Office of the University Provost
Center for Cybersecurity & Information Assurance

Symposium on Cybersecurity & Information Assurance at FDU

Advances in Cybersecurity and Information Assurance

Purpose of the Cybersecurity and Information Assurance Symposium:

Fairleigh Dickinson University’s Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset. The symposium ends with a virtual tour of the NJ InfoAge Museum and overview of the history of communication technology, as well as a hands-on forensics demonstration in the FDU’s Cybercrime Laboratory.

Featured Speakers

 

  Kevin A. KwiatKevin A. Kwiat

Principal Computer Engineer, U.S. Air Force Research Laboratory in Rome, NY

Title: Survivability in Cyberspace

Abstract

Defense of cyberspace is challenging. The seemingly endless breadth of cyberspace coupled with the technological depth of its composition can divide defensive approaches to be either overarching or highly specific. In order to abstract away details for the purpose of tractability, overarching approaches can suffer because simplistic models for threats, vulnerabilities, and exploits tend to yield defenses that are too optimistic. Approaches that deal with specific threats, vulnerabilities and exploits may be more credible but can quickly lose their meaningfulness as technology changes. Whether approaches are near-or-far term, there are two underlying attributes remain essential: the ability to survive and the ability to fight through.

The justification for treating survival and fight-through as inseparable is: although cyberspace’s apparent vastness seems to convey a limitless supply of information and network-related resources, the actual amount of these resources under any single genuine entity’s control is typically very limited. However, an attacker’s aim to overtake resources may not be easily bounded. Thus, driving the goal’s dual survive-and-fight through make-up is that while the part of cyberspace under single, genuine control is limited, for that same part of cyberspace an adversary’s aim is to maximize control. This dictates that survive and fight-through remain joined. Considered separately, the accumulated loss of resources to the adversary will eventually undermine the ability to survive or the ability to fight through – but that is not so for both. That is, surviving an attack by sustaining its damage and fighting through that attack- again and again if necessary - with those remaining resources under the defender’s control allows the system to emerge, and remain, undefeated. Click HERE to view the full presentation.

Approved for Public Release; Distribution Unlimited: 88ABW-2010-1117

Jungwoo RyooJungwoo Ryoo

Associate Professor of Information Sciences and Technology, Penn State University, Altoona, PA

Title: Round-trip Security Engineering Using Tactics, Patterns, and the Two-Tier Programming Toolkit

Abstract:

Security patterns are well known solutions to recurring security design problems. The current use of patterns often focuses on the isolated adoption of them during the design phase, which falls short of taking advantage of the full potential of patterns and can even leads to a false sense of security. The use of security patterns during the design phase of a software development life cycle (SDLC) doesn’t guarantee the faithful implementation of the security patterns due to the possibility of programming errors or oversight. On the other hand, once properly associated with relevant security requirements, security patterns can serve as a crucial bridge that establishes a traceability relationship between requirements and implementation.

The keynote speech will introduce novel concepts such as tactics and round-trip security engineering to demonstrate how security patterns can realize their true potential as one of the most important tools software engineers can use to build security into their software and make it more resilient to various security threats. Click HERE to view full presentation.

 

William R. BeckettWilliam R. Beckett

Lead Principal-Technical Architect, AT&T Laboratories, Middletown, NJ

Title: Retrospective on DDoS Service Implementation

Abstract

Implementing a security service on a large tier 1 network presents numerous challenges. Among the most critical problems are scaling products designed for enterprise implementations and integrating security solutions into an existing network. The talk will be a retrospective of implementing a DDoS solution in the AT&T network. We will look at challenges related to data collection, mitigating attacks and provisioning new service for customers. Click HERE to view full presentation.

 

Justin CapposJustin Cappos

Assistant Professor of Computer Science and Engineering, Polytechnic Institute of New York University, NY

Title: The Key to Security: Thinking With A Security Mindset

Abstract

To many academics, computer security is uniquely diverse. At a top security conference, it is common to see papers on the mathematics of cryptography, secure processors, private data inference through scraping Facebook, machine learning techniques for decoding encrypted VoIP traffic,program verification, and other diverse topics. It can be hard to see a common link between these topics. As such, it can be hard to know what constitutes “security” as a field.

In this talk, I will discuss how the common theme in security isn’t a technique, but is instead a concept --- thinking with a security mindset. Using a security mindset is a way of considering how something can be (ab) used to cause it to behave in a different way than intended. To reinforce this idea, I will discuss a myriad of technical and non-technical examples that demonstrate thinking with a security mindset, including why one would repeatedly buy $0.01 of gas for hours at a time, how Bejeweled2 could steal your passwords / PIN, a way that a web server can cause a laptop to emit wireless beacons on your home wireless network, and an easy way to find thousands of vulnerable Linux servers. Click HERE to view full presentation.

Fred CarlFred Carl

Director, InfoAge Museum, Wall, NJ

Title: Camp Evans - a former secret base - a time capsule of technology history.

Abstract

This presentation provides an overview of the communication technology history and its impact upon world events at the National Historic Landmark, Camp Evans. Established as a trans-oceanic wireless station in 1912, the site was used by the U. S. Navy in WWI and later by the Radio Corporation of America (RCA). Information security and enemy information collection played a role in WWI. As WWII approached the old wireless site was expanded by the U. S. Army for radar and related technology development. Information security was essential during WWII. During the Cold War, the site continued to serve our national interest. The critical nature of the work is underscored by Senator Joe McCarthy 1953 visit to improve security in the radar laboratory. Click HERE to view full presentation.

Eamon DohertyEamon Doherty

Associate Professor and Director Cybercrime Training Laboratory, Petrocelli College of Continuing Studies, FDU, Teaneck, NJ

Title: Hands-On Computer Forensics Demonstrations

Abstract

This demonstration will highlight two commonly used software forensics tools that help extract simulated digital evidence from a digital camera and a cell phone. One of the pictures from these devices has the GPS coordinates embedded in it. A software tool will be applied to the picture to display a satellite view and the street map of where the picture was taken. This information helps in crime scene analysis and investigation. Other investigation tools such as a write blocker, a forensic examination machine, and the Cellebrite Mobile Forensics and Data Transfer system will be shown. Some consumer items that information security professionals encounter in the field, such as a tie with a microphone and a camera, will also be demonstrated. Click HERE to view full presentation.

 

 

Wednesday, May 1, 2013 
from
8:00 AM to 4:00 PM

Location:
Wilson Auditorium, Dickinson Hall, Metropolitan Campus, Fairleigh Dickinson University

140 University Plaza Drive 
Hackensack, NJ 07666



The event is co-sponsored by IEEE Computer Society Chapter of the North Jersey Section



For more information please contact:

Center for Cybersecurity & Information Assurance (IA)
Metropolitan Campus
Dickinson Hall, Office Suite 1204
1000 River Road, H-DH1-01
Teaneck, NJ 07666
USA

(201) 692-2105 Voice
(201) 692-2102 Fax