The Information Systems and Internet Security (ISIS) Laboratory is a NSF-funded lab consisting of heterogeneous platforms and multiple interconnected networks to facilitate hands-on experimentation and project work related to information security. It provides focus for multidisciplinary research and education in emerging areas of information security at Polytechnic Institute of NYU.
Current research areas include computer and network security, digital forensics, hardware for secure systems, digital watermarking, and steganography. Courses supported by the ISIS lab include those related to computer and network security.
||The Emerging Threat of Financial Crimes and CSC Website|
The Cyber Security Club is proud to present David O’Connor giving a talk on "The Emerging Threat of Financial Crimes" on Wednesday, October 13, 2010 in room JAB473.
We would also like to inform everyone about our new website: https://sites.google.com/site/polycybersecurityclub/, where we will be posting a schedule of talks, and be providing content for each talk afterwards. This is solves the problem of members not knowing about upcoming talks, and will allow members to be able to obtain materials for each talk afterwards.
||Supply Chain Attcks|
|Speaking in the DISSP series next Wednesday, we have
Marcus Sachs on Sept 8th from 12:30pm to 1:30pm in room RH 227.
Most security professionals are well trained on the use of firewalls,
intrusion detection systems, anti-virus software, and other common tools
that are used to protect their organization's intellectual property.
Recent attacks have been seen arriving through the supply chain, with
attackers literally shipping software and hardware "pre-infected" with
malicious code designed to install hidden backdoors and access methods
that are undetected by traditional tools. This talk will look at several
cases of recent supply chain attacks and will examine the policy and
operational changes we need to make in order to protect ourselves from
this new method of attack.
||SAIC Selects NYU-Poly to Help Build Cyber Security Powerhouse|
|Polytechnic Institute of New York University
(NYU-Poly) has signed an agreement with Science
Applications International Corporation (SAIC)
[NYSE: SAI], a FORTUNE 500 scientific, engineering
and technology applications company, to deliver
master's degrees in cyber security to more than
600 top-performing employees over the next decade.
View full press release.
||Poly Hosting Security Treasure Hunt Online Competition|
|The New York State Office of Cyber Security and Critical Infrastructure
Coordination (CSCIC) announced the launch of a new online competition,
known as Security Treasure Hunt, designed to identify individuals with cyber
security skills and enable competitors to be considered for participation in a
week-long cyber security camp in NYC this July.
||Seminar: Prof. Srini Devadas, MIT |
|Title: How Hardware Can Help Meet Security Challenges
Time and Location: March 25, 2010 in LC400 at 2pm
Abstract: In this talk, I will focus on how
hardware can help secure systems that are under physical as
well as computational attack. Physical Unclonable Functions
(PUFs) are a tamper resistant way of establishing shared
secrets with a physical device. They rely on the inevitable
manufacturing variations between devices to produce an
identity for a device. This identity is unclonable, and in
some cases is even manufacturer resistant (i.e., it is
impossible to produce devices that have the same identity).
We describe applications of PUFs, including authentication
of individual integrated circuits such as FPGAs and RFIDs,
and the design of a PUF-enabled processor that generates its
public/private key pair on power-up so its private key is
never left exposed in (on-chip or off-chip) non-volatile
storage. It is capable of a broad range of cryptographic
functionality, including certified execution of programs.
Finally, by running a virtual machine on a secure processor
we have built an attachable trusted module called a Trusted
Execution Module (TEM) that does not need to be securely
bound to its host (unlike the TPM) and which does not trust
the authors of the programs it runs (unlike a smart card).
||Seminar: Kevin Butler, Penn State |
|Title: Leveraging Emerging Storage Functionality for New Security Services
Time and Location: March 23, 2010 in LC400 at 11am
Abstract: This talk discusses how new disk architectures may
be exploited to aid the protection of systems by
acting as policy decision and enforcement points.
We prototype disks that enforce data immutability
at the block level on critical system data,
preventing malicious code from inserting itself
into system configuration and boot files. We then
examine how storage may be used to ensure the
integrity state of hosts prior to allowing access
to data, and how such a design improves the
security of portable storage devices.
||Seminar: Robert J. Giesler, SAIC |
|Title: Cyber Conflict: Fact and Fiction
Time and Location: Wednesday April 7 at 1pm in RH227
Cyber warfare expert Bob Giesler will round up
current trends in US government cyber policy and
strategy, and discuss the real face of cyber
military operations. He will explore the aphorism
that a good defense requires a good offense.
Emphasizing the strategic imperative of public
awareness, Giesler will suggest that invoking the
image of a Cyber Pearl Harbor, as seen in the CNN
broadcast Cyber Shockwave (see
bad public policy.
||Seminar: Juan Caballero, CMU|
|Title: Binary Program Analysis and Model Extraction for Security Applications
Time and Location: Friday 3/12 at 11am in LC400
In this talk I present a platform to extract models of security-relevant
functionality from program binaries, enabling multiple security applications
such as active botnet infiltration, finding deviations between implementations
of the same functionality, vulnerability signature generation, and finding
content-sniffing cross-site scripting (XSS) attacks. I present two applications:
active botnet infiltration and finding content-sniffing XSS attacks.
||Recruiting Visit: Gus de los Reyes, AT&T|
|Title: Security Research at AT&T
Time and Location: Wednesday 2/17 at 12:15pm in RH227
||Seminar: Ahmed Metwally, Google|
|Title: Online Data Forensics for Click Fraud Detection
Time and Location: Wednesday 2/17 at 11am in LC102
Abstract: In this talk, we describe the Internet advertising
model, and discuss the issue of click fraud that
is an integral problem in such a setting. We start
by classifying the click fraud techniques into two
major classes based on the motivation of the
fraudulent publishers and advertisers. We describe
traffic analysis problems that model detecting
both classes of fraud attacks. We propose using
streaming and sampling algorithms on aggregate
traffic as a viable way of detecting automated
traffic, while not violating the surfers.
