i eee cybersecurity i nitiative cybsi accelerating i
play

I EEE Cybersecurity I nitiative ( CybSI ) Accelerating I nnovation - PowerPoint PPT Presentation

Dec 04, 2023 •29 likes •399 views

I EEE Cybersecurity I nitiative ( CybSI ) Accelerating I nnovation in Security & Privacy Technologies Greg Shannon, IEEE CybSI Chair ( shannon at cert dot org ) Chief Scientist, CERT Division, Software Engineering Institute at Carnegie

  1. I EEE Cybersecurity I nitiative ( CybSI ) Accelerating I nnovation in Security & Privacy Technologies Greg Shannon, IEEE CybSI Chair ( shannon at cert dot org ) Chief Scientist, CERT Division, Software Engineering Institute at Carnegie Mellon University 23 February 2015

  2. A Challenge for Engineers http://www.dilbert.com/strips/2011-02-03/

  3. Today’s Presentation I nitiative Goal: Accelerate innovative research, developm ent and use of efficient cyber security & privacy technologies that protect com m erce, innovation and expression

  4. Today’s Presentation –Overview IEEE & CybSI –Center for Secure Design –try-cybsi Platform –Collaborations

  5. Overview of I EEE and CybSI 5 10 November 2014

  6. About I EEE( .org) 4 3 0 ,0 0 0 + 3 8 1 6 0 + Members Technical Societies Countries 1 ,3 0 0 + 3 ,5 0 0 ,0 0 0 + 1 6 0 + Annual Conferences Technical Documents Top-cited Periodicals

  7. About I EEE: Global Standards Developer Over 9 0 0 active standards 5 0 0 + standards under developm ent Over 7 ,0 0 0 individual m em bers and 2 0 ,0 0 0 standards developers from every continent 2 0 0 + entity m em bers W orking w ith I nternational standards bodies of I SO, I EC and I TU I EEE-SA’s process is w idely respected and aligns w ith the W TO and OpenStand principles 7

  8. Security & Privacy Conferences I n 2 0 1 5 , I EEE w ill hold over 9 0 0 conferences touching security and privacy. To note are: – International Conference on Information Systems Security and Privacy (9-11 Feb.; France) – 3 6 th Annual I EEE Sym posium on Privacy and Security ( 1 8 -2 0 May; San Jose) – IEEE Conference on Communications and Network Security (28-30 Sept.; Italy) – IEEE World Forum on Internet of Things (4-6 Nov.; Switzerland) – IEEE International Conference on Identity, Security and Behavior Analysis (23-25 March; Hong Kong) 8

  9. Security & Privacy Publications I EEE Security and Privacy Magazine – Provides articles with both a practical and research bent by the top thinkers in the field along with case studies, tutorials, columns, and in-depth interviews and podcasts for the information security industry I EEE publishes nearly a third of the w orld’s technical literature in electrical engineering, com puter science and electronics, including the encryption dom ain. E.g.: – Performance Analysis of Data Encryption Algorithms – Comparison of Data Encryption Algorithms with the Proposed Algorithm: Wireless Security – Technical Comparison Analysis of Encryption Algorithm On Site-to-Site IPSec VPN – Impact of Wireless IEEE 802.11n Encryption on Network Performance of Operating Systems – Comparative Study of Attribute Based Encryption Techniques in Cloud Computing – Implementation of Advanced Encryption Standards-192 Bit Using Multiple Keys – A Multi-layer Evolutionary Homomorphic Encryption Approach for Privacy Preserving over Big Data 9

  10. I EEE Security-related Standards Just a sam pling: Encryption ( I EEE P1 3 6 3 ) Fixed & Rem ovable Storage ( I EEE P1 6 1 9 , I EEE P1 6 6 7 ) Printers, copiers, etc. ( I EEE P2 6 0 0 ) Provisions of connectionless user data confidentiality by m edia access independent protocols ( I EEE 8 0 2 .1 AE) MAC security key agreem ent protocol ( P8 0 2 .1 Xbx) 10

  11. Cybersecurity I nitiative Goal: Accelerate research, developm ent and use of efficient cyber security & privacy technologies that protect com m erce, innovation and expression.

