GREPSEC V (Virtual)

August 5-6, 2021

Talk and Speaker Details

Back to full program.


Rachel Greenstadt: On the Value of Anonymity in Internet Discourse

It’s no secret that the Internet has had—generously speaking—a mixed record on improving societal discourse. Does anonymity on the Internet facilitate harassment, vandalism, and trolling or is it a vital protection for marginalized voices? How could we even know?

In this talk, I’ll discuss my lab’s research on why (and how) Wikipedia, the encyclopedia that “anyone can edit” refuses contributions from anonymous users and our research on the privacy concerns of Wikipedians. Although Wikipedia has taken steps to block contributions from Tor users since as early as 2005, we demonstrate that these blocks have been imperfect and that tens of thousands of attempts to edit on Wikipedia through Tor have been successful. We draw upon several data sources to measure and describe the history of Tor editing on Wikipedia over time and to compare contributions of Tor users to other groups of Wikipedia users. Our analysis suggests that the Tor users who manage to slip through Wikipedia’s ban contribute content that is similar in quality to other sets of users.

One of our key findings in this work (and other work on mental health on social media, and the threat models around intimate partner surveillance) is that consensus perspectives, conventional wisdom, and threat models can fail when they fail to consider diverse perspectives and lived experiences.

Dr. Rachel Greenstadt is an Associate Professor of Computer Science at New York University where she teaches graduate-level courses in computer security and privacy. She founded the Privacy, Security, and Automation Laboratory at Drexel University in 2008. She leads a research team of PhD, Master’s and undergraduate students with interests and expertise in information extraction, machine learning, human-centered computing, privacy, trust, and security. Dr. Greenstadt’s scholarship has been recognized by the privacy research community. She is an alum of the DARPA Computer Science Study Group and a recipient of the NSF CAREER Award. Her work has received the PET Award for Outstanding Research in Privacy Enhancing Technologies, the USENIX Distinguished Paper Award, the CSCW Best Paper Award, and the Andreas Pfitzmann Best Student Paper Award. She served as co-editor-in-chief of the journal Proceedings on Privacy Enhancing Technologies (PoPETs) for the 2017 and 2018 volumes and is the co-program-chair of the 2021 USENIX Security Symposium. Her research has been featured in the New York Times, the New Republic, Der Spiegel, and other local and international media outlets.



Grant Ho: Detecting and Characterizing Lateral Phishing at Scale

This talk will examine the problem of lateral phishing attacks, based on a large-scale analysis of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefitting from both the implicit trust and the information in the hijacked user’s account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the ‘enterprise attacker’ and shed light on the current state of enterprise phishing attacks.

Grant Ho is a UCSD CSE Postdoctoral Fellow, where he works with Geoff Voelker and Stefan Savage. His research studies how we can effectively leverage large-scale data to improve computer security. He is the recipient of a Facebook PhD Fellowship, NSF Graduate Research Fellowship, three distinguished paper awards, and the 2017 Internet Defense Prize. Previously he received his Ph.D. from UC Berkeley, where he worked with David Wagner and Vern Paxson.


Kevin Kornegay: IoT Security Research at the CAP Center

The mission of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University is to provide the defense and intelligence community with the knowledge, methodology, solutions, and highly skilled cybersecurity professionals to mitigate penetration and manipulation of our nation’s cyber-physical infrastructure. The Internet of Things (IoT) permeates all areas of life and work, with unprecedented economic effects. The IoT is a network of dedicated physical objects (things) whose embedded system technology senses or interacts with its internal state or external environment. Embedded systems perform dedicated functions within larger mechanical or electrical systems. Critical infrastructures in transportation, smart grid, manufacturing, and health care, etc. are highly dependent on embedded systems for distributed control, tracking, and data collection. While it is paramount to protect these systems from hacking, intrusion, and physical tampering, current solutions rely on a patchwork of legacy systems, and this is unsustainable as a long-term solution. Transformative solutions are required to protect these systems. In this talk, we will present our current research that addresses security vulnerabilities in IoT ecosystems to provide secure, resilient, and robust operation.

Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is currently the IoT Security Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center for Academic Excellence in the Electrical and Computer Engineering Department at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded systems, side– channel analysis, and differential fault analysis. Dr. Kornegay serves or has served on the technical program committees of several international conferences including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), EEE Secure Development Conference (SECDEV), USENIX Security 2020, the IEEE Physical Assurance and Inspection of Electronics (PAINE), and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He is the recipient of multiple awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is currently a senior member of the IEEE and a member of Eta Kappa Nu, Sigma Xi, and Tau Beta Pi engineering honor societies.



