Never Ending Security

It starts all here

Category Archives: Pdf and Slides

NISTFOIA: FOIA for NIST documents related to the design of Dual EC DRBG



nistfoia


Results of a recent FOIA for NIST documents related to the design of Dual EC DRBG.

These FOIA results are the combined result of two separate requests. Thanks to the following requestors:

  • Matthew Stoller and Rep. Alan Grayson
  • Andrew Crocker and Nate Cardozo of EFF

I have contributed only OCR and hosting. Happy hunting,

Matt Green, 6/5/2014


1.15.2015 production/9.1.2 Keyless Hash Function DRBG.pdf
1.15.2015 production/ANSI X9.82 Discussions.pdf
1.15.2015 production/ANSI X9.82, Part 3 DRBGs Powers point July 20, 2004.pdf
1.15.2015 production/Appendix E_ DRBG Selection.pdf
1.15.2015 production/Comments on X9.82, Part 4_Constructions.pdf
1.15.2015 production/E1 Choosing a DRBG Algorithm.pdf
1.15.2015 production/Five DRBG Algorithms Kelsey, July 2004.pdf
1.15.2015 production/Hash Funciton chart.pdf
1.15.2015 production/Letter of transmittal 1.15.2015 .pdf
1.15.2015 production/Part 4_Constructions for Building and Validating RBG Mechanisms.pdf
1.15.2015 production/Scan_2015_01_27_13_05_55_026.pdf
1.15.2015 production/Validation Testing and NIST Statistical Test Suite July 22, 2004.pdf
1.22.2015 production/10.1.2 Hash function DRBG Using HMAC.pdf
1.22.2015 production/10.1.3 KHF_DRBG.pdf
1.22.2015 production/8.6.7 Nonce.pdf
1.22.2015 production/8.7 Prediction Resistance and Backtracking Resistance.pdf
1.22.2015 production/ANSI X9.82 Part 3 Draft July 2004.pdf
1.22.2015 production/Annex G_Informative DRBG mechanism Security Properties.pdf
1.22.2015 production/Appendix G Informative DRBG Selection.pdf
1.22.2015 production/Comments on X9.82 Part 1, Barker May 18, 2005.pdf
1.22.2015 production/Cryptographic security of Dual_EC_DRBG.pdf
1.22.2015 production/D.1 Choosing a DRBG Algorithm.pdf
1.22.2015 production/DRBG Issues Power Point July 20, 2004.pdf
1.22.2015 production/Draft X9.82 Part 3 Draft May 2005.pdf
1.22.2015 production/E.1 Choosing a DRBG Algorithm (2).pdf
1.22.2015 production/E.1 Choosing a DRBG Algorithm.pdf
1.22.2015 production/Final SP 800-90 Barker May 26, 2006.pdf
1.22.2015 production/Fwd_Final SP 800-90 Barker May 26, 2006.pdf
1.22.2015 production/Kelsey comments on SP April 12, 2006.pdf
1.22.2015 production/Latest SP 800-90 Barker May 5, 2006.pdf
1.22.2015 production/Letter of transmittal 1.22.2015.pdf
1.22.2015 production/SP 800-90 Barker June 28, 2006.pdf
1.22.2015 production/SP 800-90_pre-werb version> Barker May 9, 2006.pdf
1.22.2015 production/Terse Description of two new hash-based DRGBs Kelsey, January 2004.pdf
1.22.2015 production/Two New proposed DRBG Algorithms Kelsey January 2004.pdf
1.22.2015 production/X9.82, RGB, Issues for the Workshop.pdf
6.4.2014 production/001 – Dec 2005 -NIST Recomm Random No. Gen (Barker-Kelsey).pdf
6.4.2014 production/002 – Dec 2005 – NIST Recomm Random No. Gen (Barker-Kelsey)(2).pdf
6.4.2014 production/003 – Sept 2005 – NIST Recomm Random No. Gen (Barker-Kelsey).pdf
6.4.2014 production/004 – Jan 2004 – Terse Descr. of Two New Hash-Based DRBGs.pdf
6.4.2014 production/005 – Proposed Changes to X9.82 Pt. 3 (Slides).pdf
6.4.2014 production/006 – NIST Chart 1.pdf
6.4.2014 production/007 – RNG Standard (Under Dev. ANSI X9F1) – Barker.pdf
6.4.2014 production/008 – Random Bit Gen. Requirements.pdf
6.4.2014 production/009 – Seed File Use.pdf
6.4.2014 production/010 – NIST Chart 2.pdf
6.4.2014 production/011 – 9.12 Choosing a DRBG Algorithm.pdf
6.4.2014 production/012 – May 14 2005 – Comments on ASC X9.82 Pt. 1 – Barker.pdf
6.4.2014 production/013 – X9.82 Pt. 2 – Non-Deterministic Random Bit Generators.pdf

More info you can find on: https://github.com/matthewdgreen/nistfoia


650.445: PRACTICAL CRYPTOGRAPHIC SYSTEMS



READINGS & SUGGESTED PRESENTATION TOPICS


Protocols

  1. Crosby, Goldberg, Johnson, Song, Wagner: Cryptanalyzing HDCP (2001)

  2. Wagner, Schneier: Analysis of the SSL 3.0 Protocol

  3. Lucks, Schuler, Tews, Weinmann, Wenzel: Security of DECT

  4. Kohno: Analysis of WinZip Encryption

  5. Stubblefield, Ioannidis, Rubin: Breaking WEP

  6. Bellare, Kohno, Namprempre: Breaking and Repairing SSH

  7. Burrows, Abadi and Needham: A Logic of Authentication

  8. DTLA: DTCP Additional Localization Protocol

Side Channel Attacks

  1. Bar-el: Introduction to Side Channel Attacks (white paper)

  2. Kocher: Timing attack on RSA & DL systems

  3. Brumley, Boneh: Remote Timing Attacks are Practical

  4. Bernstein: Cache Timing Attack on AES.  Osvik, Shamir, Tromer: Attacks and Countermeasures

  5. Eisenbarth, Kasper, Moradi, Paar, Salmasizadeh, Shalmani: Attacking KeeLoq (SpringerLink)

  6. Shamir, Tromer: Acoustic Cryptanalysis

  7. Pellegrini, Bertacco, Austin: Fault-Based Attack of RSA Authentication

  8. Aciicmez, Koc, Seifert: Branch Prediction Analysis (very advanced)

Dictionary Attacks: Optimization & Mitigation

  1. Alexander: Password Protection for Modern OSes

  2. RSA Laboratories: PKCS #5 2.0: Password-Based Cryptography Standard

  3. Provos and Mazières: “Future-adaptable” password schemes

  4. Stamp: Once Upon a Time Space Tradeoff

  5. Oeschslin: Rainbow Tables (includes papers & demo)

  6. Canetti, Halevi, Steiner: Mitigating (offline) Dictionary Attacks with Reverse-Turing Tests

    Securing Internet Infrastructure

  7. Jackson, Barth, Bortz, Shao, Boneh: Protecting Browsers from DNS Rebinding Attacks

  8. Kaminsky: It’s the End of the (DNS) Cache As We Know It (Black Hat 2008 – 101MB)

  9. DNSSEC.net: DNS Security Extensions (standards & resources)

  10. Ptacek: A case against DNSSEC

  11. Kent, Lynn and Seo: Secure BGP

  12. BBN.com: Secure BGP resources

Digital Rights Management & Conditional Access

  1. Lawson: Designing and Attacking DRM (presentation)

  2. Edwards: A technical description of the Content Scrambling System (CSS)

  3. Henry, Sui, Zhong: Overview of AACS — and full AACS Specification

  4. ISE: A Comparison of SPDC (technology behind BD+) and AACS (2005)

  5. Craver, Wu, Liu, Stubblefield, Swartzlander, Wallach, Dean, Felten: Watermarking & SDMI

  6. Kuhn: Analysis of the Nagravision Video Scrambling Method (analog scrambling)

  7. Naor, Naor and Lotspiech: Revocation and Tracing Schemes for Stateless Receivers

Software, Physical Security, Backdoors

  1. Halderman et al.: Cold Boot Attacks on Encryption Keys & RSA Key Reconstruction

  2. Young, Yung: Cryptovirology: extortion-based security threats and countermeasures (IEEE)

  3. Dowd: Application-Specific Attacks: Leveraging the ActionScript Virtual Machine

  4. Steil: 17 Mistakes Microsoft Made in the XBox Security (2005)

  5. Bartolozzo et al.: Attacking and Fixing PKCS#11 Security Tokens

  6. Bardou et al.: Efficient Padding Oracle Attacks on Cryptographic Hardware

Privacy and Anonymity

  1. Dingledine, Mathewson, Syverson: Tor: The Second Generation Onion Router

  2. McCoy, Bauer, Grunwald, Kohno, Sicker: Analyzing Tor Usage

  3. Murdoch, Danezis: Low-cost Traffic Analysis of Tor

  4. Murdoch: Hot Or Not: Using clock skew to locate hidden services

  5. Wang, Chen, Jajodia: Tracking Anonymized VoIP Calls

Hash Functions and Random Oracles

  1. Coron, Dodis, Malinaud, Puniya: Merkle-Damgård Revisited

  2. Wang, Yu: How to break MD5 and other hash functions

  3. Stevens, Lenstra, de Weger: Target collisions for MD5

  4. Kaminsky: MD5 To Be Considered Harmful Someday

  5. Sotirov et al.: MD5 considered harmful today (building a rogue CA cert)

  6. Wang, Yin, Yu: SHA1 broken (at least, on its way…)

  7. NIST: “SHA3” competition: list of first round candidates (December 2008)

  8. Canetti, Goldreich, Halevi: Random oracles revisited, and…

  9. Bellare, Boldyreva, Palacio: A more natural uninstantiable Random-Oracle-Model scheme

  10. Coron, Patarin, Seurin: The random oracle model and the ideal cipher model are equivalent

  11. Bellare, Canetti, Krawczyk: HMAC

Symmetric Crypto

  1. Bellare, Namprempre: Authenticated encryption, generic composition

  2. Ferguson: Authentication weaknesses in GCM.  McGrew, Viega: Response & Update.

Public Key Crypto

Bleichenbacher: CCA Attacks against Protocols (SSL) based on PKCS #1

Bellare, Rogaway: Optimal Asymmetric Encryption Padding (OAEP)

Manger: CCA Attacks against Implementations of OAEP

Bernstein: An Introduction to Post-Quantum Cryptography

Random Number Generation

  1. Dorrendorf, Gutterman, Pinkas: RNG Weaknesses in Windows 2000

  2. Gutterman, Pinkas: Flaws in the Linux RNG

  3. Barker, Kelsey: NIST Special Pub. 800-90: Recommendations for PRNGs

  4. Kelsey, Schneier, Wagner, Hall: Cryptanalytic attacks on PRNGs

  5. Schoenmakers, Sidorenko: Dual EC not kosher

  6. Shumow, Ferguson: There May Be a Backdoor in Dual EC.

  7. Keller: ANSI X9.31 (Block cipher-based PRNG). Various artists: FIPS 186-2 (see Appendix 3)

Implementation Issues

  1. Gutmann: Lessons Learned in Implementing and Deploying Crypto Software

  2. Berson: Security Evaluation of Skype (2005, conducted at Skype’s request)

  3. Biondi, Desclaux: Silver Needle in the Skype (2006, REing of Skype binary)

Financial Services

  1. Berkman, Ostrovsky: The Unbearable Lightness of PIN cracking

  2. Bond, Zieliński: Decimalisation table attacks for PIN cracking

  3. Murdoch, Drimer, Anderson, Bond: Chip and PIN is Broken

RFID and Wireless

  1. Nohl, Evans, Starbug, Plötz: Reverse-Engineering a Cryptographic RFID Tag

  2. Bono, Green, Stubblefield, Juels, Rubin, Szydlo: Security Analysis of TI DST Tags

Misc.

  1. Halperin et al.: Pacemakers and ICDs (no crypto)

  2. Ellis: Non-secret Encryption (historically very interesting)

  3. TheGrugq: Opsec for Freedom Fighters

Symposium 2014 – Poster and Presentations 2014


Posters & Presentations 2014

  • Consumer Privacy Architecture for Power Grid Advanced metering infrastructure
  • Privacy Preserving Access Control in Service Oriented Architecture
  • pSigene: Generalizing Attack Signatures
  • Resilient and Active Authentication and User-Centric Identity Ecosystems
  • Semantic Anonymization of Medical Records
  • The Password Wall — A Better Defense against Password Exposure
  • Top-K Frequent Itemsets via Differentially Private FP-trees
  • VeryBioIDX: Privacy Preserving Biometrics-Based and User Centric Authentication Protocol
  • A Framework for Service Activity Monitoring
  • A Key Management Scheme in BYOD Environment
  • FPGA Password Cracking
  • A Study of Probabilistic Password Models
  • Analysis of Coping Mechanisms in Password Selection
  • Detecting Tic-Tac-Stego: Anomaly Detection for Steganalysis in Games
  • Enhancing Analyst Situation Awareness and Event Response in Cyber Network Operations Centers
  • Finland’s Cyber Warfare Capabilities
  • Mutual Restraining Voting Involving Multiple Conflicting Parties
  • Natural Language IAS: The Problem of Phishing
  • Using social network data to track information and make decisions during a crisis
  • A Framework to Find Vulnerabilities Using State Characteristics in Transport Protocol Implementations
  • Divide & Recombine for Big Data Analysis for Cybersecurity – Application of DNS Blacklist Query Study
  • Confidentiality Guidelines for Cloud Storage
  • Cyber 9/12 Student Challenge: Team Purdue Cyber Forensics
  • DC3 Digital Forensics Challenge
  • Implementing Bayesian Statistics from an Analysis of Competing Hypothesis Framework
  • Netherland’s Cyber Capabilities
  • Saudi Arabian Policy on Cyber Capabilities
  • South Korea ICT Index Leader Cyber Assessments
  • Technological Impact of Criminal Enterprises: The Impact of Cloud Computing:
  • The Efficacy of Case Studies for Teaching Policy in Engineering and Technology Courses
  • The Impact of University Provided Nurse Electronic Medical Record (EMR)Training on Hospital Provider Systems: A Computer Simulation Approach
  • The Irish Economy’s Vulnerability to Cyber Conflict
  • Threats, Vulnerabilities, and Security Controls in Cloud Computing
  • A Critical Look at Steganographic Investigations
  • Analysis of Cyberattacks on UASs in Simulation
  • Communications, Information, and Cybersecurity in Systems-of-Systems
  • Distributed Fault Detection and Isolation for Kalman Consensus Filter
  • End to End Security in Service Oriented Architecture
  • INSuRE — Information Security Research and Education
  • Log-Centric Analytics for Advanced Persistent Threat Detection
  • Making the Case of Digital Forensics Field Training for Parole Services
  • Periodic Mobile Forensics
  • Robust Hybrid Controller Design: Cyber Attack Mitigation Strategy for Cyber-Physical Systems
  • Text-based Approaches to Detect Phishing Attacks
  • The Case of Using Negative (Deceiving) Information in Data Protection

Assured Identity and Privacy

Consumer Privacy Architecture for Power Grid Advanced metering infrastructure

Dheeraj Gurugubelli, Dr. Chris Foreman and Dr. Melissa Dark

http://www.cerias.purdue.edu/assets/symposium/2014-posters/616-591.pdf

Utilities install smart meters in homes. These smart meters allow the tracking and management of the energy consumption of the consumers. This will enable the utility companies to increase increase efficiency, lower costs, and reduce pollution. But the advanced meters, which use wireless and digital technologies to send frequent consumption data to utilities, face opposition from customers and others who see them as a threat to health, privacy, and security. From a utility company perspective, collection and management of such huge volumes of data at an individual level is not an essential business function. The goal of this research is to create an architecture preserving privacy of the consumer in the power grid advanced metering infrastructure while helping the utility company better manage data.

Privacy Preserving Access Control in Service Oriented Architecture

Rohit Ranchal, Ruchith Fernando, Zhongjun Jin, Pelin Angin, Bharat Bhargava

http://www.cerias.purdue.edu/assets/symposium/2014-posters/955-3C4.pdf

Service Oriented Architecture (SOA) comprises of a number of loosely-coupled services, which collaborate, interact and share data to accomplish a task. A service invocation can involve multiple services, where each service generates, shares, and interacts with the client’s data. These interactions may share data with unauthorized services and violate client’s policies. The client has no means of identifying if a violation occurred and has no control or visibility on interactions beyond its trust domain. Such interactions introduce new security challenges which are not present in the traditional systems. We propose a data-centric approach for privacy preserving access control in SOA based on Active Bundles. This approach transforms passive data into an active entity that is able to protect itself. It enables dynamic data dissemination decisions and protects data throughout its lifecycle. The granularity of the data being shared with a service is determined by the client’s data dissemination policy.

pSigene: Generalizing Attack Signatures

Jeff Avery, Gaspar Modelo-Howard, Fahad Arshad, Saurabh Bagchi, Yuan Qi

http://www.cerias.purdue.edu/assets/symposium/2014-posters/F74-76F.pdf

Intrusion detection systems (IDS) are an important component to effectively protect computer systems. Misuse detection is the most popular approach to detect intrusions, using a library of signatures to find attacks. The accuracy of the signatures is paramount for an effective IDS, still today’s practitioners rely on manual techniques to improve and update those signatures. We present a system, called pSigene, for the automatic generation of intrusion signatures by mining the vast amount of public data available on attacks. It follows a four step process to generate the signatures, by first crawling attack samples from multiple public cyber security web portals. Then, a feature set is created from existing detection signatures to model the samples, which are then grouped using a biclustering algorithm which also gives the distinctive features of each cluster. Finally the system automatically creates a set of signatures using regular expressions, one for each cluster. We tested our architecture for the prevalent class of SQL injection attacks and found our signatures to have a True and False Positive Rates of over 86% and 0.03%, respectively and compared our findings to other SQL injection signature sets from popular IDS and web application firewalls. Results show our system to be very competitive to existing signature sets.

Resilient and Active Authentication and User-Centric Identity Ecosystems

Yan Sui, Xukai Zou

http://www.cerias.purdue.edu/assets/symposium/2014-posters/621-AD0.pdf

Existing proxy based authentication approaches have problems (e.g., non-binding, susceptible to theft and dictionary attack, burden on end-users, re-use risk). Biometrics, which authenticates users by intrinsic biological traits, arises to address the drawbacks. However, the biometrics is irreplaceable once compromised and leak sensitive information about the human user behind it. In this research, we propose a usable, privacy-preserving, secure biometrics based identity verification and protection system. Specifically, we propose a novel biometric authentication token called Bio-Capsule (BC) which is generated by a secure fusion of user biometrics and a (selected) reference subject biometrics. The fusion process preserves the biometric robustness and accuracy in the sense that the BC can be used in place of the original user’s biometric template without sacrificing the system’s acceptability for the same user and distinguishability between different users. There are more potential applications on this research: a user-centric identity ecosystem – a highly resilient, privacy-preserving, revocable, interoperable, and efficient user-centric identity verification and protection ecosystem; and an active authentication system – a provably secure, privacy-preserving, biometric active authentication system to support continuous and non-intrusive authentication.

Semantic Anonymization of Medical Records

Tatiana Ringenberg, Julia M. Taylor, Victor Raskin

http://www.cerias.purdue.edu/assets/symposium/2014-posters/79D-5DB.pdf

With the availability of large amounts of data in the medical industry, it is becoming necessary, due to both regulatory and ethical concerns, to find unique ways of protecting patient identities. A name and social security number are no longer the only fields in a patient’s record that can identify them. Data under HIPAA requires the removal of several Protected Health Information Identifiers. Symptoms themselves can also distinctly identify an individual in a large group. To prevent this, the Purdue OST Anonymization Project is using semantics to determine the degree to which any patient record is identifiable from others in a system. Our approach combines the conceptual mapping of Ontological Semantic Technology with the anonymity principles of K-Anonymity to semantically anonymize patient data for compliance with regulatory and research policies.

The Password Wall — A Better Defense against Password Exposure

Mohammed Almeshekah, Mikhail Atallah and Eugene Spafford

http://www.cerias.purdue.edu/assets/symposium/2014-posters/356-E8E.pdf

We present an authentication scheme that better protects users’ passwords than in currently deployed password-based schemes, without taxing the users’ memory or damaging the user-friendliness of the login process. Our scheme maintains comparability with traditional password-based authentication, without any additional storage requirements, giving service providers the ability to selectively enroll users and fall-back to traditional methods if needed. The scheme utilizes the ubiquity of smartphones, however, unlike previous proposals it does not require registration or connectivity of the used phones. In addition, no long-term secrets are stored in the user’s phone, mitigating the consequences of losing it. The scheme significantly increases the difficulty of launching a phishing attack; by automating the decisions of whether a website should be trusted and introducing additional risk at the adversary side of being detected and deceived. In addition, the scheme is resilient against Man-in-the-Browser (MitB) attacks and compromised client machines. Finally, we incorporate a user-friendly covert communication between the user and the service provider giving the user the ability to have different levels of access (instead of the traditional all-or-nothing), and the use of deception (honeyaccounts) that make it possible to dismantle a large-scale attack infrastructure before it succeeds (rather than after the painful and slow forensics that follow a successful phishing attack). As an added feature, the scheme gives service providers the ability to have full-transaction authentication.

Top-K Frequent Itemsets via Differentially Private FP-trees

Jaewoo Lee and Chris Clifton

http://www.cerias.purdue.edu/assets/symposium/2014-posters/026-59A.pdf

Frequent itemset mining is a core data mining task and has been studied extensively. Although by their nature, frequent itemsets are aggregates over many individuals and would not seem to pose a privacy threat, an attacker with strong background information can learn private individual information from frequent itemsets. This has lead to differentially private frequent itemset mining, which protects privacy by giving inexact answers. We give an approach that first identifies top-k frequent itemsets, then uses them to construct a compact, differentially private FP-tree. Once the noisy FP-tree is built, the (privatized) support of all frequent itemsets can be derived from it without access to the original data. Experimental results show that the proposed algorithm gives substantially better results than prior approaches, especially for high levels of privacy.