privacy. We conclude by reporting the results of
deploying these algorithms on various networks of
||NYU-Poly Cyber Security Program Featured on BBC|
||Seminar: John Ioannidis, Google|
|Title: Cloud Computing: Threats (Perceived and Real)
Time and Location: Friday 2/12 at 11am in LC400
Abstract: Cloud computing is being heralded as a major paradigm shift in how
computing and network services are structured and offered. As with
any new technology, there are many perceived threats, both from a
business and from a personal perspective. In this talk we survey the
landscape of the various technologies that the term "cloud computing"
encompasses, analyze where threats and vulnerabilities can really be,
and propose the necessary approaches to countering them in time.
||iPhone App Class Visit with AT&T|
|NYU-Poly's iPhone App class visits AT&T.
||2010 Department of Defense Scholarships|
|Applications for Department of Defense Scholarships are now being accepted for 2010.
For more information, please see this page.
||Embedded System Challenge Featured in IEEE Spectrum|
||UCSB iCTF 2009|
||Security and Privacy Day 2009|
|The Security and Privacy Day is a biannual event sponsored by the greater
New York City area computer security research community for bringing area
researchers together, fostering multi-institutional collaborations, and
discussing and exchanging our ideas on and experiences with security and privacy research.
For more information, please visit the event web site.
||CSAW CTF Elimination Round Winners Have Been Announced|
||Seminar: Prof. Andrew Odlyzko, University of Minnesota|
|Thursday, October 1st, 11 am - noon, LC400
Title: How to Live and Prosper with Insecure Cyber Infrastructure
Abstract: Professor Andrew Odlyzko uses an
interdisciplinary approach that incorporates
insights from economics, law, sociology, and
psychology of security to explain some
counterintuitive and contrarian approaches to
research and the deployment of information
Andrew Odlyzko has had a long and distinguished career
in research and research management at Bell and AT&T labs and has
recently built an interdisciplinary research center. He has authored
over 150 technical papers on computational complexity, cryptography,
number theory, combinatorics, coding theory, analysis, probability
theory and related fields. In recent years, he has worked on electronic
commerce, economics of data networks, and economic history with
particular focus on diffusion of technological innovation.
||Seminar: Gary McGraw, CTO, Cigital Inc.|
|9/25 at 11am in the Pfizer Auditorium
Title: Software Security and the Building Security in Maturity Model (BSIMM)
Abstract: Gary McGraw, PhD, will use his book
"Software Security: Building Security In" to frame a discussion on
the state of the practice of
software security. He will describe the observation-based maturity
model, using examples from real software security programs and how to
use the BSIMM to determine the software security plan that works best
Dr. Gary McGraw is CTO of Cigital, Inc., a software security and
quality-consulting firm, headquartered in the Washington, DC area. He
is an international expert in the field of software security and the
author of eight books. He holds dual PhD degrees in Cognitive Science
and Computer Science from Indiana University where he serves on the
Dean's Advisory Council for the School of Informatics.
online slides (for Microsoft Internet Explorer users)
||CSAW Featured on Reuters |
With cyber security fraud costing businesses more than a trillion dollars
worldwide and enforcement agencies facing shortages that can delay forensics
investigations for years, the graduate students of a leading information
security program devised the 2009 cyber war games to attract the next generation
of cyber sleuths.
Graduate students of the Polytechnic Institute of New York University this week
opened registration for the 6th Annual Cyber Security Awareness Week (CSAW)
Full Reuters CSAW Article
||ISIS Media Forensics Research Featured in Thomson Security Newsletter|
||Collaborative Research in Information Security and Privacy|
||Seminar Series: Reverse Engineering|
|Speaker: Alex Sotirov, Independent Security Researcher
Time: April 1st, 8th, 15th, and 22nd at noon
Alex Sotirov, an independent security researcher with more than ten
years of experience with vulnerability research, reverse engineering
and advanced exploitation techniques, will be giving a free 4-week
reversing seminar through NYU:Poly's ISIS lab. Starting on April 1st,
Alex will cover and go beyond many of the topics presented in
NYU:Poly's successful "Penetration Testing and Vulnerability Analysis"
course. Material will be presented on common binary patterns, dynamic
analysis techniques, and complex malware analysis.
Alex's most recent work includes exploiting MD5 collisions to create a
rogue Certificate Authority, bypassing the exploitation mitigations on
Windows Vista and developing the Heap Feng Shui browser exploitation
technique. His professional experience includes positions as a
security researcher at Determina and VMware. Currently he is working
as an independent security consultant in New York. He is a regular
speaker at security conferences around the world, including
CanSecWest, BlackHat and Recon. Alexander is a program chair of the
USENIX Workshop on Offensive Technologies and is one of the founders
of the Pwnie Awards.
Please join us for this unique opportunity at NYU:Poly's ISIS lab.
All are welcome.
||Theory Plus Practice in Computer Security: Radio Frequency Identification and Whitebox Fuzzing|
|Speaker: David Molnar, UC Berkeley
Time: Friday April 3rd at 11am
I will describe two areas in computer security that demonstrate the wide
range of techniques, from both theory and practice, we need to make impact.
First, I treat privacy and security in Radio Frequency Identification (RFID).
RFID refers to a range of technologies where a small device with an antenna,
or "tag", is attached to an item and can be queried later wirelessly by a
reader. While proponents of RFID promise security and efficiency benefits,
the technology also raises serious security concerns. I will describe my work
on practical security analysis of RFID in library books and the United States
e-passport deployments. These deployments in turn uncover a new theoretical
problem, that of "scalable private authentication", I will describe the first
solution to this problem that scales sub-linearly in the number of RFID tags.
