
      • Abstract: Businesses are losing the battle to secure their networks due to the complexity of IT solutions, the increasing diversity of the threat landscape and the fragmentation of today's security offerings. There has clearly been an evolution of the threat landscape over the past few decades from simple viruses and worms to very sophisticated malware and advanced persistent threats. Attackers are increasingly more well-funded and are improving their approaches to the point where hacking has become industrialized. There is a very vibrant, shadow industry that is outpacing the information security industry in terms of revenue generation, but profit is not the only driver in the hacking business. Nation states are becoming main actors in developing exploits for cyberwarfare and espionage. 

    For more information about Cybersecurity Day at IUP, please contact Dr. Waleed Farag, Director, Institute for Cyber Security, at farag@iup.edu, 724-357-7995.