Cyber Summer School at University of Cincinnati, July 11-15, 2022
Please see the document below advertising an upcoming Cyber Summer School at the University of Cincinnati from July 11-15, 2022. The program will consist of 13 modules in cybersecurity taught by faculty from the Department of Electrical Engineering and Computer Science at UC, the Department of Economics, the School of IT, and the Department of Political Science. This will be a great opportunity to interact with faculty expert in various aspects in the field of Cybersecurity. We encourage undergraduate and graduate students interested in the field to apply. This will be a great opportunity to interact with companies and government labs for potential coop and permanent job opportunities. .Currently, the Cyber Summer School is planned for being face to face. However, we will also have the lectures available online. We are still figuring out the cost for registration, which we expect to go down if we have a lot of interest. In order to show your interest in the Cyber summer school, please send me an email at [email protected]. Once plans are finalized, I will post the latest details about the Cyber Summer School both on the UC website and also on linkedin.
Thank you for your interest.
Marc Cahay EECS Dept. Head
Details of Modules
I.??????????????????Research in behavioral, policy and strategy aspects of cybersecurity
Module 1: Richard Harknett (School of Public and International Affairs, UC), Persistent Engagement
?This session?examines the structure of cyberspace and how it creates an imperative to act to advance national interests through exploitation of vulnerabilities. The session uses the United States as a case study of how countries have shifted to this reality and discusses the US doctrine of persistent engagement as a national cybersecurity operational approach.??
?Module 2: Greg Winger (School of Public and International Affairs, UC): Cyber Strategy & Policy
This session?discusses cyberspace as political domain and its evolution as an arena of international competition.?It will review core challenges like the attribution problem?as well as key actors and cases. In particular, this session will delve into how various geopolitical actors have adapted to the cyber domain and endeavored to uses its unique characteristics as tools for geopolitical gain.??
Module 3: Ryan Moore (School of IT, UC): Cybersecurity Awareness
?Even the strongest, most complex security system can easily be bypassed by one often overlooked vulnerability, the human operator. In this session we will discuss the human element of cyberattacks by examining the attack vectors that can be created by human error, manipulation, or a simple lack of understanding. We will then discuss methods to mitigate these risks through implementing security mechanisms, policies, and training.
II.???????????????Research in Economics Aspects of Cybersecurity
Module 4: Michael Jones (Economics Dept., UC): Economics of Blockchain Attacks
An economic framework to understand the costs and benefits behind blockchain cyberattacks will be introduced. In a blockchain environment, traditional security tools of government coercion through fines and imprisonment are no longer applicable. A secure blockchain environment is enforced whenever the economic costs of a cyber-attack exceed the benefits. We will explore how the consensus protocols of proof-of-work and proof-of-stake may be economically vulnerable to attack. This session will also provide a brief introduction to game theoretical tools in ransomware attacks. We will explore questions that include: whether to negotiate through a third-party in a ransomware attack, and how attackers determine the digital currency and the amount of a ransom.”
Module 5: Boyang Wang (EECS, UC) Encryption and Side-Channel Attacks
In this module, Dr. Wang will introduce the basic concepts of encryption, including symmetric key encryption and public-key encryption. Specifically, Dr. Wang will introduce the details of two common encryption algorithms that we use in practice, including Advanced Encryption Standard (AES) and RSA. In addition, Dr. Wang will introduce side-channel attacks, and utilize AES and RSA as two concrete examples to discuss how attackers can compromise secret keys of encryption algorithms by analyzing power consumption of target devices (such as microcontrollers and FPGAs). Recent research results on deep-learning-based side-channel attacks will also be briefly discussed.?
Module 6: Nitin (EECS Dept): Distributed Blockchain Technology and its?impact and applications on/to real life Problems
These two sessions aim to provide the conceptual understanding of the function of blockchains, design of blockchain, how blockchain is used as an application to cryptocurrencies mining, what is the mathematical puzzle? and how the difficulty levels are setup? what are the methods of securing distributed ledgers and proof of stake vs proof. It also covers the technological and management underpinnings of Blockchain operations as distributed data structures and decision-making systems, their functionality and different architecture types. Finally, we will advocate the application of Blockchain to the Real-Life applications.
