ACM CCS 2016 Tutorials

23^rd ACM Conference on Computer and Communication Security October 25 – 27, 2016, Hofburg Palace, Vienna, Austria

Program Anomaly Detection: Methodology and Practices
Xiaokui Shu, IBM T. J. Watson Research Center, US & Danfeng Yao, Department of Computer Science Virginia Tech, US
(Tuesday, October 25, 2016, 10.00-11.30, Lecture Hall E)
SLIDES

Security on Wheels: Security and Privacy for Vehicular Communication Systems
Panos Papadimitratos, KTH, Sweden
(Tuesday, October 25, 2016, 14.30-16.00 & 16.30-18.00, Lecture Hall E)

Privacy and Security in the Genomic Era
Erman Ayday, Bilkent University, Turkey & Jean-Pierre Hubaux, EPFL, Switzerland
(Thursday, October 27, 2016, 11.30-13.00, Lecture Hall E)
SLIDES

Adversarial Data Mining: Big Data Meets Cyber Security
Murat Kantarcioglu, University of Texas at Dallas, US & Bowei Xi, Purdue University, US
(Thursday, October 27, 2016, 14.30-16.00 & 16.30-18.00, Lecture Hall E)
SLIDES

(CCS)^2 – Crypto-Currencies Special @ CCS 2016

Wednesday, October 26, 2016:

Cryptographic Currencies Crash Course (C5)
Aljosha Judmayer, SBA Research
(Wednesday, October 26, 2016, 10.00-11.30, Lecture Hall E)
SLIDES

Introduction to Credit Networks
Aniket Kate, Purdue University, US
(Wednesday, October 26, 2016, 12.00-13.15, Lecture Hall E)
SLIDES

On the Security and Scalability of Bitcoin’s Blockchain
Ghassan O. Karame, NEC Laboratories, Europe
(Wednesday, October 26, 2016, 14.30-16.00, Lecture Hall E)

Program Anomaly Detection: Methodology and Practices

Lecturers: Xiaokui Shu, IBM T. J. Watson Research Center, US Danfeng Yao, Department of Computer Science Virginia Tech, US Abstract: This tutorial will present an overview of program anomaly detection, which analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. It was first introduced as an analogy between intrusion detection for programs and the immune mechanism in biology. Advanced models have been developed in the last decade and comprehensive techniques have been adopted such as hidden Markov model and machine learning. We will introduce the audience to the problem of program attacks and the anomaly detection approach against threats. We will give a general definition for program anomaly detection and derive model abstractions from the definition. The audience will be walked through the development of program anomaly detection methods from early-age n-gram approaches to complicated pushdown automata and probabilistic models. This procedure will help the audience understand the objectives and challenges in designing program anomaly detection models. We will discuss the attacks that subvert anomaly detection mechanisms. The field map of program anomaly detection will be presented. We will also briefly discuss the applications of program anomaly detection in Internet of Things security. We expect the audience to get an idea of unsolved challenges in the field and develop a sense of future program anomaly detection directions after attending the tutorial.

Xiaokui Shu is a Research Staff Member in the Security Services Team (GSAL) at the IBM Thomas J. Watson Research Center. He received his Ph.D. degree in computer science at Virginia Tech. His research interests are in system and network security, such as intrusion detection, data leak detection, and mobile security. He graduated from Virginia Tech with Outstanding Ph.D. Student Award at the Department of Computer Science and graduated from University of Science and Technology of China (USTC) with Guo Moruo Award as an undergraduate. He succeeded at his first real-world penetration test at USTC and won the first prize in Virginia Tech Inaugural Cyber Security Summit Competition. Dr. Shu is an active member of the security research community serving as a shadow PC member and reviewer for top-tier security conferences and journals.

Danfeng (Daphne) Yao is an associate professor in the Department of Computer Science at Virginia Tech, Blacksburg. She is an Elizabeth and James E. Turner Jr. ’56 Faculty Fellow and L-3 Faculty Fellow. She received her Computer Science Ph.D. degree from Brown University in 2007. She received the NSF CAREER Award in 2010 for her work on human-behavior driven malware detection, and most recently ARO Young Investigator Award for her semantic reasoning for mission-oriented security work in 2014. She received the Outstanding New Assistant Professor Award from Virginia Tech College of Engineering in 2012. Dr. Yao has several Best Paper Awards (ICICS ’06, CollaborateCom ’09, and ICNP ’12). She was given the Award for Technological Innovation from Brown University in 2006. She held a U.S. patent for her anomaly detection technologies. Dr. Yao is an associate editor of IEEE Transactions on Dependable and Secure Computing (TDSC). She serves as PC members in numerous computer security conferences, including ACM CCS.

