Each year, the Institute for Cyber Security, in collaboration with IT Support, hosts Cyber Security Day. This daylong event features nationally recognized security experts as well as speakers from law enforcement, government, security industry, and academia. Cyber Security Day is open to the public, community colleges, and neighboring universities.
The eleventh annual Cyber Security Day was held Tuesday, October 30, 2018, in the HUB Ohio Room on the IUP main campus.
Information for the Event
The eleventh annual Cyber Security Day featured presentations from Adam Lee, Patrick McDaniel, Lisa Shossler, Glenn Lilly, and Charles Olden. Topics included machine learning, future threats, ransomware, and the changing landscape. and many others. View the guest speaker and title abstract sections for more information.
Flyer | Brochure | Photo Gallery | Schedule
Guest Speaker Biographical Information
Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh
Adam Lee is currently the associate dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh. He is also an associate professor in the Department of Computer Science at the University of Pittsburgh, where he previously held the position of assistant professor (2008-14). Prior to joining the University of Pittsburgh, he received the MS (2005) and PhD (2008) degrees in Computer Science from the University of Illinois at Urbana-Champaign, and received his BS in Computer Science from Cornell University (2003). His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. Lee's research has been supported by the NSF and DARPA, and he is an NSF CAREER award recipient. For more information, please see Adam Lee.
Dr. Patrick McDaniel, the William L. Weiss Professor of Information and Communications Technology and Director of the Institute for Networking and Security Research at Penn State University
Patrick McDaniel is the William L. Weiss Professor of Information and Communications Technology and director of the Institute for Networking and Security Research in the School of Electrical Engineering and Computer Science at the Pennsylvania State University. Professor McDaniel is also a fellow of the IEEE and ACM and serves as the program manager and lead scientist for the Army Research Laboratory's Cyber-Security Collaborative Research Alliance. McDaniel's research centrally focuses on a wide range of topics in computer and network security and technical public policy. Prior to joining Penn State in 2004, he was a senior research staff member at AT&T Labs-Research.
Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive, Former White House Official
Lisa Schlosser is a technology and cybersecurity executive originally from Pittsburgh, Pennsylvania, who has served in the private sector; public sector; US military; and academia. She currently serves as an elected commissioner for the City of Rehoboth Beach, Delaware. Lisa is also on the Board of Directors for VetSports; the Board of Advisors for Cylance; a consultant with Harrisburg University; on the CSFi Advisory Board; and is an instructor at Georgetown University and University of Maryland-University College. She is also an animal welfare advocate and volunteers at local dog shelters.Schlosser most recently served full-time as the federal deputy chief information officer, Executive Office of the President. In this role, she helped to oversee policy and budgeting for the $86-billion information technology portfolio. She was also asked to serve a six-month temporary detail with the Office of Personnel Management as a senior advisor/chief information officer following a major cybersecurity breach.
Schlosseralso worked as a principal deputy associate administrator and office director for the Environmental Protection Agency. Prior to EPA,Schlosser was a chief information officer and the associate chief information officer/chief information security officer, at two federal government agencies. Before joining the Federal Government,Schlosser worked in the private sector as a senior manager for Ernst & Young LLP, helping to establish the international Cyber Security Practice; and as a vice president for Global Integrity.Schlosser served in the US Army and retired as a lieutenant colonel from the US Army Reserves.Schlosser holds a BA degree in political science from Indiana University of Pennsylvania and an MS degree in administration from Central Michigan University. For more information, please see Lisa Schlosser.
Dr. Glenn Lilly, Technical Director for the NSA's Cryptographic Assurance Operations
Glenn Lilly received his BA in philosophy and mathematics from West Virginia University in 1985. He received his PhD in mathematics (special functions and combinatorics) from the University of Kentucky in 1991. He joined the National Security Agency in 1991, where he has held a variety of positions in design and evaluation. Currently, he is the technical director for the NSA's Cryptographic Assurance Operations organization within Cybersecurity Solutions. A primary focus of his is workforce technical health; he is a senior advocate for IC PRIDE, the Intelligence Community-wide LGBTQ+ affinity network group. For the five years prior to joining Cryptographic Assurance Operations, he was chief of the Mathematics Research Group. He has one patent, US Patent Serial 09/799,432, "Device For and Method of One-Way Cryptographic Hashing" for the SHA-2 family of hashing algorithms.
Mr. Charles Olden, Systems Engineer at CISCO
Charles Olden is a systems engineer with Cisco Systems. He specializes in providing network and security designs for US public sector higher-education, K-12, and local government customers. He is an IT professional that has been in the industry for over 20 years. He is a native of western Pennsylvania and resides in the greater Pittsburgh area. His ultimate goal is to help businesses of all sizes transform how they connect, communicate and collaborate.
