The Institute for Information Assurance at IUP, in collaboration with the Computer Science Department, will host the sixth annual Information Assurance Day on November 7, 2013, from 8:30 a.m.-4:00 p.m. at the Ohio Room in the HUB at IUP.
Schedule of Speakers
- 8:30-8:40 a.m. Opening Remarks
Dr.Deanne Snavely , Dean, Kopchick College of Natural Sciences and Mathematics - 8:40-8:50 a.m. Remarks
Dr. William Oblitey , Chair, Department of Computer Science at IUP - 8:50-9:00 a.m. Welcome Message
Dr. Waleed Farag , Director, Institute for Information Assurance at IUP - 9:00-9:55 a.m. "Increasing Querier Privacy in Distributed Database Systems"
Dr. Adam Lee , Assistant Professor of Computer Science at the University of Pittsburgh - 9:55-10:05 a.m. AM break I
- 10:05-11:00 a.m. "The design, implementation, and verification of an extensible hypervisor framework"
Dr. Limin Jia , Assistant Research Professor ECE & INI at Carnegie Mellon University - 11:00-11:10 a.m. AM break II
- 11:10-12:05 "Cybersecurity Jobs - the Reality"
Ms. Caren Saxe , Information Assurance Branch Chief - U.S. Department of State - 12:05-1:05 p.m. Lunch break
- 1:05-2:10 p.m. "Examining the Trade-offs Between Net-Centricity and Information Assurance"
Dr. Isaac Porche , Associate Director, Force Development and Tech Program at RAND - 2:10-2:30 p.m. PM break
- 2:30-3:40 p.m. "State Police and Computer Forensics"
Cpl. Gerhard Goodyear , Bureau of Criminal Investigation, Computer Crime Unit - PA State Police - 3:40-4:00 p.m. Conclusion
Biographical Information
Dr. Adam Lee
Dr. Adam J. Lee is currently an assistant professor of Computer Science at the University of Pittsburgh. He received the MS and PhD degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his BS in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields.
Dr. Limin Jia
Limin Jia is an Assistant Research Professor at CMU ECE&INI. She received her B.E. in Computer Science and Engineering from the University of Science and Technology of China and her Ph.D. in Computer Science from Princeton University. Her research interests include language-based security, programming languages, logic, and program verification. Limin's research focuses on formal aspects of security. She is particularly interested in applying language-based security techniques as well as formal logic to model and verify security properties of software systems.
Ms. Caren Saxe
Caren Saxe began her career with the Department of State in 1998 as a Presidential Management Intern in the Office of Computer Security and transitioned to the Foreign Service in late 2000. As a member of the Foreign Service, Caren serves as a cybersecurity generalist, dealing with such diverse tasks as resetting encryption equipment in the North Pacific and leading joint U.S.-U.K. audit teams in London. Her previous assignments include serving as a Security Engineering Officer in Moscow, as the Regional Computer Security Officer for East Asia and the Pacific in Manila, as the U.S. Technical Exchange Officer to the Foreign and Commonwealth Office in London, and as the Officer-in-Charge of the Engineering Services Office in Tel Aviv. Currently, she serves as the Chief of the Information Assurance Branch (IAB) at the Diplomatic Security Training Center, a DHS Center of Excellence. IAB is responsible for providing cybersecurity role-based, instructor led training to the Department of State and other agencies through the DHS-sponsored Information Systems Security Line-Of-Business (ISSLOB) Program. This program has provided cybersecurity training to 88 federal Departments and Agencies.
Dr. Isaac Porche
Isaac Porche is a senior engineer at the RAND Corporation, where he serves as associate director of the RAND Arroyo Center's Force Development and Technology Program. His areas of expertise include cybersecurity; network and communication technology; intelligence, surveillance, and reconnaissance (ISR); information assurance; and computer network defense. He has led research projects for the U.S. Navy, U.S. Army, the Department of Homeland Security (DHS), the Joint Staff, and the Office of the Secretary of Defense. He is a member of the U.S. Army Science Board. His article "The Myth of Cyber Defense" is featured in the October 2012 edition of Proceedings Magazine. In addition, he has published numerous journal articles and presentations on applications of networking technology to the warfighter. Prior to joining RAND in 1998, he was a software developer in the automotive industry. Porche received his M.S. in electrical engineering and computer science from the University of California, Berkeley, and his Ph.D. in electrical engineering from the University of Michigan.