Second, I describe recent work in "whitebox fuzz testing", a new approach to
finding security bugs. Security bugs cost millions of dollars to patch after
the fact, so we want to find and fix them as early in the deployment cycle
as possible. I review previous fuzz testing work, how fuzzing has been
responsible for serious security bugs, and classic fuzz testing's inability
to deal with "unlikely" code paths. I then show how marrying the idea of
dynamic test generation with fuzz testing overcomes these shortcomings, but
raises significant scaling problems. Two recent tools, SAGE at Microsoft
Research, and SmartFuzz at Berkeley, overcome these scaling problems; I
present results on the effectiveness of these tools on commodity Windows and
Linux media playing software. Finally, I close with directions for leveraging
cloud computing to improve developers' testing and debugging experience.
The talk describes joint work with Ari Juels and David Wagner (RFID), and with
Patrice Godefroid, Michael Y. Levin, Xue Cong Li, and David Wagner (Fuzzing).
||Seminar: Expressive Policy Analysis with Enhanced System Dynamicity|
|Speaker: Jorge Lobo, IBM T.J. Watson Research Center
Time: Wednesday April 1st at 11am
Although several research efforts have been devoted to the issue, the
effective analysis of policy based security systems remains a significant
challenge. Policy analysis should at least (i) be expressive (ii) take
account of obligations and authorizations, (iii) include a dynamic system
model, and (iv) give useful diagnostic information. I will present a
logic-based policy analysis framework which satisfies these requirements,
showing how properties such as modality conflicts, separation of duties, and
others can be analyzed. We give details of a prototype implementation.
Bio: Jorge Lobo joined IBM T. J. Watson Research Center in 2004. Previous to IBM
he was principal architect at Teltier Technologies, a start-up company in
the wireless telecommunication space acquired by Dynamicsoft and now part
of Cisco System. Before Teltier he was an Associate Professor of CS at the
University of Illinois at Chicago and a member of the Network Computing
Research Department at Bell Labs. At Teltier he developed a policy server for
the availability management of Presence Servers. The servers were successfully
tested inside two GSM networks in Europe. He also designed and co-developed
PDL, one of the first generic policy languages for network management. A
policy server based on PDL was deployed for the management and monitoring
of Lucent's first generation of softswitch networks.
Jorge Lobo has more than 50 publications in international journals and
conferences in the areas of Networks, Databases and AI. He is co-author of
an MIT Press book on logic programming and an IBM Press book on policy
technologies for self-managing systems. He is co-founder and member of the
steering committee for the IEEE International Symposium on Policies for
Distributed Systems and Networks. He has a PhD in CS from the University of
Maryland at College Park, and an MS and a BE from Simon Bolivar University,
||Seminar: Prioritizing Security Goals|
|Speaker: Michael Aiello, Goldman Sachs
Time: March 25th at 12:30pm
The talk will describe several of the security techniques that do not
get a lot of publicity, but been found quite effective within our
organization. Some of the techniques are quite simple, such as
providing developers with a checklist, and asking the right questions
to determine where to focus efforts. Together, they enable a rational
process of security management within a large heterogeneous environment.
||Seminar: Doing IDS without being (too) intrusive|
|Speaker: Joel Rosenblatt, Columbia Information Security Office
Time: February 18th at 12:15pm
Speaker Bio: Joel Rosenblatt has been in IT at Columbia University for the
last 31 years. He is currently the head of the Computer and Network
security group, part of the Columbia Information Security Office. He is
responsible for overseeing the security for the approximately 65,000 nodes
that make up the Columbia University network. Additional responsibilities
include DMCA compliance and investigations involving law enforcement. Joel
is the Chair of the Security Metrics Project Team of the EDUCAUSE/Internet2
Computer and Network Security Task Force and a member of Infraguard, NYECTF
and other organizations that he can neither confirm or deny the existence
||Security Seminar: Mike Zusman|
|Time: February 11th at 12:30pm
Internet-facing SSL VPNs and Open Reverse Proxies can be abused to perform reconnaissance, data extraction, or general mischief INSIDE
the Corporate Intranet and on SSL VPN clients. Such security devices are usually thought to add security to the enterprise network, while
increased client side attack surface from required mobile code (ActiveX/Java) goes ignored.
This presentation will discuss programming and infrastructure flaws
permitting abuse of the server, remote code execution on vulnerable
clients, as well as appropriate countermeasures.
Mike Zusman is a Senior Consultant for the Intrepidus Group. Prior to
joining Intrepidus Group, Mike has held the positions of Escalation
Engineer at Whale Communications (a Microsoft subsidiary), Security
Program Manager at Automatic Data Processing, and lead architect &
developer at a number of smaller firms. In addition to his corporate
experience, Mike is an independent security researcher, and has
responsibly disclosed a number of critical vulnerabilities to
commercial software vendors and other clients. Mike has also founded a
number of successful entrepreneurial ventures including Global Uplink
Solutions Incorporated (hosting division acquired by Flare
Technologies in 2005) and Dish Uplink LLC, a leader in satellite TV
subscription activations in the US. Mike holds the CISSP
||Security Seminar: Bots, Botnets, and Malware: Evolving Attack and Defense|
|Time: February 4th at 12:30pm
Dean De Beer will be presenting at this week's Wednesday security
meeting on "Bots, Botnets, and Malware: Evolving Attack and Defense."
The talk will cover infection vectors, command and control structures,
and commercial detection tools for current-generation botnets focusing
on the ASPRox, Waledac, Storm, and Confiker botnets. Dean will also
show off techniques you can use to visualize the network data
generated by these botnets.