VeryBioIDX: Privacy Preserving Biometrics-Based and User Centric Authentication Protocol

Hasini Gunasinghe, Elisa Bertino

http://www.cerias.purdue.edu/assets/symposium/2014-posters/642-A07.pdf

We propose a privacy preserving biometric based authentication protocol by which user can authenticate to different service providers from mobile phone, without involving identity provider in transactions, thus enhancing privacy. Authentication is based on a cryptographic identity token which embeds a unique, repeatable and revocable identifier generated from the user’s biometric image and a random secret, supporting two-factor authentication based on zero-knowledge proofs of knowledge. Our approach for generating biometric identifiers from users’ biometric is based on perceptual hashing and SVM classification techniques.

End System Security

A Framework for Service Activity Monitoring

Ruchith Fernando, Rohit Ranchal, Pelin Angin, Bharat Bhargava

http://www.cerias.purdue.edu/assets/symposium/2014-posters/10E-9E2.pdf

In a service-oriented architecture (SOA) environment, a service can dynamically select and invoke any service from a group of services to offload part of its functionality. This is very useful to build large systems with existing services and dynamically add services to support new features. One of the main problems with such a system is that, it is very difficult to trust the service interaction lifecycle and assume that the services behave as expected and respect the system policies. We propose a centralized service monitor, that audits and detects malicious activity or compromised services by analyzing information collected via monitoring agents. The service monitor includes two modes of operation – active and passive – where one can evaluate service topologies with various policies.

A Key Management Scheme in BYOD Environment

Di Xie, Baijian Yang

http://www.cerias.purdue.edu/assets/symposium/2014-posters/953-6AD.pdf

Bring-Your-Own-Device (BYOD) refers to an IT policy that encourages and allows employees to use their personal devices to access privileged corporate network resources. Current BYOD practices are not sufficient to provide both flexible and secure access to data stored on personal devices and are likely to cause privacy infringement issues and incur high management cost. This research presents an Innovative Key Management Scheme (IKMS) approach that employs a hierarchical and time-bounded key management system to battle the security and privacy issues in BYOD deployment.

FPGA Password Cracking

Max DeWees, Michael Kouremetis, Matthew Riedle, Craig West

http://www.cerias.purdue.edu/assets/symposium/2014-posters/AB6-C90.pdf

Field Programmable Gate Arrays (FPGAs) are a unique hardware component that allows for dynamic prototyping design and implementation of hardware logic. FPGAs provide the advantages of dedicated hardware functionality and parallelization for specific tasks. In this research, we look to apply these advantages of FPGAs to breaking cryptographic functions, primarily hash functions and encryption passwords. While this has been done successfully in the past to older functions like MD5, it has not been thoroughly analyzed for more complex systems such as TrueCrypt, Windows BitLocker, or Mac OS X FileVault. Our focus is to analyze the feasibility, scalability, and success of using one or more FPGAs to crack these systems.

Human Centric Security

A Study of Probabilistic Password Models

Jerry Ma, Weining Yang, Min Luo, Ninghui Li

http://www.cerias.purdue.edu/assets/symposium/2014-posters/293-790.pdf

A probabilistic password model assigns a probability value to each string. Such models are useful for research into understanding what makes users choose more (or less) secure passwords, and for constructing password strength meters and password cracking utilities. Guess number graphs generated from password models are a widely used method in password research. In this paper, we show that probability-threshold graphs have important advantages over guess-number graphs. They are much faster to compute, and at the same time provide information beyond what is feasible in guess-number graphs. We also observe that research in password modeling can benefit from the extensive literature in statistical language modeling. We conduct a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model, which has been used as the state-of-the-art password model in recent research.

Analysis of Coping Mechanisms in Password Selection

Brian Curnett, Paul Duselis, Teri Flory

http://www.cerias.purdue.edu/assets/symposium/2014-posters/ED9-F1E.pdf

Do more stringent password policies actually create stronger and more secure passwords? Do humans reach a threshold when creating passwords that follow policies but fail to provide an adequate level of protection? Previous work has focused on password strength and the effectiveness of password defeating tools, but has only briefly touched on user frustration with policies, or the coping mechanisms that may be employed by the users to satisfy those stringent policies. Our work will utilize the information available from previous studies and expand on that to include user frustration and coping methods. Our examination will include multiple policies that are currently accepted and in use by organizations and companies from a wide variety of backgrounds. This will attempt to show the true measure of protection that the industry standard policies provide. It will be necessary to review processes of data collection, and determine the most effective procedures to gather this information. We will then develop a method, utilizing this plan, and propose this to the partners for future review and use. We will propose an analytic procedure to be used in determining an optimal relationship between password policy’s strength and coping mechanisms. And finally a set of repeatable statistical procedures that can be applied toward data sets of passwords to ensure the policy’s strength.

Detecting Tic-Tac-Stego: Anomaly Detection for Steganalysis in Games

Philip C. Ritchey, Vernon J. Rego

http://www.cerias.purdue.edu/assets/symposium/2014-posters/EF2-A3A.pdf

Motivated by the identification of potential areas in the broader field of information security where the study of human behavior can be used to enhance and improve information security, we investigated methods for detecting information hiding in games. This work builds on previous work which presented Tic-Tac-Stego, a general methodology for hiding information in games. The focus of this work is to understand and experiment with three steganalysis techniques for detecting steganography in games: rules-based, feature-based, and probabilistic model-based detectors. Under the assumption that the adversary is unable to predict the play style of the stego-agent, we find that a feature-based steganalysis method performs the best at detecting usage of the covert channel, capable of achieving accuracy greater than 97% against all stego-agents tested. On the other hand, under the assumption that the adversary is able to predict the play style of the stego-agent, the rules-based method is more accurate and requires fewer games per example than the feature-based method. The probabilistic-based method is found to be overall less accurate than both the feature-based and rules-based methods.

Enhancing Analyst Situation Awareness and Event Response in Cyber Network Operations Centers

Omar Eldardiry, Barrett Caldwell

http://www.cerias.purdue.edu/assets/symposium/2014-posters/BA8-C6C.pdf

The development of cyber network operations centers has created new needs to support human sense-making and situation awareness in a cyber network common operating picture (CNCOP). The goal of this research is to identify critical features that support expert analysts in event detection, identification, and response to cyber events (emergency scenarios, hardware breakdowns or other sources of degraded performance). The goal is to improve information visualization to support recognition and response to cyber- and cyber-physical network events. The results of this research project will be used to improve operational capability and analyst situation awareness in NOC environments and provide design guidance to improve analyst event monitoring and response in other cyber-physical infrastructure operations centers.

Finland’s Cyber Warfare Capabilities

Filipo Sharevski

http://www.cerias.purdue.edu/assets/symposium/2014-posters/B76-BC6.pdf

In light of the discussion on cyber intelligence, the content of this paper includes analysis of open source data in respect to a methodical assessment of Finland’s cybersecurity and cyberwarfare capabilities. The information related to Finland’s cyber preparedness and cybersecurity awareness is analyzed together with the relevant statistical factors in order to outline the relative stage of cyber capability development in the military context. Finland’s cybersecurity strategy, Finnish security and defense policy, and Finland’s academia perspectives on cyber operations realms are elaborated in parallel with the conceptualization on military doctrine adaptation in the cyber domain in order to describe Finland’s posture relative to potential cyberwarfare conflict engagements. In addition to this, the key stakeholders in cybersecurity governance are also enlisted, providing insight into the practical aspects of the nations’ efforts for cybersecurity maintenance and constant improvement.

Mutual Restraining Voting Involving Multiple Conflicting Parties

Dr. Xukai Zou (xkzou@cs.iupui.edu), Yan Sui, Huian Li, Wei Peng, and Dr. Feng Li

http://www.cerias.purdue.edu/assets/symposium/2014-posters/CFF-BFE.pdf

Scrutinizing current voting systems including existing e-voting techniques, one can discern that there exists a gap between casting secret ballots and tallying & verifying individual votes. This gap is caused by either disconnection between the vote-casting process and the vote-tallying process or opaque transition (e.g., due to encryption) from vote-casting to vote-tallying and damages voter assurance, i.e., any voter can be assured that the vote he/she has cast is verifiably counted in the final tally. We propose a groundbreaking e-voting protocol that fills this gap and provides a fully transparent election. In this fully transparent internet voting system, the transition from vote-casting to vote-tallying is seamless, viewable, verifiable, and privacy-preserving. As a result, individual voters will be able to verify their own votes and are technically and visually assured that their votes are indeed counted in the final tally, the public will be able to verify the accuracy of the count, and political parties will be able to catch fraudulent votes. And all this will be achieved while still retaining what is perhaps the core value of democratic elections–the secrecy of any voter’s vote. The new protocol is the first fully transparent e-voting protocol which technologically enables open and fair elections and delivers full voter assurance, even for the voters of minor or weak political parties.

Natural Language IAS: The Problem of Phishing

Lauren M. Stuart, Gilchan Park, Julia M. Taylor, Victor Raskin

http://www.cerias.purdue.edu/assets/symposium/2014-posters/568-98B.pdf

Phishing emails solicit personal and sensitive information while masquerading as legitimate messages from financial institutions. Automatic detection of phishing emails will help reduce the financial losses incurred by their victims. Computer understanding of message meaning and other hallmarks of legitimate and illegitimate emails can improve detection, and continue the expansion of natural language understanding techniques and processes into information assurance and security applications.

Using social network data to track information and make decisions during a crisis

Student: David Hersh Advisors: Julia Taylor, Victor Raskin

http://www.cerias.purdue.edu/assets/symposium/2014-posters/63B-A51.pdf

Social network use has dramatically increased in recent years, causing a surge in the amount of data people publicly share. Many share events of their lives on a daily basis, and get much of their news from social networks. So when a crisis occurs, such as a school shooting, many people in the affected area report what is going on through their social networks, allowing others to get firsthand accounts of the situation as it progresses. This information is often available before official information is, making it a valuable resource for anyone who needs to know the most up-to-date information on the crisis. In this research, we take the first steps toward the development of a system that extracts crisis information from social networking data in real time, allowing the system’s users to have a consistently up-to-date version of the situation.

Network Security

A Framework to Find Vulnerabilities Using State Characteristics in Transport Protocol Implementations

Sam Jero, Hyojeong Lee and Cristina Nita-Rotaru

http://www.cerias.purdue.edu/assets/symposium/2014-posters/0CA-1EC.pdf

We propose a platform for automatically finding attacks in transport protocol implementations. Our platform uses virtual machines connected with a network emulator to run unmodified target implementations, ensuring realism. We focus on attacks involving the manipulation or injection of protocol messages and build a framework to perform these basic malicious actions. To mitigate state-space explosion resulting from numerous combinations of malicious actions and protocol messages, we leverage protocol states. First, we build a state tracker that can infer the current state of the target system from message traces. Using the state tracker and a benign execution, we classify states based on observable characteristics. We then associate basic attack actions with characteristics of states and compose attack strategies based on this information. We monitor the effect of these attack strategies and determine which actions are effective for which states. We use this information to focus or prune our attack strategies for states with similar characteristics.

Divide & Recombine for Big Data Analysis for Cybersecurity – Application of DNS Blacklist Query Study

Ashrith Barthur, Dr. William S. Cleveland, John Gerth

http://www.cerias.purdue.edu/assets/symposium/2014-posters/1D1-D96.pdf

D&R is a statistical approach to big data that provides comprehensive, detailed analysis. This is achieved because almost any analytic method from machine learning, statistics, and visualization can be applied to the data at their finest level of granularity. D&R also enables feasible, practical computation because the computations are largely embarrassingly parallel. Our work has two core threads. 1. Tailor the D&R environment to analyse big data in cybersecurity. 2 Apply this tailored environment the Spamhaus traffic at the Stanford University mirror.

Policy, Law and Management

Confidentiality Guidelines for Cloud Storage

Joseph Beckman, Matthew Riedle, Hans Vargas

http://www.cerias.purdue.edu/assets/symposium/2014-posters/638-07D.pdf

As cloud computing is becoming more popular among the average user, and even governments, the question arises of how secure the data stored in the cloud. Guidelines have been established by FedRAMP that evaluate certain security protocols for cloud providers like Google Drive and Amazon Web Services. This project will examine the confidentiality and access control guidelines for Amazon’s S3 data storage, looking to see if they are sufficient for current and future markets.

Cyber 9/12 Student Challenge: Team Purdue Cyber Forensics

Rachel Sitarz, Eric Katz, Nick Sturgeon, & Jake Kambic

http://www.cerias.purdue.edu/assets/symposium/2014-posters/125-226.pdf

The four Purdue Cyber Forensics graduate students competed in the Cyber 9/12 Student Challenge. They were asked to take on the role of the Cyber Security Directorate of the National Security Staff. They had to create four policy response alternatives, to a fcitional major cyber incident, that affected the US National Security. They were tasked with creating the four policies, then presenting the policies to experts in Cyber Security policy in Washington DC.

DC3 Digital Forensics Challenge

Will Ellis, Jake Kambic, Eric Katz, Sydney Liles

http://www.cerias.purdue.edu/assets/symposium/2014-posters/06E-C7C.pdf

This poster is designed to show the accomplishments of team or11–, winners of the 2013 Defense Cyber Crime Center’s Cyber Forensics Challenge. This is the largest and most prestigious cyber forensics competition in the world. Going up against over 1,200 competing teams, Purdue’s team took 1st place in US and global graduate division.

Implementing Bayesian Statistics from an Analysis of Competing Hypothesis Framework

Brian Curnett and Samuel Liles

http://www.cerias.purdue.edu/assets/symposium/2014-posters/423-BAF.pdf

The Analysis of Competing Hypotheses system is a decision analysis tool developed by the intelligence community to aid analysts in decision making. It was first developed by Richards J. Heuer to help analysts keep their biases in check when making important decisions. This system’s effectiveness can be furthered to counter forms of deception and cultural bias by implementing a Bayesian Belief Network and by quantifying cultural trends.

Netherland’s Cyber Capabilities

Hans Vargas

http://www.cerias.purdue.edu/assets/symposium/2014-posters/5C4-B69.pdf

The purpose of this study was to perform a OSINT analysis of the Netherlands capabilities to protect itself from cyber-attacks. A list of all possible and typical Actors were identified as they represent different levels of threats to this nation, the table at the left explains in detail who those actors are, what their intentions might be, the level of expertise they are expected to have, and finally the more likely targets that they might attack. The Netherlands has a population of close to 18 million people with as estimated GDP of 696 billion USD and a per capita of 41,000 USD, which represents in the world rank, 23rd and 12th respectively. It comes as not surprise that its ICT rank is also high, occupying 7th place in the word from 2012.

Saudi Arabian Policy on Cyber Capabilities

Brian Curnett and Samuel Liles

http://www.cerias.purdue.edu/assets/symposium/2014-posters/736-4CD.pdf

Saudi Arabia is a major player in the arena of world politics. However they are only a fledgling nation in the field of cyber arena and is still trying to bring itself into the modern era. It is the Saudi Arabian policy of replacing cyber security with cyber censorship which led to the vulnerabilities which exposed then nation’s oil industry to attack. As a compensatory mechanism foreign nation’s contractors to solve technical problems rather than developing a domestic knowledge base. This has made the nation of Saudi Arabia more vulnerable for the long term.

South Korea ICT Index Leader Cyber Assessments

Faisal Alaskandrani, Dr. Samuel Liles

http://www.cerias.purdue.edu/assets/symposium/2014-posters/889-AE7.pdf

did South Korea neglect the security aspect while developing its telecommunication infrastructure?

Technological Impact of Criminal Enterprises: The Impact of Cloud Computing:

Rachel Sitarz, Sam Liles

http://www.cerias.purdue.edu/assets/symposium/2014-posters/C58-160.pdf

Cloud computing is an abstract term, which is often difficult for people to understand, yet most are moving to the cloud to store data. Criminal organizations are also utilizing the cloud of data storage, transmission, and communications, which led to the research question of, how are current criminal organizations structuring their criminal enterprises, and how does technology impact the structure? The current project is exploratory, making comparison of current criminal organizations with historical groups and maintains that those groups that are utilizing the cloud are no different than historical criminals. They simply are utilizing a new medium to facilitate their criminal activity. Criminal organizations have typically maintained a hierarchal and organizational structure. With the developments of technology, such as the cloud, groups are continuing to maintain enterprise structure, but allowing for geographically disparate transmission of data. This also leads to the potential problem of remote destruction of evidence, when Law Enforcement executes searches on a party or parties, within the organization. Criminals have taken to the technological advancements for many reasons, such as the anonymity factor, the expertise needed by law enforcement to apprehend criminals, and the ease of access. Technological advancements are often taken for granted, but is something that needs to be considered in the apprehension of criminals and the combat of criminal activity.

The Efficacy of Case Studies for Teaching Policy in Engineering and Technology Courses

Rylan Chong, Dr. Melissa Dark, Dr. Ida Ngambeki, and Dr. Dennis Depew

http://www.cerias.purdue.edu/assets/symposium/2014-posters/A5D-F63.pdf

Public policy is an increasingly important topic in the engineering and technology curriculum as it has been recognized by a community of experts, National Research Council of the National Academies (NRCNA), Accreditation Board for Engineering and Technology (ABET), American Association for the Advancement of Science (AAAS), and the National Academy of Engineering (NAE). The purpose of this study was to extend the work of Chong, Depew, Ngambeki, and Dark “Teaching social topics in engineering: The case of energy policy and social goals” by exploring a method to introduce public policy using a case study approach to undergraduate engineering technology students in the engineering economics course in the College of Technology at Purdue University. The substantive contribution of this study addressed the following questions: 1) did the students understand and identify the policy context, 2) how effective was the use of case studies to introduce the students to policy, and 3) areas of improvement to enhance efficacy of the case studies to introduce students to policy?

The Impact of University Provided Nurse Electronic Medical Record (EMR)Training on Hospital Provider Systems: A Computer Simulation Approach

James Anderson, Elizabeth Borycki, Andre Kushniruk, Shannon Malovec, Angela Espejo, Marilyn Anderson

http://www.cerias.purdue.edu/assets/symposium/2014-posters/67A-535.pdf

Hospitals lose valuable productivity when nurses are off of the unit for electronic medical record system (EMR) training. Universities lose valuable clinical training hours when students are required to learn various EMR systems at clinical sites during clinical rotations. Centralizing EMR training within the university classroom curriculum could provide the hospital with trained new hires while preserving student clinical time for bedside care. Through this study we investigated the cumulative influence of integrating EMR training in nursing classroom curriculum on hospital nurse time away from caregiving and number of EMR trained nurses. A computer simulation model was specified using the STELLA program. The model simulated once a year hiring of nurses over a 4 year period for a total of 500 new hires. The model predicted the number of new hires that need EMR training, the number of new hires that arrive trained by the University, and the time away from caregiving to train new hires in terms of change in University curriculum to include EMR training. Findings indicate that efficiency of clinical training can be potentially improved by centralizing EMR training within the nursing curriculum. Integrating EMR training in nursing classroom curriculum potentially results in more available time for nurse bedside care and reduced cost in health organization training of new nurses. Further investigation is needed to assess the cost impact of curricular integration.

The Irish Economy’s Vulnerability to Cyber Conflict

Courtney Falk

http://www.cerias.purdue.edu/assets/symposium/2014-posters/68A-4A1.pdf

Information technology comprises a quarter of Ireland’s GDP. This project aims to answer the question of whether or not the Irish government is adequately prepared to protect this vulnerable sector of their economy.

Threats, Vulnerabilities, and Security Controls in Cloud Computing

Hans Vargas, Temitope Toriola

http://www.cerias.purdue.edu/assets/symposium/2014-posters/47D-18C.pdf

In cloud computing, information is not stored on your personal computer it is stored on the cloud. The cloud is a metaphor for the Internet. The cloud can be accessed by any computer anywhere in the world. This includes devices such as cell phone and kindle. Personal computers have limited space and often run out of resources. The equipment cannot keep up with the demand and the service slows down. The cloud can do anything it has no limits. The cloud takes the work off of one computer and puts the software into one database that many people can access at once from different computers. However there is risk in using cloud computing. Unauthorized people such as hackers may be able to get to your data as well. Cloud providers are companies that host cloud services and are in charge of protecting your data. They use many methods to protect your data in the cloud and keep it from hackers. This research investigates cloud providers to see if they are protecting cloud data like they claim to be.

Prevention, Detection and Response

A Critical Look at Steganographic Investigations

Michael Burgess

http://www.cerias.purdue.edu/assets/symposium/2014-posters/6DA-2BF.pdf

Steganography, the practice of hiding hidden information in plain sight, has been a threat for hundreds of years in different medium. In today’s world, hiding files and information digitally inside of images, audio, programs, and most any other file-type could pose a very real danger when two individuals are communicating without anyone knowing they are doing so. Researcher Michael Burgess designed a process and made a tool that takes any file and injects (and extracts) it inside of any mono wave file, as long as the wave file is approximately double the size of the target hidden file. The resulting file has the same size and properties of the original wave file, and no difference can be heard by the human ear. Alongside, all current anti-stego tools have a difficult time detecting that anything is hidden. With a tool as simple as this being able to pass by detection, steganographic investigations need to be taken much more seriously, and include more discovery of these tools rather than the files themselves.

Analysis of Cyberattacks on UASs in Simulation

Scott Yantek, James Goppert, Nandagopal Sathyamoorthy, Inseok Hwang

http://www.cerias.purdue.edu/assets/symposium/2014-posters/60D-1F6.pdf

Unmanned aerial systems (UASs) have attained widespread use in military and research applications, and with recent court rulings their commercial use is rapidly expanding. Because of their dependence on computer systems, their high degree of autonomy, and the danger posed by a loss of vehicle control, it is critical that the proliferation of UASs be accompanied by a thorough analysis of their vulnerabilities to cyberattack. We approach the issue from a controls perspective, assuming the attacker has already gained some amount of control over the system. We then investigate vulnerabilities to certain types of attacks.