Abigail Marsh: Panel: Socially Responsible Security and Privacy Research

Abigail Marsh is an Assistant Professor of Computer Science at Macalester College, where their research focuses on the usable privacy concerns of situations where multiple stakeholders have access to one account or device, including familial and romantic relationships, older adults and their caretakers, and many other groups. They additionally research privacy and security concerns introduced by assistive technology.



Rebekah Overdorf: Panel: Socially Responsible Security and Privacy Research

Rebekah Overdorf is a postdoctoral researcher in the School of Computer and Communication Sciences at the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland. Her background is in studying the effects that machine learning can have on privacy and the ways in which machine learning can be used to attack private systems and infer private information. Currently, her research revolves around the negative impacts of technical optimization systems on the users, non-users, and the environments in which they are deployed. For example, countering bias in an unfair system when the service provider is not incentivized to correct it, developing technologies to assist municipalities negatively affected by routing applications or ride-sharing applications, and measuring and countering the effects of fake news and fake accounts on social media platforms.



Tal Rabin: You Only Speak Once – Secure MPC with Stateless Ephemeral Roles

The inherent difficulty of maintaining stateful environments over long periods of time gave rise to the paradigm of serverless computing, where mostly-stateless components are deployed on demand to handle computation tasks, and are teared down once their task is complete. Serverless architecture could offer the added benefit of improved resistance to targeted denial-of-service attacks. Realizing such protection, requires that the protocol only uses stateless parties. Perhaps the most famous example of this style of protocols is the Nakamoto consensus protocol used in Bitcoin. We refer to this stateless property as the You-Only-Speak-Once (YOSO) property, and initiate the formal study of it within a new YOSO model. Our model is centered around the notion of roles, which are stateless parties that can only send a single message. Furthermore, we describe several techniques for achieving YOSO MPC; both computational and information theoretic.

Based on joint works with: Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, Hugo Krawczyk, Chengyu Lin, Bernardo Magri, Jesper Nielsen, Leo Reyzin, Sophia Yakoubov

Tal Rabin is a Professor of Computer Science at University of Pennsylvania and a consultant to Algorand Foundation. Prior to joining UPenn she has been the head of research and Algorand Foundation, and prior to that she was at IBM Research for 23 years as a Distinguished Research Staff Member and the manager of the Cryptographic Research Group. She received her PhD from the Hebrew University in 1995.

Tal is an ACM Fellow, an IACR (International Association of Cryptologic Research) Fellow and member of the American Academy of Arts and Sciences. She recently won the STOC 30 year Test-of-Time Award. She is the 2019 recipient of the RSA Award for Excellence in the Field of Mathematics. She was named by Forbes in 2018 as one of the Top 50 Women in Tech in the world. In 2014 Tal won the Anita Borg Women of Vision Award winner for Innovation and was ranked by Business Insider as the #4 on the 22 Most Powerful Women Engineers.

Tal’s research focuses on secure multiparty computation, threshold cryptography, and proactive security and recently adapting these technologies to the blockchain environment. Her works have been instrumental in forming these areas. She has served as the Program and General Chair of the leading cryptography conferences and as an editor of the Journal of Cryptology. She has initiated and organizes the Women in Theory Workshop, a biennial event for graduate students in Theory of Computer Science.



Thomas Ristenspart: Panel: Socially Responsible Security and Privacy Research

Thomas Ristenpart is an Associate Professor at Cornell Tech and a member of the Computer Science department at Cornell University. His research spans a wide range of computer security topics, with recent focuses including digital privacy and safety in intimate partner violence, mitigating abuse and harassment online, cloud computing security, improvements to authentication mechanisms including passwords, confidentiality and privacy in machine learning, and topics in applied and theoretical cryptography.



Vanessa Teague: Panel: Socially Responsible Security and Privacy Research

Vanessa Teague is the CEO of Thinking Cybersecurity and Associate Prof (Adj.) in the Research School of Computer Science at the Australian National University. Her research focuses primarily on cryptographic methods for achieving security and privacy, particularly for issues of public interest such as election integrity and the protection of government data. She was part of the team (with Chris Culnane and Ben Rubinstein) who discovered the easy re-identification of doctors and patients in the Medicare/PBS open dataset released by the Australian Department of Health. She has co-designed numerous protocols for improved election integrity in e-voting systems, and co-discovered serious weaknesses in the cryptography of deployed e-voting systems in New South Wales, Western Australia and Switzerland. She lives and works on Wurundjeri land in Southeastern Australia (near Melbourne).