Security on Wheels: Security and Privacy for Vehicular Communication Systems

Lecturer: Panos Papadimitratos, KTH, Sweden Abstract: This tutorial is concerned with the design of appropriate security and privacy mechanisms and their integration with VC functionality, especially in the light of strict requirements of VC-enabled safety applications. We consider architectural issues, a wide range of protocols, their analysis, and related implementation aspects. The focus will shift as needed: from an in-depth technical treatment to broader applicability and organizational matters; from the current common understanding in industry and standardization bodies to future enhancements and developments, to the latest on implementation and field operational testing. We will first introduce the basics of VC systems and identify related vulnerabilities and threats. Then, we will outline requirements and present the state-of-the-art solution space. In brief, the following will be covered:

• System assumptions and enabling technologies, adversarial models, security and privacy requirements
• Basic concepts and architectures for secure and privacy enhancing VC systems
• Security mechanisms, facilities, and protocols
  • Identity, key, and credential management
  • In-car communication and platform security
  • Secure and privacy preserving VC protocols
    • Vehicle-to-vehicle/vehicle-to-infrastructure
    • Single/multi-hop
    • Transportation safety- and efficiency-related
    • Adaptive and scalable validation mechanisms
  • Data validation and wrong-doer eviction
• Outlook on the evolving broader landscape

Panagiotis (Panos) Papadimitratos earned his Ph.D. degree from Cornell University, Ithaca, NY, in 2005. He then held positions at Virginia Tech, EPFL and Politecnico of Torino. Panos is currently a tenured Associate Professor at KTH, Stockholm, Sweden, where he leads the Networked Systems Security group. His research agenda includes a gamut of security and privacy problems, with emphasis on wireless networks. At KTH, he is affiliated with the ACCESS center, leading its Security, Privacy, and Trust thematic area, as well as the ICES center, leading its Industrial Competence Group on Security. Panos is a Knut and Alice Wallenberg Academy Fellow and he received a Swedish Science Foundation Young Researcher Award. He has delivered numerous invited talks, keynotes, and panel addresses, as well as tutorials in flagship conferences. Panos currently serves as an Associate Editor of the IEEE Transactions on Mobile Computing and the ACM/IEEE Transactions on Networking. He has served in numerous program committees, with leading roles in numerous occasions; notably, in 2016, as the program co-chair for the ACM WiSec and the TRUST conferences.

(CCS)^2 – Crypto-Currencies Special @ CCS 2016 – Part 1:

Cryptographic Currencies Crash Course (C5)

Lecturer: Aljosha Judmayer, SBA Research Abstract: “Bitcoin is a rare case where practice seems to be ahead of theory.” Joseph Bonneau et al. [20] This tutorial aims to further close the gap between IT security research and the area of cryptographic currencies and block chains. We will describe and refer to Bitcoin as an example throughout the tutorial, as it is the most prominent representative of a such a system. It also is a good reference to discuss the underlying block chain mechanics which are the foundation of various altcoins (e.g. Namecoin) and other derived systems. In this tutorial, the topic of cryptographic currencies is solely addressed from a technical IT security point-of-view. Therefore we do not cover any legal, sociological, financial and economical aspects. The tutorial is designed for participants with a solid IT security background but will not assume any prior knowledge on cryptographic currencies. Thus, we will quickly advance our discussion into core aspects of this field. [20] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In IEEE Symposium on Security and Privacy, 2015.

Aljosha Judmayer received a master’s degree in Software Engineering and Internet Computing at the Vienna University of Technology. He has ve plus years experience in penetration testing as IT security consultant. At the moment, he is working as IT security researcher at SBA Research, where he is also working towards his Ph.D. degree on applications of cryptographic currencies and resilience aspects of distributed systems. His research interests include network security, applied cryptography and cryptographic currencies.

(CCS)^2 – Crypto-Currencies Special @ CCS 2016 – Part 2:

Introduction to Credit Networks

Lecturer: Aniket Kate, Purdue University, US Abstract: Credit networks model transitive IOweYou (IOU) credit between their users. With their flexible-yet-scalable design and robustness against intrusion, we are observing a rapid increase in their popularity as a backbone of real-world permission-less payment settlement networks (e.g., Ripple and Stellar) as well as several weak-identity systems requiring Sybil-tolerant communication. In payment scenarios, due to their unique capability to unite emerging crypto-currencies and user-defined currencies with the traditional fiat currency and banking systems, several existing and new payment enterprises are entering in this space. Nevertheless, this enthusiasm in the market significantly exceeds our understanding of security, privacy, and reliability of these inherently distributed systems. Currently employed ad hoc strategies to fix apparent flaws have made those systems vulnerable to bigger problems once they become lucrative targets for malicious players. In this tutorial, we first define the concept of IOU credit networks, and describe some of the important credit network applications. We then describe and analyze recent and ongoing projects to improve the credit-network security, privacy and reliability. We end our discussion with interesting  open problems and systems  challenges in the field. This introductory tutorial is accessible to the standard CCS audience with graduate-level security knowledge.