Dean is an Information Security Specialist with 10 years of experience
in providing tailored security services to a variety of clients in the
public, healthcare and education sectors. He has worked with these
businesses to improve their overall security posture by helping them
meet and exceed the standards required for compliance with various
regulations such as HIPAA, GLBA and SOX. He is able to deliver these
results by using a combination of technical services such as risk
assessments, penetration testing and incident response to develop and
improve upon existing controls and metrics for clients of zero(day)
||Presentation and Discussion: The Psychology of Deception|
|Time: January 30th at 4:00pm
Place: CS Conference Room
Sherard Bailey will give a talk in the psychology
of deception and a group discussion will follow.
Topics to be addressed are:
- What is deception?
- Defining a psychology of deception
- define the strong/weak "sense" of psychology and how the psychology of
deception fits into this
- review of published articles by
- Jastrow (illusory inferences on knowledge based on sensory info),
- Dessoir (invited inference, psychological kernel),
- Binet and Triplett (sociobiology, deception/natural selection) that form a broad collection of ideas on the topic
||Seminar: Reverse Engineering in the Security Industry|
|Time: January 28th at 12:30pm
Alexander Sotirov will join us for a seminar on the
state of the art of reverse engineering.
Alexander Sotirov has been involved in computer
security since 1998, when he became one of the
editors of Phreedom Magazine, a Bulgarian
underground technical publication. For the past
eight years he has been working on reverse
engineering, exploit code development and research
in automated source code auditing. His most
well-known work is the development of highly
reliable exploits for Apache/mod_ssl, ProFTPd and
Windows ASN.1. He graduated with a Master's degree
in computer science in 2005. He is an independent
security consultant working in New York City and
is affiliated with phreedom.org.
||Seminar: Networked Systems for the Developing World|
|Lakshminarayanan Subramanian of the Courant Institute
will give a seminar in room RH227
on Wednesday, November 19th from 12:30pm to 1:30pm.
Professor Subramanian's summary follows:
Networked Systems for the Developing World
Computer Science research over the past several
decades has predominantly focused on addressing
important computing problems in the developed
world with little focus on the developing world.
However, the sad reality is that a large majority
of the world's population does not have access to
basic digital communications - If this issue is
not addressed, the digital divide is bound to
significantly grow in the upcoming years.
In this talk, I will elaborate upon how the
development of appropriate Information and
Communication Technologies (ICT) has the potential
to solve some of the pressing problems in
developing countries including improving
healthcare, education, financial services,
supply-chain services etc. I will elaborate on the
computer science research challenges that arise in
addressing these problems many of which are
motivated by the operational environments in these
regions. These challenges are spread across a wide
range of topics within computer science.
||Seminar: Deian Stefan - "Keystroke Dynamics Authentication and Human-Behavior Driven Bot Detection"|
|Deian Stefan from Cooper Union will join us at Poly in room RH227
on Wednesday, October 22nd from 12:30pm to 1:30pm to
present his research.
We present our design and implementation of a remote
authentication framework called
TUBA which collects, extracts features, analyzes, and classifies a
computer owner's character-
istic keystroke patterns. A comprehensive security analysis on the
attacks and defenses of our
framework is presented.
||CSAW 2008: Big thanks to everyone!|
|CSAW 2008 culminated in
the awards ceremony on Tuesday, October 14th in Poly's
Pfizer Auditorium. This year's CSAW was the biggest yet, with
more participation, more schools participating, more countries
participating, and more prizes than ever before. Big thanks to
all who competed, all the judges who donated their expertise,
and of course, big thanks to the sponsors.
||Leveraging Technical Security in the Enterprise|
|Time:Wednesday, September 25th at 12:30pm
Place:Rogers Hall, Room 227
will join us to give a talk titled
"Leveraging Technical Security in the Enterprise".
The talk will address how to better market and use
technical training to create effective products and
services for global enterprise users.
||Workshop on Interdisciplinary Studies in Security and Privacy|
|The ISIS group at NYU Poly is hosting
WISSP 2008, a
workshop on interdisciplinary studies in security and privacy.
Panel topics will include targeted malware, trusted platforms,
privacy, and education. See the
for a listing of the speakers and panelists as well as for
more information about the topic of each of the sessions.
||The Bad Guys Are Winning: What Now? |
|On Wednesday, September 17th, at 12:30pm in room RH227
Ed Skoudis will give a talk titled,
"The Bad Guys Are Winning: What Now?"
The topic is as follows.
A sufficiently motivated
attacker will almost always compromise a target environment, given the
complex attack surface of today's enterprises. This talk analyzes why
this is so, and discusses what the implications are for enterprise
security personnel, penetration testers, and the military.
||Computerworld Magazine lists Polytechnic among top 10 innovative schools, particularly the security program. |
|A Computerworld/Dice.com survey of 16 graduate-level
alumni gave Poly straight A's.
- Overall grade: A
- Value: A
- Positive career impact: A
- Relevance to actual career activities: A
The article lists Poly's
security program as one of the key strengths of Poly, and has an interview
with an ISIS alum, Stanislav Nurilov.
See the full article on the Computerworld site.
||Congratulations to Pasha Pal for winning the best paper award at DFRWS 08.|
|ISIS PhD student
was given the best paper award at DFRWS 08
for his analysis of the state of the art in file carving, and development
of a powerful new method.
The paper is here:
Detecting File Fragmentation Point using Sequential Hypothesis Testing
File carving is a technique whereby data files are extracted
from a digital device without the assistance of file tables
or other disk meta-data. One of the primary challenges in
file carving can be found in attempting to recover files
that are fragmented. In this paper, we show how detecting
the point of fragmentation of a file can benefit fragmented
file recovery. We then present a sequential hypothesis
testing procedure to identify the frag- mentation point of a
file by sequentially comparing adjacent pairs of blocks from
the start- ing block of a file until the fragmentation point
is reached. By utilizing serial analysis we are able to
minimize the errors in detecting the fragmentation points.