Communications, Information, and Cybersecurity in Systems-of-Systems

Cesare Guariniello, Dr. Daniel DeLaurentis

http://www.cerias.purdue.edu/assets/symposium/2014-posters/762-07D.pdf

The analysis of risks associated with communications, and information security for a system-of-systems is a challenging endeavor. This difficulty is due to the interdependencies that exist in the communication and operational dimensions of the system-of-systems network, where disruptions on nodes and links can give rise to cascading failure modes. In this research, we propose the application of a functional dependency analysis tool, as a means of analyzing system-of-system operational and communication architectures. The goal of this research is to quantify the impact of attacks on communications, and information flows on the operability of the component systems, and to evaluate and compare different architectures with respect to their robustness and resilience following an attack. The model accounts for partial capabilities and partial degradation. By comparing architectures based on their sensitivity to attacks, the method can be used to guide decision both in architecting the system-of-systems and in planning updates and modifications, accounting for the criticality of nodes and links on the robustness of the system-of-systems. Synthetic examples show conceptual application of the method

Distributed Fault Detection and Isolation for Kalman Consensus Filter

Kartavya Neema, Daniel DeLaurentis

http://www.cerias.purdue.edu/assets/symposium/2014-posters/5B1-A88.pdf

This research deals with the problem of developing a distributed fault detection methodology for recently developed distributed estimation algorithm called Kalman Consensus Filter (KCF). We extended the residual covariance matching techniques, developed for detecting faults in centralized Kalman filters, and use it for distributed fault detection in KCF. Faults present due to faulty sensor measurements are diagnosed and isolated from the system. Specifically, faults due to change in sensor noise statistics and outliers in the sensor measurements are considered. We further develop a Robust Kalman Consensus Filter algorithm and demonstrate the effectiveness of the algorithm using simulation results.

End to End Security in Service Oriented Architecture

Mehdi Azarmi, Bharat Bhargava

http://www.cerias.purdue.edu/assets/symposium/2014-posters/AB0-BBB.pdf

With the explosion of web-based services and increasing popularity of cloud computing, Service-Oriented Architecture is becoming a key architectural style for the development of distributed applications. However, there are numerous security challenges in SOA that need to be addressed. In this poster, we discuss the key security challenges in SOA and propose two solutions. These solutions are: a framework for end to end policy monitoring and enforcement; and secure and adaptive service composition.

INSuRE — Information Security Research and Education

PI: Dr. Melissa Dark, CoPI: Brandeis Marshall, Project Team: Courtney Falk, L. Allison Roberts, Filipo Sharevski

http://www.cerias.purdue.edu/assets/symposium/2014-posters/B4D-540.pdf

The INSuRE project is an attempt to pilot and scale, and then again pilot and scale a sustainable research network that 1) connects institution-level resources, University enterprise systems, and national research networks; 2) enables more rapid discovery and recommendation of researchers, expertise, and resources; 3) supports the development of new collaborative science teams to address new or existing research challenges; 4) exposes and engages graduate students in research activity of national priority at participating institutions; 5) provides for the development and sharing of tools that support research, and, 6) facilitates evaluation of research, scholarly activity, and resources, especially over time.

Log-Centric Analytics for Advanced Persistent Threat Detection

Shiqing Ma, Xiangyu Zhang, Dongyan Xu

http://www.cerias.purdue.edu/assets/symposium/2014-posters/DC5-04B.pdf

Today’s enterprises face increasingly significant threats such as advanced persistent threats(APTs). Unfortunately, current cyber attack defense technologies are not catching up with the attack trends. Meanwhile, enterprises continue to generate large volume of logs and traces at system, application, and network levels and they remain under-utilized in cyber attack detection. We present an integrated framework for advanced targeted attack detection. Our framework consists of two major components: LogIC(Log-based Investigation of Causality): a fine-grain system logging and causal analysis tool which enables high-accuracy causal analysis of system log generated by an individual machine, and LogAn(Log Analytics): a “Big Data” analyzer and correlator on end-system and network logs which enables advanced targeted attack detection by querying and correlating logs across machines in an enterprise. The key idea behind LogIC is to partition the execution of a long-running application process into multiple finer-grain “execution units” for high causal analysis accuracy, without application source code. The key idea behind LogAn is to leverage the single-host causal analysis results to detect an enterprise-wide APT, via causal graph recognition and context correlation.

Making the Case of Digital Forensics Field Training for Parole Services

Chris Flory

http://www.cerias.purdue.edu/assets/symposium/2014-posters/F1A-504.pdf

The purpose of my research is to provide insight into the need for digital forensic field training for parole services. The current system utilized by most parole agencies is inefficient, costly, and disadvantageous to public safety. Basic forensic field training and digital equipment for parole agents could reduce arrest times, taxpayer costs, and increase public safety.

Periodic Mobile Forensics

Eric Katz

http://www.cerias.purdue.edu/assets/symposium/2014-posters/137-661.pdf

Android devices are becoming more pervasive. Currently there are few enterprise methods to identify and measure malicious user and application behavior in order to detect when a compromise has occurred. Research being conducted at MITRE in conjunction with Purdue is looking at over the air (OTA) methods to determine when a phone has been compromised and how it can best be detected.

Robust Hybrid Controller Design: Cyber Attack Mitigation Strategy for Cyber-Physical Systems

Cheolhyeon Kwon and Inseok Hwang

http://www.cerias.purdue.edu/assets/symposium/2014-posters/531-FF5.pdf

This paper considers the controller design for Cyber-Physical Systems (CPSs) that is robust to various types of cyber attacks. While the previous studies have investigated a secure control by assuming a specific types of attack strategy, in this paper we propose a hybrid robust control scheme that contains multiple sub-controllers, each matched to a different type of cyber attacks. Then the system can be adapted to various cyber attacks (including those that are not assumed for sub-controller design) by switching its sub-controllers to achieve the best performance. We propose a method for designing the secure switching logic to counter all possible cyber attacks and mathematically verify the system’s performance and stability as well. The performance of the proposed control scheme is demonstrated by an example of the hybrid H 2 – H infinity controller applied to a CPS subject to cyber attacks.

Text-based Approaches to Detect Phishing Attacks

Gilchan Park, Lauren Stuart, Julia M. Taylor, Victor Raskin

http://www.cerias.purdue.edu/assets/symposium/2014-posters/410-0E0.pdf

The purpose of the first research is to report on an experiment into text-based phishing detection. The developed algorithm uses previously published work on the, so-called PhishNet-NLP, a content based phishing detection system. In particular, this research aims to analyze the keywords that lead used to do some actions in email texts. The algorithm produced the considerable results in filtering out malicious emails (TPR); however, the rate of text falsely identified as phishing (FPR) needed to be addressed. To solve the FPR problem, tradeoff between TPR and FPR was performed to reduce the FPR while minimizing the decrease in the phishing detection accuracy. The second research’s aim is to compare the results of computer and human ability to detect phishing attempts. Two series of experiments were conducted, one for machine and the other one for humans, using the same dataset, and both were asked to categorize the emails into phishing or legitimate. The results prove that machine and human subjects differ in classification of phishing emails. This comparison suggests that humans intelligence to detect some types of phishing emails that machine could not recognize needs to be semantically computerized so as to ameliorate the machine’s phishing detection ability.

The Case of Using Negative (Deceiving) Information in Data Protection

Mohammed Almeshekah, Mikhail Atallah and Eugene Spafford

http://www.cerias.purdue.edu/assets/symposium/2014-posters/822-479.pdf

In this paper we develop a novel taxonomy of methods and techniques that can be used to protect digital information. We explore complex relationships among these protection techniques grouped into four categories. We present analysis of these relationships and discuss how can they be applied at different scales within organizations. We map these protection techniques against the cyber kill-chain model and discuss some findings. Moreover, we identify the use of deceit as a useful protection technique that can significantly enhance the security of computer systems. We posit how the well-known Kerckhoffs’s principle has been misinterpreted to drive the security community away from deception-based mechanisms. We examine advantages these techniques can have when protecting our information in addition to traditional methods of denial and hardening. We show that by intelligently introducing deceit in information systems, we not only lead attackers astray, but also give organizations the ability to detect leakage; create doubt and uncertainty in leaked data; add risk at the adversaries’ side to using the leaked information; and significantly enhance our abilities to attribute adversaries. We discuss how to overcome some of the challenges that hinder the adoption of deception-based techniques.

Cyberinfrastructure Training and InfoShares about Big Red II, Karst and Mason.


Cyberinfrastructure Training and InfoShares

  • Getting Started on Big Red II, Karst and Mason

Getting started on Big Red II

Big Red II is Indiana University’s main system for high-performance parallel computing. With a theoretical peak performance (Rpeak) of one thousand trillion floating-point operations per second (1 petaFLOPS), Big Red II is among the world’s fastest research supercomputers. Owned and operated solely by IU, Big Red II is designed to accelerate discovery in a wide variety of fields, including medicine, physics, fine arts, and global climate research, and enable effective analysis of large, complex data sets (i.e., big data).

Big Red II is a Cray XE6/XK7 supercomputer with a hybrid architecture providing a total of 1,020 compute nodes:

  • 344 CPU-only compute nodes, each containing two AMD Opteron 16-core Abu Dhabi x86_64 CPUs and 64 GB of RAM
  • 676 CPU/GPU compute nodes, each containing one AMD Opteron 16-core Interlagos x86_64 CPU, one NVIDIA Tesla K20 GPU accelerator with a single Kepler GK110 GPU, and 32 GB of RAM

Big Red II runs a proprietary variant of Linux called Cray Linux Environment (CLE). In CLE, compute elements run a lightweight kernel called Compute Node Linux (CNL), and the service nodes run SUSE Enterprise Linux Server (SLES). All compute nodes are connected through the Cray Gemini interconnect.

Following is a selection of IU Knowledge Base documents to help you get started using Big Red II. For additional documentation, search the Knowledge Base.For a printable summary of helpful Big Red II information, download the Big Red II cheatsheet (in PDF format). For slides and lab files from past high-performance computing workshops, see the Research Technologies CI Training page.

On this page:


System overview

Accounts, access, and user policies

Programming environment

Running jobs

X forwarding and interactive jobs

Application-specific help

Getting help

Support for research computing systems at Indiana University is provided by various units within the Systems area of theResearch Technologies division of UITS:

To ask any other question about Research Technologies systems and services, use the Request help or information form.


Getting started on Karst

Karst (karst.uits.iu.edu) is Indiana University’s newest high-throughput computing cluster. Designed to deliver large amounts of processing capacity over long periods of time, Karst’s system architecture provides IU researchers the advanced performance needed to accommodate high-end, data-intensive applications critical to scientific discovery and innovation. Karst also serves as a “condominium cluster” environment for IU researchers, research labs, departments, and schools.

Karst is equipped with 256 compute nodes, plus 16 dedicated data nodes for separate handling of data-intensive operations. All nodes are IBM NeXtScale nx360 M4 servers, each equipped with two Intel Xeon E5-2650 v2 8-core processors. Each compute node has 32 GB of RAM and 250 GB of local disk storage. Each data node has 64 GB of RAM and 24 TB of local storage. All nodes run Red Hat Enterprise Linux (RHEL) 6 and are connected via 10-gigabit Ethernet to the IU Science DMZ.

Karst provides batch processing and node-level co-location services that make it well suited for running high-throughput and data-intensive parallel computing jobs. Karst uses TORQUE integrated with Moab Workload Manager to coordinate resource management and job scheduling. The Data Capacitor II and Data Capacitor Wide Area Network (DC-WAN) parallel file systems are mounted for temporary storage of research data. The Modules environment management package on Karst allows users to dynamically customize their shell environments.

Following are some useful documents to help you get started running compute jobs on Karst:

On this page:


System overview

Accounts, access, and user policies

Programming environment

Running jobs

X forwarding and interactive jobs

Application-specific help

Getting help

Support for research computing systems at Indiana University is provided by various units within the Systems area of theResearch Technologies division of UITS:

To ask any other question about Research Technologies systems and services, use the Request help or information form.


Getting started on Mason

Mason (mason.indiana.edu) at Indiana University is a large memory computer cluster configured to support data-intensive, high-performance computing tasks for researchers using genome assembly software (particularly software suitable for assembly of data from next-generation sequencers), large-scale phylogenetic software, or other genome analysis applications that require large amounts of computer memory. At IU, Mason accounts are available to IU faculty, postdoctoral fellows, research staff, and students involved in genome research. IU educators providing instruction on genome analysis software, and developers of such software, are also welcome to use Mason. IU has also made Mason available to genome researchers from the National Science Foundation’s Extreme Science and Engineering Discovery Environment (XSEDE) project.

Mason consists of 18 Hewlett-Packard (HP) DL580 servers, each containing four Intel Xeon L7555 8-core processors and 512 GB of RAM, and two HP DL360 login nodes, each containing two Intel Xeon E5-2600 processors and 24 GB of RAM. The total RAM in the system is 9 TB. Each server chassis has a 10-gigabit Ethernet connection to the other research systems at IU and the XSEDE network (XSEDENet).

Mason nodes run Red Hat Enterprise Linux (RHEL 6.x). The system uses TORQUE integrated with Moab Workload Manager to coordinate resource management and job scheduling. The Data Capacitor II and Data Capacitor Wide Area Network (DC-WAN) parallel file systems are mounted for temporary storage of research data. The Modules environment management package on Mason allows users to dynamically customize their shell environments.

Following is a selection of IU Knowledge Base documents to help you get started using Mason. For additional documentation, search the Knowledge Base. For slides and lab files from past high-performance computing workshops, see the Research Technologies CI Training page.

On this page:


System overview

Accounts, access, and user policies

Programming environment

Running jobs

X forwarding and interactive jobs

Application-specific help

Getting help

Support for research computing systems at Indiana University is provided by various units within the Systems area of theResearch Technologies division of UITS:

To ask any other question about Research Technologies systems and services, use the Request help or information form.


Cyberinfrastructure Training and InfoShares

Indiana University Pervasive Technology Institute Bibliography


Cate, F. H., The Growing Importance – and Irrelevance- of Data Protection Law, 2012 PIPA Conference, Offices of the Information and Privacy Commissioners of Alberta and British Columbia, Calgary, Canada, Nov 2012, Submitted.

Cate, F. H., and V. Mayer-Schonberger, Notice and Consent in a World of Big Data Technology Academics Policy Blog, Nov 2012, Submitted.

Shackelford, S., Southeast Academy of Legal Studies in Business (SEALSB), Southeast Academy of Legal Studies in Business (SEALSB), Miami, FL, Nov 2012, Submitted.

Cate, F. H., and B. E. Cate, The Supreme Court and Information PolicyInternational Data Privacy Law, 4, vol. 2, Nov 2012, Submitted.

Cate, F. H., J. Dempsey, and I. Rubinstein, Systematic Government Access to Private-Sector Data International Data Privacy Law, 4, vol. 2, Nov 2012, Submitted.

Shackelford, S. J., Toward Cyber Peace: Managing Cyber Attacks through Polycentric Governance American University Law Review, no. 2013, Nov 2012, Submitted.

Li, F., X. Zou, P. Liu, and Y. Chen, New threats to health data privacy BioMed Central, Nov 2011, Submitted.

Qiu, J., and S. – H. Bae, Performance of Windows Multicore Systems on Threading and MPI , Bloomington, IN, Indiana University, Nov 2010, Submitted. Abstract

Cate, F. H., Consumer Privacy in an Age of Universal and Instant Communications, Advance 2012, ID Analytics, San Diego, CA, Oct 2012, Submitted.

Cate, F. H., Is There Any Hope for Cybersecurity, Stanford University Computer Science Department, Stanford, CA, Oct 2012, Submitted.

Cate, F. H., Mr. President, We Have a Situation, 2012 CACR Cybersecurity Summit, Indianapolis, IN, Oct 2012, Submitted.

Fidler, D. P., Mr. President, We Have a Situation, 2012 CACR Cybersecurity Summit, Indianapolis, IN, Oct 2012, Submitted.

Cate, F. H., Privacy, Law and Technology: What Happens Next?, Stanford Law School, Stanford, CA, Oct 2012, Submitted.

Cate, F. H., Private-Sector Profiling, Closed Session of the 34th International Data Protection and Privacy Commissioners’ Conference , Punta del Este, Uruguay, Oct 2012, Submitted.

Shackelford, S. J., Neither Magic Bullet Nor Lost Cause: Land Titling and the Wealth of Nation (forthcoming) New York University Environmental Law Journal , Sep 2013, Submitted.

Cate, F. H., Cate vs. Shel: The Great Cloud Debate, Statewide IT Conference, Indiana University, Bloomington, IN, Sep 2012, Submitted.

Fidler, D. P., Legal Aspects of NATO Cyber Cooperation Activities, NATO Legal Conference, Tirana, Albania, Sep 2012, Submitted.

Cate, F. H., Microsoft Global Privacy Summit (Moderator), Microsoft Global Privacy Summit, Redmond, WA, Sep 2012, Submitted.

Cate, F. H., Notice and Consent in a World of Big Data, Microsoft Corporation, Sep 2012, Submitted.

Cate, F. H., Roundtable on Cyber Threats, Objectives, and Responses (Moderator), Roundtable on Cyber Threats, Objectives, and Responses , Pentagon City, VA, Sep 2012, Submitted.

von Laszewski, G., H. Lee, J. Diaz, F. Wang, K. Tanaka, S. Karavinkoppa, G. C. Fox, and T. Furlani, Design of an Accounting and Metric-based Cloud-shifting and Cloud-seeding framework for Federated Clouds and Bare-metal Environments The International Conference on Autonomic Computing (IAC), San Jose, CA, Aug 2012, Submitted. Abstract

Cate, F. H., A Time to Act, 43rd Triennial Council of Phi Beta Kappa, Palm Beach, FL, Aug 2012, Submitted.

Ruan, G., H. Zhang, E. Wernert, and B. Plale, TextRWeb: Large-Scale Text Analytics with R on the Web Conference on Extreme Science and Engineering Discovery Environment (XSEDE’14), Atlanta, USA, Jul 2014, Submitted.

Kapadia, A., V. Garg, S. Patil, and L. Jean Camp, Peer-produced Privacy Protection IEEE International Symposium on Technology and Society , Jul 2013, Submitted.

Rundle, J., and G. Fox, Computational Earthquake Science Computing in Science & Engineering, Jul 2012, Submitted.

Welch, V., Security at the Cyberborder Workshop Report Presentation, Summer 2012 ESCC/INternet2 Joint Techs, Jul 2012, Submitted.

Zhanquan, S., and G. Fox, Study on Parallel SVM Based on MapReduce The 2012 International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas NV USA, Jul 2012, Submitted. Abstract

Zeng, J., G. Ruan, A. Crowell, A. Prakash, and B. Plale, Cloud Computing Data Capsules for Non-Consumptive Use of Texts 5th Workshop on Scientific Cloud Computing (ScienceCloud) , Vancouver, Canada, Jun 2014, Submitted.

Shackelford, S. J., Cyber Peace: Countering Cyber Attacks Around the World, IU Mini University, Bloomington, IN, Jun 2012, Submitted.

Fidler, D. P., The Ethics of ‘Non-Lethal’ Weapons, National Research Council’s Committee on Ethical and Societal Issues in National Security Applications of Emerging Technologies, Irvine, CA, Jun 2012, Submitted.

Shackelford, S. J., Fragile Merchandise: A Comparative Analysis of the Privacy Rights of Public Figures American Business Law Journal, vol. 19, no. 1, Jun 2012, Submitted.

Fidler, D. P., Inter Arma Silent Leges Redux? The Law of Armed Conflict and Cyberconflict National Security and Cyberspace: Threats, Opportunities, and Power in a Virtual World, Washington D.C., Georgetown University Press, pp. 71-87, Jun 2012, Submitted.

Cate, F. H., Overclocked: Law and Privacy in the Digital World, 2012 Bench Bar Conference, Indianapolis BAR Association, French Lick, IN, Jun 2012, Submitted.

Cate, F. H., The Supreme Court and Privacy in the Commerical Sector, The Center for Information Policy Leadership Annual Retreat, Washington, D.C., Jun 2012, Submitted.

Cate, F. H., The Growing Importance (and Irrelevance) of International Data Protection Law, 2013 Manitoba Access, Privacy, Security & Information Conference—Making Connections, Winnipeg, Canada, May 2013, Submitted.

Barnett, W. K., and R. LeDuc, Next Generation Cyberinfrastructures for Next Generation Sequencing and Genome Science, The AAMC 2013 Information Technology in Academic Medicine Conference Vancouver, CA. June 5, 2013 , Vancouver, CA., May 2013, Submitted.

 Download: 2013_aamc_gir_ncgas-barnett-final.pptx (12.99 MB)

Cate, F. H., The Promise and Perils of Personal Information in Healthcare, 2nd Annual Western Canada Health Information Privacy Symposium, May 2013, Submitted.

Cate, F. H., The Promise and Perils of Personal Information in Healthcare, Monroe-Owen County Medical Society Annual Meeting, Bloomington, Indiana, May 2013, Submitted.

, Accelerating System Software for Extreme Scale Computing – Keynote Address, ATIP/A*CRC Workshop on Accelerator Technologies for HPC, Singapore, May 2012, Submitted.

Jallalbarsari, V., and D. Leake, Customizing Question Selection and Facilitating Flexible Response in Conversational Case-Based Reasoning Twenty-Fifth Florida Artificial Intelligence Research Society Conference, Marco Island, FL USA, AAAI Press, May 2012, Submitted.

Fidler, D. P., Inter Arma Silent Leges Redux? Law of Armed Conflict and Cyberconflict NATIONAL SECURITY AND CYBERSPACE, May 2012, Submitted.

Fidler, D. P., The Internet, Human Rights, and U.S. Foreign Policy: The Global Online Freedom Act of 2012 AMERICAN SOCIETY OF INTERNATIONAL LAW INSIGHTS, May 2012, Submitted.

Huan, T., X. Wu, Z. Bai, and J. Y. Chen, Seed-weighted Random Walk Ranking for Cancer Biomarker Prioritization: a Case Study in Leukemia International Journal of Data Mining and Bioinformatics, May 2012, Submitted.

Mitchell, J. E., D. J. Crandall, G. C. Fox, and J. D. Paden, A SEMI-AUTOMATIC APPROACH FOR ESTIMATING NEAR SURFACE INTERNAL LAYERS FROM SNOW RADAR IMAGERY IGARSS 2013 Sunday 21 – Friday 26 July 2013 IEEE International Geoscience and Remote Sensing Symposium, Melbourne, Australia “Building a Sustainable Earth through Remote Sensing”, May 15 2013, Submitted.

Ozsoy, A., A. Chauhan, and M. Swany, Achieving TeraCUPS on Longest Common Subsequence Problem using GPGPUs IEEE Supercomputing 2013 (SC13), Apr 2013, Submitted.

