Haifa 2nd Security Research Seminar 2015
December 1, 2015Sponsored by IBM Research - Haifa
Tab navigation
- Invitation
- Program- selected tab,
- Registration
Program
|
09:00-09:40 |
Gathering |
|---|---|
|
09:40-09:50 |
Opening Remarks |
|
09:50-10:25 |
Data Science in the Service of Fighting
Cybercrime – Transforming the Way Security is
Currently Done!
Abstract: Addressing the cybercrime
challenges governments, organization and corporates
are facing is becoming harder day by day, and it is
evident we need a technology disruption to defeat
the criminals. A key component in this technology
disruption is data science and the use of big data
technology. In the talk we will present what it
takes to disrupt the way we do security operations
with these new technologies, going way beyond just
new detection capabilities and demonstrating how
these technologies can be plugged in to the whole
workflow of analysts by using aggregation &
prioritization of incidents, recommendations for
investigations, suggestions from mitigation and
utilization of crowd sourcing and so on…. The talk
will cover key concepts and real-life examples on
how this is done.
Bio: Dr. Alon Kaufman is currently RSA's
Global Director of Data Science and innovation,
leading data science for RSA across the full
portfolio. Prior to this role, within RSA, was head
of research for the fraud risk analytics products.
Prior to joining RSA, Alon held several managerial
and research positions in Israeli hi-tech companies,
dealing with various aspects of data mining and data
science, all in all has over 20 years of experience
in technology and innovation management.
Alon holds a Ph.D. in Computational Neuroscience and Machine Learning from the Hebrew University and an MBA from the Tel Aviv University, teaches data science courses in Israeli universities, and a public speaker on Big Data and Data Science, Cybercrime, Security & Innovation. |
|
10:25-11:00 |
Private Set Intersection
Abstract: Private set intersection (PSI)
allows two parties to compute the intersection of
their sets without revealing any information about
items that are not in the intersection. PSI is
relevant in many scenarios of secure computation,
such as data sharing or contact discovery.
PSI is one of the best studied applications of secure computation and many different PSI protocols have been proposed, using a wide and interesting variety of cryptographic tools. However, existing PSI protocols do not scale up well, and therefore some applications use insecure solutions instead. This talk will survey what we believe to be the most interesting PSI protocols, describe new approaches for designing PSI protocols, and present a performance comparison. Joint work with Thomas Sander, Gel Segev, and Michael Zohner.
Bio: Benny Pinkas is an associate professor
at Bar Ilan University. He has previously worked in
the research labs of Intertrust Technologies,
Hewlett-Packard, and Google. His main research areas
are cryptography, computer security and privacy,
with a focus on secure computation. He has published
over 60 highly cited academic publications. He
received a starting grant from the ERC, as well as
grants from the Israel Science Foundation, the
Israel-US Binational research foundation, and the
Israel Ministry of Science and Technology, and was a
PI in two European research consortiums.
|
|
11:00-11:35 |
Break |
|
11:35-12:10 |
NoSQL, No Injection? Analysis and Mitigation of
NoSQL Injections
Abstract: NoSQL data storage systems have
become very popular due to their scalability and
ease of use. Unfortunately, they lack the security
measures and awareness which are required for data
protection. Although the new data models and query
formats of NoSQL make old attacks, like SQL
injections irrelevant, they give attackers new
opportunities for injecting their malicious code
into the statements passed to the database. In this
seminar we analyze the techniques for injecting
malicious code into NoSQL data stores, providing
examples of new NoSQL injections as well as CSRF
attacks allowing an attacker to bypass perimeter
defenses, such as firewalls. We analyze the source
of these vulnerabilities and present methodologies
to mitigate the attacks. Since code analysis alone
is insufficient to prevent the attacks in today's
typical large scale deployment, we describe the
mitigations that should be done through the entire
software lifecycle.
Bio: Aviv Ron is a Security Researcher for
the Cyber Security Center of Excellence (CCoE). Aviv
specializes in Application Security and focuses on
the aspects of Cloud Computing in Application
Security.
