2018 Oregon Cyber Security Day

April 23, 2018, Monday

Ford Alumni Center, Lee Barlow Giustina Ballroom, University of Oregon


The talks will cover a broad and diverse range of topics ranging from examining future trends in computer security to understanding cybersecurity within the federal government. Exciting new research in various computer security mechanisms and systems for securing cyber spaces and data will also be presented.

Cyber Risk, Data Trust and Innovation at DHS Cyber Security Division

Erin Kenneally, United States Department of Homeland Security


This talk will introduce the two most recent DHS Cyber Security programs: IMPACT and CyRiE. The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program coordinates and develops real-world data and information sharing capabilities (tools, models, and methodologies), in order to support the global cyber risk research & development community in academia, industry and the government and to accelerate solutions around cyber risk issues and infrastructure security. IMPACT offers a unique, distributed research data repository supported by a streamlined legal framework and centralized coordination of a controlled distribution of datasets. This centralized brokering and distributed provisioning between the data providers, data hosts and researchers addresses the operational, trust and administrative costs and challenges that impede sustainable and scalable data sharing. IMPACT continually adds new data that is responsive to cyber risk management (e.g., attacks and measurements) so the R&D community has timely and high value information to enhance research innovation and quality. The IMPACT model also serves as a laboratory for testing various data sharing models whether it be traditional batch transfers or newer data-as-a-service (DaaS) and visualization analytics approaches. Finally, IMPACT enables trusted data sharing via its framework for vetting legal and ethical issues associated with sensitive research data and activities. The Cyber Risk Economic (CyRiE) program supports empirically based measurement, modeling and evaluation of the economics of cyber threats, vulnerabilities and controls. It focuses on four dimensions: Investment into cybersecurity controls; Impact of investment on the probability, severity, and consequences of harm; Value, which is the correlation between business performance measures and evaluations of cybersecurity investments and impacts; and Incentives to optimize cyber risk management.

The State of Cybersecurity in Oregon

Charlie Kawasaki, Pacific Star Communications, Inc.


In this presentation, cybersecurity expert and high-tech industry veteran Charlie Kawasaki will give an informative and engaging overview of the state of cybersecurity in Oregon. As Vice Chair of the Oregon Cybersecurity Advisory Council (OCAC), Charlie has his finger on the pulse of the most important cybersecurity activities going on throughout the state. The Oregon Cybersecurity Advisory Council was established under Senate Bill 90, signed by Governor Kate Brown on September 19, 2017, to develop a shared vision for the establishment of a cross-sector Cybersecurity Center of Excellence, in collaboration with Oregon’s cyber-related industries, private sector security practitioners, educational institutions, law enforcement and local governments.

During his presentation, Charlie will discuss important cybersecurity trends as they pertain to the state of Oregon and the pressing need for a larger workforce of trained cybersecurity professionals. In addition, he will give an update on the OCAC’s activities to help the State of Oregon plan for a Cybersecurity Center of Excellence. He will also discuss OCAC’s ongoing activities, highlighting several Cyber Oregon Cybersecurity Summits during the year which are designed to foster cybersecurity awareness and education throughout the state.

Charlie will also discuss OCAC’s focus on the development of the State’s cybersecurity workforce through programs designed to build workforce skills, disseminating best practices, facilitating cybersecurity research and encouraging industry investment and partnership with post-secondary institutions of education and other career readiness programs

In addition, as time allows, he will give a brief update on the State of Oregon’s multimillion dollar OregonFIBER initiative and future opportunities related to that significant multi-year project.

Internet Outages: Reliability and Cybersecurity

John Heidemann, The University of Southern California/Information Sciences Institute (USC/ISI)


The Internet is central to our lives, but we know astoundingly little about it. Even though many businesses and individuals depend on it, how reliable is the Internet? Do policies and practices make it better in some places than others?

Since 2006, we have been studying the public face of the Internet to answer these questions. We take regular censuses, probing the entire IPv4 Internet address space. For more than two years we have been observing Internet reliability through active probing with Trinocular outage detection, revealing the effects of the Internet due to natural disasters like Hurricanes from Sandy to Harvey and Maria, configuration errors that sometimes affect millions of customers, and political events where governments have intervened in Internet operation. This talk will describe how it is possible to observe Internet outages today and what they are beginning to say about the Internet and about the physical world.

Protecting Analog Sensor Security - or - Sending Mixed Signals on IoT Cybersecurity

Kevin Fu, University of Michigan


Why are undergraduates taught to hold the digital abstraction as sacrosanct and unquestionable? Why do microprocessors blindly trust input from sensors, and what can be done to establish trust in unusual input channels in cyberphysical systems? Risks of analog sensor cybersecurity pose challenges to autonomous vehicles, medical devices, and the Internet of Things. Analog cybersecurity can also reduce risks by detecting an adversary via the physics of computation. Analog cybersecurity builds upon classic research in fault injection and side channels. Based on results on intentional RF interference on sensors by Foo Kune et al. [Ghost Talk, IEEE S&P], intentional acoustic interference on MEMS accelerometers by Trippel et al. [Walnut, IEEE Euro S&P], and related work, I will demonstrate the implications of unintentional demodulation in feedback control systems ranging from fitbits to implantable medical devices to drones and phones. More important, I will explain how to rethink the computing stack from electrons to bits to design out security risks that bubble up from physics into the operating system. This work brings some closure to my curiosity on why my cordless phone would ring whenever I executed certain memory operations on the video graphics chip of an Apple IIGS.

Can We Reduce the First-Mover-Advantage of Cyber-Hackers?

Michalis Faloutsos, UC Riverside


Can we do better than just waiting for the next attack to happen? We aruge that security should become more proactive in order to minimize the damage that an attack, such as a DDoS or a virus, can have. This is a very ambitious goal, but we believe that we are making significant first steps towards it. Specifically, our work focuses on the following questions:

We present our efforts that attempt to address the above questions. First, we develop a systematic approach to extract actionable information from social media, focusing on security forums. Specifically, we develop RIPEx, a hands-free method to extract IP addresses, that are reported as malicious in the forums. The results are very encouraging: a handful of such forums can provide 4 times more malicious IP addresses compared to the well-known VirusTotal repository. Second, we present the value of the information that we can extract by analyzing malware binaries that target routers and IoT devices. To automate the study of such malware, we develop, RARE, a systematic and comprehensive system to extract patterns and communication artifacts that can help detect and contain malware, and also point us to the communication and control points of botnets.