Search Engineering Faculty Experts

CAE Tech Talk

National Centers of Academic Excellence

February 16th, 2017

(1:10-1:50 PM ET) Sensor-based Mobile Web Fingerprinting and Cross-site Input Inference Attacks 

(2:00-2:40 pm ET)
Knowledge-based Decision Making for Simulating Cyber Attack Behaviors 

Mark your calendars and come join your friends in the CAE community for a Tech Talk. We are awarm group that shares technical knowledge. CAE Tech Talks are free and conducted live in real-time over the Internet so no travel is required. You can attend from just about anywhere (office, home, etc.) Capitol Technology University (CTU) hosts the presentations using their online delivery platform (Adobe Connect) which employs slides, VOIP, and chat for live interaction. Just log in as “Guest” and enjoy the presentation(s).

Below is a description of the presentation(s) and logistics of attendance:

Date: Thursday 16 Feb 2017

Time: 1:10-1:50 pm ET
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Just log in as “Guest” and enter your name. No password required.
Title/Topic: Sensor-based Mobile Web Fingerprinting and Cross-site Input Inference Attacks
Audience Skill Level: All Levels
Presenter(s): Chuan Yue (Colorado School of Mines)

Description:

Smartphone motion sensor data are not only accessible to native mobile apps, but have also become accessible to the webpages rendered in either mobile browsers or the WebView components of mobile apps. In this talk, I highlight four types of broad and severe user fingerprinting and cross-site input inference attacks that can exploit the smartphone motion sensor data to compromise mobile web users’ privacy and security; I also discuss some research topics for further investigating the effectiveness of these attacks and designing usable defense mechanisms.

Date: Thursday 16 Feb 2017
Time: 2:00-2:40 pm ET
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Just log in as “Guest” and enter your name. No password required.
Title/Topic: Knowledge-based Decision Making for Simulating Cyber Attack Behaviors
Audience Skill Level: Intermediate
Presenter: Steve Moskal and Dr. Shanchieh Jay Yan (Rochester Institute of Technology)

Description:

Recent high-profile data breaches has caused a shift in the cyber security field to focus more on prevention of cyber attacks as opposed to detection of threats. Security assessments of enterprise computer networks by the use of vulnerability assessment tools and penetration tests are now common and in most cases a requirement. Despite these prevention techniques, recent data breaches are causing billions of dollars of losses to companies as current techniques are not capable of exposing all issues in a network. CASCADES (Cyber Attack Scenario and Network Defense Simulator) is a cyber attack scenario simulation platform that exposes the relationship and dependency of the cyber attacker’s behaviors to the physical network configuration. By modeling both the network and the attacker it is possible to understand how an attacker effects a network but also how a network configuration effects the attacker’s progress given an attack scenario. CASCADES employs a knowledge-based behavior model representing the capabilities, opportunities, intent, and preferences of the individual attacker to aid in the understanding of the key information the attacker needed to make decisions as the attack progresses. By representing the attacker based on the knowledge developed throughout an attack and how the attacker uses that information along with the integration of the Cyber Attack Kill Chain, CASCADES provides the capability of representing a wide variety of attackers while still maintaining realistic attack scenarios. This allows the generation of many attack graphs while maintaining accuracy along with understanding the interplay between the attacker and the defender without requiring an expert to configure. Results of CASCADES shows both the types of attackers play a large role in how resilient a network is to an attack but also the effects of how a misconfigured network has on the attacker’s progress.

CAE Tech Talks are also recorded

Recordings of live presentations are posted to the website below:

https://capitol.instructure.com/courses/510/external_tools/66

Pdf versions of the presentations are posted to the website below:

https://capitol.instructure.com/courses/510/files

Contact

CAE Tech Talk events are advertised thru email and posted to the news and calendar section of the CAE community website: www.caecommunity.org

For questions on CAE Tech Talk, please send email to CAETechTalk@nsa.gov