More Information
For more information about Cybersecurity Day at IUP, please contact Dr. Waleed Farag, Director, Institute for Cyber Security, at farag@iup.edu, 724-357-7995.
Titles and Abstracts
Dr. Adam Lee, Associate Dean for Academic Programs in the School of Computing and Information at the University of Pittsburgh
- Title: NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-side SGX
- Abstract:With the rising popularity of file-sharing services such as Google Drive and Dropbox in the workflows of individuals and corporations alike, the protection of client-outsourced data from unauthorized access or tampering remains a major security concern. Existing cryptographic solutions to this problem typically require server-side support, involve non-trivial key management on the part of users, and suffer from severe re-encryption penalties upon access revocations. This combination of performance overheads and management burdens makes this class of solutions undesirable in situations where performance, platform-agnostic, dynamic sharing of user content is required.We present NeXUS, a stackable filesystem that leverages trusted hardware to provide confidentiality and integrity for user files stored on untrusted platforms. NeXUS is explicitly designed to balance security, portability, and performance: it supports dynamic sharing of protected volumes on any platform exposing a file access API without requiring server-side support, enables the use of fine-grained access control policies to allow for selective sharing, and avoids the key revocation and file re-encryption overheads associated with other cryptographic approaches to access control. This combination of features is made possible by the use of a client-side Intel SGX enclave that is used to protect and share NeXUS volumes, ensuring that cryptographic keys never leave enclave memory and obviating the need to re-encrypt files upon revocation of access rights. We implemented a NeXUS prototype that runs on top of the AFS filesystem and show that it incurs modest overheads for a variety of common file and database operations.
Dr. Patrick McDaniel, the William L. Weiss Professor and Director of the Institute for Networking and Security, Penn State University
- Title: The Challenges of Machine Learning in Adversarial Settings
- Abstract: Advances in machine learning have enabled to new applications and services to process inputs in previously unthinkably complex environments. Autonomous cars, data analytics, adaptive communication and self-aware software systems are now revolutionizing markets and blurring the lines between computer systems and real intelligence. In this talk, I consider evolving use of machine learning in security-sensitive contexts and explore why many systems are vulnerable to non-obvious and potentially dangerous manipulation. Here, we examine sensitivity in any application whose misuse might lead to harmfor instance, forcing adaptive network in an unstable state, crashing an autonomous vehicle or bypassing an adult content filter. I explore the use of machine learning in this area particularly in light of recent discoveries in the creation of adversarial samples and defenses against them, and posit on future attacks on machine learning. The talk is concluded with a discussion of the unavoidable vulnerabilities of systems built on probabilistic machine learning, and outline areas for offensive and defensive research in the future
Ms. Lisa Schlosser, City Commissioner and Technology/Cyber Security Executive. Former White House Official
- Title: Cybersecurity: The Future Threat and YOUR Opportunity
- Abstract:This session will discuss the real hacking threats to our mobile phones, the Internet, and our ability to use new apps. What would happen if you could not text, or use Instagram, or any other application you use today? What can you do to protect yourselfand to get on a career path that will help you to investigate cyber hacks and cyber crime scenes?
Dr. Glenn Lilly, Technical Director for the NSA's Cryptographic Assurance Operations
- Title: The changing landscape of cybersecurity from COMSEC to INFOSEC to Cyber Security
- Abstract:The field of cybersecurity is growing ever more complex with the advent of new technologies and new applications. However, cybersecurity finds its roots in the tenets of information security: Confidentiality, Integrity, Availability, and Non-repudiation. This talk will cover some of the mechanisms used to provide these services (for instance, encryption to provide confidentiality) and some of the challenges new or forecasted technologies pose. The talk will provide a broad-brush overview, accessible to the non-practitioner, and aims to be the first cybersecurity talk to discuss the Eastern painted turtle.
Mr. Charles Olden, Systems Engineer at CISCO
- Title:Ransomware and Cybersecurity
- Abstract: Businesses are losing the battle to secure their networks due to the complexity of IT solutions, the increasing diversity of the threat landscape and the fragmentation of today's security offerings. There has clearly been an evolution of the threat landscape over the past few decades from simple viruses and worms to very sophisticated malware and advanced persistent threats. Attackers are increasingly more well-funded and are improving their approaches to the point where hacking has become industrialized. There is a very vibrant, shadow industry that is outpacing the information security industry in terms of revenue generation, but profit is not the only driver in the hacking business. Nation states are becoming main actors in developing exploits for cyberwarfare and espionage.