Events

 

Information Assurance Center Seminar

 

Friday, March 27, 2009
2:00 – 3:00 p.m.


Location: Brickyard Room 210
699 S. Mill Avenue, Tempe, AZ

 

What is the deal with Computer Security?
Partha Dasgupta
Associate Professor of Computer Science and Engineering
Arizona State University

 

Abstract
"Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them."  — M. Gosser


After twenty or more years of research into computer and network security are we doing any better? The sheer magnitude of innovative attacks that are crafted even as we speak, defy any formal modeling or analysis. The knowledge gap between security experts and system developers are wide and widening. Deterrents work for some time till counter attacks are created. Security research is forward looking and solves problems that may occur in the future, but the current problems are far from solved and will remain the underlying weakness of any future systems. The web is relative safe, but the end points or hosts are too easy to compromise. The inherent design defects that are the root causes are well entrenched and cannot be changed as severe loss of usability will occur. The proliferation of embedded devices is going to compound the problem in years to come.


The talk is at first an overview of various hacking methods and known vulnerabilities. We discuss why the problems occur, how they are exploited and why fixing them is not easy. We try to rationalize why such attacks are not foreseen or preventable at the design phase.  Secondly, the talk presents several methods to harden system software against attacks by malware, including some social engineering attacks. We show how to hide secrets, how to randomize memory and how to create safe zones for sensitive informant using virtual machines. We discuss the use of remote attestation to protect secure applications from tampering. In addition we present results in binary rewriting for software diversity.

 

----
Partha Dasgupta is an Associate Professor of Computer Science & Engineering at Arizona State University. His research is in computer security, operating systems, distributed and parallel systems. He received the Ph.D., degree in computer science from the State University of New York at Stony Brook. For more information, refer to his home page http://cactus.eas.asu.edu/Partha/

 

 

 

Information Assurance Center Seminar


Friday, April 17, 2009
2:00 – 3:00 p.m.


Location: Brickyard Room 210
599 S. Mill Avenue, Tempe, AZ

 

How to Counter Man-in-the-Middle SSLstrip Attack?

Dijiang Huang
Assistant Professor of Computer Science and Engineering
Arizona State University


Abstract

SSLstrip is a real man-in-the-middle (MITM) attack disclosed in January 2009 at the blackhat conference. It was used to hijack SSL communication sessions that create a big threat to online secure transactions. Attackers can partition a SSL session into two connections and then intercept users' critical information such as user name/password. In this talk, several technical solutions and their effectiveness to counter this type of attacks will be discussed. Educating users to be aware of MITM attack and applying proper methods based on SSL enabled techniques are important and will also be discussed. A demonstration on how
SSLstrip works will also be given.

 

Dijiang Huang is an assistant professor of Computer Science & Engineering at Arizona State University. He joined the ASU faculty in 2005. He received the B.S. degree in Telecommunications from Beijing University of Posts & Telecommunications, China 1995, the M.S. and Ph.D., degrees in computer science from the University of Missouri-Kansas City, USA, 2001 and 2004, respectively. His current research interests are computer networking: network protocols; security and privacy: key management, authentication protocol, attack analysis, privacy preserving, and attack resilient network design. For more information, refer to his home page http://dj.eas.asu.edu/dhuang/

 

 


 

2009 Workshop on Information Assurance Research and Education

 

Sponsored by the Information Assurance Center

Wednesday, May 6, 2009

ASU Tempe campus
Artisan Court, east of 599 S. Mill Avenue, Tempe

 

The program of the workshop for this year will be expanded by at least 50% compared with last year. Speakers from government agencies, industry and academia will be invited. In addition to invited talks and panel discussions, the workshop will also have a poster session and demonstrations highlighting the IA research activities at ASU, in parallel with part of the program. The workshop program and other detailed information will be announced later.

 

Participation in the workshop is by invitation only and registration is complimentary.
To request an invitation, please contact the Information Assurance Center at iacenter@asu.edu as soon as possible