  12. Cybersecurity I nitiative Activities – Center for Secure Design – try-cybsi Platform – Collaborations

  13. Steering Com m ittee Chair, Greg Shannon, CMU Jim DelGrosso, Cigital – Project Lead for Center for Secure Design – Network security and anomaly detection Jonathan Katz, U. of Maryland I EEE Fellow , Carl Landw ehr, George W ashington U. – Cryptography – Cybersecurity “building codes” Carrie Gates, Dell Research I EEE Fellow , Michael W aidner, – Empirical/ experimental methodswww.laser- Fraunhofer SI T & Darm stadt workshop.org – Security & privacy architectures Celia Merzbacher, Sem iconductor Research ( SRC.org) I EEE Fellow , Nasir Mem on, NYU – Hardware – Digital forensics Kathleen Clark-Fisher, Com puter I EEE Fellow , Jeff Jaffe, W 3 C.org Society – CEO, HTML standards and security – Initiative Director for IEEE

  14. Center for Secure Design 14 10 November 2014

  15. http://cybersecurity.ieee.org/center-for-secure-design.html

  16. Patterns in OW ASP Vulnerabilities 2004 2007 2010 2013 A1 Unvalidated Input A1 Cross Site Scripting (XSS) A1 Injection A1 Injection Broken Authentication A2 Broken Access Control A2 Injection Flaws A2 Cross-Site Scripting (XSS) A2 and Session Management Broken Authentication Broken Authentication A3 A3 Malicious File Execution A3 A3 Cross-Site Scripting (XSS) and Session Management and Session Management Insecure Direct Object Insecure Direct Object Insecure Direct Object A4 Cross Site Scripting A4 A4 A4 Reference References References Cross Site Request Cross-Site Request A5 Buffer Overflow A5 A5 A5 Security Misconfiguration Forgery (CSRF) Forgery (CSRF) Information Leakage and A6 Injection Flaws A6 A6 Security Misconfiguration A6 Sensitive Data Exposure Improper Error Handling Broken Authentication Insecure Cryptographic Missing Function Level A7 Improper Error Handling A7 A7 A7 and Session Management Storage Access Control Insecure Cryptographic Failure to Restrict URL Cross-Site Request A8 Insecure Storage A8 A8 A8 Storage Access Forgery (CSRF) Application Denial of Insufficient Transport Using Components with A9 A9 Insecure Communications A9 A9 Service Layer Protection Known Vulnerabilities A10 Insecure Configuration A10 Failure to Restrict URL A10 Unvalidated Redirects and A10 Unvalidated Redirects and Management Access Forwards Forwards

  17. Sam e/ Sim ilar Defects For A Decade I njection Attacks Broken Authentication and Session Managem ent Cross-Site Scripting Security Misconfiguration I nsecure Direct Object References Missing Function Level Access Control

  18. Som ething Needs To Change W e have know n about these issues for decades –Knowing != Avoiding Even w hen w e docum ent these issues, and provide standards describing w hat to do, that advice is often not follow ed

  19. Avoiding Top Ten Security Flaw s ( 5 ) Earn or give, but never assum e, trust Use an authentication m echanism that cannot be bypassed or tam pered w ith Authorize after you authenticate Strictly separate data and control instructions, and never process control instructions received from untrusted sources Define an approach that ensures all data are explicitly validated

  20. Avoiding Top Ten Security Flaw s ( 5 ) Use cryptography correctly I dentify sensitive data and how they should be handled Alw ays consider the users Understand how integrating external com ponents changes your attack surface Be flexible w hen considering future changes to objects and actors

  21. Design Flaw s Results, Next Steps Avoiding the Top 1 0 Softw are Security Design Flaw s – Iván Arce, Kathleen Clark-Fisher, Neil Daswani, Jim DelGrosso, Danny Dhillon, Christoph Kern, Tadayoshi Kohno, Carl Landwehr, Gary McGraw, Brook Schoenfield, Margo Seltzer, Diomidis Spinellis, Izar Tarandach, and Jacob West – cybersecurity.ieee.org/ images/ files/ images/ pdf/ CybersecurityInitiative-online.pdf – Spanish Version in March W orkshop on Specific Dom ains – March 2 4 -2 6 – Tools for avoiding flaws – Consider specific domains: automotive, medical, smart grid, etc. – Consider Privacy

