CERIAS Security Seminar PodcastAuthor: CERIAS <webmaster@cerias.purdue.edu>
11 Dec 2018

CERIAS Security Seminar Podcast

Download, listen or watch all podcasts

CERIAS Security Seminar series video podcasts.

  • Watch

    Courtney Falk, "Enemy Perspectives: When Nation-States Meet Cybercriminals"

    Threat intelligence is interested in the entire kill chain from tools to victims. Chief among these interests are the threat actors themselves who carry out attacks and campaigns. Many different schemes exist on how to classify differet types of threat actors in order to more easily describe and understand them. This presentation focuses on the nation-state and cybercriminal classes of threat actors, how they differ, and how they overlap. Real world examples are provided to illustrate new and different ways of thinking about threat actors.

  • Posted on 15 Nov 2018

    download
  • Watch

    Jason Ortiz, "IoT Security: Living on the Edge"

    This talk will explore the enormous threat landscape presented by the IoT ecosystem and examine the state of IoT security with a bit of humor. We will look at everything from individual devices, to conceptual challenges, as well as potential solutions to the most challenging security question we have ever had to answer.

  • Posted on 08 Nov 2018

    download
  • Watch

    Meng Xu, "Precise and Scalable Detection of Double-Fetch Bugs in Kernels"

    During system call execution, it is common for operating system kernels to read userspace memory multiple times (multi-reads). A critical bug may exist if the fetched userspace memory is subject to change across these reads, i.e., a race condition, which is known as a double-fetch bug. Prior works have attempted to detect these bugs both statically and dynamically. However, due to their improper assumptions and imprecise definitions regarding double-fetch bugs, their multiread detection is inherently limited and suffers from significant false positives and false negatives. For example, their approach is unable to support device emulation, inter-procedural analysis, loop handling, etc. More importantly, they completely leave the task of finding real double-fetch bugs from the haystack of multireads to manual verification, which is expensive if possible at all.

    In this paper, we first present a formal and precise definition of double-fetch bugs and then implement a static analysis system� DEADLINE�to automatically detect double-fetch bugs in OS kernels. DEADLINE uses static program analysis techniques to systematically find multi-reads throughout the kernel and employs specialized symbolic checking to vet each multi-read for double-fetch bugs. We apply DEADLINE to Linux and FreeBSD kernels and find 23 new bugs in Linux and one new bug in FreeBSD. We further propose four generic strategies to patch and prevent double-fetch bugs based on our study and the discussion with kernel maintainers.

  • Posted on 01 Nov 2018

    download
  • Watch

    Mark Loepker, "80/20 Rule-Cyber Hygiene"

    Hygiene - it's good for your body and it's good for your computer/network. We will explore the simplicity of cyber hygiene and the insider/outsider threats that take advantage of poor hygiene. It is all a matter of focus and attention to threat actors. In addition, we will introduce you to the Cyber Center for Education and Innovation, Home of the National Cryptologic Museum (CCEI-NCM). This is a unique national value proposition to bring together cybersecurity education and invite collaboration. CCEI-NCM's core mission is to broaden cyber threat awareness, understand cybersecurity best practices with educational outreach, and to enhance operational cybersecurity workforce development in support of our nation's critical infrastructure sectors.

  • Posted on 25 Oct 2018

    download
  • Watch

    Ryan Goldsberry, "Applied Cyber and Mobile Security Consulting"

    Cyber security for increasingly mobile clients is an increasing and never ending challenge. Companies of the future are adopting agile systems and cross-functional processes to respond to these challenges.

  • Posted on 18 Oct 2018

    download

Follow Playlisto