Cate, F. H., Cybersecurity Threats and Policy Issues, Board of Directors of the IU Credit Union retreat, French Lick, Indiana, Apr 2013, Submitted.

Cate, F. H., Privacy Principles for the 21st Century, Privacy Policy Workshop at Microsoft Corporation, Redmond, Washington, Apr 2013, Submitted.

Gunarathne, T., B. Salpitikorala, A. Chauhan, and G. Fox, Iterative Statistical Kernels on Contemporary GPUs International Journal of Computational Science and Engineering, Apr 2012, Submitted.

Wang, L., G. von Laszewski, S. Marru, J. Tao, and M. Kunze, Schedule Distributed Virtual Machines in a Service Oriented Environment, talk not presented due to visa issues, 24th IEEE International Conference on Advanced Information Networking and Applications (AINA’10), Perth, Australia, Apr 2010, Submitted.

 Download: aina10.pdf (1.11 MB)

Anderson, M., talk: Improving scaling constrained applications using ParalleX, {Pervasive Technology Institute Major Project Review, Bloomington, IN} year = 2012, Apr , Submitted.

Adusumilli, P., Y. Sui, X. Zou, B. Ramamurthy, and F. Li, A Key Distribution Scheme for Distributed Group with Authentication Capability International Journal of Performability Engineering, vol. 8, no. 2, Mar 2012, Submitted. Abstract

Fidler, D. P., Tinker, Tailor, Soldier, Duqu: Why Cyberespionage is More Dangerous than You Think INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, vol. 5, no. 1, Mar 2012, Submitted.

Anderson, M., talk: Graphs in Adaptive Mesh Refinement, {PXGL Kickoff meeting, Bloomington, IN} year = 2012, Mar , Submitted.

Sterling, T., Connections for Coordination of DOE Exascale Research and Development, Livermore, California, Prsentation at the DOE Exascale Ecosystem Coordination Meeting, Feb , Submitted.

, , Submitted.

Myers, S. A., M. Sergi, and A. Shelat, Black-Box Proof of Knowledge of Plaintext and Multiparty Computation with Low Communication Overhead Proceedings of 10th Annual Theory of Cryptography Conference, Submitted.

Kowalczyk, S., L. Auvil, and M. Chen, HTRC demo and hands-on, The 13th ACM/IEEE-CS joint conference on Digital libraries, Indianapolis, IN, Submitted.

In Press

Huan, T., X. Wu, Z. Bai, and J. Y. Chen, Seed-weighted Random Walk Ranking for Cancer Biomarker Prioritization: a Case Study in Leukemia International Journal of Data Mining and Bioinformatics, May 2012, In Press.

Springer, J., F. Zhang, P. Hussey, C. Buck, F. Regnier, and J. Y. Chen, Towards a Metadata Model for Mass-Spectrometry Based Clinical Proteomics Current Bioinformatics, vol. 7, no. 4, May 2012, In Press.

2015

Bhattacharyya, S., and M. Chen, HathiTrust Research Center: Large-Scale Computational Analysis on the World’s First Massive Digital Library, Workshop, Linguistic Society of America (LSA)’s Biennial Linguistic Institute, Chicago, IL, Jul 2015. Abstract

2014

Plale, B., Bridging Digital Humanities Research and Large Repositories of Digital Text, 2nd Encuentro de Humanistas Digitales, Biblioteca Vasconcelos, Mexico City, Mexico, May 21 2014.

Organisciak, Peter, B. Plale, S. J. Downie, and L. Auvil, Panel Discussion: ‘The HathiTrust Research Center.’, Chicago Colloquium on Digital Humanities and Computer Science (DHCS 2014), Northwestern University, Evanston, Illinois, Oct 2014. Abstract

Organisciak, P., S. Bhattacharyya, L. Auvil, and S. J. Downie, Large-scale text analysis through the HathiTrust Research Center, Digital Humanities 2014 (DH2014) Conference, Lausanne, Switzerland, Jul 2014.

Run, G., H. Zhang, E. Wernert, and B. Plale, TextRWeb: Large-Scale Text Analytics with R on the Web XSEDE 2014, Atlanta, GA USA, Jul 2014.

 Download: xsede_14_-_xsede.pdf (11.29 KB)

Ando, M., J. Sotomil, and H. Zhang, Visualizing and Correlating Fluorescence and Microfocus Computed Tomograph (uCT) Images of White-spot Lesions The 61th Congress of the European Organisation for Caries Research , Greifswald, Germany, Jul 2014.

 Download: hui_zhang_-_publications.pdf (16.93 KB)

Chen, M., HathiTrust Research Center: Technical Challenges, Open Syllabus Project (OSP) Workshop, June 6-7, 2014, New York, NY., Jun 2014.

Ping, R. J., R. LeDuc, M. R. Link, S. A. Michael, and E. A. Wernert, UITS Research Technologies Cyberinfrastructure for Researchers: IUSE InfoShare 2014, Indiana University Southeast, Library (x2) and Natural Sciences Building, Apr 2014.

 Download: 2014iuse_uits-rt-infoshare.pdf (2.64 MB)

M.Ando, T. Sakagami, H. Zhang, G. J. Eckert, and D. Zero, Evaluation of Natural Non-cavitated Caries Lesions for Severity and Activity AADR Annual Meeting & Exhibition , Charlotte, NC, USA, Mar 2014.

 Download: archives.cgi_.pdf (24.28 KB)

Chen, M., HathiTrust Research Center: Challenges and Opportunities in Big Text Data, Digital Library Brown Bag, Indiana University Bloomington Libraries., Mar 2014.

Chen, M., Opportunities and Challenges of Text Mining HathiTrust Digital Library, Computational Linguistics Seminar, Indiana University Bloomington, Feb 2014.

2014

Xu, L., H. Zhang, and Y. C, Cooperative Gazing Behaviors in Multi-robot Human Interaction Journal of Interaction Studies, vol. Volume 14, no. Issues (14:3), Jan 2014.

 Download: john_benjamins_publishing_company.pdf (148 bytes)

Bhattacharyya, S., and R. Mehta, Investigating Writer’s Attitudes by Mining a Large Corpus of Books: Preliminary Research, Postdoctoral Research Symposium, Society of Postdoctoral Scholars, University of Illinois, Urbana-Champaign, Jan 2014.

Downie, S. J., K. Dougan, S. Bhattacharyya, and C. Fallaw, The HathiTrust Corpus: A Digital Library for Musicology Research? First International Digital Libraries for Musicology Workshop (DLfM 2014), London, UK, 2014. Abstract

York, J., and S. Bhattacharyya, Humanistic inquiry with large corpora of digitized text and metadata: Towards new epistemologies? Workshop, 130th Annual Conference of the Modern Language Association (MLA), Vancouver, Canada, 2014.

2013

Fox, G., T. Hey, and A. Trefethen, Where does all the data come from? “Data Intensive Science” , January 25 2013.

Fox, G., Distributed Data and Software Defined Systems BDEC Big Data and Extreme-Scale Computing Charleston April 30 to May 01, Renaissance Charleston Historic District Hote, April 20 2013.

Cole, T., and H. Green, Workset Creation for Analysis — an HTRC initiative, Coalition for Networked Information (CNI) Membership Meeting, Washington, DC., Dec 2013.

Downie, S. J., The Workset Creation for Scholarly Analysis (WCSA) Prototyping Project: Background and goals, Chicago Colloquium on Digital Humanities and Computer Science, Chicago, IL, Dec 2013.

Dunn, J. W., and S. Elnabli, Avalon Media System, Association of Moving Image Archivists, Seattle, Washington, Dec 2012, 2013.

2013

McDonald, R. H., Kuali OLE Seminar, National and University Libraries (SCONUL-UK), London, UK, Dec 2012, 2013.

Winkler, M., and R. H. McDonald, Kuali OLE: A Community Collaboration in Software for and by Libraries. Information Standards Quarterly (ISQ) , vol. 24(4) , Dec 2012, 2013.

Swany, M., Challenges and Solutions in Large Scale Data Movement, Supercomputing 2013, Denver, CO, Nov 2013.

Reagan, D., E. Vesperini, A. L. Varri, P. Beard, and C. Eller, Early Evolution of a Star Cluster in the Galactic Tidal Field, Supercomputing 2013 Visualization Showcase, Denver, Colorado, Nov 2013.

Kissel, E., M. Swany, B. Tierney, and E. Pouyoul, Efficient wide area data transfer protocols for 100 Gbps networks and beyond In Proceedings of the Third International Workshop on Network-Aware Data Management (NDM ’13), Denver, CO, Nov 2013.

Reagan, D., A. S. Schneider, C. J. Horowitz, J. Hughto, D. K. Berry, E. A. Wernert, and C. Eller, Nuclear Pasta, Supercomputing 2013 Visualization Showcase, Denver, Colorado, Nov 2013.

Plale, B., Opportunities and Challenges of Text Mining HathiTrust Digital Library, Koninklijke Bibliotheek, Den Haag, Netherlands, Nov 2013. Abstract

Ping, R. J., K. Seiffert, J. Tillotson, G. Turner, and K. Kallback-Rose, Ready, Set, Robots!: Early development of K-12 in STEM, The International Conference for High Performance Computing, Networking, Storage and Analysis (SC13),http://sc13.supercomputing.org/, Denver, CO, Nov 2013. Abstract

 Download: readysetrobotspresentation.pdf (15.02 MB)

Ozsoy, A., A. Chauhan, and M. Swany, Towards Tera-scale Performance for Longest Common Subsequence using Graphics Processors, Poster at International Conference for High Performance Computing, Networking, Storage and Analysis , Denver, CO, Nov 2013.

McDonald, R. H., S. Liyanage, M. Pathirage, Z. Peng, J. Zeng, G. Ruan, and M. Chen, Using Hathi Trust Center Tools, Catapult Workshop., Bloomington, IN, Nov 2013.

Hess, K., S. J. Downie, T. Cole, and H. Green, Workset Creation for Scholarly Analysis: Preliminary Research at HathiTrust Research Center, Community Idea Exchange presented at: DLF Forum 2013, Austin, TX, Nov 2013.

El-Khamra, Y., N. Gaffney, D. Walling, E. Wernert, W. Xu, and H. Zhang,Performance evaluation of R with Intel Xeon Phi Coprocessor First Workshop on Benchmarks, Performance Optimization, and Emerging hardware of Big Data Systems and Applications (BPOE 2013), in conjunction with 2013 IEEE International Conference on Big Data (IEEE Big Data 2013), Silicon Valley, CA, USA, Oct 2014, 2013.

 Download: ieee_xplore_abstract_-_performance_evaluation_of_r_with_intel_xeon_phi_coprocessor.txt (11.22 KB)

Boyles, M., D. Chattopadhyay, and D. Bolchini, Advanced Visualization and Collaboration using IQ-Walls, Indiana University Statewide IT Conference, Bloomington, IN, Oct 2013.

Frend, C., Augmented Reality at IU, Indiana University Statewide IT Conference, Bloomington, IN, Oct 2013.

Plale, B., Big Data Opportunities and Challenges for IR, Text Mining and NLP, Int’l Workshop on Mining Unstructured Big Data Using Natural Language Processing (MNLP 2013), co-located with ACM Int’l Conference on Information and Knowledge Management, San Francisco, CA, Oct 2013.

Underwood, T., M. Black, L. Auvil, and B. Capitanu, Mapping Mutable Genres in Structurally Complex Volumes 2013 IEEE International Conference on Big Data, Santa Clara, CA, Oct 2013.

Luo, Y., E. Kissel, B. Plale, and M. Swany, Network Transfer over Pacific Rim on PRAGMA Cloud, The 25th Workshop of Pacific Rim Applications and Grid Middleware Assembly (PRAGMA25) , Beijing, China, Oct 2013.

Zhou, Q., and B. Plale, Provenance Collection of Biodiversity Analysis on PRAGMA Cloud for Data Sharing, The 25th Workshop of Pacific Rim Applications and Grid Middleware Assembly (PRAGMA25) , Beijing, China, Oct 2013.

Plale, B., Big Data and Open Access: On Track for Collision of Cosmic Proportions?, 2nd Int’l LSDMA-Symposium – The Challenge of Big Data in Science – with a focus on Big Data Analytics, Karlsruhe, Germany, Sep 2013.

Stewart, C. A., M. R. Link, and D. Y. Hancock, Big Red II & Supporting Infrastructure, IEEE Cluster 2013, Indianapolis, Indiana, Sep 2013.

Stewart, C. A., Goodbye from Indianapolis, IUPUI, and IEEE Cluster 2013, Cluster 2013, Indianapolis, Indiana, Sep 2013.

Kowalczyk, S., K. Hess, and L. Auvil, Hands On: Workset Builder, Portal and SEASR., HTRC UnCamp 2013, Champaign, IL, Sep 2013.

Plale, B., R. McDonald, and M. Chen, The HathiTrust Research Center (HTRC): Exploration of the World’s First Massive Digital Library, Digital HPS (History and Philosophy of Science) workshop, Indiana University Bloomington, Sep 2013.

2013

Shankar, A., and W. K. Barnett, HIPAA and Advanced Scientific Computing The Coalition for Academic Scientific Computation, Arlington, Va., Sep 2013.

 Download: casc_hipaa-091713.docx (117.15 KB)

Mitchell, J. E., D. J. Crandall, G. C. Fox, and J. D. Paden, A Survey of Techniques for Detecting Layers in Polar Radar Imagery Abstract for International Symposium on Radioglaciology, in conjunction with the International Glaciological Society from September 9 to 13, 2013 , CReSIS at the University of Kansas, Lawrence, Kansas, Sep 2013.

Reagan, D., W. Sherman, E. Vesperini, A. Varri, and C. Eller, Visualization of Globular Star Clusters, IEEE Cluster 2013 Visualization Showcase, Sep 2013.

Reagan, D., A. Schneider, C. Horowitz, J. Hughto, D. Berry, E. Wernert, and C. Eller, Visualization of Nuclear Pasta , IEEE Cluster 2013 Visualization Showcase, Sep 2013.

Stewart, C. A., Welcome to Indianapolis, IUPUI, and IEEE Cluster 2013, IEEE Cluster 2013, Indianapolis, Indiana , Sep 2013.

Ruan, G., H. Zhang, and B. Plale, Exploiting MapReduce and Data Compression for Data-intensive Applications XSEDE 13: Gateway to Discovery, San Diego, CA, ACM, Jul 2013. Abstract

Ruan, G., H. Zhang, and B. Plale, Exploiting MapReduce and data compression for data-intensive applications Conference on Extreme Science and Engineering Discovery Environment: Gateway to Discovery (XSEDE ’13), San Diego, CA, Jul 2013.

Kowalczyk, S. T., HathiTrust Research Center: Big Data for Digital Humanities: A Panel Discussion on Managing Big Data and Big Metadata. Joint Conference on Digital Libraries (JCDL 2013), Indianapolis, IN, ACM/IEEE, Jul 2013.

Chen, M., U. Pavalanathan, S. Jensen, and B. Plale, Modeling Heterogeneous Data Resources for Social-Ecological Research: A Data-Centric PerspectiveJoint Conference on Digital Libraries 2013 (JCDL 2013), Indianapolis, IN, Jul 2013. Abstract

Knepper, R., B. Hallock, C. A. Stewart, M. Link, and M. Jacobs, Rockhopper: a true HPC system with cloud concepts, XSEDE CONFERENCE , San Diego, CA. 92101, Jul 2013.

 Download: cluster13poster.pdf (193.34 KB)

Kanewala, T. A., M. Pierce, and S. Marru, Secure Credential Sharing in Science Gateways, XSEDE 2013 SAN DIEGO, CA, Jul 2013.

 Download: xsede13_submission_261_1_2.pdf (314.32 KB)

Zhang, H., M. J. Boyles, G. Ruan, H. Li, H. Shen, and M. Ando, XSEDE-enabled high-throughput lesion activity assessment Conference on Extreme Science and Engineering Discovery Environment: Gateway to Discovery (XSEDE ’13), San Diego, CA, Jul 2013.

Ozsoy, A., A. Chauhan, and M. Swany, Achieving TeraCUPS on Longest Common Subsequence Problem using GPGPUs The 19th IEEE International Conference on Parallel and Distributed Systems (ICPADS’13), Seoul, South Korea, Jun 2013.

2013
Edmonds, N., J. Willcock, and A. Lumsdaine, Expressing Graph Algorithms Using Generalized Active Messages International Conference on Supercomputing, Jun 2013.

McDonald, R., and Y. Sun, The HathiTrust Research Center (HTRC): An Overview and Demo, Indiana University Librarians’ Day, Indianapolis, IN, Jun 2013.

Ganote, C., and T. Doak, Intro to Bioinformatics – Assembling a Transcriptome, Presented during the Clark State student visit and workshop, Bloomington, Indiana, Jun 2013.

 Download: assemblyshort_t.pptx (260.08 KB)

LeDuc, R., Leveraging the National Cyberinfrastructure for Top Down Mass Spectrometry, Annual Conference for the American Society for Mass Spectrometry, Minneapolis, Minnesota, Jun 2013.

 Download: lightning_talk_final.pptx (602.96 KB)

LeDuc, R., and L. – S. Wu, Using Prior Knowledge to Improve Scoring in High-Throughput Top-Down Proteomics Experiments, American Society for Mass Spectrometry Annual Conference, Minneapolis, Minnesota, Jun 2013.

 Download: leduc_asms_scoring_talk-3.pptx (989.93 KB)

Wimalasena, C., S. Marru, and M. Pierce, Derivations from Science Gateway Data Management Survey, XSEDE 2013 San Diego, CA July 22-25th, 013, May 2013.

McKelvey, K., and F. Menczer, Design and Prototyping of a Social Media Observatory First International Web Observatory Workshop (WOW), Rio de Janeiro, Brazil, May 2013.

Plale, B., and Y. Sun, Digital Humanities at Scale: HathiTrust Research Center, University of Notre Dame digital humanities seminar, South Bend, IN, May 2013.

Ahn, Y. – Y., and S. Ahnert, The Flavor Network Leonardo, MIT Press Journals, vol. 46, no. 3, pp. 272-273, May 2013.

Holk, E., M. Pathirage, A. Chauhan, A. Lumsdaine, and N. D. Matsakis, GPU Programming in Rust: Implementing High-Level Abstractions in a Systems-Level Language Eighteenth International Workshop on High-Level Parallel Programming Models and Supportive Environments (HIPS’13), May 2013.

McKelvey, K., and F. Menczer, Interoperability of Social Media ObservatoriesWeb Science 2013 Workshop: Building Web Observatories, Paris, France, May 2013.

Crandall, D., Layer-finding in radar echograms using probabilistic graphical models, Radar Echo Sounding Workshop, University of Copenhagen, Copenhagen, Denmark, May 2013.

Mao, H., X. Shuai, Y. – Y. Ahn, and J. Bollen, Mobile Communications Reveal the Regional Economy in Cote D’ivoire NetMob 2013: Data for Development Challenge, Cambridge, MA, May 2013.

Lumsdaine, A., New Execution Models are Required for Big Data at Exascale, Panel presentation at Big Data and Extreme-scale Computing, May 2013.

Lumsdaine, A., The Parallel BGL: A High-Performance Parallel Graph Algorithms Library, Presentation at University of Alabama at Birmingham, May 2013.

Weng, L., J. Ratkiewicz, N. Perra, B. Goncalves, C. Castillo, R. Bonchi, FrancescoSchifanella, F. Mencer, and A. Flammini, The Role of Information Diffusion in the Evolution of Social NetworksThe 19th ACM SIGKDD conference on knowledge, discovery, and data mining. (KDD), Chicago, Illinois, May 2013.

2013
Friedley, A., Shared Memory Communication in MPI, Berkeley, CA, Presentation at Lawrence Berkeley National Laboratory, May 2013.

Cate, F. H., Accountability Through Attribution: Real Name vs. Anonymity, U.S.-China Internet Industry Forum, Beijing, China, Apr 2013.

Ozsoy, A., A. Chauhan, and M. Swany, Achieving TeraCUPS on Longest Common Subsequence Problem using GPGPUs IEEE Supercomputing 2013 (SC13), Denver, CO, Apr 2013.

Dunn, J., and C. Stewart, The Avalon Media System: An Open Sourse Audio/Video System for Libraries and Archives, Coalition for Networked Information (CNI) Membership Meeting, San Antonio, Texas, Apr 2013.

Simms, S. C., Big Red II Workshop, Big Red ll Workshop, Indiana University – Bloomington Campus, Apr 2013.

 Download: big_red_ll_workshop.pdf (372.33 KB)

Hallock, B., Cyberinfrastructure Resources for Bioinformatics Research, Bio-IT World Expo Boston MA, Apr 2013.

 Download: biwposter.pdf (410.51 KB)

Cate, F. H., Cybersecurity Challenges in Higher Education, Internet2 Annual Members Meeting, Crystal City, Virginia, Apr 2013.

Cate, F. H., Cybersecurity Challenges in Higher Education, Internet2 Annual Members Meeting, Crystal City, Virginia, Apr 2013.

Simms, S. C., Data Intensive Research Using the Lustre File System, Indiana University – Bloomington Campus, Apr 2013.

 Download: dod.pptx (14.14 MB)

Swany, M., Effective and Efficient Utilization of Networks , University of California, Santa Barbara CS Career Day 2013, Santa Barbara, CA, Apr 2013.

Knepper, R., and M. Standish, Forward Observer In-Flight Dual Copy System, U.S. Naval Academy Annapolis, Maryland, Apr 2013.

Arap, O., G. Brown, B. Himebaugh, and M. Swany, Implementing MPI_Barrier with the NetFPGA IEEE Supercomputing 2013 (SC13), Denver, CO, Apr 2013.

Plale, B., International Data Sharing, Open Access, and the Research Data Alliance, Advanced Regional & State Networks (ARNs): Envisioning the Future as Critical Partners in Data-Driven Science , Washington, D.C., Apr 2013.

Fidler, D. P., Internet Governance and the International Telecommunication Regulations, The Changing Face of Global Governance, Oxford, England , Apr 2013.

Fidler, D. P., The Jurisprudence of Cybersecurity, Big 10 Faculty Colloquium, University of Nebraska College of Law, Apr 2013.