  22. try-cybsi Platform 22 10 November 2014

  23. Understanding Security & Privacy Technologies and Challenges W e’ve all read or heard about com plex technologies, m ethods and ideas 23

  24. Understanding Security & Privacy Technologies and Challenges W e’ve all read or heard about com plex technologies, m ethods and ideas Have you w anted to know m ore beyond reading about it? 24

  25. Understanding Security & Privacy Technologies and Challenges W e’ve all read or heard about com plex technologies, m ethods and ideas Have you w anted to know m ore beyond reading about it? Have you tried to use the technology? Reproduce the results? Run the dem o? 25

  26. Understanding Security & Privacy Technologies and Challenges W e’ve all read or heard about com plex technologies, m ethods and ideas Have you w anted to know m ore beyond reading about it? Have you tried to use the technology? Reproduce the results? Run the dem o? Have you had those fail directly? Or fail to help you understand m ore? 26

  27. try-cybsi Platform Goal: archive, curate and present: cyber security & privacy technical artifacts ( code, data, results, exploits, etc.) AND cyber security & privacy experiences of those ( exam ples, dem os, experim ents, m easurem ents, evaluations) 27

  28. try-cybsi Platform try4 1 Dem o – Dendrite example, https: / / try.lab41.org – Uses Docker and OpenStack in a private “cloud” – In-Q-Tel funded – https: / / github.com/ Lab41/ try41 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier

Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier

= Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier Cybersecurity Accelerator = MACH37 TM is creating the next generation of disruptive cybersecurity product companies. Launched 43 start-ups

443 views • 26 slides
USING THE DATA YOU COLLECT: ACCELERATING CYBERSECURITY APPLICATIONS WITH RAPIDS Bianca Rhodes

USING THE DATA YOU COLLECT: ACCELERATING CYBERSECURITY APPLICATIONS WITH RAPIDS Bianca Rhodes

USING THE DATA YOU COLLECT: ACCELERATING CYBERSECURITY APPLICATIONS WITH RAPIDS Bianca Rhodes (Senior Full-Stack Engineer, RAPIDS) Bartley Richardson, PhD (AI Infrastructure Manager / Senior Data Scientist) GTC SJ 2019 (18 March 2019)

192 views • 16 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
N-I-S-F-D N ordic I nitiative for S olar F uel D evelopment SUSTAINABLE ENERGY SYSTEMS 2050

N-I-S-F-D N ordic I nitiative for S olar F uel D evelopment SUSTAINABLE ENERGY SYSTEMS 2050

N-I-S-F-D N ordic I nitiative for S olar F uel D evelopment SUSTAINABLE ENERGY SYSTEMS 2050 KICK-OFF EVENT WITH PROJECT PRESENTATIONS HELSINKI 12 October 2011 DINKO CHAKAROV N - I - S - F - D N ORDIC I NITIATIVE FOR S OLAR

317 views • 8 slides
IGE/EMI INTEROPERABILITY DEMONSTRATOR Ismael Carrion (IGE), Steve Crouch (IGE), Andrew Grimshaw

IGE/EMI INTEROPERABILITY DEMONSTRATOR Ismael Carrion (IGE), Steve Crouch (IGE), Andrew Grimshaw

I NITIATIVE FOR G LOBUS IN E UROPE I NITIATIVE FOR G LOBUS IN E UROPE I NITIATIVE FOR G LOBUS IN E UROPE Steve Crouch, IGE European Globus Community Forum (EGCF), April 2013, Manchester IGE/EMI INTEROPERABILITY DEMONSTRATOR Ismael Carrion (IGE),

227 views • 9 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
Governor s Barnegat Bay s Barnegat Bay Governor Priority I nitiative Priority I

Governor s Barnegat Bay s Barnegat Bay Governor Priority I nitiative Priority I

Governor s Barnegat Bay s Barnegat Bay Governor Priority I nitiative Priority I nitiative Dr. Jill Lipoti, Director NJDEP Water Monitoring & Standards 609-292-1623 Jill.lipoti@dep.state.nj.us December 1, 2011 NJDEP Water

442 views • 29 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
M ISSIONAL E NGAGEMENT I NITIATIVE (MEI) God has told you, O mortal, what is good; and what