The performance results obtained from the fragmented
test-sets of DFRWS 2006 and 2007 show that the method can be
effectively used in recovery of fragmented files.
||Transparent Anonymization: Thwarting Adversaries Who Know the Algorithm|
|Speaker: Xiaokui Xiao, Chinese University of Hong Kong
Time and Location: Monday 07/07 at 11am in LC400
The digitization of our daily lives has led to unprecedented collections
of sensitive personal data (e.g., census data, medical records) by
governments and corporations. Such data is often released for research
purposes, which, however, may pose a risk to individual privacy. To
address this issue, numerous techniques have been proposed to anonymize
the data before its publication. Somewhat surprisingly, all existing
anonymization techniques assume that the adversary has no or limited
knowledge of the anonymization algorithm, and fail to protect privacy when
this assumption does not hold. In other words, a data publisher that
adopts these techniques must take up the difficult responsibility of
keeping the algorithm confidential, which severely limits the
applicability of these techniques in practice.
In this talk, I will present a solution that remedies the above problem. I
will start from an analytical model for evaluating disclosure risks,
against an adversary who knows everything in the anonymization process,
except the data to be published. Based on the model, I will discuss three
anonymization algorithms that can ensure privacy protection against the
adversary we consider. The effectiveness and efficiency of these
algorithms will be demonstrated through experimental results. Finally, I
will conclude the talk with my plan for future research.
Xiaokui Xiao obtained the Bachelor and Master degrees in Computer Science
from the South China University of Technology in July 2001 and June 2004,
respectively. He is currently a PhD student in the Department of Computer
Science and Engineering of the Chinese University of Hong Kong.
||ISIS gets NSA Designation of Center of Excellence in Research |
|In addition to affirming our status as a Center of Academic Excellence
in Information Assurance Education, NSA awarded ISIS the status
of Center of Academic Excellence in Information Assurance Research.
More information about this designation can be found on
||ISIS Renews Center of Excellence in Education Designation|
||On Trusted Hardware and Privacy Systems|
|Speaker: Radu Sion, State University of New York, Stony Brook
Time and Location: Friday 3/14 at 11am in LC102
We will talk about existing trusted hardware devices and how they can be
deployed to make the world a safer and more private place.
Radu Sion is an assistant professor of Computer
Science in Stony Brook University, heading the
Network Security and Applied Cryptography
Laboratory. His research focuses on data security
and information assurance mechanisms.
Collaborators and funding partners include
Motorola Labs, the Center of Excellence in
Wireless and Information Technology CEWIT, the
Stony Brook Office for the Vice-President for
Research and the National Science Foundation. Sion
also directs the Stony Brook Trusted Hardware
Laboratory, a central expertise and research
knowledge repository on secure hardware.
Radu Sion's Webpage
||Tackling the Content Protection Challenge |
|Speaker: Nelly Fazio, IBM Almaden Research Center
Time and Location: Friday 3/07 at 11am in LC102
Devising effective Content Protection mechanisms and building satisfactory
Digital Rights Management systems have been top priorities for the
Publishing and Entertainment Industries in recent years. Corporate DRM
efforts have so far attempted to address this challenge with systems
characterized by a tight control over the user media platform. This
approach, however, brings about rigid limitations on the user experience
(e.g., restrictions on the creation of back-up copies of purchased
copyrighted content), ultimately resulting in an unhappy customer base.
Research advances over the last few years show that Cryptography holds
promise for the development of flexible tools that could enable fair DRM
solutions. In this talk, I will provide an overview of my investigations
along this direction, and I will then focus on the case of transmission of
live events, where the sensitivity of the content under distribution
decreases with time. For this setting, I will present a scheme in which
unauthorized disclosure of access control credentials can be traced back
to the leaker(s), thus discouraging piracy by the threat of detection.
The proposed solution improves upon the state of the art both in
communication performance and in security guarantees.
Before concluding, I will briefly discuss some of my other cryptographic
research, including an on-going project that was recently funded by DARPA
in the context of the "System F6" initiative.
Nelly Fazio earned her M.Sc. ('03) and Ph.D. ('06) in Computer Science
from New York University. During her studies, she also conducted research
at Stanford University, Ecole Normale Superieure (France) and Aarhus
University (Denmark). In 2003, she was awarded the NYU CIMS Sandra
Bleistein prize, for "notable achievement by a woman in Applied
Mathematics or Computer Science." Her Ph.D. thesis was nominated with
honorable mention for the NYU J. Fabri prize, awarded yearly for the "most
outstanding dissertation in Computer Science."
Dr. Fazio's research interests are in cryptography and information
security, with a focus on digital content protection. Since July 2006, she
is part of the Content Protection group at IBM Almaden Research Center,
where she has been conducting research on advanced cryptographic key
management, tracing technologies, and authenticated communications in
dynamic federated environments. Currently, she is a visiting research
scientist in the Security group at IBM T.J. Watson Research center,
working on security issues of decentralized enironments such as sensor
||Seven Flaws of Identity Management |
|Speaker: Rachna Dhamija, Harvard University
Time and Location: Friday 02/29 at 11am in LC102
In the last few years, Internet users have seen the rapid expansion of
phishing, man-in-the-middle, malware and other attacks that attempt to
trick users into revealing sensitive data. We have also seen the
introduction of new authentication and identity management systems across
the Web. The scale and complexity, combined with the privacy and security
requirements of these systems, create steep challenges for usability. To
design systems and interfaces to shield users from attacks, it is
important to know which kinds of attack strategies are successful and why
users are deceived. In this talk, I posit seven flaws or design
challenges that must be met for authentication and identity management
systems to be usable and accepted by the general public.