Fidler, D. P., NATO, Cybersecurity, and International Law, Cyberconflict: Threats, Responses, and the Role of Law, St. John’s University School of Law in Queens, New York, Apr 2013.

Quick, R., Open Science Grid Campus Infrastructures Communities, EGI Community Forum Manchester UK, Apr 2013.

Quick, R., Open Science Grid Operations Overview, EGI Community Forum Manchester UK, Apr 2013.

Kulkarni, A., L. Ionkov, M. Lang, and A. Lumsdaine, Optimizing process creation and execution on multi-core architectures International Journal of High Performance Computing Applications, Apr 2013.

Sterling, T., ParalleX: Execution Models for Extreme-scale Computing, Rockville, MD, Presentation at the DOE Modeling Execution Models Program mid-term review, Apr 2013.

Cate, F. H., Password Vulnerability and Liability, Centre for Information Policy Leadership at Hunton & Williams LLP, Apr 2013.

2013
Barnett, W. K., Research Networking, CTSA Communications Key Function Committee Face-to-Face Albuquerque, NM. , Apr 2013.

Miller, J., Research Technologies’ Storage Systems, IUPUI Campus – Indianapolis, Apr 2013.

 Download: hpfs_department_presenation_20130412.pptx (2.17 MB)

Fidler, D. P., Rules of Engagement for Cyber Operations, Security Seminar Series of the IU Center on Applied Cybersecurity Research, Bloomington, Indiana, Apr 2013.

Chakraborty, A., M. Pathirage, I. Suriarachchi, K. Chandrasekar, C. Mattocks, andB. Plale, Storm Surge Simulation and Load Balancing in Azure Cloud High Performance Computing Symposium (HPC’13), San Diego, California, Society for Modeling and Simulation International (SCS) and ACM, Apr 2013. Abstract

Plale, B., Studies in Social-Ecological Systems Data Management, Inter-university Consortium for Political and Social Research (IPCSR), Ann Arbor, MI, Apr 2013.

Gupta, M., A Tale of Two Evils: Fraud and Privacy in Online Advertising, University of Illinois at Urbana-Champaign, Apr 2013.

Gupta, M., A Tale of Two Evils: Fraud and Privacy in Online Advertising, Virginia Tech (National Capital Region location) , Apr 2013.

Cate, F. H., Transforming Society and Bridging Cultural Differences via Online Services, U.S.-China Internet Industry Forum, Beijing, China, Apr 2013.

Shackelford, S. J., Unpacking the Cyber Threat, Stanford, California, Apr 2013.

Dunn, J. W., and M. Notess, The Avalon Media System: A Next-Generation Solution for Media Management and Access, The Indiana University Digital Library Brownbag Series, Bloomington, IN, Mar 2013.

Ahn, Y. – Y., Community structure in networks, DIMACS, Rutgers University, Mar 2013.

Quick, R., Computational Sciences at Indiana University (CSIU) Virtual Organization, Open Science Grid All Hands Meeting Indianapolis IN., Mar 2013.

, Cyberinfrastructure at IU and the IU Pervasive Technology Institute, Presentation for Deutsche Forschungsgemeinschaft, Mar 2013.

 Download: dfg_2013_mar_11_final_1.pptx (5.67 MB)

Cate, F. H., Effective Data Protection for the 21st Century, 2013 International Association of Privacy Professionals Global Privacy Summit, Washington, D.C., Mar 2013.

Sherman, W. R., D. Coming, and S. Su, FreeVR: honoring the past, looking to the future SPIE 8649, The Engineering Reality of Virtual Reality 2013, 864906, Mar 2013.

Sterling, T., Gaps Between Big Computing and Big Data, Jekyll island, GA, Panel at SOS-17, Mar 2013.

Barnett, W. K., and R. LeDuc, Next Generation Cyberinfrastructures for Next Generation Sequencing and Genome Science , AMIA 2013 Translational Bioinformatics Summit San Francisco, CA., Mar 2013.

Barnett, W. K., and R. LeDuc, Next Generation Cyberinfrastructures for Next Generation Sequencing and Genome Science , AMIA 2013 Translational Bioinformatics Summit San Francisco, CA. , Mar 2013.

, Participant, Web Observatory Workshop, Northwestern University, Chicago, Illinois, Mar 2013.

2013
Barnett, W. K., Presentation Skills, AAMC GIR Leadership Institute New Orleans, LA, Mar 2013.

Ghoshal, D., and B. Plale, Provenance from Log Files: a BigData ProblemBigProv’13 @ EDBT/ICDT, Genoa, Italy, ACM, Mar 2013. Abstract

Barnett, W. K., Research at Academic Health Centers, AAMC GIR Leadership Institute New Orleans LA., Mar 2013.

Pierce, M., Science Gateways, OSG All Hands Meeting , Indiana University – Purdue University 420 University Blvd. Indianapolis, IN 46202, Mar 2013.

 Download: pierce-osg-allhands2013-slides.pptx (2.78 MB)

Stewart, C. A., This was unexpected, Keynote Talk, Open Science Grid All Hand Meeting, Indianapolis, IN. , Mar 2013.

 Download: osg-all-hands_2013_mar_11_final.pptx (9.28 MB)

Sterling, T., Towards Exascale- An Arrow in Flight, Newport, RI, Presentation at the NHPCC Conference, Mar 2013.

, Tracking the diffusion of ideas in social media, School of Journalism Colloquium, INdiana University, Bloomington, Indiana, Mar 2013.

Swany, M., Unified Experiment Environment, Service Developers Roundtable, The 16th GENI Engineering Conference (GEC16), Salt Lake City, UT, Mar 2013.

Cate, F. H., Accountability in Distributed Environments, Accountability Phase V—The Essential Elements in Distributed Environments, Warsaw, Poland, Feb 2013.

Sterling, T., Connections for Coordination of DOE Exascale Research and Development, Livermore, CA, Presentation at the DOE Exascale Ecosystem Coordination Meeting, Feb 2013.

Cate, F. H., Critical Infrastructure Executive Order, Centre for Information Policy Leadership at Hunton & Williams LLP, Feb 2013.

Edmonds, N., J. Willcock, and A. Lumsdaine, Expressing Graph Algorithms Using Generalized Active MessagesPrinciples and Practice of Parallel Programming, Poster., Feb 2013.

Cate, F. H., Is There Any Hope for Cybersecurity?, Indiana University Retirees’ Association, Bloomington, Indiana, Feb 2013.

Templeman, R., Z. Rahman, D. Crandall, and A. Kapadia, PlaceRaider: Virtual theft in physical spaces with smartphones Network and Distributed System Security Symposium 2013, San Diego, CA, Feb 2013.

Kapadia, A., R. Templeman, Z. Rahman, and D. Crandall, PlaceRaider: Virtual Theft in Physical Spaces with Smartphones Proceedings of the 20th Annual Network & Distributed System Security Symposium, Feb 2013.

2013
Gupta, M., Unearthing the Roots of Cyberfraud: Exposing DNS Exploitation in Ad Fraud and Phishing, Syracuse University’s Department of Electrical Engineering and Computer Science, Feb 2013.

Cate, F. H., Unearthing the Roots of Cyberfraud: Exposing DNS Exploitation in Ad Fraud and Phishing, New Jersey Institute of Technology’s Department of Computer Science, Feb 2013.

Zhang, H., and M. J. Boyles, Visual exploration and analysis of human-robot interaction rules SPIE, Visualization and Data Analysis, vol. 8654, Burlingame, California, Feb 2013.

Zhang, H., and M. J. Boyles, Visual exploration and analysis of human-robot interaction rules, SPIE, Visualization and Data Analysis 2013, Burlingame, California, Feb 2013.

Barnett, W. K., and M. Tavares, Informatics Core, Winter 2013 CIFSAD Meeting Bethesda, MD, Jan 3013, 2013.

Dunn, J. W., and A. Hallett, The Avalon Media System, Opencast Matterhorn 2013 Unconference, San Diego, California, Jan 2013.

Notess, M., and J. Dunn, The Avalon Media System: A Next-Generation Solution for Media Management and Access, Digital Library Brownbag Technical Presentation, Bloomington, IN , Jan 2013.

Ahn, Y. – Y., Community structure in networks, Colloquium, Department of Computer & Information Science, IUPUI, Jan 2013.

, Detecting Early Signature of Persuasion in Information Cascades, DARPA ADAMS/SMISC PI meeting, Arlington, Virginia, Jan 2013.

Swany, M., Developing a Unified Network Information Service, 2013 Winter Internet2/Joint Techs Conference, Keoni, HI, Jan 2013.

McDonald, R. H., Kuali OLE Overview, Sponsored event by the GBV and HBZ Library Consortia, Cologne, Germany, Jan 2013.

Hallock, B., Rockhopper: Penguin on Demand at Indiana University, Presented in-booth at the Plant and Animal Genome XXI conference, San Diego, CA., Jan 2013.

 Download: rockhopper_pagxxi.pptx (1.99 MB)

McDonald, R. H., B. Plale, J. Myers, M. Hedstrom, P. Kumar, K. Chandrasekar, I. Kouper, and S. Konkiel, The SEAD (Sustainable Environment-Actionable Data) DataNet Prototype, 8th International Digital Curation Conference, IDCC Conference, Amsterdam, NL, Jan 2013.

Plale, B., R. H. McDonald, K. Chandrasekar, I. Kouper, S. Konkiel, M. L. Hedstrom, J. Myers, and P. Kumar, SEAD Virtual Archive: Building a Federation of Institutional Repositories for Long-Term Data Preservation in Sustainability Science 8th International Digital Curation Conference, Amsterdam, Netherlands, Jan 2013.

2013
Sun, X., J. Kaur, S. Milojevic, A. Flammini, and F. Menczer, Social Dynamics of Science Nature Scientific Reports, vol. 3, no. 1069, Jan 2013.

LeDuc, R., Statistical Consideration for Identification and Quantification in Top-Down Proteomics, American Society for Mass Spectrometry – Sanibel Conference 2013, St Pete Beach, FL, Jan 2013.

 Download: sanibel2013-rleduc.pptx (2.79 MB)

Swany, M., Tools and Resources for Software Defined Networks, NSF GENI CC-NIE Workshop, Washington, D.C., Jan 2013.

Kowalczyk, S. T., Y. Sun, Z. Peng, B. Plale, A. Todd, L. Auvil, C. Willis, J. Zeng, M. Pathirage, S. Liyanage, et al., Big Data at Scale for Digital Humanities: An Architecture for the HathiTrust Research Center In Big Data Management, Technologies, and Applications, Wen-Chen Hu and Naima Kaabouch (eds) , Hersey, PA, IGI Global, 2013.

Plale, B., Big Data Opportunities and Challenges for Information Retrieval, Text Mining, and NLP, Knowledge Media Institute (KMi), The Open University, Milton Keynes, UK, 2013.

McDonald, R. H., I. Kouper, and B. Plale, Crowd-Sourced Infrastructure: Universities as Partners in Provisioning Public Access to Federally Supported Research Public Access to Federally Supported Research and Development Publications and Data – Public Comment Meeting: National Academy of Sciences, 2013.

Chen, P., B. Plale, and T. Evans, Dependency Provenance in Agent Based Modeling The 9th IEEE International Conference on eScience (eScience 2013), Beijing, China, 2013. Abstract

Dalmau, M., Digital Humanities and Libraries: More of THAT! , no. May 22, 2013: ACRL dh+lib, 2013.

Swany, M., Driving Software Defined Networks with XSP, Applications for Dynamic Circuits, 2013 Internet2 Members Meeting , 2013.

Kowalczyk, S. T., The e-Science Data Environment: Modeling the Research Data Lifecycle Journal of the American Society for Information Science and Technology, 2013.

Cate, F. H., and N. N. Minnow, Government Data Mining McGraw-Hill Handbook of Homeland Security, 2d, 2013.

Cheah, Y. – W., R. Canon, B. Plale, and L. Ramakrishnan, Milieu: Lightweight and Configurable Big Data Provenance for Science IEEE 2nd International Congress on Big Data, Santa Clara, CA, IEEE, 2013.

Cate, F. H., and V. Mayer-Schonberger, Notice and Consent in a World of Big Data International Data Privacy Law, vol. 3, 2013.

Kouper, I., K. G. Akers, N. H. Nicholls, and F. C. Sferdean, A Roadmap for Data Services: ACM, The Joint Conference on Digital Libraries (JCDL’13),http://www.jcdl2013.org/, Indianapolis, IN, 2013. Abstract

2012
Pallickara, S., and G. Fox, Recent Work in Utility and Cloud Computing Future Generation Computer Systems, no. Special Issue, Dec 28 2012.

Kouper, I., CLIR/DLF Digital Curation Postdoctoral Fellowship – The Hybrid Role of Data Curator. The Bulletin of the American Society of Information Science and Technology, vol. 39, no. 2, pp. 46-47, Dec 2012.

Kulkarni, A., A. Manzanares, L. Ionkov, M. Lang, and A. Lumsdaine, The Design and Implementation of a Multi-level Content-Addressable Checkpoint File System Proceedings of the 19th International Conference on High Performance Computing (HiPC 2012), Dec 2012.

More documents can be found on: http://internal.pti.iu.edu/pubs

CS 390S: Secure Programming


CS 390S: Secure Programming

If you wonder how vulnerabilities are created, and what are the various types of vulnerabilities, this class is for you. If you want to be more employable and have an edge, this class will show employers that you are less likely to cause them embarrassment and cost them through mistakes. They also won’t have to pay huge sums to send you to secure programming seminars and classes. This one-credit class will explain the fundamental issues in secure programming: trust management, design issues, and the many stupid little mistakes with big consequences that programmers are likely to do. No book purchase is required, as the material is entirely provided on slides. We will focus on how to do things correctly, and not on exploits (although examples will be provided for entertainment and motivational reasons). Students interested in how some exploits work may consult “Secure Coding in C/C++” (Seacord 2005, Addison-Wesley) while taking this class. This one-credit class emphasizes low-level mistakes, and also covers secure programming principles and ideas. However, other important topics such as the proper use of cryptography, software development methods, requirement specification, architecture, testing and other software assurance subjects are not covered due to time limitations.

Topics covered

  • Shell and environment
  • Buffer overflows
  • Integer overflows
  • Format strings
  • Meta-character vulnerabilities (code injection) and Input Validation
  • Web Application issues (including cross-site scripting vulnerabilities)
  • Race conditions
  • File system issues
  • Randomness

Slides will be posted on the same day as the class.

January 9: Introduction to Secure Programming & Motivation
Topics:

  • Definitions of vulnerabilities, attacks, exploits, exposures, flaws
  • Need for secure programming
  • MITRE: CVE, CWE, OVAL, CCE
  • NIST: NVD (National Vulnerability Database), NIST guides
  • NIST CVSS (Common Vulnerability Scoring System)
  • CERT, US-CERT

Week 1 (pdf)
Classes of Vulnerabilities and Attacks (Pascal Meunier) Wiley Handbook of Science and Technology for Homeland Security (distributed in class, or by email). You should read the first 4 pages this week and be done reading it by the mid-term.

January 16: Secure Programming Principles & Assurance
Week 2 (pdf)

January 23: Buffer Overflows
Week 3, version 2 with clipped text fixed (pdf)

January 30: Buffer Overflows, part 2
Week 4

February 6: Integer Overflows, Format String Vulnerabilities
Week 5

February 13: Shells and Environment
Week 6

February 20: Exec calls, Trust Boundaries
Week 7, v2 (v2 changes: reworked the “exec” and “file descriptors” slides)

February 27: Mid-term
Does not include material seen on February 20. Remember, taking the mid-term is mandatory for a passing grade…

March 5: Meta-character vulnerabilities and code injection
Week 9

March 12: Spring Break

March 19: Web Applications
Week 11

  • Domain Security
  • JavaScript Injection (a.k.a. XSS, Cross-site scripting vulnerabilities)

March 26: Race Conditions
Week 12

April 2: File System Issues: Links, Directory Crawls, and Race Conditions
Week 13 (abridged version so we can catch up)

April 9: Randomness and Canonicalization
Week 14

April 16: Last Exam

April 23: Solution to last exam, grades, discussions

Remember, there is no final, regardless of whether a final is scheduled by Purdue.


Labs

Student’s choice: 2 out of these 6 possibilities.
Labs are described at the SEED project. The choices are:

  1. Buffer Overflow Vulnerability Lab: exploit the buffer overflow vulnerability.
  2. Return-to-libc Attack Lab: exploit the buffer-overflow vulnerabilities using return-to-libc attacks.
  3. Format String Vulnerability Lab: exploit the format string vulnerability.
  4. Race Condition Vulnerability Lab: exploit the race condition vulnerability.
  5. Chroot Sandbox Vulnerability Lab: explore how the chroot sandbox can be broken.
  6. Cross-site Scripting Attack Lab: exploiting cross-site scripting vulnerabilities.

Turn in your first choice by February 20 and your second by April 9 extended by request to April 16, but note that I will be traveling and unable to answer lab questions from Saturday to Wednesday morning.


CS 390S: Secure Programming

Slides will be posted on the same day as the class.

January 10: Introduction to Secure Programming
Special Guest: Scott David Miller, Ph.D. student and Arxan employee
Also: Vulnerability definitions and secure programming resources
Week 1 (pdf)
Week 1 (powerpoint)
Scott’s slides (pdf)
Scott’s slides (powerpoint)

January 17: Lab 1. Buffer Overflows Part 1
Week 2 (pdf)
Week 2 (powerpoint)
Submitted links:
Secure Programming.com
Anti-Virus Defence (sic) In Depth (securityfocus.com)
Defense in Depth (Wikipedia)

January 24: Buffer Overflows Part 2
Week 3 (pdf)
Week 3 (powerpoint)

January 31: Format String Vulnerabilities and Integer Overflows
Week 4 (pdf)
Week 4 (powerpoint)

February 7: Shells and Environment, Lab 2
Week 5 (pdf)
Week 5 (powerpoint)
Lab 1 is due!

February 14: Snow storm, classes cancelled

February 21: Exec calls, Trust
Week 7 (pdf)
Week 7 (powerpoint)
CWE coverage starts now! Issues covered:

    -Trust Boundary Problems
        - "Inconsistent validation mechanisms"
            - Same source handled differently in different code locations
            - At different times
            - In different circumstances
            - From different sources
                -Authentication Bypass by Alternate Path/Channel (288)
                -Unprotected Alternate Channel ID 420
        -Ill-defined trust boundaries
        -Trust Boundary Violation (diverges from ID 501 definition)
        -Misplaced or Absent Trust Boundaries
            -Self-reported information
                - "Trusting self-reported IP address, ID 291
                - "Trusting self-reported DNS name", ID 292
                - Using referrer field for authentication, ID 293
            -"Trusting the client"  no ID
                - "Client-Side Makes Server Security Decisions"  no ID
                - "Server trusting client-side-controlled data" no ID
                    -"Trusting Cookie Information" is Use of Cookies ID 565
                    -Web Parameter Tampering, ID 472
                        -Access Control Bypass Through User-Controlled SQL Primary Key, ID 566
            -Trusting Events
                -Trust of system event data ID 360
                -Unprotected Windows Messaging Channel ('Shatter') ID 422
    -Cryptographic Trust Assurance
        -Certificate Issues, ID 295
           -Failure to follow chain of trust in certificate validation ID 296
           -"Failure to validate host-specific certificate data" ID 297
           -No OpenSSL Certificate Check Performed before this Use ID 599
           -Failure to validate certificate expiration (298)
           -Failure to check for certificate revocation (299)
           -Race condition in checking for certificate revocation (370) 
        -Use of Encrypted Cookies 
           -Counterexample: Plaintext Storage in Cookie, ID 315 (different perspective on ID 565, but essentially the same mistake)

February 28: Mid-term
Does not include material seen on February 21. Remember, taking the mid-term is mandatory for a passing grade…

March 7: Meta-character vulnerabilities and code injection
Week 9 (pdf)
Week 9 (powerpoint)
CWE coverage:

Special elements (characters or reserved words), CWE ID 138
   Quoting elements " ' (149)
   Control characters and escape sequences (150)
   Delimiters (tabs, commas, etc...) (140)
   Input terminators (147)
   Wildcards (155)
   Comment element (151)
   dot dot and more
   
Code Injection attacks, CWE ID 77
   Shell commands, CWE ID 77
   SQL, CWE ID 89
   XPATH (no CWE ID yet)
   Custom special character injection, CWE ID 92
   Escape, meta, or control character/sequence, CWE ID 150
   LDAP, CWE ID 90
   Direct dynamic code evaluation, CWE ID 95
   
Input cleansing
   Collapse of Data into Unsafe Value (182)
      Path Issue - doubled dot dot slash - '....//' (34)
      Path Issue - doubled triple dot slash - '.../...//' (35)
      
Escaping and Encoding Issues
   URL-encoding, CWE ID 177
   Unicode, CWE ID 176
   Alternate Encoding, CWE ID 173
   Double Encoding, CWE ID 174

March 14: Spring Break

March 21: Web Applications: JavaScript Injection (a.k.a. XSS, Cross-site scripting vulnerabilities)
Week 10 (pdf)
Week 10 (powerpoint)

Cross-site Scripting Vulnerabilities (ID 79)
Cross-site request forgeries (attack type, ID 352)
Session fixation (ID 384)

March 28: Race Conditions (Lab 2 due! Last mini-lab)
Week 11 (pdf)
Week 11 (powerpoint)

Signal handler race condition 364
Race condition in switch (365)
Race condition within a thread (366)
Time-of-check Time-of-use race condition (367)
Context Switching Race Condition (368)
Concurrency Issues (557)
Link Following (59)
   Windows Shortcut Following (.LNK) (64)
   UNIX symbolic link (symlink) following (61)
   UNIX hard link (62)
   Windows hard link (65)

April 4: File System Issues: Links, Directory Crawls, and Race Conditions
Week 12 (pdf)
Week 12 (powerpoint)

Improper temporary file opening, ID 378
Privilege Dropping / Lowering Errors, ID 271

April 11: Randomness and Canonicalization (Last mini-lab due!)
Week 13 (pdf)
Week 13 (powerpoint)

also look at the canonicalization slides at http://projects.cerias.purdue.edu/secprog/class2/7.Canon_&_DT.pdf

April 18: Last Exam

April 25: Solution to last exam, grades, discussions

Remember, there is no final, regardless of whether a final is scheduled by Purdue.