?
III.????????????Research in Cybersecurity Engineering ?
This series of modules is to introduce some of the research in cybersecurity at UC and other universities nearby, as well as ask the participation of companies nearby to increase the synergy in research in cyber in Southwest Ohio. If successful, this would become an annual workshop on research in cybersecurity which could extend to the entire state of Ohio through our established OCRI.
Module 7: Anca Ralescu (EECS Dept., UC) ML and Cybersecurity
This module is dedicated to a case study of using Machine Learning (ML) in malware detection based on understanding the context in which various program constructs appear. The ML algorithm to be used is introduced, then we will discuss the notion of context useful for our problem. A relevant data set will be discussed. Finally, all these will be integrated into an approach for malware recognition applied to the data set considered.
Module 8: Boyang Wang (EECS Dept., UC) Towards Robust and Reliable AI-Driven Cybersecurity
In this module, Dr. Wang will discuss several critical cybersecurity research problems that can be tackled by machine learning. The research problems will include network traffic analysis, malware detection, and wireless device authentication. Specifically, the speaker will explain how these problems can be formulated and tackled by machine learning, especially deep neural networks, discuss the limitations on the robustness and reliability of these AI-based solutions, and more importantly, how we can overcome these limitations based on Dr. Wang’s recent research.??
?Module 9: Nan Niu (EECS Dept., UC) Software Engineering for Cybersecurity
?This module helps the students to explore certain software engineering issues related to cybersecurity, including the tracing and compliance of security policies like HIPAA in real-world (electronic health record) software applications, and the critical analysis of security policies and their breaches. The module will also provide the students some hands-on experience of using static analysis and penetration testing tools to detect software vulnerabilities in industrial-strength codebases.
?Module 10: Will Hawkins (EECS Dept., UC) Reverse Engineering, network exploitation, automated program defenses, operating system defense, encryption protocols, network security protocols
?In this module, students will learn to use the industry-standard tools for reverse engineering (i.e., Ghidra) and see the connection between it and network exploitation. As attackers become more and more adept at breaking into systems, software developers become more and more adept at keeping them out. This module will also introduce students to the techniques that application and system developers are deploying in order to prevent attacks on their systems (ASLR, NX bits, n-variant systems, control-flow integrity [CFI], etc.)
Modules 11 John Franco (EECS Dept-UC): Towards proving software and hardware correctness and safety via trustworthy specifications
?Testing has been the standard for software and hardware validation for a very long time.?But testing has its problems: most notably it is impractical to test all execution paths and expensive failures in the field emerge, sometimes after a year of deployment, even after extensive testing.?Improved confidence in the safety and security of software, hardware, and systems can be achieved with formal methods.?In particular, "correct by construction" tools can create correct and safe code or VHDL from a trustworthy specification, SMT solvers can check the equivalence of two functions that are implemented differently and over different architectures, and they can also verify correctness of an implementation against a golden specification.?In this session the reason specifications can be trustworthy and some of the tools used to verify correctness from specifications will be demonstrated.?It should be noted that Amazon uses such tools to verify correctness of functions used by its AWS.
领英推荐
?Module 12: Mehdi Norouzi (EECS Dept. UC): Image Hiding using Deep Neural Networks – Steganography
?Taking advantage of redundancies in images using traditional image processing methods and/or integrating image representations extracted from pre-trained deep neural networks, an image can be encoded into a cover image or a video clip. In this module, we will cover the basics of image hiding, related evaluation measures, primary challenges, and recent advancements (State-of-the art DNN models) reviewing a case study.
