Skip to main content

IBM R&D Labs in Israel

Haifa 2nd Security Research Seminar 2015

December 1, 2015
Sponsored by IBM Research - Haifa

Tab navigation

Program


09:00-09:40

Gathering

09:40-09:50

Opening Remarks
Ronen Levy, Senior Manager, Security & Quality Technologies Department, IBM Research - Haifa

09:50-10:25

Data Science in the Service of Fighting Cybercrime – Transforming the Way Security is Currently Done!
Dr. Alon Kaufman, Research and Innovation, RSA Israel

Abstract: Addressing the cybercrime challenges governments, organization and corporates are facing is becoming harder day by day, and it is evident we need a technology disruption to defeat the criminals. A key component in this technology disruption is data science and the use of big data technology. In the talk we will present what it takes to disrupt the way we do security operations with these new technologies, going way beyond just new detection capabilities and demonstrating how these technologies can be plugged in to the whole workflow of analysts by using aggregation & prioritization of incidents, recommendations for investigations, suggestions from mitigation and utilization of crowd sourcing and so on…. The talk will cover key concepts and real-life examples on how this is done.

Bio: Dr. Alon Kaufman is currently RSA's Global Director of Data Science and innovation, leading data science for RSA across the full portfolio. Prior to this role, within RSA, was head of research for the fraud risk analytics products. Prior to joining RSA, Alon held several managerial and research positions in Israeli hi-tech companies, dealing with various aspects of data mining and data science, all in all has over 20 years of experience in technology and innovation management.

Alon holds a Ph.D. in Computational Neuroscience and Machine Learning from the Hebrew University and an MBA from the Tel Aviv University, teaches data science courses in Israeli universities, and a public speaker on Big Data and Data Science, Cybercrime, Security & Innovation.

10:25-11:00

Private Set Intersection
Prof. Benny Pinkas, Bar-Ilan University

Abstract: Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. PSI is relevant in many scenarios of secure computation, such as data sharing or contact discovery.

PSI is one of the best studied applications of secure computation and many different PSI protocols have been proposed, using a wide and interesting variety of cryptographic tools.  However, existing PSI protocols do not scale up well, and therefore some applications use insecure solutions instead.

This talk will survey what we believe to be the most interesting PSI protocols, describe new approaches for designing PSI protocols, and present a performance comparison.

Joint work with Thomas Sander, Gel Segev, and Michael Zohner.

Bio: Benny Pinkas is an associate professor at Bar Ilan University. He has previously worked in the research labs of Intertrust Technologies, Hewlett-Packard, and Google. His main research areas are cryptography, computer security and privacy, with a focus on secure computation. He has published over 60 highly cited academic publications. He received a starting grant from the ERC, as well as grants from the Israel Science Foundation, the Israel-US Binational research foundation, and the Israel Ministry of Science and Technology, and was a PI in two European research consortiums.

11:00-11:35

Break

11:35-12:10

NoSQL, No Injection? Analysis and Mitigation of NoSQL Injections
Aviv Ron, IBM Cyber Security Center of Excellence
Video     Presentation

Abstract: NoSQL data storage systems have become very popular due to their scalability and ease of use. Unfortunately, they lack the security measures and awareness which are required for data protection. Although the new data models and query formats of NoSQL make old attacks, like SQL injections irrelevant, they give attackers new opportunities for injecting their malicious code into the statements passed to the database. In this seminar we analyze the techniques for injecting malicious code into NoSQL data stores, providing examples of new NoSQL injections as well as CSRF attacks allowing an attacker to bypass perimeter defenses, such as firewalls. We analyze the source of these vulnerabilities and present methodologies to mitigate the attacks. Since code analysis alone is insufficient to prevent the attacks in today's typical large scale deployment, we describe the mitigations that should be done through the entire software lifecycle.

Bio: Aviv Ron is a Security Researcher for the Cyber Security Center of Excellence (CCoE). Aviv specializes in Application Security and focuses on the aspects of Cloud Computing in Application Security.

Aviv has been with the CCoE since June 2014 and has been involved in collaboration with AppScan on improving AppScan's capabilities in cloud environments, especially BlueMix.

This talk is a result of a work done with AppScan in order to identify new threats in popular rising technologies in the cloud, and was also presented at the IEEE workshop for security and privacy 2015.