Secure Programming Educational Material

This is the third reincarnation of a secure programming class I taught at Purdue, re-designed thanks to support from Symantec corporation.

The class originated as an optional class associated with an operating systems class taught on UNIX (CS 354). It has now been split into three classes. Each is designed to take 2.5 days or 5 half-days total. In a university setting, instructors should mix and match material from the three courses to meet the required work according to the number of credits of their class. As an example, a 1 credit class could comprise the slides on shells and environments from course 1, and all of course 2 materials.
I spent several months in spring 2004 working with Symantec engineers to design this new version of the class. It uses a different teaching style. Instead of keeping students passive in class and then giving them long lab assignments, we have shorter programming exercises and discussions interspersed throughout the lectures, with longer classes. In essence, the lectures and labs have become intermingled. This is a much more dynamic and interesting format for the students because it engages them, and allows me to cover more variations on different issues. It requires more work on the part of the instructor, but the students benefit.

Course Descriptions
List of files(some files available only to instructors)
Class 1
Class 2
Class 3

For course 1, students require access to a web browser, an internet connection and a pdf document reader.
For course 2, students require access to:

  • gcc (the free UNIX C compiler, due to its various capabilities for detecting string format issues)
  • either perl or PHP
  • a shell
  • MySQL (the Knoppix Live CD was ideal for this; I expect that the students will be able to use their Purdue-provided, personal MySQL access for this exercise)
  • a web browser

For course 3, a copy of the Knoppix-std (security tools distribution) CD and a computer able to boot from it are required to use the lab exercises as written. A Windows machine was used as a vulnerability scan target to show the surprising quantity of information that can be extracted from an unsecured host, even if all the patches had been applied. The material itself tries to address both UNIX and Windows environments.

I welcome notes, comments, suggestions, or modified slides.

Regards,
Pascal Meunier, Ph.D., M.Sc., CISSP
Purdue University CERIAS

Terms

You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions.

  • You must give the original author and other contributors credit.
  • The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes.
  • For any reuse or distribution, you must make clear to others the terms of use for this work.
  • Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification.
  • For other uses please contact the Purdue Office of Technology Commercialization.

Copyright (2004) Purdue Research Foundation. All rights reserved.

Developed thanks to the support of Symantec Corporation,
NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center
Contributors:
Jennifer Richardson, Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera
Thanks to Michael Howard for reviewing several sets of slides!


Files for Class 1

1.Security overview and patching (ppt)
2.Public vulnerability databases (ppt)
3.Secure design principles and process (ppt)
4.Security assessment and testing (ppt)
5.Shell and environment (pdf)|(ppt)
6.Resource exhaustion (ppt)
7.Trust management (pdf)|(ppt)


Files for Class 2

1.Buffer_Overflows (pdf)|(ppt)
2.Format_Strings (pdf)|(ppt)
3.Input_Validation(ppt)
4.XSS (pdf)|(ppt)
5.Links & Races(pdf)|(ppt)
6.Temporary storage & Randomness(pdf)|(ppt)
7.Canonicalization and Directory Traversal(pdf)|(ppt)
8.Integer Overflows(pdf)|(ppt)

Supporting Files:
aboutlinkd.exe.txt
find_java.sh
lock.c
myperl.pl
strings_start.c
vuln_server.c


Files for Class 3

1.Architecture (ppt)
2.Physical Link Layer (ppt)
3.Network (pdf)|(ppt)
4.Transport (pdf)|(ppt)
5.DNS, RPC, NFS (pdf)|(ppt)
6.Routing (pdf)|(ppt)
7.Wireless (pdf)|(ppt)
8.xSEC & IPv6 (ppt)

Supporting Files:
additional_reading.txt

CERIAS – CERIAS Learning Products


Learning with the CERIAS Edge

At CERIAS, we understand the vital importance of information assurance and security to an organization. We know what’s important. And we know what’s not. Organizations need to confront security issues in an informed and proactive manner-CERIAS Learning products allow organizations to do just that by providing general and specific education and training to enable employees and organizations to improve the security of the systems they use and manage.

Learning Advantages

Today’s learners need to feel supported and have control of their learning. They need to be inspired. In the world of information security, technology may change, but human beings-and the learning experience-remain the same. At CERIAS, we understand that everyone does not learn the same way-and that each learner has a preferred learning style. That’s why our learning products range from traditional print materials to high-quality videos and self-paced multimedia with multiple paths and multiple representations that allow for multiple methods of learning.

Being able to perform a skill successfully and being able to understand why the skill is performed are two different, yet equally important, educational goals. CERIAS Learning products offer opportunities for both. Beginning with a strong overview of security fundamentals, CERIAS Learning products branch out into specific areas of policy, awareness, and technology, balancing a straightforward and easy-to-understand presentation of IS theory with hands on skill application.

Product Information

Picture of Brochure Page 1Overview Brochure and Order Form
Please note that products P3, P4, P9, P10, P11, and P12 have been discontinued. We apologize for any inconvenience this may have caused.

Specific course information:

Screenshot from ModuleP1. Information Security Management Concepts
Information Security Management Concepts provides an overview of the key concepts and goals of information security and how information security relates to an organization’s information and technology assets. This interactive, self-paced module uses video, audio, text, case studies, practice exercises, and quizzes to promote and guide learning and understanding.
Preview the First Module

Image of Speaker in VideoP2. Information Security Principles: An Overview
Featuring authoritative experts in information security and assurance, this video provides a concise summery of the current state of information security, starting with an overview of goals, concepts, and terms, and ending with procedures that will help you reduce risks to your organization. Anyone involved with the use or management of computer or information systems will benefit from this video.
Preview Video Clips

NCMS ScreenshotP5-P8. Information Security Management Series
This series is intended for managers and administrators concerned with intellectual property, corporate assets, infrastructure, and information assurance. This series will provide you with a current look at the information assurance landscape including intellectual property crime, threats to your information assets, vulnerabilities in information systems, and countermeasures to strengthen information assurance and security in your organization.

Pragmatic-SSL-TLS – Slides from talk: SSL-TLS Infrastructure at Mozilla


Slides from my talk “SSL-TLS Infrastructure at Mozilla”

Grab them from: https://github.com/jvehent/pragmatic-ssl-tls

Papers From NEU SecLab


Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Milan, IT, Jul 2015
BiBTeX

Sentinel: Securing Legacy Firefox Extensions
In Computers & Security, 49(0), 2015
Elsevier
PDF BiBTeX

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications
In Financial Cryptography and Data Security (FC)
Isla Verde, PR, Jan 2015
PDF BiBTeX

TrueClick: Automatically Distinguishing Trick Banners from Genuine Download Links
In Annual Computer Security Applications Conference (ACSAC)
New Orleans, LA US, Dec 2014
PDF BiBTeX

Toward Robust Hidden Volumes using Write-Only Oblivious RAM
In ACM Conference on Computer and Communications Security (CCS)
Scottsdale, AZ US, Nov 2014
PDF BiBTeX

Why is CSP Failing? Trends and Challenges in CSP Adoption
In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID)
Gothenburg, SE, Sep 2014
PDF BiBTeX

A Look at Targeted Attacks through the Lense of an NGO
S. Le Blonde, A. Uritesc, C. Gilbert, Z. Leong Chua, P. Saxena, E. Kirda
In USENIX Security Symposium
San Diego, CA US, Aug 2014
PDF BiBTeX

Optical Delusions: A Study of Malicious QR Codes in the Wild
In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Atlanta, GA US, Jun 2014
PDF BiBTeX

EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains
In ACM Transactions on Information and System Security (TISSEC), 16(4), 2014

VirtualSwindle: An Automated Attack Against In-App Billing on Android
In ACM Symposium on Information, Computer and Communications Security (ASIACCS)
Kyoto, JP, Jun 2014
PDF BiBTeX

Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces
In IEEE Symposium on Security and Privacy (S&P)
San Jose, CA US, May 2014
PDF BiBTeX

Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks
In Annual Computer Security Applications Conference (ACSAC)
New Orleans, LA US, Dec 2013
PDF BiBTeX

PatchDroid: Scalable Third-Party Patches for Android Devices
In Annual Computer Security Applications Conference (ACSAC)
New Orleans, LA US, Dec 2013
PDF BiBTeX

Holiday Pictures or Blockbuster Movies? Insights into Copyright Infringement in User Uploads to One-Click File Hosters
T. Lauinger, K. Onarlioglu, A. Chaabane, E. Kirda, W. Robertson, M. A. Kaafar
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
St. Lucia, LC, Oct 2013
PDF BiBTeX

Securing Legacy Firefox Extensions with Sentinel
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Berlin, DE, Jul 2013
PDF BiBTeX

PrivExec: Private Execution as an Operating System Service
In IEEE Symposium on Security and Privacy (S&P)
San Francisco, CA US, May 2013
PDF BiBTeX

A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2013
PDF BiBTeX

Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting
T. Lauinger, M. Szydlowski, K. Onarlioglu, G. Wondracek, E. Kirda, C. Kruegel
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2013
PDF BiBTeX

DISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis
In Annual Computer Security Applications Conference (ACSAC)
Orlando, FL US, Dec 2012
PDF BiBTeX

TRESOR-HUNT: Attacking CPU-Bound Encryption
In Annual Computer Security Applications Conference (ACSAC)
Orlando, FL US, Dec 2012
PDF BiBTeX

Paying for Piracy? An Analysis of One-Click Hosters’ Controversial Reward Schemes
T. Lauinger, E. Kirda, P. Michiardi
In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID)
Amsterdam, NL, Sep 2012
PDF BiBTeX

A Quantitative Study of Accuracy in System Call-Based Malware Detection
D. Canali, A. Lanzi, D. Balzarotti, M. Christodorescu, C. Kruegel, E. Kirda
In International Symposium on Software Testing and Analysis (ISSTA)
Minneapolis, MN US, Aug 2012
PDF BiBTeX

PoX: Protecting Users from Malicious Facebook Applications
M. Egele, A. Moser, C. Kruegel, E. Kirda
In Computer Communications Journal, 0(0), 2012
Elsevier
PDF BiBTeX

Protecting Users and Businesses from CRAWLers
In USENIX Security Symposium
Bellevue, WA US, Aug 2012
PDF BiBTeX

Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis
In IEEE Computer Software and Applications Conference
Izmir, TR, Jul 2012
PDF BiBTeX

A Security Analysis of Amazon’s Elastic Compute Cloud Service
M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, S. Loureiro
In ACM Symposium on Applied Computing (SAC)
Trento, IT, Mar 2012
PDF BiBTeX

An Empirical Analysis of Input Validation Mechanisms in Web Applications and Languages
In ACM Symposium on Applied Computing (SAC)
Trento, IT, Mar 2012
PDF BiBTeX

Insights into User Behavior in Dealing with Internet Attacks
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2012
PDF BiBTeX

A Survey on Automated Dynamic Malware Analysis Techniques and Tools
In ACM Computing Surveys, 44(2), 2012

Have Things Changed Now? An Empirical Study on Input Validation Vulnerabilities in Web Applications
In Computers & Security, 31(3), 2012
Elsevier
PDF BiBTeX

The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code
C. Kolbitsch, E. Kirda, C. Kruegel
In ACM Conference on Computer and Communications Security (CCS)
Chicago, IL US, Oct 2011
PDF BiBTeX

BTLab: A System-Centric, Data-Driven Analysis and Measurement Platform for BitTorrent Clients
M. Szydlowski, B. Zhao, E. Kirda, C. Kruegel
In International Conference on Computer Communication Networks (ICCCN)
Maui, HI US, Aug 2011
PDF BiBTeX

Reverse Social Engineering Attacks in Online Social Networks
D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Amsterdam, NL, Jul 2011
PDF BiBTeX

PoX: Protecting Users from Malicious Facebook Applications
M. Egele, A. Moser, C. Kruegel, E. Kirda
In IEEE International Workshop on Security and Social Networking (SESOC)
Seattle, WA US, Mar 2011
PDF BiBTeX

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
M. Balduzzi, C. T. Gimenez, D. Balzarotti, E. Kirda
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2011
PDF BiBTeX

PiOS: Detecting Privacy Leaks in iOS Applications
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2011
PDF BiBTeX

EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2011
PDF BiBTeX

Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications
In International Conference on Financial Cryptography and Data Security
St. Lucia, LC, Feb 2011
PDF BiBTeX

G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries
In Annual Computer Security Applications Conference (ACSAC)
Austin, TX US, Dec 2010
PDF BiBTeX

Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications
N. Jovanovic, C. Kruegel, E. Kirda
In Journal of Computer Security, 18(0), 2010
IOS Press
PDF BiBTeX

AccessMiner: Using System-Centric Models for Malware Protection
A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu
In ACM Conference on Computer and Communications Security (CCS)
Chicago, IL US, Oct 2010
PDF BiBTeX

Abusing Social Networks for Automated User Profiling
M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Ottawa, ON CA, Sep 2010
PDF BiBTeX

An Experience in Testing the Security of a Real-World Electronic Voting System
D. Balzarotti, M. Cova, V. Felmetsger, R. Kemmerer, W. Robertson, F. Valeur, G. Vigna
In IEEE Transactions on Software Engineering, 36(4), 2010
IEEE Computer Society
PDF BiBTeX

Exploiting Diverse Observation Perspectives to Get Insights on the Malware Landscape
C. Leita, U. Bayer, E. Kirda
In International Conference on Dependable Systems and Networks (DSN)
Chicago, IL US, Jun 2010
PDF BiBTeX

Is the Internet for Porn? An Insight into the Online Adult Industry
G. Wondracek, T. Holz, C. Platzer, E. Kirda, C. Kruegel
In Workshop on the Economics of Information Security (WEIS)
Boston, MA US, Jun 2010
PDF BiBTeX

Identifying Dormant Functionality in Malware Programs
P. M. Comparetti, G. Salvaneschi, C. Kolbitsch, C. Kruegel, E. Kirda, S. Zanero
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2010
PDF BiBTeX

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
C. Kolbitsch, T. Holz, C. Kruegel, E. Kirda
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2010
PDF BiBTeX

A Practical Attack to De-Anonymize Social Network Users
G. Wondracek, T. Holz, E. Kirda, C. Kruegel
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2010
PDF BiBTeX

A Solution for the Automated Detection of Clickjacking Attacks
M. Balduzzi, M. Egele, D. Balzarotti, E. Kirda, C. Kruegel
In ACM Symposium on Information, Computer, and Communications Security (ASIACCS)
Beijing, CN, Apr 2010
PDF BiBTeX

Honeybot: Your Man in the Middle for Automated Social Engineering
In USENIX Workshp on Large-Scale Exploits and Emergent Threats
San Jose, CA US, Apr 2010
PDF BiBTeX

Extending Mondrian Memory Protection
C. Kolbitsch, C. Kruegel, E. Kirda
In NATO RTO IST-091 Symposium
Antalya, TR, Apr 2010
PDF BiBTeX

Improving the Efficiency of Dynamic Malware Analysis
U. Bayer, E. Kirda, C. Kruegel
In ACM Symposium on Applied Computing (SAC)
Lausanne, CH, Mar 2010
PDF BiBTeX

CAPTCHA Smuggling: Hijacking Web Browsing Sessions to Create CAPTCHA Farms
In ACM Symposium on Applied Computing (SAC)
Lausanne, CH, Mar 2010
PDF BiBTeX

Efficient Detection of Split Personalities in Malware
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2010
PDF BiBTeX

Effective Anomaly Detection with Scarce Training Data
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2010
PDF BiBTeX

FIRE: FInding Rogue nEtworks
B. Stone-Gross, A. Moser, C. Kruegel, K. Almeroth, E. Kirda
In Annual Computer Security Applications Conference (ACSAC)
Honolulu, HI US, Dec 2009
PDF BiBTeX

Automated Spyware Collection and Analysis
A. Stamminger, C. Kruegel, G. Vigna, E. Kirda
In Information Security Conference (ISC)
Pisa, IT, Sep 2009
PDF BiBTeX

Automatically Generating Models for Botnet Detection
P. Wurzinger, L. Bilge, T. Holz, J. Goebel, C. Kruegel, E. Kirda
In European Symposium on Research in Computer Security (ESORICS)
Saint-Malo, FR, Sep 2009
PDF BiBTeX

Protecting a Moving Target: Addressing Web Application Concept Drift
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Saint-Malo, FR, Sep 2009
PDF BiBTeX

Client-Side Cross-Site Scripting Protection
E. Kirda, N. Jovanovic, C. Kruegel, G. Vigna
In Computers & Security, 28(7), 2009
Elsevier
PDF BiBTeX

Effective and Efficient Malware Detection at the End Host
C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Zhou, X. Wang
In USENIX Security Symposium
Montreal, QC CA, Aug 2009
PDF BiBTeX

Static Enforcement of Web Application Integrity Through Strong Typing
In USENIX Security Symposium
Montreal, QC CA, Aug 2009
PDF BiBTeX

Defending Browsers Against Drive-by Downloads: Mitigating Heap-spraying Code Injection Attacks
M. Egele, P. Wurzinger, C. Kruegel, E. Kirda
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Milan, IT, Jun 2009
PDF BiBTeX

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks
In International World Wide Web Conference (WWW)
Madrid, ES, May 2009
PDF BiBTeX

Server-side Bot Detection in Massively Multiplayer Online Games
S. Mitterhofer, C. Platzer, E. Kirda, C. Kruegel
In IEEE Security & Privacy Magazine, 0(0), 2009
IEEE Computer Society
PDF BiBTeX

Prospex: Protocol Specification Extraction
P. M. Comparetti, G. Wondracek, C. Kruegel, E. Kirda
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2009
PDF BiBTeX

SWAP: Mitigating XSS Attacks Using a Reverse Proxy
P. Wurzinger, C. Platzer, C. Ludl, E. Kirda, C. Kruegel
In Internation Workshop on Software Engineering for Secure Systems
Vancouver, BC CA, May 2009
PDF BiBTeX

Removing Web Spam Links from Search Engine Results
M. Egele, C. Kruegel, E. Kirda
In European Institute for Computer Antivirus Research Conference (EICAR)
Berlin, DE, May 2009
PDF BiBTeX

Reducing Errors in the Anomaly-based Detection of Web-based Attacks Through the Combined Analysis of Web Requests and SQL Queries
In Journal of Computer Security, 17(3), 2009
IOS Press
PDF BiBTeX

Insights into Current Malware Behavior
U. Bayer, I. Habibi, D. Balzarotti, E. Kirda, C. Kruegel
In USENIX Workshop on Large-Scale Exploits and Emergent Threats
Boston, MA US, Apr 2009
PDF BiBTeX

Mitigating Drive-by Download Attacks: Challenges and Open Problems
M. Egele, E. Kirda, C. Kruegel
In Open Research Problems in Network Security Workshop (iNetSec)
Zurich, CH, Apr 2009
PDF BiBTeX

Scalable, Behavior-Based Malware Clustering
U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, E. Kirda
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2009
PDF BiBTeX

Large-Scale Malware Collection: Lessons Learned
J. Canto, M. Dacier, E. Kirda, C. Leita
In IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems
Naples, IT, Oct 2008
PDF BiBTeX

Visual-Similarity-Based Phishing Detection
E. Medvet, E. Kirda, C. Kruegel
In International Conference on Security and Privacy in Communication Networks (SECURECOMM)
Istanbul, TR, Sep 2008
PDF BiBTeX

Expanding Human Interactions for In-Depth Testing of Web Applications
S. McAllister, E. Kirda, C. Kruegel
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Boston, MA US, Sep 2008
PDF BiBTeX

Overbot – A Botnet Protocol Based on Kademlia
G. Starnberger, C. Kruegel, E. Kirda
In International Conference on Security and Privacy in Communication Networks (SECURECOMM)
Istanbul, TR, Sep 2008
PDF BiBTeX

Are Your Votes Really Counted? Testing the Security of Real-world Voting Systems
D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, W. Robertson, F. Valeur, G. Vigna, R. Kemmerer
In International Symposium on Software Testing and Analysis (ISSTA)
Seattle, WA US, Jul 2008
PDF BiBTeX

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
M. Cova, V. Felmetsger, D. Balzarotti, N. Jovanovic, C. Kruegel, E. Kirda
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2008
PDF BiBTeX

The Leurre.com Project: Collecting Internet Threats Information using a Worldwide Distributed Honeynet
C. Leita, O. Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, M. Dacier
In WOMBAT Workshop
Amsterdam, NL, Apr 2008
PDF BiBTeX

Automatic Network Protocol Analysis
G. Wondracek, P. M. Comparetti, C. Kruegel, E. Kirda
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2008
PDF BiBTeX

Secure Input for Web Applications
M. Szydlowski, C. Kruegel, E. Kirda
In Annual Computer Security Applications Conference (ACSAC)
Miami Beach, FL US, Dec 2007
PDF BiBTeX

Limits of Static Analysis for Malware Detection
A. Moser, C. Kruegel, E. Kirda
In Annual Computer Security Applications Conference (ACSAC)
Miami Beach, FL US, Dec 2007
PDF BiBTeX

Improving Signature Testing Through Dynamic Data Flow Analysis
In Annual Computer Security Applications Conference (ACSAC)
Miami Beach, FL US, Dec 2007
PDF BiBTeX

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis
H. Yin, D. Song, M. Egele, C. Kruegel, E. Kirda
In ACM Conference on Computer and Communications Security (CCS)
Alexandria, VA US, Nov 2007
PDF BiBTeX

Detecting System Emulators
T. Raffetseder, C. Kruegel, E. Kirda
In Information Security Conference (ISC)
Valparaiso, CL, Oct 2007
PDF BiBTeX

A Layout-Similarity-Based Approach for Detecting Phishing Pages
A. Rosiello, E. Kirda, C. Kruegel, F. Ferrandi
In International Conference on Security and Privacy in Communication Networks (SECURECOMM)
Nice, FR, Sep 2007
PDF BiBTeX

Exploiting Execution Context for the Detection of Anomalous System Calls
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Gold Coast, QLD AU, Sep 2007
PDF BiBTeX