Rachna Dhamija is a Postdoctoral Fellow at the Center for Research on
Computation and Society at Harvard University. Rachna's research
interests span the fields of computer security, human computer interaction
and information policy. She received a Ph.D. from U.C. Berkeley, where
her thesis focused on the design and evaluation of usable security
systems. Previously, Dhamija worked on electronic payment system privacy
and security at CyberCash. Her research has been featured in the New York
Times, the Wall Street Journal, the Economist and CNN.
||"Solutions for Memory Authentication"|
Speaker: Dr. Reouven Elbaz
Time and Location: Thursday, Feb. 28 at 11 am in LC400
One objective in the design of a secure platform is to
ensure that sensitive application outcomes have not been
corrupted by a malicious party. For example, an adversary
tampering with the memory space of an application can affect
the results of its computations. Verifying the integrity (or
authenticate) data processed and stored by those secure
platforms is then an essential security service to provide.
After an overview of existing techniques ensuring memory
authentication, namely integrity trees, this talk presents a
new parallelizable integrity tree (TEC-Tree: Tamper-Evident
Counter Tree). Among other benefits, TEC-Tree provides data
confidentiality in addition to data integrity.
Dr. Reouven Elbaz received his PhD. in Computer Engineering
from University of Montpellier II in December 2006. The
research project (Hardware Mechanisms for Secure
Processor-Memory Transactions) he carried out during his
graduate studies was a collaboration between the
Microelectronics department of the LIRMM (Laboratory of
Computer Science, Robotics and Microelectronics - University
of Montpellier II) and the Security Group of the company
STMicroelectronics. He is now a Research Associate in the
Computer Engineering Department of the Princeton University
(PALMS Laboratory). His research interests are in computer
security, computer architecture, applied cryptography,
trusted computing and reconfigurable architectures.
||Hacking Outside the Box|
|On Wednesday, February 13th, 2008, Michael Aiello of
Goldman Sachs (and an ISIS alumnus) will describe
his experiences and give insight into the role of hacking in
a financial security context. The room is RH227 and the time
||A Selection of Applied Research Problems in Information Communication|
|Speaker: Bertrand Haas, Pitney Bowes
Time and Location: Friday Feb 1 at 11am in LC102
Abstract: Bertrand will present several concrete research problems related to
the communication of information through parallel or hidden channels
(watermarking and steganography) and to the securing of information
communication for specific purposes (fingerprinting and
Bertrand Haas is Principal Engineer in the Secure Systems research
group of the Advanced Concepts and Technology division at Pitney
Bowes. He joined this group in 2001 and has been working, since
then, on cryptography, coding theory, image processing, graphic
security and has more recently been involved in developing solutions
for mail voting applications. Bertrand received his Ph.D. in
Mathematics from the University of Basel in Switzerland in 1998. He
spent a postdoctoral year at the Fields Institute and UofT in
Toronto, a year at the Mathematical Science Research Institute and
UC in Berkeley and then taught two years at Michigan State
University before beginning his corporate career at Pitney Bowes.
||The broken file shredder - secure programming traps and pitfalls|
|Speaker: Wietse Venema, IBM T. J. Watson
Time and Location: Friday 01/25 at 11am in LC102
Abstract: Wietse analyzes a very small program that is obviously correct, yet
completely fails to perform as expected, for more reasons than many
people can think of. The audience is expected to have some
programming experience, but detailed knowledge of C, UNIX or Windows
is not required.
Wietse Venema is known for his software such as the TCP Wrapper
and the POSTFIX mail system. He co-authored the SATAN network
scanner and the Coroner's Toolkit (TCT) for forensic analysis, as
well as a book on Forensic Discovery. Wietse received awards from
the System Administrator's Guild (SAGE), the Netherlands UNIX User
Group (NLUUG), as well as a Sendmail innovation award. He served
a two-year term as chair of the international Forum of Incident
Response and Security Teams (FIRST). Wietse currently is a research
staff member at the IBM T. J. Watson research center. After completing
his Ph.D. in physics he changed career to computer science and
never looked back.
||ECE Seminar on the Design of Stream Ciphers|
On Friday, December 14th, 2007, there will be a seminar by Dr. Cédric Lauradoux on the topic of stream cipher design. It will take place in LC433 at 10 AM. See here for details.
||Modern Cryptography Course|
A course in modern cryptography will once again be taught in the spring. For more information, see the course outline.
||Simson Garfinkel - The Drives Project: From Disk Forensics to Media Exploitation|
|Monday, October 1st, 11am, Dibner Hall LC433
This talk discusses the work to date of the Drives Project, a 9-year (and
counting) effort that is creating a large-scale collection of real disk
drive images, open source tools, and new techniques for automatically
processing data recovered from disk drives and other kinds of storage
devices. Today the Drives Project has assembled a corpus of more than 1000
forensically interesting images from hard drives and USB storage devices
that were collected all over the world. We have created open source formats,
tools and algorithms for automatically analyzing this data in bulk and
rapidly producing answers to questions that are relevant to the Defense,
Intelligence and Law Enforcement communities. The Project is now in the
process of dramatically expanding the global reach of data being acquired and
exploring new research opportunities for using this data.
||Tracking Bots in Poly and Autonomous System Traceback |
Aleksey Fateev will be presenting his work on tracking botted machines in Poly this Wednesday, September 26th, at 12:30 PM in RH227, and Sandra Dykes of the Southwest Research Institute will present her work in tracking distributed denial of service attacks using BGP this Friday, September 28th at 11:00 AM in room LC102. See here for more details.
||Seminar: The Symantec Internet Security Threat Report|
Rob Clyde of Symantec will be presenting at the next CIS seminar, to be held on Friday, September 21st, in LC102.
