Johns Hopkins University

Abstract: The incident response process is well known and well understood in the information security community. The forensics process consists of several important steps that follow a repeatable and common practice using a chain of custody that will stand up to legal scrutiny. These steps apply to both traditional forensics and network forensics, so it is important to understand them. I especially analyze APT, named DarkComet, from the network forensic perspective with network forensics tools in this paper. With dynamic analysis, I analyze network behaviors of the malware by looking at the after effects of execution in the cuckoo sandbox. Finally, I compare with the results both analyzing with forensics tools on my own virtual environment and performing analysis in the cuckoo sandbox.

Abstract: Apple laptops have a growing market share and all come with a built-in camera. When the camera is recording, there is an green LED that turns on to let you know. The question is: Is this LED under software control or is there a piece of hardware that ensures the LED is on whenever the camera is on? The interesting thing about these cameras is that when powered up following a shutdown, the host computer uploads the firmware to the camera from a file on the operating system. Could altering this firmware file disable that pesky green light?

Abstract: Enterprise data is growing at the astounding rate of 70% per year. Companies need to share this data, both internally and externally, to do business, but they simultaneously must protect it from unauthorized access. In this talk, we will overview recent progress in "functional encryption", a new vision of public key encryption, that allows encrypted data to be tagged with attributes and then decryption keys can be issued based on policies over these attributes. For instance, a company could grant an employee a key that unlocks all files for "human recourses" regarding "college hiring" between March and April. A primary technical challenge in this area was realizing a solution that is collusion-resistant; that is, where Alice with a key for "human resources" from June to July and Bob with a key for "accounts payable" from March to April cannot combine their keys to open files for "human resources" from March to April. We discuss industrial applications of this technology in the cloud storage and mobile space, as well as a $20M effort by the Office of the National Coordinator and NSF to use this technology to secure electronic medical records, some of which is being researched today at Johns Hopkins. We conclude by outlining some of the most exciting open research problems in this area.

This talk is for a general audience; a background in cryptography will be helpful, but not assumed.

Abstract: Standing tall among the major mathematical achievements of 20th century are two theorems whose subsequent impacts far outweighed their original intent. One such theorem is due to John Nash, whose proof of the existence of equilibrium in a non-cooperative game gave rise to the concept of the eponymous Nash Equilibrium, which in many ways revolutionized the field of economics. Another is due to Harry Nyquist, whose Nyquist–Shannon sampling theorem, which states that every time-varying band-limited signal can be perfectly reconstructed from an infinite sequence of samples acquired at the twice rate of its maximum frequency, laid the foundation of the modern information and communication theory. I will describe some recent progress in extending these results - in dynamic game theory, where the rules of the game change over time, and in the theory of compressive sensing, which guarantees perfect reconstruction of signals from far fewer number of samples than required by the Nyquist theorem, if the signals are sparse in some appropriate domain. I will then describe some applications of these extensions for cyber security and wireless security, respectively and finally a potential surprising connection between these two important theorems.

Abstract: ScoutVision is a cyber situational awareness platform allowing organizations to identify, understand, and act against cyber and physical threats before they can impact operations. I will overview how ScoutVision accomplishes this through internet structure information, threat data, and monitoring. I will outline some of our customer use cases and explain the gap we fill in the network security market.

Redis (www.redis.io) is an open-source, networked, in-memory, key-value data store with optional durability, and is written in ANSI C. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. I will overview the typical use cases for Redis and its capabilities and limitations as a tool for developers.

After providing insight to our product and an overview of the Redis server, I will review interval trees, specifically an augmented AVL tree, and how we implemented this basic data structure in Redis as a solution to one of Scoutvision's many demanding features.