?Modules 13: Ranga Vemuri (EECS Dept. UC): Introduction to Hardware Security and Trust
?Trust in integrated circuit (IC) functionality has become a significant concern due to the emergence of highly distributed, multi-institutional process of IC design and development.?In particular, the use of “third-party” foundries for IC manufacturing, where fab?lines are often owned by potentially untrusted entities,?necessitates the analysis of possible attack methods and the development of threat models and defense methodologies.?
?‘Trust’ in this context encompasses at the three mutually related concerns:?(1) Trust in the third-party services such as IP providers and foundries (that what they do and provide is functionally as trustable as what equivalent in-house services would provide). (2) Trust that no one can take unfair advantage of the IC design. (3) Trust that the fabricated IC functions and performs exactly as expected – nothing more and nothing less.??Trust is closely related to, but not the same as, correctness, safety and security.?
?Research at the University of Cincinnati (UC) has been focused in various topics central to the development of trustworthy ICs. This talk presents current and emerging research directions in split manufacturing, logic encryption/obfuscation, design camouflaging, Trojan detection, reverse engineering, run-time monitoring and side-channel attacks.?
Day 5 – UC Cyber Program Recruitment and Partner Session
?Morning: Invited Talk, Len Orlando, WPAFB, “Regional Opportunities and Work Force Development for Cyber Physical System’s Security, Assurance, and Trust”
Combatting Psyber-Security Attacks: Seth Adjei and Ankur Chattopadhyay (Northern Kentucky University)
Existing literature shows that cyber-psychological issues among online users are on the rise, with mental health being the new cybersecurity attack surface, and COVID related misinformation, disinformation, and “fake news” being the corresponding attack vector amidst the ongoing pandemic. The threat of an online user being a victim to this is so significant that the World Health Organization calls this a COVID 'infodemic'.
Psychological experts have termed this as a form of COVID psyber-security attack (COVID-PSA). Recently, there has been a few research and development (R&D) initiatives to address this current threat landscape of the COVID 'infodemic'. However, this research area is still a new, emerging one with a lot of prospective scope of work. In this novel R&D project, we have attempted to address this COVID-PSA threat by implementing a data analytics driven knowledge recommender, which is meant to be an adviser for users regarding the credibility of online COVID information.
We have designed and developed a unique web extension as this knowledge recommender’s maiden proof-of-concept prototype. It can be plugged into a web browser as an add-on and can indicate whether the online information is real or fake on a COVID website that users visit. Our unique COVID infodemic adviser tool includes textual data classifiers, which are trained on COVID information related real and fake benchmark datasets and uses advanced natural language processing techniques to parse the online textual information from websites.
Our tool is a timely technological intervention for providing users with valuable insights on trustworthiness of COVID websites, for safeguarding them against potential COVID-PSA, and for raising overall awareness of looming infodemic threats. This first of its kind tool, which we have built, can contribute to further innovation, and lead to future path breaking research directions plus intellectual property intended for societal benefits.
CHEST Activities and outreach efforts: Marty Emmert (EECS Dept. at UC)
Professor Marty Emmert in the EECS Department is leading the NSF sponsored Industry/University Collaborative Research Center (IUCRC) for Hardware and Embedded Systems Security and Trust (CHEST). To date, CHEST is the largest active IUCRC with six academic members: University of Cincinnati (lead university); University of Virginia; University of Texas at Dallas; Northeastern University; University of Connecticut; and University of California, Davis. Part of the CHEST charter includes workforce development and developing security, assurance and trust methodologies for Artificial Intelligence (AI) systems. This highly integrated group of Carnegie Research 1 universities provides a strong, existing collaborative platform to further expand existing efforts to promote public understanding of privacy, confidentiality, ethics, safety, and especially security implications of AI. All of our CHEST academic partners have similar programs, teaching, and research faculty in Cybersecurity, AI, and Machine Learning. In addition, CHEST has 25 industrial and DoD sponsors that will leverage the education, training tools, and modules we develop through this effort.