Cpl. Gerhard Goodyear
Cpl. Goodyear previously served as part of an Intelligence Company in the US Marine Corps. He has a Bachelor's Degree in Criminal Justice and has been employed with the State Police for the past 19 years. During that time, he has served as a patrol officer, a patrol supervisor, and a criminal investigator. Cpl. Goodyear is currently assigned to the Bureau of Criminal Investigation, Computer Crime Unit and conducts undercover investigations involving the use of computers of other electronic devices. He has been deputized by the US Marshals and is a member of both the state and federal Internet Crimes Against Children task forces.
Titles and Abstracts
Dr. Adam Lee - University of Pittsburgh
- Title: Increasing Querier Privacy in Distributed Database Systems
- Abstract: In a centralized setting, the declarative nature of query languages like SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this talk, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We present a notion of intensional query privacy developed by our team, describe SQL extensions that allow users to enforce strict privacy constraints or partially ordered privacy/performance preferences over the execution of their queries, and comment on our implementation of an privacy-enhanced query optimizer for PostgreSQL.
Dr. Limin Jia -Carnegie Mellon University
- Title: The design, implementation, and verification of an extensible hypervisor framework
- Abstract: Formal verification of system properties is crucial to the security of software systems. Combing the design, implementation, and verification of software systems can significantly ease the process of verification, and produce high-assurance systems. In this talk, I will present our work on XMHF - an eXtensible and Modular Hypervisor Framework. XMHF's design aims to achieve modular extensibility and automated verification. The design enables us to verify the memory integrity property of XMHF by breaking the verification into two stable portions: (1) we identify local properties required of the source code, which are verified automatically using the C model checking tool CBMC; and (2) an inductive manual proof that uses these local properties as assumptions to show that the memory integrity property holds on XMHF even when interacting with malicious guest OSes. The verification of the source code can be repeated automatically in the development phase when the code is modified. The second part of verification is carried out using a novel program logic that we develop to reason about the trace properties of systems in the presence of adversaries.
Ms. Caren Saxe - U.S. Department of State
- Title: Cybersecurity Jobs - the Reality
- Abstract: Many students consider working for the federal government upon graduation from university, with vague notions of serving their country' or changing xyz policy.' These students, however, are often inaccurate in their understanding of what government jobs entail. Using the U.S. Department of State as an example, this presentation will provide realistic descriptions and practical advice about cyber-related positions in the government, the skills needed to perform them well, and the various methods of entry. Students should then be able to decide if a government position truly matches up with their career goals.
Dr. Isaac Porche - RAND Corporation
- Title: Examining the Trade-offs Between Net-Centricity and Information Assurance
- Abstract: The ideal venue for collaboration and information sharing is among personnel who share the same location, language, vocabulary, experiential background, and information technology. However, the reality is that these conditions are rarely met. People often seek to collaborate across very diverse environments, especially in light of the international nature of the internet. IT interoperability is key. This talk examines the challenges of the level of connectivity and collaboration sought and appreciated today. These challenges are compared to the level of information assurance needed. Trends in both connectivity and information assurance are presented along with the existing trade-offs that occur between them.
Cpl. Gerhard Goodyear - ºÚÁϳԹÏÍø State Police
- Topic: State Police and Computer Forensics
- Abstract: This presentation will cover the role of the State Police in the Computer Forensic field, and how forensics may be conducted. Additionally, there may be a brief case study included.
For more information about Information Assurance Day, please contact Waleed Farag, director, Institute for Information Assurance, at farag@iup.edu, 724-357-7995.