NCSU Lablet holds Annual Community Day
October 20, 2016 - The Science of Security Lablet at North Carolina State University held its annual Community Day. This event brought together researchers, industry and government to get to know the lablet's research and create collaboration. The morning was research presentations from each student and the afternoon included community presentations and a poster session.
The Lablet used a highly effective technique, Pecha Kucha, for the research presentations. Pecha Kucha is a presentation style where each presentation consists of 20 power point slides that automatically advance every 20 seconds. Total presentation time is 6:40. This is a difficult presentation method from its rigid timing. If the presenter says too much on one slide, the slides advances and the presenter is playing catch up. However, with just 20 seconds per slide, there is no time to catch up. In the case of the NCSU community day, the students did excellent. They gave presentations that flowed well with the time and were informative. They hit the key points: what is problem; what is the researcher doing; what has been learned and what is needed from the community. They were polished from hard work and lots of practice.
In total, 16 students presented their research.
Olga Zielinska, Different Phish Take Different Bait, discussed her research on understanding the psychological aspects of Phishing including both the victim and the phisher. Adwait Nadkarni, Information Secrecy for Smartphones using Smart Isolation, presented his research on app security on Android. He showed his method of putting individual apps in containers and creating multiple processes of the app for each security level of data being processed. Chris Theisen, Risk-Based Attack Surface Approximation, showed his work of using crash data to prioritize areas of code to look for security vulnerabilities. Ignacio Dominguez, Interface Manipulation for Persistent, Subtle Security Proofs, talked about his work to determine if the "computer user" is a human or a bot based on behavior. Shams Al Amin, Adoption of Security Analysis Tools in Software Development, showed his work on building utility models to understand better understand why software developers do not often use tools to improve the security of their programs. Sarah Elder, Identifying and Comparing Security Requirements From Natural Language Artifacts, demonstrated her work in converting natural language security documents (like NIST SP 800.53) into specific requirements and being able to compare these documents at scale. Ozgur Kafali, Socializing Attack/Defense Trees to Prevent Misuse, research involves improving characterization of threat from informal and natural language into a formalized structure that can have computer evaluation. Rui Shu, A Study of Security Vulnerabilities on Docker Hub, has been examining the interdependency of docker images and how vulnerabilities relate to it. Victor Heorhiadi, Utilizing Networking Innovations for Security, is studying software defined networking to improve network architecture security. Akond Rahman, Defect Analysis of Infrastructure as Code (IaC), is looking at the configuration scrips that are used to IaC to look for vulnerabilities. Nirav Ajmeri, Engineering Socially Aware Applications for Privacy, is tackling the issue that acceptable behaviors in one place are not in another. He wants to develop was for software to adjust based on the appropriateness of the behavior. Jiaming Jiang, Coco: Runtime Reasoning about Conflicting Norms, is making a method to reason about norms so that conflicts can be found or for making decisions. Sheng Liu, Flow Reconnaissance via Timing Attacks on SDN Switches, is also studying software defined networking but he is looking at side channel attacks, such as using timing, for an attacker to learn about the network. Esha Sharma, How effective is your privacy policy?, is working on building the first privacy incident database with a special emphasis on the database automatically updating from news stories. Karthik Sheshadri Stopping Privacy Breaches Before They Happen, is trying to predict when a privacy breach is going to occur. The final presentation by Richeng Jin Collaborative IDS configuration: A Two-layer Game-Theoretical Approach, is developing a game model to understand and build an algorithm for the collaboration of IDSs.
The afternoon session had three presentations from the community, SAS, a software developer, NCSU researcher outside the lablet, and Merek, a pharmaceutical company.
The day ended with a poster session when people could ask questions of the students