Aviv has been with the CCoE since June 2014 and has been involved in collaboration with AppScan on improving AppScan's capabilities in cloud environments, especially BlueMix. This talk is a result of a work done with AppScan in order to identify new threats in popular rising technologies in the cloud, and was also presented at the IEEE workshop for security and privacy 2015. Before joining IBM Aviv has been with Intel for 9 years where he had the pleasure to be involved in a very wide number of fields ranging from information systems development, robotic frameworks and mobile until he focused his career on information security where he had been involved in security validation of Intel's BIOS Guard and also Intel Software Guard Extensions and later he was assigned a role of a security architect for Intel IT where he was in charge of application security at Intel as well as contribution to remote mobile connectivity and mobile malware detection. Aviv is a passionate instructor and inventor, he loves passing knowledge to others (if you are interested in getting hands on experience in web application security - contact Aviv for a course) and has 10 patents. |
|
12:10-12:45 |
Securing Self-Virtualizing Ethernet Devices
Abstract: Single root I/O virtualization
(SRIOV) is a hardware/software interface that allows
devices to "self virtualize" and thereby remove the
host from the critical I/O path. SRIOV thus brings
near bare-metal performance to untrusted guest
virtual machines (VMs) in public clouds, enterprise
data centers, and high-performance computing setups.
We identify a design flaw in current Ethernet SRIOV
NIC deployments that enables untrusted VMs to
completely control the throughput and latency of
other, unrelated VMs. The attack exploits Ethernet
""pause"" frames, which enable network flow control
functionality. We experimentally launch the attack
across several NIC models and find that it is
effective and highly accurate, with substantial
consequences if left unmitigated: (1) to be safe,
NIC vendors will have to modify their NICs so as to
filter pause frames originating from SRIOV
instances; (2) in the meantime, administrators will
have to either trust their VMs, or configure their
switches to ignore pause frames, thus relinquishing
flow control, which might severely degrade
networking performance. We present the
Virtualization-Aware Network Flow Controller
(VANFC), a software-based SRIOV NIC prototype that
overcomes the attack. VANFC filters pause frames
from malicious virtual machines without any loss of
performance, while keeping SRIOV and Ethernet flow
control hardware/software interfaces intact.
Joint work with Igor Smolyar and Dan Tsafrir.
Bio: Muli Ben-Yehuda is a systems researcher
and an expert in the area of machine and I/O
virtualization. He holds a B.A. (cum laude) from the
Open University of Israel and an M.Sc. in Computer
Science from the Technion -- Israel Institute of
Technology. From 2002 until 2012 he held senior
research and managerial positions at IBM Research,
where he was also an IBM Master Inventor. In 2013 he
founded a boutique virtualization and cloud
computing consulting company, Hypervisor
Technologies and Consulting Ltd, that provides
expert consulting services to select clients.
Currently he is solving hard cloud computing
problems as Stratoscale's Chief Scientist.
Muli has co-authored over forty academic publications and holds over thirty-five US patents in such areas as machine and I/O virtualization, cloud computing, and operating system and hypervisor design and implementation. His code and ideas are included in many operating systems and hypervisors, including the Linux kernel and the Xen and KVM hypervisors. His work on The Turtles Project: Design and Implementation of Nested Virtualization has won the prestigious OSDI Jay Lepreau Best Paper Award and the IBM Research Pat Goldberg Memorial Best Paper Award. |
|
12:45-13:20 |
Hunting Targeted Socialbots
Abstract: Advanced attackers use online
social networks in order to extract useful
information about a target organization, including
who are the members of the organization, their
connections, affiliation, positions, etc. Using
artificial profiles (socialbots) attackers connect
to real members of the organization, thus
establishing a foothold inside the organization and
greatly increasing the amount of sensitive
information they can collect. The connection methods
used by attackers are versatile, ranging from random
friend requests to carefully crafted, manually
operated social engineering attempts. Determining
whether a profile is artificial or benign is usually
possible, but hard when the attacker is
sophisticated. In this talk we discuss
cost-effective strategies for monitoring the
organizational social network in order to trap the
attacker's profiles. We analyze attack strategies
with different levels of knowledge on the employed
monitoring strategies using simulation on real
social networks data and real data of intrusion
attempts via artificial profiles in order to
understand the effectiveness of the monitoring
strategies in a real scenario. The results
demonstrate the efficacy in detecting the less
sophisticated attackers and slowing down attackers
that deliberately avoid the profiles being
monitored.