Before joining IBM Aviv has been with Intel for 9 years where he had the pleasure to be involved in a very wide number of fields ranging from information systems development, robotic frameworks and mobile until he focused his career on information security where he had been involved in security validation of Intel's BIOS Guard and also Intel Software Guard Extensions and later he was assigned a role of a security architect for Intel IT where he was in charge of application security at Intel as well as contribution to remote mobile connectivity and mobile malware detection.

Aviv is a passionate instructor and inventor, he loves passing knowledge to others (if you are interested in getting hands on experience in web application security - contact Aviv for a course) and has 10 patents.

12:10-12:45

Securing Self-Virtualizing Ethernet Devices
Muli Ben-Yehuda, Technion & Stratoscale
Video     Presentation

Abstract: Single root I/O virtualization (SRIOV) is a hardware/software interface that allows devices to "self virtualize" and thereby remove the host from the critical I/O path. SRIOV thus brings near bare-metal performance to untrusted guest virtual machines (VMs) in public clouds, enterprise data centers, and high-performance computing setups. We identify a design flaw in current Ethernet SRIOV NIC deployments that enables untrusted VMs to completely control the throughput and latency of other, unrelated VMs. The attack exploits Ethernet ""pause"" frames, which enable network flow control functionality. We experimentally launch the attack across several NIC models and find that it is effective and highly accurate, with substantial consequences if left unmitigated: (1) to be safe, NIC vendors will have to modify their NICs so as to filter pause frames originating from SRIOV instances; (2) in the meantime, administrators will have to either trust their VMs, or configure their switches to ignore pause frames, thus relinquishing flow control, which might severely degrade networking performance. We present the Virtualization-Aware Network Flow Controller (VANFC), a software-based SRIOV NIC prototype that overcomes the attack. VANFC filters pause frames from malicious virtual machines without any loss of performance, while keeping SRIOV and Ethernet flow control hardware/software interfaces intact.

Joint work with Igor Smolyar and Dan Tsafrir.

Bio: Muli Ben-Yehuda is a systems researcher and an expert in the area of machine and I/O virtualization. He holds a B.A. (cum laude) from the Open University of Israel and an M.Sc. in Computer Science from the Technion -- Israel Institute of Technology. From 2002 until 2012 he held senior research and managerial positions at IBM Research, where he was also an IBM Master Inventor. In 2013 he founded a boutique virtualization and cloud computing consulting company, Hypervisor Technologies and Consulting Ltd, that provides expert consulting services to select clients. Currently he is solving hard cloud computing problems as Stratoscale's Chief Scientist.

Muli has co-authored over forty academic publications and holds over thirty-five US patents in such areas as machine and I/O virtualization, cloud computing, and operating system and hypervisor design and implementation. His code and ideas are included in many operating systems and hypervisors, including the Linux kernel and the Xen and KVM hypervisors. His work on The Turtles Project: Design and Implementation of Nested Virtualization has won the prestigious OSDI Jay Lepreau Best Paper Award and the IBM Research Pat Goldberg Memorial Best Paper Award.

12:45-13:20

Hunting Targeted Socialbots
Dr. Rami Puzis, Ben-Gurion University
Presentation

Abstract: Advanced attackers use online social networks in order to extract useful information about a target organization, including who are the members of the organization, their connections, affiliation, positions, etc. Using artificial profiles (socialbots) attackers connect to real members of the organization, thus establishing a foothold inside the organization and greatly increasing the amount of sensitive information they can collect. The connection methods used by attackers are versatile, ranging from random friend requests to carefully crafted, manually operated social engineering attempts. Determining whether a profile is artificial or benign is usually possible, but hard when the attacker is sophisticated. In this talk we discuss cost-effective strategies for monitoring the organizational social network in order to trap the attacker's profiles. We analyze attack strategies with different levels of knowledge on the employed monitoring strategies using simulation on real social networks data and real data of intrusion attempts via artificial profiles in order to understand the effectiveness of the monitoring strategies in a real scenario. The results demonstrate the efficacy in detecting the less sophisticated attackers and slowing down attackers that deliberately avoid the profiles being monitored.