Aniket Kate is an assistant Professor in the the computer science department at Purdue university. He designs, implements, and analyzes privacy and transparency enhancing technologies for networked systems. His current research integrates cryptography, distributed computing, and trusted hardware. Before joining Purdue in 2015, Prof. Kate was a junior faculty member and an independent research group leader at Saarland University in Germany, where he was heading the Cryptographic Systems Research Group. He was a postdoctoral researcher at Max Planck Institute for Software Systems (MPI-SWS), Germany for 2010 until 2012, and he received his PhD from the University of Waterloo, Canada in 2010.

(CCS)^2 – Crypto-Currencies Special @ CCS 2016 – Part 3:

On the Security and Scalability of Bitcoin’s Blockchain

Lecturer: Ghassan O. Karame, NEC Laboratories, Europe Abstract: The blockchain emerges as an innovative tool which proves to be useful in a number of application scenarios. A number of large industrial players, such as IBM, Microsoft, Intel, and NEC, are currently investing in exploiting the blockchain in order to enrich their portfolio of products. A number of researchers and practitioners speculate that the blockchain technology can change the way we see a number of online applications today. Although it is still early to tell for sure, it is expected that the blockchain will stimulate considerable changes to a large number of products and will positively impact the digital experience of many individuals around the globe. In this tutorial, we overview, detail, and analyze the security provisions of Bitcoin and its underlying blockchain – effectively capturing recently reported attacks and threats in the system. Our contributions go beyond the mere analysis of reported vulnerabilities of Bitcoin; namely, we describe and evaluate a number of countermeasures to deter threats on the system|some of which have already been incorporated in the system. Recall that Bitcoin has been forked multiple times in order to ne-tune the consensus (i.e., the block generation time and the hash function), and the network parameters (e.g., the size of blocks). As such, the results reported in this tutorial are not only restricted to Bitcoin, but equally apply to a number of “altcoins” which are basically clones/forks of the Bitcoin source code. Given the increasing number of alternative blockchain proposals, this tutorial extracts the basic security lessons learnt from the Bitcoin system with the aim to foster better designs and analysis of next-generation secure blockchain currencies and technologies.

Ghassan O. Karame is a Senior Researcher in the Security Group of NEC Research Laboratories in Germany. Until April 2012, he was working as a postdoctoral researcher in the Institute of Information Security of ETH Zurich, Switzerland. He holds a Master of Science degree in Information Networking from Carnegie Mellon University (CMU), and a PhD degree in Computer Science from ETH Zurich. Ghassan is interested in all aspects of security and privacy with a focus on cloud security, SDN/network security, and Bitcoin security.

Privacy and Security in the Genomic Era

SLIDES

Lecturers: Erman Ayday, Bilkent University, Turkey Jean-Pierre Hubaux, EPFL, Switzerland Abstract: With the help of rapidly developing technology, DNA sequencing is becoming less expensive. As a consequence, the research in genomics has gained speed in paving the way to personalized (genomic) medicine, and geneticists need large collections of human genomes to further increase this speed. Furthermore, individuals are using their genomes to learn about their (genetic) predispositions to diseases, their ancestries, and even their (genetic) compatibilities with potential partners. This trend has also caused the launch of health-related websites and online social networks (OSNs), in which individuals share their genomic data (e.g., OpenSNP or 23andMe). On the other hand, genomic data carries much sensitive information about its owner. By analyzing the DNA of an individual, it is now possible to learn about his disease predispositions (e.g., for Alzheimer’s or Parkinson’s), ancestries, and physical attributes. The threat to genomic privacy is magnified by the fact that a person’s genome is correlated to his family members’ genomes, thus leading to interdependent privacy risks. This tutorial will help computer scientists better understand the privacy and security challenges in today’s genomic era. We will first highlight the significance of genomic data and the threats for genomic privacy. Then, we will present the high level descriptions of the proposed solutions to protect the privacy of genomic data and we will discuss future research directions. No prerequisite knowledge on biology or genomics is required for the attendees. We only require the attendees to have a slight background on cryptography and statistics.