With the addition of the new BS in Cybersecurity Engineering, the University of Cincinnati will become a beacon in the field of cybersecurity, a giant step for providing the much needed workforce not only to the State of Ohio, but across all states in the US, which will secure its position of leader in the field worldwide.
?Afternoon: Invited Talk, Ryan Wofarth, Air Force Life Cycle Management Center (AFLCMC)/EZAD. “TBD“
Department of Electrical Engineering and Computer Science (EECS) Presentation (30 minutes): This talk will give an overview of the educational programs in the field of cybersecurity available in the EECS Department.
Starting in the fall of 2021, the EECS Department is offering a BS in Cybersecurity Engineering which combines advanced courses in cybersecurity with fundamental courses in mathematics, computer science, and electrical engineering into a program that adheres to the ABET Engineering Accreditation Commission (EAC) guidelines for Cybersecurity programs and the NSA /DHS Center for Academic Excellence in Cyber Operations.?Each student will complete courses in one of four tracks--Cyber Operations; Network and Data Security; Hardware and Cyber-Physical Systems Security; or Industrial Security--while also completing additional courses in the other tracks, along with required courses in mathematics for cryptography and security and in cybersecurity policy.?This degree provides students with the analytical and computational skills to design, implement, and protect the secure systems needed in today’s world. This new degree offers a series of classes which will complement the new program to be delivered by the School of IT and the new BA in Cyber?Strategy and Policy proposed by the Department of Political Science. In addition, the EECS Department offers an undergraduate certificate and a NSA graduate certificate in Cyber Operations.
SPIA presentation: The School of Public and International Affairs is home to the Center of Cyber Strategy and Policy, which is a highly influential research center focused on national and international cyber security strategies. The School offers a new BA in Cyber Strategy and Policy, which provides both technical skills and expertise in the political, economic, social, technology, and organizational challenges that cyber insecurity creates and how to address that insecurity through improved policy, strategy, and law. The School offers graduate MA/PhD degrees in Public Administration and Political Science in which students can work with leading international scholars in cyber security studies as their focus.
School of IT presentation: The School of Information Technology (SoIT) is home to the National Security Agency/Department of Homeland Security Center for Academic Excellence in Cyber Defense. The Bachelor of Science in Cybersecurity degree was first started in 2014 as a specialization area. The program is offered both online and on campus for full time and part time students. Over 200 students already graduated from the program and occupies roles such as Cybersecurity Analyst, Information Security Analyst, Security Operations Center Team Leads, Digital Forensics and Incident Response Analyst, Cyber Threat Detection Analyst, Penetration Tester, Cyber Risk Consultant, Cyber Threat Hunter, Threat Intelligence Analyst, Senior Information Security Specialist, and Cyber Security Counter Measures among others. Graduates are employed in a wide variety of sectors with companies such as Veeva Systems, Equifax, RoundTower Technologies, Splunk, GE Aviation, CBTS, Marathon Petroleum, Deloitte, Black Lantern Security, US Bank, Veeva Systems, and the Cincinnati Insurance Companies among others.
In addition to undergraduate programs that focus on hands-on technical skills, problem solving skills, and communication skills, the SoIT offers Master’s and Doctoral programs with specializations in Cybersecurity. At the graduate level, research methodologies and evidence-based practices are introduced to expand the learner’s abilities, knowledge, and skills to address complex problems following scientific methodology. The new Data-Driven Cybersecurity graduate certificate is a four-course graduate program that provides immersive experience on principles of cybersecurity, enterprise security, applied machine learning, and data-driven cybersecurity. Students in the graduate program work on research and applied cybersecurity projects.
?Furthermore, the SoIT offers, in partnership with the Ohio Cyber Range Institute, professional development programs through innovative four-week workshop that leads to industry credentials such as Network+ and Security+ among others.
?In this presentation, you will learn about:
Late-Afternoon: Recruitment and Partner Session – Roundtables
?
?
?
?
Dean, College of Science and Engineering at Seattle University
3 年Excellent work, Marc Cahay! Thanks for your leadership.