Bio: Dr. Rami Puzis - Lecturer, BSc Software Engineering, MSc Information Systems Engineering and PhD topic on Deployment of Intrusion Detection Systems. Dr. Puzis has worked as a research associate in the Laboratory of Computational Cultural Dynamics, University of Maryland. His primary specialization is in the area of complex networks with applications to cybersecurity, social and communication network analysis. He has been the principal investigator of a series of research projects funded by Deutsche Telekom AG, Israeli Ministry of Defence, Israeli Ministry of Economy, and several leading cybersecurity industries.

13:20-14:20

Lunch

14:20-14:55

Vehicles - The Next Cyber-Physical Challenge
Yuval Weisglass, TowerSec, Automotive Cyber Security
Presentation

Abstract: We live in a connected world and our cars get more and more connected as well. From Remote Keyless entry, to Bluetooth and cellular, modern cars have many wireless entry points. But a car is not just another computer - drive-by-wire, active safety systems and other features make a potential cyber attack a major risk for the safety of the vehicles, its passengers and other road users.

The challenge of securing these so call "computers on wheels" is huge, unlike traditional IT systems, the auto industry is traditional but at the same time complex - supply chain, long development cycles and an industry which is very cost-sensitive makes the introduction of security measures a challenging task.

In our talk we will cover the recent developments in the field of car-hacking, security measures that are taken and the role of standardization and regulation in ensuring that cars are safe and secure.

Bio: Yuval Weisglass is the CTO and co-founder of TowerSec Automotive Cyber Security. Yuval has over 15 years of experience in cyber security as both a security researcher and leading roles in R&D of security-related innovation projects. Among its unique expertise: security of embedded systems, security for cellular technology and long time hobby of reverse engineering cars. Before founding TowerSec, Yuval spent 11 years at the Israeli Security Agency where he held senior management roles.

14:55-15:30

Hacking Secure Hardware - An Automotive Arena Case Study
Uri Bear, Cisco, Security Threat Analysis and Reverse Engineering Center

Abstract: Hacking embedded devices is fun. Cars are just devices with a twist – they have the potential to cause serious damage. Current automotive security breaches are based on a finding a weakness in the millions of lines of code running on the automotive computers – but can you trust the hardware that runs them?

In this presentation, we will show how a relatively secure ECU may be breached via hardware and software hacking techniques, how this breach can be developed into an Advanced Persistent Threat (APT) and how can the APT be further developed & potentially be used on a previously untouched vehicle.

We will show how processors with advanced security mechanisms can be fooled, how passwords can be visualized and how a trusted hardware mechanism suddenly stops being the anchor for security and becomes the pivot point to allow arbitrary code execution. We will review several security related code implementations and demonstrate their faults.

Bio: Uri Bear is a security researcher at the STARE-C (Security Threat Analysis and Reverse Engineering Center) in the Haifa, Israel offices of Cisco. Uri has been specializing in security related forward and reverse engineering for the past 5 years, with a background of semiconductor design, failure analysis and general hardware & software mayhem. Uri holds a M.Sc. degree in electronics engineering.

15:30-16:05

Digging Out Proprietary Security Features from Hardware With a Scan Side Channel Attack
Leonid Azriel, Technion - Israel Institute of Technology
Video     Presentation

Abstract: Reverse engineering of hardware is possible, but requires extensive resources, sophisticated equipment, special skills and time. Hence, only large organizations can afford it. But what if everyone will be able to learn the contents of your mobile processor using a $100 box from eBay and a few wires soldered to the board? We show how the scan side channel, known from a decade ago as a back-door for discovering cryptographic keys and other secret information, can be used to perform full reverse engineering of the SoC.

Scan is one of the most wide-spread DFT (Design-For-Test) techniques that allows for the automatic generation of test vectors used in the production test of a digital VLSI device. Scan provides access to every memory element inside the device, practically turning it to a stateless combinational function. The device's logical functionality can be then reconstructed by examining this function. In this talk we will present our findings on how algorithms from Boolean function analysis can be used to derive at least partial design information from the Scan side channel.

Bio: Leonid Azriel is a PhD student at the Technion, Israel. His research interests include hardware security and computer architecture. Leonid received the BSc and MSc degrees from the Technion. Prior to his PhD studies, he spent about 15 years in the industry, among the rest leading the development of the Trusted Platform Module (TPM) device in National Semiconductor and later Nuvoton.

16:05-16:10

Closing Remarks
Ronen Levy, Senior Manager, Security & Quality Technologies Department, IBM Research - Haifa

16:10-17:00

Reception and Posters