Exploiting Redundancy in Natural Language to Penetrate Bayesian Spam Filters
C. Karlberger, G. Bayler, C. Kruegel, E. Kirda
In USENIX Workshop on Offensive Technologies (WOOT)
Boston, MA US, Aug 2007
PDF BiBTeX

On the Effectiveness of Techniques to Detect Phishing Sites
C. Ludl, S. McAllister, E. Kirda, C. Kruegel
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Lucerne, CH, Jul 2007
PDF BiBTeX

Dynamic Spyware Analysis
M. Egele, C. Kruegel, E. Kirda, H. Yin, D. Song
In USENIX Annual Technical Conference
Santa Clara, CA US, Jun 2007
PDF BiBTeX

Building Anti-Phishing Browser Plug-Ins: An Experience Report
T. Raffetseder, E. Kirda, C. Kruegel
In Internation Workshop on Software Engineering for Secure Systems
Minneapolis, MN US, May 2007
PDF BiBTeX

Exploring Multiple Execution Paths for Malware Analysis
A. Moser, C. Kruegel, E. Kirda
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2007
PDF BiBTeX

Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda, G. Vigna
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2007
PDF BiBTeX

Extending .NET Security to Unmanaged Code
In Information Security Conference (ISC)
Samos, GR, Sep 2006
PDF BiBTeX

Dynamic Analysis of Malicious Code
U. Bayer, A. Moser, C. Kruegel, E. Kirda
In Journal of Computer Virology, 0(0), 2006
Springer
PDF BiBTeX

Behavior-Based Spyware Detection
In USENIX Security Symposium
Vancouver, BC CA, Aug 2006
PDF BiBTeX

Preventing Cross-Site Request Forgery Attacks
N. Jovanovic, E. Kirda, C. Kruegel
In International Conference on Security and Privacy in Communication Networks (SECURECOMM)
Baltimore, MD US, Aug 2006
PDF BiBTeX

Using Static Program Analysis to Aid Intrusion Detection
M. Egele, M. Szydlowski, E. Kirda, C. Kruegel
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Berlin, DE, Jul 2006
PDF BiBTeX

Precise Alias Analysis for Syntactic Detection of Web Application Vulnerabilities
N. Jovanovic, C. Kruegel, E. Kirda
In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Ottawa, ON CA, Jun 2006
PDF BiBTeX

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
N. Jovanovic, C. Kruegel, E. Kirda
In IEEE Symposium on Security and Privacy
Oakland, CA US, May 2006
PDF BiBTeX

SecuBat: A Web Vulnerability Scanner
In International World Wide Web Conference (WWW)
Edingurgh, GB, May 2006
PDF BiBTeX

Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks
E. Kirda, C. Kruegel, G. Vigna, N. Jovanovic
In ACM Symposium on Applied Computing (SAC)
Dijon, FR, Apr 2006
PDF BiBTeX

An Anomaly-Driven Reverse Proxy for Web Applications
In ACM Symposium on Applied Computing (SAC)
Dijon, FR, Apr 2006
PDF BiBTeX

Protecting Users Against Phishing Attacks
In The Computer Journal, 0(0), 2006
Oxford University Press
PDF BiBTeX

TTAnalyze: A Tool for Analyzing Malware
U. Bayer, C. Kruegel, E. Kirda
In European Institute for Computer Antivirus Research Conference (EICAR)
Hamburg, DE, Apr 2006
PDF BiBTeX

Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks
In Network and Distributed Systems Security Symposium (NDSS)
San Diego, CA US, Feb 2006
PDF BiBTeX

Polymorphic Worm Detection Using Structural Information of Executables
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Seattle, WA US, Sep 2005
PDF BiBTeX

Protecting Users Against Phishing Attacks with AntiPhish
In International Computer Software and Applications Conference
Edinburgh, GB, Jul 2005
PDF BiBTeX

A Multi-Model Approach to the Detection of Web-based Attacks
In Journal of Computer Networks, 48(5), 2005
Elsevier
PDF BiBTeX

Automating Mimicry Attacks Using Static Binary Analysis
In USENIX Security Symposium
Baltimore, MD US, Jul 2005
PDF BiBTeX

Reverse Engineering of Network Signatures
In Annual Asia Pacific Information Technology Security Conference (AusCERT)
Gold Coast, QLD AU, May 2005
PDF BiBTeX

Detecting Kernel-Level Rootkits Through Binary Analysis
In Annual Computer Security Applications Conference (ACSAC)
Tuscon, AZ US, Dec 2004
PDF BiBTeX

Testing Network-based Intrusion Detection Signatures Using Mutant Exploits
In ACM Conference on Computer and Communications Security (CCS)
Washington DC US, Oct 2004
PDF BiBTeX

Using Alert Verification to Identify Successful Intrusion Attempts
In Journal of Practice in Information Processing and Communication (PIK), 27(4), 2004
K.G. Saur Verlag
PDF BiBTeX

Static Disassembly of Obfuscated Binaries
In USENIX Security Symposium
San Diego, CA US, Aug 2004
PDF BiBTeX

Alert Verification: Determining the Success of Intrusion Attempts
In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
Dortmund, DE, Jul 2004
PDF BiBTeX

Bayesian Event Classification for Intrusion Detection
C. Kruegel, D. Mutz, W. Robertson, F. Valeur
In Annual Computer Security Applications Conference (ACSAC)
Las Vegas, NV US, Dec 2003
PDF BiBTeX

A Stateful Intrusion Detection System for World-Wide Web Servers
In Annual Computer Security Applications Conference (ACSAC)
Las Vegas, NV US, Dec 2003
PDF BiBTeX

Run-time Detection of Heap-based Overflows
W. Robertson, C. Kruegel, D. Mutz, F. Valeur
In USENIX Large Installations Systems Administration Conference (LISA)
San Diego, CA US, Oct 2003
PDF BiBTeX

Topology-based Detection of Anomalous BGP Messages
C. Kruegel, D. Mutz, W. Robertson, F. Valeur
In International Symposium on Recent Advances in Intrusion Detection (RAID)
Pittsburgh, PA US, Sep 2003
PDFBiBTeX

SANS Cyber Defense Summit Archives and Whitepapers


Cyber Defense Summit 2014

SANS Cyber Defense Whitepapers

White Papers are an excellent source for information gathering, problem-solving and learning. Below is a list of White Papers written by cyber defense practitioners seeking GSEC, GCED, and GISP Gold. SANS attempts to ensure the accuracy of information, but papers are published “as is”.

Errors or inconsistencies may exist or may be introduced over time. If you suspect a serious error, please contact webmaster@sans.org.