See here for more details.
||Digital Identity Systems Workshop|
|On September 20, 2007,
Poly/ISIS will be hosting a workshop which will bring
together leading experts on the impact of the digital
identity systems. more info
Large scale use of digital identity systems that cross institutional
boundaries does not seem to be gaining traction. What are the issues
that are holding this back? Technology, cost, usability, scalability,
cross-institutional trust models? The focus of this workshop is on
technologies that will foster development and deployment of digital
identity systems, particularly at a system and infrastructure level,
not on point technologies.
||Data Mining for Malicious Code Detection and Security Applications |
|Friday August 3rd, 11am, LC433
The presentation will provide an overview of data mining, the
various types of threats and then discuss the applications of data mining
for malicious code detection and cyber security. Then we will discuss the
consequences to privacy.
Dr. Bhavani Thuraisingham
joined The University of Texas at
Dallas in October 2004 as a Professor of Computer Science and Director of
the Cyber Security Research Center in the Erik Jonson School of Engineering
and Computer Science.
||Certificate in Cyber Security |
|Polytechnic/ISIS now offers a
Certificate in Cyber Security. This graduate certificate allows technical professionals to obtain key bodies of knowledge and specializations in Cyber Security. Students will acquire an understanding of various technologies in emerging areas of security like computer and network security, digital forensics, cryptography, and biometrics.
||Perfect Security for Password Protocols in the Bounded Retrieval Model|
|Speaker: Giovanni Di Crescenzo, Telcordia
Time and Place: Friday 5/4 at 11am, LC102
Despite their popularity and wide applicability, password protocols remain
subject to a number of weaknesses. In this talk we introduce a formal model
based on reasonable limitations on an adversary's power, under which we
can design password protocols that are provably secure against simultaneous
intrusions and dictionary attacks. While we do not modify the user's algorithm
in the password protocol, we substantially update the server's verification
algorithm by using various types of extractors. Our formal model, called the
Bounded Retrieval Model, is also of interest for the design and analysis of
cryptographic protocols that remain secure against intruders.
||Testing Anomaly Detection Systems|
|Speaker: Dr. Carrie Gates, Research Staff Member, CA Labs
Time and Place: April 25 12:30pm - 2:00pm. Rogers Hall 227
Anomaly detection has been widely used as a basis for many network
intrusion detection systems. However, anomalies themselves have not
been well-defined, and no research has been performed to determine how
security events of interest are actually related to anomalous behavior.
Additionally, little research has been done in the general area of
testing anomaly-based detection systems, resulting in systems that have
been tested using poor, out-dated data sets or locally-collected network
traffic with unknown characteristics. In this presentation I will
introduce some of the previous research in anomaly detection, detailing
the larger research questions that have arisen from this work. I will
focus in particular on the issues involved in testing anomaly detection
systems, presenting some initial results from my own research in this
||Recent Attacks on Hash Functions and Their Impact on Hash-Based Security Schemes|
|Speaker: Yiqun Lisa Yin - Independent Security Consultant
Time and Place: Monday 4/23 at 11am in LC102
This talk will first provide a survey of recent attacks on hash
functions. We will review new techniques introduced in these attacks and
analyze some common weaknesses in the design of existing hash functions that
made all the attacks possible. We will then consider the impact of these
attacks on hash-based security schemes. We will present new results on
colliding the X.509 digital certificates and key-recovery attacks on the HMAC
authentication protocol. These results show that the strength of a security
scheme can be greatly weakened by the insecurity of the underlying hash
||Making IA Decisions: Optimizing Risk Assessment Scope|
|Speaker: Richard Straka - National Security Agency
Time and Place: Friday 4/13 at 11am in LC102
Risk Assessments fulfill a variety of decision-making functions in
Information Assurance practice, ranging from supporting portfolio-based
investment decisions - through architecture, design and certification &
accreditation decisions - to operational decisions regarding systems under
cyber attack. This presentation investigates the characteristics of the
criteria most appropriate to make these decisions - characteristics that
affect the likelihood and magnitude of harm to stakeholders and the behavior
of adversaries. Particularly, decision-making criteria need to account for
and model the stakeholders' tradeoff preferences between security risk and
mission-fulfilling operational system characteristics and also the adversaries'
tradeoff preferences between payoff, probability of success and risk tolerance.
||Planning and Prioritizing in Financial Sector Information Security |
|Two representatives from ING Financial Services including
Director of Information Risk Management Services James Toczylowski and
David Kaplan will give a informal talk in Rogers Hall room 227 at
12:30pm on Wednesday April 11th, 2007. First they will outline their
responsibilities and medium-term goals. Then they will describe the
kinds of tools and procedures they use. The talk will close with an
open discussion and Q/A session intended to provide insight into the
current state of information security in the financial sector and what
challenges are expected in the near future.
|On March 27-28, Poly will be hosting the
This workshop is open to IT professionals who want to stay on the
cutting edge of the profession.
Seminar topics will include:
- IPS's / IDS's
- Authentication Mechanisms
- Vulnerabilities and Exploits
- Regulatory & Compliance Issues
||Seminar: Quantifying Social vs. Antisocial Behavior in Email Networks|
|On Friday March 9, we will have a seminar by Virgilio Almeida from the
Federal University of Minas Gerais in Brazil. Prof. Almeida will be visiting
Poly for three months (March to May), so this is a good opportunity to become
familiar with his research interests.
Topic of talk: Email graphs have been used to illustrate general properties of
social networks of communication and collaboration. However,
increasingly, the majority of email traffic reflects opportunistic,
rather than symbiotic social relations. Here we use e-mail data
drawn from a large university to construct directed graphs of email
exchange that quantify the differences between social and antisocial
behaviors in networks of communication. We show that while structural
characteristics typical of other social networks are shared to a
large extent by the legitimate component they are not characteristic
of antisocial traffic.
||Seminar: Practicing Security in a Major Hospital|
|We have a security talk on February 28th at 12:30.