Erman Ayday is an assistant professor of computer science at Bilkent University, Ankara, Turkey. Before that he was a post-doctoral Researcher at EPFL, Switzerland, in the Laboratory for Communications and Applications 1 (LCA1) led by Prof. Jean-Pierre Hubaux. He received his M.S. and Ph.D. degrees from Georgia Tech Information Processing, Communications and Security Research Lab (IPCAS) in the School of Electrical and Computer Engineering (ECE), Georgia Institute of Technology, Atlanta, GA, in 2007 and 2011, respectively under the supervision of Dr. Faramarz Fekri. Erman’s research interests include privacy-enhancing technologies (including big data and genomic privacy), wireless network security, trust and reputation management, and applied cryptography. Erman is the recipient of Distinguished Student Paper Award at IEEE S&P 2015, 2010 Outstanding Research Award from the Center of Signal and Image Processing (CSIP) at Georgia Tech, and 2011 ECE Graduate Research Assistant (GRA) Excellence Award from Georgia Tech. Other various accomplishments of Erman include several patents, research grants, and H2020 Marie Curie individual fellowship. He is a member of the IEEE and the ACM.

Jean-Pierre Hubaux is a full professor at the School of Information and Communication Sciences of EPFL. Through his research, he contributes to laying the foundations and developing the tools to protect privacy in tomorrow’s hyper-connected world. He is focusing notably on network privacy and security, with an emphasis on mobile/wireless networks and on data protection, with an emphasis on health-related data and especially genomic data. He has worked on the topic of genome privacy since 2011 and has designed related cryptographic solutions, notably in collaboration with the Lausanne University Hospital (CHUV) and the EPFL School of Life Sciences. He has co-chaired the rst workshop devoted to the topic (in Dagstuhl, Germany, in 2013) and is a co-founder and chair of the steering committee of the International Workshop on Genome Privacy and Security (GenoPri). He was recently appointed to the \Information Security” task force, set up by the Swiss federal government. He is also a member of the “Genomics” task force set up by the Cantonal Ministry of Health. He is a Fellow of both IEEE (2008) and ACM (2010).

Adversarial Data Mining: Big Data Meets Cyber Security

Lecturers: Murat Kantarcioglu, University of Texas at Dallas, US Bowei Xi, Purdue University, US Abstract: Increasing amounts of cyber security incident data ranging from systems logs to vulnerability scan results are being collected. At the same time, manually analyzing these collected data to detect important cyber security events become almost impossible. Hence, data mining techniques are becoming an essential tool for real-world cyber security solutions. One of the most important differences between applying data mining for cyber security and many other data mining applications is the existence of malicious adversaries that continuously adapt their behavior to hide their actions and to make the data mining models ineffective. To address these concerns, over the last couple of years new and novel data mining techniques which is more resilient to such adversarial behavior are being developed in data mining community. We believe that lessons learned as a part of this research direction would be beneficial for cyber security researchers who plan to apply data mining techniques in practice. In this three hour long tutorial, we introduce the foundation, the techniques, and the applications of adversarial data mining to cyber security applications. We first introduce various data mining approaches proposed in the past to defend against active adversaries. We then discuss a game theoretic framework to model the sequential actions of the adversary and the data miner, while both parties try to maximize their utilities. We also introduce a modified support vector machine method and a relevance vector machine method to defend against active adversaries. Intrusion detection and malware detection are two important application areas for adversarial data mining models that will be discussed in details during the tutorial. Finally, we discuss some practical guidelines on how to use adversarial data mining ideas in generic cyber security applications and how to leverage existing big data management tools such as Spark for building data mining algorithms for cyber security.

Murat Kantarcioglu is a Professor of Computer Science and Director of the UTD Data Security and Privacy Lab at The University of Texas at Dallas. He holds MS and PhD degrees in Computer Science from Purdue University. He is recipient of an NSF CAREER award and a Purdue CE- RIAS Diamond Award for academic excellence. He has been a visiting scholar at Harvard’s Data Privacy Lab. Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. In addition, he focuses on using adversarial data mining techniques for fraud detection, cyber security and homeland security. His research has been supported by awards from NSF, AFOSR, ONR, NSA, and NIH. He has published over 150 peer-reviewed papers. His work has been covered by media outlets such as Boston Globe and ABC News, among others and has received three best paper awards. He is a senior member of both ACM and IEEE.

Bowei Xi received her Ph.D in statistics from the Department of Statistics at the University of Michigan, Ann Arbor in 2004. She is an associate professor in the Department of Statistics at Purdue University. She was a visiting faculty in the Department of Statistics at Stanford University in summer 2007, and a visiting faculty at Statistical and Applied Mathematical Sciences Institute (SAMSI) from September 2012 to May 2013. Her research focuses on multidisciplinary work involving big datasets with complex structure from very different application areas including cyber security, Internet traffic, metabolomics, machine learning, and data mining. She has a US patent on an automatic system configuration tool and has filed another patent application for identification of blood based metabolite biomarkers of pancreatic cancer. She also participates in the development of a novel software environment, Tessera, which allows analysts to carry out deep analysis of complex big datasets wholly within R (http://tessera.io/).