Bio: Dr. Rami Puzis - Lecturer, BSc Software
Engineering, MSc Information Systems Engineering and
PhD topic on Deployment of Intrusion Detection
Systems. Dr. Puzis has worked as a research
associate in the Laboratory of Computational
Cultural Dynamics, University of Maryland. His
primary specialization is in the area of complex
networks with applications to cybersecurity, social
and communication network analysis. He has been the
principal investigator of a series of research
projects funded by Deutsche Telekom AG, Israeli
Ministry of Defence, Israeli Ministry of Economy,
and several leading cybersecurity industries.
|
|
13:20-14:20 |
Lunch |
|
14:20-14:55 |
Vehicles - The Next Cyber-Physical
Challenge
Abstract: We live in a connected world and
our cars get more and more connected as well. From
Remote Keyless entry, to Bluetooth and cellular,
modern cars have many wireless entry points. But a
car is not just another computer - drive-by-wire,
active safety systems and other features make a
potential cyber attack a major risk for the safety
of the vehicles, its passengers and other road
users.
The challenge of securing these so call "computers on wheels" is huge, unlike traditional IT systems, the auto industry is traditional but at the same time complex - supply chain, long development cycles and an industry which is very cost-sensitive makes the introduction of security measures a challenging task. In our talk we will cover the recent developments in the field of car-hacking, security measures that are taken and the role of standardization and regulation in ensuring that cars are safe and secure.
Bio: Yuval Weisglass is the CTO and
co-founder of TowerSec Automotive Cyber Security.
Yuval has over 15 years of experience in cyber
security as both a security researcher and leading
roles in R&D of security-related innovation
projects. Among its unique expertise: security of
embedded systems, security for cellular technology
and long time hobby of reverse engineering cars.
Before founding TowerSec, Yuval spent 11 years at
the Israeli Security Agency where he held senior
management roles.
|
|
14:55-15:30 |
Hacking Secure Hardware - An Automotive Arena
Case Study
Abstract: Hacking embedded devices is fun.
Cars are just devices with a twist – they have the
potential to cause serious damage. Current
automotive security breaches are based on a finding
a weakness in the millions of lines of code running
on the automotive computers – but can you trust the
hardware that runs them?
In this presentation, we will show how a relatively secure ECU may be breached via hardware and software hacking techniques, how this breach can be developed into an Advanced Persistent Threat (APT) and how can the APT be further developed & potentially be used on a previously untouched vehicle. We will show how processors with advanced security mechanisms can be fooled, how passwords can be visualized and how a trusted hardware mechanism suddenly stops being the anchor for security and becomes the pivot point to allow arbitrary code execution. We will review several security related code implementations and demonstrate their faults.
Bio: Uri Bear is a security researcher at the
STARE-C (Security Threat Analysis and Reverse
Engineering Center) in the Haifa, Israel offices of
Cisco. Uri has been specializing in security related
forward and reverse engineering for the past 5
years, with a background of semiconductor design,
failure analysis and general hardware & software
mayhem. Uri holds a M.Sc. degree in electronics
engineering.
|
|
15:30-16:05 |
Digging Out Proprietary Security Features from
Hardware With a Scan Side Channel Attack
Abstract: Reverse engineering of hardware is
possible, but requires extensive resources,
sophisticated equipment, special skills and time.
Hence, only large organizations can afford it. But
what if everyone will be able to learn the contents
of your mobile processor using a $100 box from eBay
and a few wires soldered to the board? We show how
the scan side channel, known from a decade ago as a
back-door for discovering cryptographic keys and
other secret information, can be used to perform
full reverse engineering of the SoC.
Scan is one of the most wide-spread DFT (Design-For-Test) techniques that allows for the automatic generation of test vectors used in the production test of a digital VLSI device. Scan provides access to every memory element inside the device, practically turning it to a stateless combinational function. The device's logical functionality can be then reconstructed by examining this function. In this talk we will present our findings on how algorithms from Boolean function analysis can be used to derive at least partial design information from the Scan side channel.
Bio: Leonid Azriel is a PhD student at the
Technion, Israel. His research interests include
hardware security and computer architecture. Leonid
received the BSc and MSc degrees from the Technion.
Prior to his PhD studies, he spent about 15 years in
the industry, among the rest leading the development
of the Trusted Platform Module (TPM) device in
National Semiconductor and later Nuvoton.
|
|
16:05-16:10 |
Closing Remarks |
|
16:10-17:00 |
Reception and Posters |