The title of the talk is "Practicing Security in a Major Hospital" and
the speaker is
Chief Security Officer at Columbia
University Medical Center. The talk will be highly informative and give you
a great glimpse on the type of situations and compromises one makes when in
charge of systems security at a medical center.
||Seminar: Trusted Virtual Data Center Technologies|
|This talk introduces the Trusted Virtual Data Center (TVDc), which
is designed to offer strong enterprise-level security guarantees
in hosted data center environments. The IBM Trusted Virtual Data
Center, a project defined and pursued by the Secure Systems Department
at the IBM T. J. Watson Research Center in Hawthorne NY, is designed
to satisfy business-level security goals by simplifying management
and providing explicit infrastructure-level containment and trust
guarantees for data center environments based on virtualization.
This talk will focus on the technologies -- developed at the
Secure Systems Department -- that drive the Trusted Virtual Data
Center, including the integrity measurement architecture (IMA), the
secure hypervisor architecture (sHype), and the virtualized trusted
platform module (vTPM). We will close with future work and open
research problems. The seminar will be on February 16th, 2007
at 11am in LC102.
||Seminar: Secure Device Pairing and Privacy on the Internet|
|In this talk, Prof. Nitesh Saxena will give an overview of some of
his very recent research on the topics of secure device pairing and
privacy on the public internet. Time and Place: Friday 2/2 at 11am
in LC 102.
||Cisco Sponsors ISIS Lab|
Cisco has given a product grant worth $150,000 to the ISIS Lab.
The equipment includes 10Gbit/s switches, routers, and advanced
firewalls. The hardware will be used for research and teaching.
||Free Cisco security bootcamp at Poly|
The Information Systems and Internet Security (ISIS) Laboratory at
Polytechnic University, Brooklyn is hosting a Cisco Systems-sponsored
Security Bootcamp for faculty and staff. Please see here for more details.
||New Course: Modern Cryptography |
|Professor Nitesh Saxena will teach CS996 Modern Cryptography in the spring
semester. The course will cover current techniques from a theoretical
perspective, the emphasis of the course being on "provable security".
In particular, the course will cover the cryptographic primitives
that are the building-blocks of various cryptographic applications.
The cryptographic primitives that will be discussed include
pseudo-random functions, symmetric encryption (block ciphers), hash
functions and random oracles, message authentication code, asymmetric
encryption and digital signatures.
||New Course: Application Security|
|Dr. Marco Pistoia will teach a new course in the spring semester,
titled "Application Security" which is highly recommended for all
interested in security. The course will have emphasis on writing
secure distributed programs in Java, Standard Edition (Java SE),
information, see the course description and brief bio of the instructor.
||Biometrics for Computer Authentication and Identification|
|We have an outstanding pair of new instructors, Larry O'Gorman from Avaya
and Nalini Ratha from IBM Research teaching our online biometrics course,
this coming spring semester. The
course description and brief instructor
biographies provide more details.
||DoD Scholarship Applications|
|Applications for the Department of Defense information assurance
scholarship are now available with a deadline of February 9th, 2007.
Please see the
page for more details.
||Ethernet Is the Answer. What Is the Question? |
|Bob Metcalfe, inventor of ethernet and founder of 3Com, will give
a talk in Dibner Auditorium on Thursday, December 7th at 4pm.
More information can be found
Event date: 12/7/2006
||Security and Virtualization: VMware's approach|
|VMware's Senior Director of R&D on the East Coast and
the Head of the Security Technologies Group, which
focuses on security oriented projects that
take advantage of the existing virtualization layer,
will be visiting Poly on Tuesday 11/28. The talk will be
at 2pm in LC229.
Event date: 11/28/2006
||Secure Information Flow|
|Anindya Banerjee of Kansas State University will give a a talk titled,
"Secure Information Flow and Access Control in a Java-like Language."
The event will be in LC433 at 3pm.
More information can be found
Event date: 11/15/2006
||CSAW 2006 Award Ceremony Talk|
|Neal Ziring, Technical Leader, Vulnerability Analysis and Operations,
NSA, will be the keynote speaker and give a talk titled "Emerging trends in cyber-security attacks and defense."
Event date: Thursday, Nov 9, 4-6PM
||From DDoS to Botnets|
|The next CIS Seminar will be on Monday October 30, at 11am in LC400. The speaker will be Sven Dietrich form Carnegie-Mellon University.
Event date: 10/30/2006
||Cyber Security Week Speaker|
|Jayne A. Hitchcock will be the speaker.
Monday November 6 at 1pm in Dibner Auditorium. Click here for more info.
will be November 6, 7, 8, and 9. Events include
Capture the Flag,
Student Research Posters,
Cyber Security Quiz,
Digital Forensics Challenge,
Student Essay Contest, and
a Cyber Security Awareness Poster Competition.
And of course there are nice prizes for each event.
|Angelos Keromytis will join us on Friday, September 15th, 2006 for a seminar
titled "Application Communities: A Collaborative Approach To
Software Security." The talk will be held in LC102 at 11am.
In his talk, Dr. Keromytis will describe the concept of
Application Communities, some
of their basic operational parameters, and his preliminary work in
demonstrating their feasibility.
||Secure Knowledge Workshop|
||IEEE Workshop |
|The 2006 IEEE International Workshop on Wireless Ad-hoc and Sensor Networks (IWWAN) will take place in the Dibner Library Building, Polytechnic University, June 28-30 (Wednesday - Friday).
|HOPE 6 will be in
Manhattan on July 21, 22, and 23, 2006. ISIS will be there.
|Nitesh Saxena from UC Irvine will be joining Poly in Fall 2006. Dr. Saxena is a specialist in the area of mobile security. His research focuses on key distribution and trust management in ad hoc networks.