M ISSIONAL E NGAGEMENT I NITIATIVE (MEI) God has told you, O mortal, what is good; and what

M ISSIONAL E NGAGEMENT I NITIATIVE (MEI) God has told you, O mortal, what is good; and what does the Lord require of you but to do justice, and to love kindness, and to walk humbly with your God? Micah 6:8 C ELEBRATION ! Saturday,

1.38k views • 84 slides
INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides
cooling in the catering supply chain Tina Beck Hansen Bjarke Bak Christensen from National Food

cooling in the catering supply chain Tina Beck Hansen Bjarke Bak Christensen from National Food

Conceptual models for safe heating and cooling in the catering supply chain Tina Beck Hansen Bjarke Bak Christensen from National Food Institute, DTU, Denmark Heidi Friis Hansen Birgitte Sterup Hansen Anette Kamuk Gitte Gross from Viffos,

295 views • 12 slides
C O R P O R AT E P R E S E N TAT I O N J U LY 2 0 2 0 Making Smart Chemical Changes to Create

C O R P O R AT E P R E S E N TAT I O N J U LY 2 0 2 0 Making Smart Chemical Changes to Create

C O R P O R AT E P R E S E N TAT I O N J U LY 2 0 2 0 Making Smart Chemical Changes to Create Improved Novel Therapeutics DISCLAIMERS This is neither an offer to sell nor a solicitation of an offer to buy any security, which can be made only

783 views • 30 slides
Agenda Todays Fundraising Environment ILPA 2.0 (released 01/11/11) Certain Issues

Agenda Todays Fundraising Environment ILPA 2.0 (released 01/11/11) Certain Issues

Agenda Todays Fundraising Environment ILPA 2.0 (released 01/11/11) Certain Issues Related to PE Investments by Non-U.S. Investors Other Issues Q&A * We would like to have an open discussion with lots of audience

675 views • 16 slides
ABCD Daylight User Group Meeting Cambridge, 4.-5.11.04 Application of Daylight Fingerprints to

ABCD Daylight User Group Meeting Cambridge, 4.-5.11.04 Application of Daylight Fingerprints to

ABCD Daylight User Group Meeting Cambridge, 4.-5.11.04 Application of Daylight Fingerprints to Virtual Screening Uta Lessel Boehringer Ingelheim Pharma GmbH & Co. KG Department of Lead Discovery ABCD Ligand Based Virtual Screening

1.03k views • 30 slides
Steve Spender FIHE IEng Steve Spender FIHE IEng Highways Manager HQ Highways Manager HQ

Steve Spender FIHE IEng Steve Spender FIHE IEng Highways Manager HQ Highways Manager HQ

Steve Spender FIHE IEng Steve Spender FIHE IEng Highways Manager HQ Highways Manager HQ Hampshire County Council Hampshire County Council Hampshire County Council Hampshire County Council Hampshire County Council Hampshire County Council

817 views • 58 slides
ENVIRONMENTAL SERVICES Martin Shields Divisional Director Environmental Services structure

ENVIRONMENTAL SERVICES Martin Shields Divisional Director Environmental Services structure

ENVIRONMENTAL SERVICES Martin Shields Divisional Director Environmental Services structure chart Divisional Director Martin Shields Environmental Services Group Group Group Group Manager Group Manager Manager Nick Taylor Manager

544 views • 20 slides
Strategic Transport Review Bath and North East Somerset The place to live, work and visit

Strategic Transport Review Bath and North East Somerset The place to live, work and visit

Getting from A to B Strategic Transport Review Bath and North East Somerset The place to live, work and visit Purpose Programme looks at options for moving people differently high level of innovation Looked at people rather

528 views • 13 slides
R isk M a na ge m e nt St r a t e gie s for 2 0 1 6 4/30/2015 Da rigold Ove r vie w

R isk M a na ge m e nt St r a t e gie s for 2 0 1 6 4/30/2015 Da rigold Ove r vie w

R isk M a na ge m e nt St r a t e gie s for 2 0 1 6 4/30/2015 Da rigold Ove r vie w Farmer-Owned Cooperative with 487 Farms 40% Retail and Foodservice business, 60% Ingredients 5 th Largest Dairy Cooperative in the US 8.8

155 views • 11 slides

More recommend