Ketchiozo Thierry Wandji: Software Assurance and Software Certification for High Assurance Mission Critical Systems.

Description: According to DoD, Software Assurance relates to the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software. Nowadays, many DoD-developed weapon systems are software-intensive systems; which means that software controls a significant portion of weapon systems functionalities or capabilities. This software is often an integration of components including third-party custom software, open-source software, and/or general-purpose off-the-shelf software, limiting our understanding of risk. DoD needs a robust software security certification process that provides the evidence necessary to manage such risk in high assurance environments. Software development processes for high assurance environments can benefit from an integrated certification framework that helps assess, measure, and manage security risk originating from software artifacts.

With over 15 years of academic research and teaching, private industry, and government experience, Dr. Ketchiozo Thierry Wandji is an expert in cybersecurity risk management and software security. Dr. Wandji used to be the Software Security Technical Lead in the Systems Security Division of the USNavy’s Naval Air Warfare Center Aircraft Division (NAVAIR) and the Cybersecurity Technical Expert in the Cyber Warfare Detachment. Dr. Wandji’s duties at NAVAIR included assessing software security throughout the software development lifecycle; planning, developing, and coordinating high-impact research projects on cyber defensive technologies; overseeing the development of innovative cybertechnologies; providing policy guidance and standards as well as workforce development for software security; and integrating these standards into the acquisition process to ensure that systems are both reliable and highly-resilient to cyberattacks. Currently, Dr. Wandji advances education in the field as an Associate Director for the Cybersecurity Assurance and Policy (CAP) Center and an Associate Professor at Morgan State University, where he teaches cybersecurity, oversees cybersecurity research studies, and designs cybersecurity curriculum. He has played an integral role in the design and implementation of cybersecurity virtual labs (cyber range) for students to have a hands-on cybersecurity experience. Likewise, Dr. Wandji helped put together a comprehensive program of cybersecurity workforce development for the Department of the Navy which helped many engineers to become cybersecurity experts.

Hailing originally from Cameroun, Dr. Wandji pursued his BS in Electrical Engineering from the Polytechnic School of Engineering at Montreal, Canada in 2003 and went on to obtain an MS in Electrical Engineering from Morgan State University in Baltimore, MD in 2007. During his graduate studies, Dr. Wandji worked as a research assistant on a NASA-funded project aimed at designing and implementing software components to analyze the operations of weather radar and GPS. Following his graduation, Dr. Wandji supported Rockwell Collins as a Radar System Engineer before joining NAVAIR as an Electromagnetic Interference (EMI) Engineer and then as EMI Lead Systems Engineer. During this period, he noted that most systems were software intensive and that most electromagnetic issues were fixed by software updates, thus prompting him to delve into research on Software Reliability Modeling. Dr. Wandji earned his PhD in Systems Engineering at George Washington University (2015) with a dissertation on the Assessment of Software reliability using Classical and Bayesian methodologies to estimate Software Reliability Growth Model Parameters.Upon graduation he was promoted to Software Reliability Technical Lead and responsible for assessing the software maturity/reliability for all the software intensive systems developed by NAVAIR.

Throughout his research studies in Software Reliability, Dr Wandji realized that software security was not being addressed throughout system security analysis nor cybersecurity risk assessment, which prompted him to further his technical knowledge through an MS in Cybersecurity Technology in 2017 from the University of Maryland, University College. The same year, he also earned a graduate certificate in Cybersecurity with a focus on Embedded Systems from the Georgia Institute of Technology. Most recently, Dr. Wandji has completed a three-stage NAVAIR cybersecurity workforce development program, which concluded with a highly selective and competitive technical rotation at the NavalResearch Lab. This technical rotation has provided him with hands-on experience in software security and cybersecurity.

In addition to teaching in this area of expertise, Dr. Wandji has created a software security community of practice to leverage the best practices and share work experience and challenges. Dr. Wandji has led and coordinated a research and development team composed of researchers from NASA JPL, MITRE, and academia to work on high-impact research projects, which has resulted in a number of published articles and journal papers on software reliability and software security, tutorials at the US Department of Defense, and presentations at private industry conferences. He is a member of the NSBE, IEEE, INCOSE,and EMC society.