SEAL hosts Dr. Charles A. Kamhoua of AFRL for a talk on Game Theory and Security

SEAL hosted Dr. Charless A. Kamhoua, a computer scientist at the Air Force Research Lab to present on his recent work on the application of game theory to cloud security. His talk abstract is below, and his talk is open to the public. It will take place on Monday, September 26, 2016 at Davis Hall (Davis 338A).

Abstract. The growth of cloud computing has spurred many entities, both small and large, to use cloud services for cost savings. Public cloud computing has allowed for quick, dynamic scalability without many overhead or long-term commitments. However, concern over cyber security is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is due to three challenging problems. First, the current cloud infrastructures lack provable trustworthiness. Integrating Trusted Computing (TC) technologies with cloud infrastructure shows a promising method for verifying the cloudâs behaviors, which may in turn facilitate provable trustworthiness. Second, public clouds have the inherent and unknown danger stemming from a shared platform – namely, the hypervisor. An attacker that subverts a virtual machine (VM) and then goes on to compromise the hypervisor can readily compromise all virtual machines on that hypervisor. We propose a security-aware virtual machine placement scheme in the cloud. Third, a sophisticated attack in a cloud has to be understood as a sequence of events that calls for the detection/response model to encompass observations from varying dimensions. We discuss a method to automatically determine the best response, given the observations on the system states from a set of monitors. Game theory provides a rich mathematical tool to analyze conflict within strategic interactions and thereby gain a deeper understanding of cloud security issues. Theoretical constructs or mathematical abstractions provide a rigorous scientific basis for cyber security because they allow for reasoning quantitatively about cyber-attacks. This talk will address the three cloud security challenging problems identified above and report on our latest findings from this body of work.

Charles A. Kamhoua received the BS in electronic from the University of Douala (ENSET), Cameroon, in 1999, and the MS in telecommunication and networking and the PhD in electrical engineering from Florida International University (FIU), in 2008 and 2011, respectively. In 2011, he joined the Cyber Assurance Branch of the U.S. Air Force Research Laboratory (AFRL), Rome, New York, as a National Academies Postdoctoral Fellow and became a Research Electronics Engineer in 2012. Prior to joining AFRL, he was an educator for more than 10 years. His current research interests include the application of game theory to cyber security, survivability, cloud computing, hardwareTrojan, online social network, wireless communication and cyber threat information sharing. He has more than 60 technical publications in prestigious journals and International conferences along with a Best Paper Award at the 2013 IEEE FOSINTSI. He has mentored more than 40 young scholars at AFRL counting Summer Faculty Fellow, postdoc, and students. He has been invited to more than 30 keynote and distinguished speeches in the USA and abroad. He has been recognized for his scholarship and leadership with numerous prestigious awards including 30 Air Force Notable Achievement Awards, the 2016 FIU Charles E. Perry Young Alumni Visionary Award, the 2015 AFOSR Windows on the World Visiting Research Fellowship at Oxford University, UK, an AFOSR Basic Research Award, the 2015 Black Engineer of the Year Award (BEYA), the 2015 NSBE Golden Torch Award Pioneer of the Year, selection to the 2015 Heidelberg Laureate Forum, and the 2011 NSF PIRE Award at the Fluminense Federal University, Brazil. He is currently an advisor for the National Research Council, a member of ACM, the FIU alumni association, NSBE and a senior member of IEEE.

Five Undergraduate Students (CS Department, UB) joined SEAL

Five undergraduate students have just joined SEAL to work on various topics in the broad area of security analytics and threat attribution. All students are current taking CSE 410, the first ever undergraduate computer security course offered at University at Buffalo.

  1. M.S. Adityan, Undergraduate Student at UB (2016 – )
  2. Jobin Joseph, Undergraduate Student at UB (2016 – )
  3. Adithya Narayanan, Undergraduate Student at UB (2016 – )
  4. David Weidenborner, Undergraduate Student at UB (2016 – )
  5. Fengyu Wu, Undergraduate Student at UB (2016 – )

One paper on DNS transparency has been accepted at IEEE HotWeb 2016

One paper by SEAL researchers has been accepted for presentation at the Fourth IEEE Workshop on Hot Topics in Web Systems and Technologies (IEEE HotWeb 2016) to be held from October 24 to 25 in Washington, D.C., USA. The paper is entitled “Transparency in the New gTLD Era: Evaluating the DNS Centralized Zone Data Service” and is co-authored with Seong Hoon Jeong, summer visitor from Korea University. Congratulations to Ah Reum, Seong Hoon and others!

  • Ah Reum Kang, Seong Hoon Jeong, Steve Ko, Kui Ren, and Aziz Mohaisen. “Transparency in the New gTLD Era: Evaluating the DNS Centralized Zone Data Service”. In Proceeding of the Fourth IEEE Workshop on Hot Topics in Web Systems and Technologies, IEEE HotWeb 2016, Washington, D.C., USA, October 24-25, 2016.

Prof Mohaisen has given a tutorial on Malware to Banking Executives

Professor Mohaisen has given has given a tutorial titled “Malware” at the 5th International Program on Information Assurance and Management, a workshop attended by Information Security Executives of Banks and Financial Institutions. This program is jointly organized by the Center for Unified Biometrics and Sensors (CUBS) and the Center of Excellence in Information Systems Assurance Research and Education (CEISARE) at the University at Buffalo, in collaboration with the Institute for Development and Research in Banking Technology (IDRBT), a banking research institute established by the Reserve Bank of India (RBI). 

The workshop took place between August 28th and September 3rd, 2016, and Prof Mohaisen’s tutorial was on August 31st. The tutorial demonestrated techniques utilized by malware for infection, spreading, and evolution, as well as defenses.

Prof Mohaisen gave several talks at various universities in South Korea

From August 17 to August 24, Professor Mohaisen gave six invited talks at seminars in major computer science departments on distributed denial of service attacks and defense (Title: Building Resilience in the Core: A data-driven approach to DDoS Modeling, Prediction, and Defenses) while visiting South Korea. The talks preceded two conference talks at WISA 2016 (heled between August 25 and August 27, 2016) by Professor Mohaisen on DDoS attacks and their characterizations, as well as DNS privacy modeling. The talks were delivered at:

1) 08/17/2016 — Sungkyunkwan University
2) 08/18/2016 — Korea University
3) 08/19/2016 — Soongsil University
4) 08/22/2016 — Inha University
5) 08/23/2016 — Electronics and Telecommunication Research Institute
6) 08/24/2016 — Chung-Ang University