Featured Papers

Title Author Cert
Minimizing Damage From J.P. Morgan’s Data Breach Allen Jeng GSEC
The Role of Static Analysis in Heartbleed Jeff Sass GSEC
The Best Defenses Against Zero-day Exploits for Various-sized Organizations David Hammarberg GSEC
Denial of Service Deterrence Ryan Sepe GSEC
Case Study: Critical Controls that Could Have Prevented Target Breach Teri Radichel GSEC
Botnet Tracking Tools Pierce Gibbs GSEC
SAMHAIN: Host Based Intrusion Detection via File Integrity Monitoring Martinus Nel GSEC
Implementing Public Key Infrastructure (PKI) Using Microsoft Windows Server 2012 Certificate Services Michael Naish GSEC
Agile defensive perimiters: forming the security test regression pack Michael Hendrik Matthee GSEC
An Early Malware Detection, Correlation, and Incident Response System with Case Studies Yaser Mansour GCIA
Home Field Advantage – Using Indicators of Compromise to Hunt down the Advanced Persistent Threat Matthew Toussain GSEC
Implementation and use of DNS RPZ in malware and phishing defence Alex Lomas GSEC
Securing Static Vulnerable Devices Chris Farrell GSEC
HTTP header heuristics for malware detection Tobias Lewis GCIA
Straddling the Next Frontier Part 1: Quantum Computing Primer Eric Jodoin GCIA
SOHO Remote Access VPN. Easy as Pie, Raspberry Pi… Eric Jodoin GSEC
NetFlow Collection and Analysis Using NFCAPD, Python, and Splunk David Mashburn GCIA
Using Watermarks to Prevent Leaks Allison Nixon GCIA
Analyzing Network Traffic with Basic Linux Tools Travis Green GCIA
The Spy with a License to Kill Matthew Hosburgh GSEC
Leveraging the SCADA Cloud for Fun and Profit Matthew Hosburgh GCIA
Implementing Active Defense Systems on Private Networks Josh Johnson GCIA
Finding Evil in the Whitelist Josh Johnson GSEC
Password Security– Thirty-Five Years Later George Khalil GSEC
Open Source IDS High Performance Shootout George Khalil GCIA
Systems Engineering: Required for Cost-Effective Development of Secure Products Dan Lyon GSEC
Predicting Control Attributes With Bayesian Networks Dan Lyon GCIA
Predicting Control Attributes With Bayesian Networks Dan Lyon GCIA
Rootkit Detection with OSSEC Sally Vandeven GCIA
SSL/TLS: What’s under the Hood Sally Vandeven GSEC
Web Application Attack Analysis Using Bro IDS Ganesh Kumar Varadarajan GCIA
Analyzing Polycom Video Conference Traffic Chris Cain GCIA
Controlling Vendor Access for Small Businesses Chris Cain GSEC
Intrusion Analysis Using Windows PowerShell Mike Weeks GCIA
Application White-listing with Bit9 Parity Mike Weeks GSEC
A No-Budget Approach to Malware Containment Paul Ackerman GSEC
Using the Department of Defense Architecture Framework to Develop Security Requirements James Richards GSEC
A Complete Guide on IPv6 Attack and Defense Atik Pilihanto GSEC
Discovering Security Events of Interest Using Splunk Carrie Roberts GSEC
A Hands-on XML External Entity Vulnerability Training Module Carrie Roberts GCIA
Cloud Computing – Maze in the Haze Godha Iyengar GSEC
Inside Mac Security Ben Knowles GSEC
Security Implications of iOS Kiel Wadner GSEC
60 Seconds on the Wire: A Look at Malicious Traffic Kiel Wadner GCIA
Faster than a speeding bullet: Geolocation data and account misuse Tim Collyer GCIA
Airwatch MDM and Android: a policy and technical review Tim Collyer GSEC
Skype and Data Exfiltration Kenneth Hartman GSEC
What Every Tech Startup Should Know About Security, Privacy, and Compliance Kenneth Hartman GCCC
Using Decision Tree Analysis for Intrusion Detection: A How-To Guide Jeff Markey GCIA
Custom Full Packet Capture System Derek Banks GSEC
Reducing Organizational Risk Through Virtual Patching Joseph Faust GSEC
Validating Security Configurations and Detecting Backdoors in New Network Devices Christoph Eckstein GSEC
OS fingerprinting with IPv6 Christoph Eckstein GCIA
Endpoint Security Through Application Streaming Adam Walter GISP
Phishing Detection and Remediation Rich Graves GSEC
Using SSL to Secure LDAP Traffic to Microsoft Domain Controllers Andrew Reid GSEC
Log2Pcap Joaquin Moreno GCIA
Security Analytics: having fun with Splunk and a packet capture file pcap Alexandre Teixeira GCIA
Point of Sale (POS) Systems and Security Wesley Whitteker GSEC
Creating a Bastioned Centralized Audit Server with GroundWork Open Source Log Monitoring for Event Signatures Christopher Duffy GSEC
Beating the IPS Michael Dyrmose GCIA
Covert Channels Erik Couture GCIA
USB – Ubiquitous Security Backdoor Erik Couture GSEC
Implementing a PC Hardware Configuration (BIOS) Baseline David Fletcher GSEC
Comparative Risk Analysis Between GPON Optical LAN and Traditional LAN Technologies Jason Young GSEC
Beyond the cookie: Using network traffic characteristics to enhance confidence in user identity Courtney Imbert GCIA
Daisy Chain Authentication Courtney Imbert GSEC
Data Charging Bypass: How your IDS can help Hassan Mourad GCIA
Sleeping Your Way out of the Sandbox Hassan Mourad GSEC
Security Best Practices for IT Project Managers Michelle Pruitt GSEC
Security Best Practices for IT Project Managers Michelle Pruitt GSEC
An Analysis of the Snort Data Acquisition Modules Christopher Murphy GCIA
Mitigating Insider Sabotage Joseph Garcia GSEC
Building an Application Vulnerability Management Program Jason Pubal GSEC
Web Application Firewalls Jason Pubal GCIA
Snort 3.0 Beta 3 for Analysts Doug Burks GCIA
Testing Application Identification Features of Firewalls William McGlasson GCIA
Check Point Firewall Log Analysis In-Depth Mark Stingley GCIA
Using and Configuring Security Onion to detect and prevent Web Application Attacks Ashley Deuble GCIA
Enhancing Intrusion Analysis through Data Visualization Wylie Shanks GCIA
Building and Managing a PKI Solution for Small and Medium Size Business Wylie Shanks GSEC
The Security Onion Cloud Client Network Security Monitoring for the Cloud Joshua Brower GCIA
Securely Integrating iOS Devices into the Business Environment Joshua Brower GSEC
A Practical Big Data Kill Chain Framework Brian Nafziger GSEC
What’s Running on Your Network? Francois Begin GCIA
BYOB: Build Your Own Botnet Francois Begin GSEC
Remotely Accessing Sensitive Resources Jason Ragland GSEC
An Open Source Layer 2 Switch Jim Wilson GSEC
Online Backup: Worth the Risk? Stephen Strom GSEC
An Introduction To Securing a Cloud Environment Todd Steiner GSEC
Check Point firewalls – rulebase cleanup and performance tuning Barry Anderson GSEC
Social Engineering: Manipulating the Source Jared Kee GCIA
Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment Sunil Gupta GCIA
Profiling Hackers Larisa Long GSEC
Spoofing: An Overview of Some Current Spoofing Threats Neil Riser GSEC
Using Web Application Firewall to detect and block common web application attacks Issac Kim GCIA
Vulnerabilities In TCP And UDP Ports Robert Davis GSEC
The Importance of Security Awareness Training Cindy Brodie GSEC
Defense in Depth: An Impractical Strategy for a Cyber World Prescott Small GSEC
An Analysis of Gameover Zeus Network Traffic Daryl Ashley GCIA
Setting up Splunk for Event Correlation in Your Home Lab Aron Warren GCIA
Diskless Cluster Computing: Security Benefit of oneSIS and Git Aron Warren GSEC
Catching Phishers with Honey-Mail Dennis Dragos GSEC
Smart IDS — Hybrid LaBrea Tarpit Cristian Ruvalcaba GCIA
Incident Handler’s Handbook Patrick Kral GSEC
Business Continuity On A Stick Patrick Kral GSEC
Implementing IEEE 802.1x for Wired Networks Johan Loos GCWN
Protect Critical Infrastructure Systems With Whitelisting Dwight Anderson GSEC
Implementing a Vulnerability Management Process Tom Palmaers GSEC
VoIP Security Vulnerabilities David Persky GCIA
Documentation is to Incident Response as an Air Tank is to Scuba Diving Chet Langin GSEC
Designing and Implementing a Honeypot for a SCADA Network Charles Scott GCIA
Auditing and Securing Multifunction Devices Charles Scott GSEC
Wireshark: A Guide to Color My Packets Roy Cheok GCIA
Host-Based Detection and Data Loss Prevention Using Open Source Tools Chris Hoke GCIA
Detecting and Preventing Rogue Devices on the Network Ibrahim Halil Saruhan GCIA
Open Source Host Based Intrusion Detections System (OHIDS) Tom Webb GCIA
An Architecture for Implementing Enterprise Multifactor Authentication with Open Source Tools Tom Webb GSEC
VPNScan: Extending the Audit and Compliance Perimeter Robert Vandenbrink GSEC
IOSMap: TCP and UDP Port Scanning on Cisco IOS Platforms Robert Vandenbrink GCIA
Defense in Depth: Employing a Layered Approach for Protecting Federal Government Information Systems Stacy Jordan GSEC
Building Servers as Appliances for Improved Security Algis Kibirkstis GSEC
The Afterglow effect and Peer 2 Peer networks Jerome Radcliffe GCIA
Log Management SIMetry: A Step by Step Guide to Selecting the Correct Solution Jim Beechey GSEC
SIEM Based Intrusion Detection with Q1Labs Qradar Jim Beechey GCIA
A Practical Social Media Incident Runbook Trenton Bond GSEC
Visualizing Firewall Log Data to Detect Security Trenton Bond GCIA
Protecting Laptop Computers Greg Hill GSEC
Laptop Security: Windows® Vista vs. XP Greg Hill GSEC
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco Matt Austin GPPA
Using rsync to centralize backups in small to medium-sized networks Jeff Lake GSEC
Applying Information Security and Privacy Principles to Governance, Risk Management & Compliance Scott Giordano GSEC
Intrusion Detection & Response Leveraging Next Generation Firewall Technology Ahmed Abdel-Aziz GCIA
Windows 2000 Monitoring from Windows NT in a Workgroup Frank Vianzon GCWN
Visual Baselines – Maximizing Economies of Scale Using Round Robin Databases Kirsten Hook GCIA
Preparing to face new vulnerabilities Jacelyn Faucher GSEC
A Practical Application of Background Investigations for Small Company Security Perimeters Timothy Cook GSEC
Successful SIEM and Log Management Strategies for Audit and Compliance David Swift GCIA
Monitoring Network Traffic for Android Devices Angel Alonso-Parrizas GCIA
Firewall Analysis and Operation Methods Kim Cary GPPA
Detecting DNS Tunneling Greg Farnham GCIA
Malware Analysis: An Introduction Dennis Distler GSEC
Performing Egress Filtering Dennis Distler GPPA
Wireless Attacks from an Intrusion Detection Perspective Gary Deckerd GCIA
A Virtually Secure Browser Seth Misenar GSEC
Corporate Identity Fraud: Life-Cycle Management of Corporate Identity Assets Bryan Fite GSEC
Simulating Cyber Operations: A Cyber Security Training Framework Bryan Fite GSEC
Integrating Wired and Wireless IDS Data Michael Stanton GCIA
Passive Application Mapping Benjamin Small GCIA
Corporate vs. Product Security Philip Watson GSEC
The User Agent Field: Analyzing and Detecting the Abnormal or Malicious in your Organization Darren Manners GCIA
A Framework to Collect Security Events for Intrusion Analysis Jim Chrisos GCIA
Trends in Bot Net Command and Control Will Longman GSEC
Risks and Rewards of Instant Messaging in the Banking Sector Nicholas Rose GSEC
Requirements For Record Keeping and Document Destruction in a Digital World Craig Wright GSEC
A comparative study of attacks against Corporate IIS and Apache Web Servers Craig Wright GPPA
CURRENT ISSUES IN DNS Craig Wright GCIA
Implementing a Secure Wireless Network for a Windows Environment Dan Thompson GCWN
A Small Business No Budget Implementation of the SANS 20 Security Controls Russell Eubanks GCIA
Application Firewalls: Don’t Forget About Layer 7 Russell Eubanks GSEC
Something Phishy: How to Avoid Being Caught in the Net of Specialized Spam Karen Friend GSEC
GIAC GCFW Assignment – Pass Arthur Lee GPPA
Visa’s 3-D Secure™:Secure Online Payment Authentication Dominique Singer GSEC
Securing the GPRS Network Infrastructure – a Network Operator&#039s Perspective Jonathan Sau GSEC
How to Avoid Inofrmation Disclosure when Managing Windows with WMI Alex Timkov GSEC
An Introduction to Metasploit Project for the Penetration Tester Brandon Greenwood GSEC
Tuning an IDS/IPS From The Ground UP Brandon Greenwood GCIA
Network Security: Layering a 3R Solution @ the Perimeter Larry Copeland GSEC
Securing Windows Service Accounts Gerald Rice GSEC
Security for Critical Infrastructure SCADA Systems Andrew Hildick-Smith GSEC
Apache modules for rapid mitigation of security threats Stephanie Sullivan GSEC
Deploying Nagios Monitoring Services on Secured Red Hat Enterprise Linux 3 Environment Alexey Rogozhkin GCUX
Phishing for Banks: A Timely Analysis on Identity Theft & Fraud in the Financial Sector Tony UcedaVelez GSEC
Securing a virtual fortune cookie saying business in the wired and wireless world Klaus Wagner GPPA
How to Configuring Local Logging on Solaris 8 and Use Symantec Intruder Alert for Centralized Logging Nolan Haisler GSEC
An Overview of the Wireless Intrusion Detection System Oliver Poblete GSEC
Cyberstalking: A Modern Dilemma Shelli Richard GSEC
GIAC GCIA Assignment – Pass Chris Sia GCIA
Pass – English Version Marco Brando GCIA
GIAC GCIA Assignment – Pass Jax Gough GCIA
GIAC GCFW Assignment – Pass Mike Jensen GPPA
GIAC GCIA Assignment – Pass Kenneth Foster GCIA
A Guide to Discovering Web Application Insecurities, Before Attackers Do Don Williams GSEC
Measuring effectiveness in Information Security Controls Manuel Humberto Santander Pelaez GSEC
GIAC GCIA Assignment – Pass Manuel Humberto Santander Pelaez GCIA
Case Study: The Get Connected CD David Greenberg GSEC
Secure remote access using a Juniper SSL VPN Graham Belton GSEC
GIAC GCIA Assignment – Pass Adam Kliarsky GCIA
GIAC GCIA Assignment – Pass Kevin Holestine GCIA
Hardening Oracle in a Linux (Unix) Environment Robert Persick GSEC
EnterpriseOne Security Solution for Real Estate Management Ruben A. Amely-Velez GSEC
GIAC GCFW Assignment – Pass Robert McKinney GPPA
Indelicate Balance: The Challenge of Content Filtering Systems in a Litigious Society Grant Streeter GSEC
GIAC GCIA Assignment – Pass Steven Wimmer GCIA
Incident Management 101: Preparation & Initial Response (aka Identification) Robin Dickerson GSEC
Taking control of your Internet email using Sendmail and Mimedefang. Matthew Schumacher GSEC
Risk Assessment of Social Media Robert Shullich GSEC
Minimizing the effects of infected PCs on a Network Sean Sheil GSEC
Voice Over Internet Protocol (VoIP) and Security Greg Tucker GSEC
GIAC GCIA Assignment – Pass Andrew Magnusson GCIA
An Overview of 802.11 Wireless Network Security Standards & Mechanisms Luis Carlos Wong Or GSEC
Information Systems Security Architecture: A Novel Approach to Layered Protection George Farah GSEC
Identity Theft:What you need to know Krzysztof Biernacki GSEC
A primer for PC secured configuration compliance monitoring solution Efi Kaufman GSEC
But I have a firewall, my network’s secure! Derran Guinan GSEC
Understanding Oracle Auditing Wayne Reeser GSEC
IT Security Awareness Best Practices James Neidich GSEC
Case Study: Secure Application Deployment Utilizing Terminal Server and VPN Clients Greg Croteau GSEC
GIAC GCIA Assignment – Pass Alexander Schinner GCIA
.Securing the Cisco Aironet 1200 Access Point. Jeffrey Turner GSEC
GIAC GCFW Assignment – Pass Craig Howell GPPA
Thumb Drive Threats and Countermeasures in a Mircosoft Windows Environment Mark Baggett GSEC
IP Fragment Reassembly with Scapy Mark Baggett GCIA
Configuring a Cisco PIX to use TACACS+ for authentication of a remote user VPN Charles Brodsky GSEC
Track 3 – Intrusion Detection In-Depth GIAC Certified Intrusion Analyst (GCIA) Practical Assignment Version 4.0 Jan Stodola GCIA
Securing Wireless Networks Brett Thorne GSEC
Creating A Secure Linux Logging System Nathaniel Hall GSEC
GIAC GCFW Assignment – Pass John Swartzendruber GPPA
Building a Secure Solaris 9 JumpStart Server Bayly Eley GCUX
Setting up a Secure Mail Server with HP-UX 11i v1, Qmail and Qpopper Patrick Wallek GCUX
Secure Data. Is there Such a Thing? Sheetal Sood GSEC
Steganography in the Corporate Environment Joann Kennedy GSEC
Assessment of the Blackberry Enterprise Solution Robin Killeen GSEC
3DES and Secure PIN-based Electronic Transaction Processing Michael Buegler GSEC
Information Operations: An Orchestra of Protection John Petropoulos GSEC
Implementing a Secure WebDAV System Richard Ross GSEC
Evil Through the Lens of Web Logs Russ McRee GCIA
SMaK Russ McRee GSEC
Voice over Internet Protocol: A Discussion on How to Securely Implement on an Existing Data Network Kevin Larson GSEC
Look who.s listenin Richard Sillito GSEC
PHYSICALLY SECURITY CONSIDERATIONS FOR HIGHLY DISTRIBUTED AUTOMATION NETWORKS Rob McComber GSEC
Utilizing Static Packet Filters to Enhance Network Security Scott Foster GSEC
Meeting the challenges of automated patch management John Walther GSEC
CARP: The Free Fail-over Protocol Pieter Danhieux GSEC
Using the FEMA Incident Command System to manage Computer Security Incidents Chuck Morris GSEC
Did You Get My Email? Ray Ellington GSEC
GIAC GCIA Assignment – Pass Josh Berry GCIA
Monitoring the vital signs of a network with Multi Router Traffic Grapher (MRTG) Peter Chow GSEC
Surfing the Web Anonymously – The Good and Evil of the Anonymizer Peter Chow GSEC
Information Security.s Unlikely Advocae Matt Sorensen GSEC
Maintaining a secure network Robert Droppleman GSEC
Vulnerability Assessment Homyar Naterwala GSEC
Building an Enterprise Ready, Client based VPN Solution. Kurt Anderson GSEC
Challenges Associated with Windows 2000Group Policy Object (GPO) Management Henry Kiiskinen GSEC
Building a Secure Sun JumpStart Environment Using the Solaris Security Toolkit, Step-by-Step Mahrlon Willis GCUX
Automation of Secure Debian/GNU Linux Installations withFully Automatic Installation Mathew Chrystal GSEC
Are SSL VPNs Ready for the Mainstream? Michael Jackson GSEC
GIAC GCIA Assignment – Pass Blaine Hein GCIA
Case for an Intrusion Detection System on the RFInterface of GPRS/EDGE Vanessa Pegueros GSEC
An Introduction to the Computer Security Incident Response Tom Campbell GSEC
Preparation@Incident Response.security Dan Widger GSEC
Web SSL Authentication Using Client X.509 Digital Certificates Artem Kazantsev GSEC
A Case Study: Removing Server Based Trust Relationships Keith Gaughan GSEC
Detecting Spam with Genetic Regular Expressions Eric Conrad GCIA
A Non-technical Perspective: Authentication – AKA: The Idiot’s Guide to Passwords Matt Galin GSEC
GIAC GCFW Assignment – Pass Dan Lazarakis GPPA
The “Great Firewall” of China: A Real National Strategy to Secure Cyberspace? Carolyn Pearson GSEC
Managing Sophos Anti-Virus on a College Network Steven Blanc GSEC
iPad Security Settings And Risk Review For iOS 4.X Jim Horwath GSEC
Setting Up a Database Security Logging and Monitoring Program Jim Horwath GCIA
Building a Cost Effective Enterprise-Wide Monitoring Solution Using Big Brother Jim Horwath GCUX
Wireless Security: The Draft IEEE 802.11i Standard Greg Nowicki GSEC
GIAC GCIA Assignment – Pass Ben Allen GCIA
Active Directory, Group Policy And Auditingsystem Design For Merged Windows 2000 Multiforest Environment Tomislav Herceg GCWN
GIAC GCIA Assignment – Pass Bobby Noell GCIA
Meeting FISMA Requirements for Systems Constructing a System Security Plan Daniel Nagy GSEC
Practical demonstration of 802.11 wireless network system risk for non-technical business managers Marie Fromm GSEC
How to Effectively Launch and Maintain Security Policies Vincent Fitzpatrick GSEC
GIAC GCIA Assignment – Pass Hitendra Patel GCIA
Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure Eliot Lim GSEC
Novell NetWare 6 Security Baseline Configuration John Saley GSEC
GIAC GCIA Assignment – Pass Scott Renna GCIA
Network Security- A Guide for Small and Mid-sized Businesses Jim Hietala GSEC
Securing the Employees in a HIPAA-Regulated Environment Brian LaPointe GSEC
Securely Operating Windows Terminal Services/Remote Desktop Multiplatform Environment Keith Lawson GSEC
Using a Custom LiveCD and Firewall Builder to Provide Enterprise Level Security on a Budget Jim Gadrow GSEC
Netfilter and IPTables – A Structural Examination Alan Jones GSEC
Case Study – Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation Joseph Mccomb GSEC
CA-ACF2 User Account Cleanup Scott Meyer GSEC
The Art of Web Filtering Robert Alvey GSEC
GIAC GCFW Assignment – Pass John Holbrook GPPA
Step by Step Installation of a Secure Linux Web, DNS and Mail Server John Holbrook GSEC
GIAC GCFW Assignment – Pass Tom Jozwiak GPPA
Buffer Overflows and Application Security Craig Sheppard GSEC
Information Security Gets a Seat at the Table Kent Nabors GSEC
Security Best Practice – Novell NetWare 6.5 Remote Management Utilities Adam Schieman GSEC
California’sNotice of Security Breach’s What’s it all About and What it Means to You Vicki Harris GSEC
A Policy to Prevent Outsider Attacks on the Local Network Clarissa Evans Brown GSEC
Securing a NetWare 6.5 Installation and Server Environment Robert Clarke GSEC
Basic Lindows Security Andrew Bernoth GSEC
GIAC GCIA Assignment – Pass Vance Victorino GCIA
Base64 Can Get You Pwned Kevin Fiscus GCIA
A Survey of IT Offshoring Kelly Gieg GSEC
Department of Defense Public Key Infrastructure Sandra Felton GSEC
Audit Of The GIAC Enterprises Production Web And Database Servers Richard Allen Stone GCUX
Security Analysis Of GIAC Enterprises FTP Gateway Ivar Aarsnes GCUX
Securing Sensitive Data in a Research Environment: A Case Study Tim Van Acker GSEC
Row Level Security in Oracle Databases with Virtual Private Database and Label Security Steve Enevold GSEC
Wireless Security Dispelling Myths Eric Smith GSEC
GIAC GCIA Assignment – Pass David Lewis GCIA
Detachable Data Compartmentalization: Layered Defense for Laptop Data Using USB Keychain Hard Drives as Detachable Data Compartmentalization Modules John Pritchard GSEC
GIAC GCFW Assignment – Pass Tim Lewis GPPA
Case Study in Implementing AAA Servers Using TACACS+ Steve Ingram GSEC
Disaster Recovery in Healthcare Organizations: The Impact of HIPAA Security James Murphy GSEC
How do you like your Internal Security? Hard-Boiled or Scrambled? A Case Study of Hardening Interior Security Jennifer Gruener GSEC
Case Study: Improving Security in Corporate (SMTP) E-Mail Delivery Brian Sommers GSEC
Network Security Blueprint Steve Clancy GSEC
Passed Maxwell Chi GSEC
Security Policy and Social Media Use Maxwell Chi GSEC
Cyberspace: America’s New Battleground Maxwell Chi GSEC
Skimming and Its Side Effects Nobie Cleaver GSEC
Highly Available PCs First Step in Business Continuity for Executives Joseph Fraher GSEC
Distributed Vulnerability Assessment with Nessus Faiz Ahmad Shuja GSEC
GIAC GCIA Assignment – Pass Bent Mathiesen GCIA
GIAC GCIA Assignment – Pass Eric Evans GCIA
GIAC GCFW Assignment – Pass Chris Reining GPPA
GIAC GCIA Assignment – Pass Chris Reining GCIA
GIAC GCIA Assignment – Pass Geoffrey Sanders GCIA
When Business Need Justifies Leaving RPC Services Enabled Bertha Marasky GCUX
A practical guide to OpenSSH Olivier De Lampugnani GSEC
Implementing a Windows 2003 PKI from an Existing Windows 2000 Network Norman Christopher-Knight GCWN
Managing Security with Group Policy and the Windows Server 2003 Group Policy Management Console Norman Christopher-Knight GSEC
Implementing and Configuring IPv6 in Windows 2003 and XP SP1 Keith H Irby GSEC
Authentication – The simple things in life cannot be forgotten Simon Clarke GSEC
GIAC GCFW Assignment – Pass Richard Park GPPA
Securing A Wireless LAN: A Case Study Richard Park GSEC
Instant Messaging technology for the business market. Do the advantages outweigh the risks? Phuong Nguyen GSEC
Security Concerns in Using Open Source Software for Enterprise Requirements SreenivasaRao Vadalasetty GSEC
Consumer Oriented Security Information: Common threats on the Internet and how to avoid them Dave Cadrette GSEC
Rapid Tactical Reconnaissance Techniques for Extremely Large-Scale, Dynamic Enterprise Networks Jonathan Ham GSEC
Secure Server Policies and Procedures for Novell NetWare Compliance Dale Daugherty GSEC
Auditor’s Report – GIAC University – Solaris MTA Security Audit Susan Hanna GCUX
Linux Kernel Hardening Taylor Merry GSEC
Securing the Network in a K-12 Public School Environment Russ Penner GSEC
Smartcards: One stop shop? Deploying smartcards Tyler Tobin GSEC
GIAC GCFW Assignment – Pass Miles Parkin GPPA
Evading Network Security Devices Utilizing Secure Shell Wesley Brown GSEC
GIAC GCFW Assignment – Pass Mike Mahurin GPPA
Novell Small Business Suite Security Recommendations Scott Stone GSEC
Information Assurance Ramifications of Using OpenSSL in the Department of Defense Computing Environment Joel Kirch GSEC
Daily Processes for Maintaining a Secure Windows Environment Larry Arant GSEC
Wanted Dead or Alive: Snort Intrusion Detection System Mark Eanes GSEC
Role-Based Access Control: The NIST Solution Hazen Weber GSEC
Case Study: Implementing a Secure Wireless Network using WPA Randy Hensel GSEC
GIAC GCFW Assignment – Pass Eu Jin Justin Ng GPPA
GIAC GCIA Assignment – Pass Johnny Wong GCIA
Slamming the door on the Slammer worm Matthew Boykin GSEC
Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study John Johnston GSEC
The Third Element (The rise of the NEO hacker) Jayson Street GSEC
Viral Polymorphism Stephen Pearce GSEC
GIAC GCFW Assignment – Pass Roberto Obialero GPPA
GIAC GCFW Assignment – Pass Bee Seah Li GPPA
Configuring Watchguard Proxies: A Guideline to Supplementing Virus Protection and Policy Enforcement Alan Mercer GSEC
Obstacles to – And Workarounds For – Deploying Secure Systems Craig Cox GSEC
An Introduction to SELinux for Administrators Jeff Pike GCUX
Auditing-In-Depth For Solaris Jeff Pike GSEC
GIAC GCIA Assignment – Pass Joe Bowling GCIA
Linux kernel rootkits: protecting the systems Ring-Zero Raul Siles GCUX
Security Elements of IIS 6.0 Anthony DeVoto GSEC
GIAC GCIA Assignment – Pass Joanne Schell GCIA
GIAC GCFW Assignment – Pass Robert Winding GPPA
Information Security Managing Risk with Defense in Depth Ken Straub GSEC
Wireless Security: Past, Present and Future Keith Morris GSEC
Brush up on Bluetooth Jeffrey Hall GSEC
Examining the RPC DCOM Vulnerability: Developing a Vulnerability-Exploit Cycle Kevin O’Shea GSEC
GIAC GCIA Assignment – Pass David Perez GCIA
Encrypting Mail in a Windows Network David Perez GCWN
Deploying Honeypots and the Security Architecture of a Fictitious Company David Perez GPPA
Logging and Reporting : A view from the top Rick Hislop GSEC
Building a Secure Backup Server for theSolaris 9 Operating Environment Shaun McAdams GCUX
SSH (Secure Shell) Authentication Methods and Security Control Robert Decker III GSEC
A Comparison of 3rd Party Anti-Spyware Tools for a Business Environment Richard Snow GCWN
Case Study: Spam Blocking, Content Filtering, Virus Scanning and Attachment Blocking in a Novell GroupWise Environment With Guinevere, SpamAssassin and Symantec (Norton) Anti-Virus Corporate Edition Doug Hitchen GSEC
Data-Centric Quantitative Computer Security Risk Assessment Brett Berger GSEC
Enhancing E-mail Security using Exchange Server 2003 and Outlook 2003 Cheryl Jones GCWN
Securing Wireless Clients using IPsec via Linux Gateway Robert King GSEC
GIAC GCFW Assignment – Pass Rupert Currey GPPA
Network- and Host-Based Vulnerability Assessments: An Introduction to a Cost Effective and Easy to Use Strategy. Ragi Guirguis GSEC
Keeping Red Hat Linux Systems Secure with up2date John Mravunac GSEC
Common issues in PKI implementations – climbing the “Slope of Enlightenment” Angela Keith GSEC
Limiting Exposure to Denial of Service Attacks Heather Burritt GSEC
GroupWise 6.5 Security Joyce Noeltner GSEC
Getting Started: The Impacts of Privacy and Security Under HIPAA – A Case Study Barbara Filkins GSEC
Hard Earned Lessons In Implementing Computer Security Incident Response Jason Chee GSEC
GIAC GCIA Assignment – Pass John Petkovsek GCIA
Implementing Least Privilege at your Enterprise Jeff Langford GSEC
Methods for Securing a Multi-Platform Environment David Lyon GSEC
Securing Blackboard Learn on Linux David Lyon GCUX
Trapping A Monster: An Observation of Honeypots Enoch Gamble I GSEC
Securing the Gold through Better Network Design: A Case Study Todd Sheppard GSEC
A Best Practices Guide To Secure a Windows(R) XP Professional Installation Zacharias Groves GSEC
Branch Office connectivity: Private Frame to VPN’s, makes dollars and sense. David Boyden GSEC
Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle Steve Terrell GSEC
Secure File Transfer with SSH2 Renato Lozano GSEC
Lessons in Learning Network Security Coleen Regalmuto GSEC
Securing Windows 2000 with Security Templates Patricia Shirer GCWN
Why The Need for Internet Content Filtering/Management- A Close Look at Internet Manager Elron Web Inspector 6.03 Michell Singleton GSEC
GIAC GCFW Assignment – Pass Timothy Miller GPPA
Deploying a website built using Oracle9iAS Portal Stephen Coates GSEC
GIAC GSEC Assignment – Pass Colleen Bolan GSEC
The Need for an Established Security Awareness Training Program Richard Lewis GSEC
GIAC GCFW Assignment – Pass Richard Lewis GPPA
Enhancing risk management within a research laboratory, from behind an academic institution’s firewall – a case study Paul Buzzell GSEC
Long Distance Failover – High Availability using Cisco PIX Firewall Chris Ellem GSEC
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection Kevin Knox GSEC
GIAC GCIA Assignment – Pass Kevin Knox GCIA
GIAC GCIA Assignment – Pass Terry MacDonald GCIA
A New Evolution in Hack Attacks: A General Overview of Types, Methods, Tools, and Prevention Kelley Ealy GSEC
Implementing a Security Program from the Beginning, for the Beginner Thomas Paulger GSEC
Slippery Slope or Terra Firma? Current and Future Anti-Spam Measures Charlene LeBlanc GSEC
Steganography Michael Meister GSEC
Case Study: Transforming a Traditional Windows Client/Server Application Into a Secured ASP Offering David Strubbe GSEC
Building a Secured OS for a Root Certificate Authority Don Murdoch GCUX
SANS and GIAC Together Again Don Murdoch GCWN
GIAC GCIA Assignment – Pass Don Murdoch GCIA
Putting Eyes on the Wire Don Murdoch GSEC
SANS/GIAC Enterprises Active Directory Merger – Design, Security Policy, and Auditing Practices Ben Schmitt GCWN
Building a Secure OpenBSD Mail System on a Small Budget Jesse Trucks GCUX
GIAC GCIA Assignment – Pass Bill Young GCIA
Design a Secure Windows 2000 Infrastructure Jack Kohn GCWN
GIAC GCFW Assignment – Pass Amit Sood GPPA
Oracle Collaboration Suite Security Chris Bennett GSEC
Security Process for the implementation of a Company’s extranet network connections. Kirk Steinklauber GSEC
GIAC GCIA Assignment – Pass Jim Becher GCIA
Securing a Windows 2000 Application Server With Security Templates Joshua Sprenger GCWN
Kerberos and Access Token Limitations Joshua Sprenger GSEC
Security in Practice- Reducing the Effort Leon Pholi GSEC
Centralized Monitoring of Distributed Systems Edward Finneran GCUX
Case study: Implementing Trend Micro antivirus solutions in the enterprise. Mark De Rijk GSEC
GIAC GCIA Assignment – Pass Andrew Patrick GCIA
Case Study: Using Syslog in a Microsoft & Cisco Environment Dan Rathbun GSEC
Limiting Concurrent Logins in Windows NT/2000 Gene Burton GSEC
GIAC GCIA Assignment – Pass Ashley Thomas GCIA
Understanding Wireless LAN Technology and its Security Risks Julie Schuller GSEC
Strategies for Improving Vulnerability Assessment Effectiveness in Large Organizations Robert Huber GSEC
Cost Effective Firewalling Using Linux Technology In Small Businesses Steve Lang GSEC
Facing Security on a Boosted RREN Backbone Carlos Fragoso Mariscal GSEC
A Guide to Hash Algorithms Britt Savage GSEC
Linux Firewall Audit: GIAC Enterprises Elaine Madison GCUX
GIAC GCFW Assignment – Pass Stanley Yachera GPPA
Introducing Security to the Small Business Enterprise Jeff Herbert GSEC
Windows Update and Its Derivatives – With a focus on SUS Pei-li Chao GSEC
ACF2 Mainframe Security Bethany Hinsch GSEC
In Search of Secure File Transfer Across the Internet Robert Solomon GSEC
GIAC Certified Windows Security Administrator Bryce Thompson GCWN
Let’s Slam SQL: The Slammer Worm and Lessons Learned Brian Greif GSEC
The Logbook of The World Ted Demopoulos GSEC
An Introduction To File Integrity Checking On Unix Systems Del Armstrong GCUX
Light at the end of the TCP Tunnel: Freedom or Oncoming Train? Risks, Benefits and Best Practices James Ault GSEC
GIAC GCIA Assignment – Pass Daniel Wesemann GCIA
Current Steganography Tools and Methods Erin Michaud GSEC
NIDS Countermeasures: What, Why, Where, When, and How Jonathan Kobrick GSEC
Integrating Real-Time Services on the Web Pete Kobak GSEC
Symantec Enterprise VPN Solution: Extending our Network through the Internet Robin Parrish GSEC
A Guide to Government Security Mandates Christian Enloe GSEC
Building a Security Test Environment Richard Noel GSEC
Solaris 9 Secure File Transfer Server Audit Julie Baumler GCUX
Scanning for viruses Dan Boyd GSEC
GIAC GCIA Assignment – Pass Ron Shuck GCIA
Security Assessment Guidelines for Financial Institutions Karen Nelson GSEC
The Key to Internet Security Is Education Cindy James GSEC
Common Ground – A Discussion of Standards in Network Security and How to Extend Them into the Network Assessment Arena Timothy Politowicz GSEC
Web services – why all the talk about security? Richard Rabinowitz GSEC
Implementation Methodology for Information Security Management System (to comply with BS 7799 Requirements) Avinash Kadam GSEC
Smart Card Authentication: Added Security for Systems and Network Access Lawrence Thompson GSEC
Custom IIS Authentication and Access Control using ISAPI Filter Arsne von Wyss GCWN
Securing Windows running Trend Micro Services with Security Templates Curtis Simonson GCWN
Finding the Right Instant Messaging Solution for Your Company Jeff Richeson GSEC
GIAC GCFW Assignment – Pass Greg Lalla GPPA
GIAC GCIA Assignment – Pass Greg Lalla GCIA
Patching Windows Environments Using Microsoft Software Update Services SUS Ihaab Dais GSEC
UNIX System Management and Security: Differences between Linux, Solaris, AIX and HP-UX Haral Tsitsivas GSEC
GIAC GCFW Assignment – Pass Mike Powell GPPA
Setting Up Controlled Virtual Private Networks Using Microsoft’s Proxy Server and Routing and Remote Access Service Mike Powell GSEC
Defending Against Spyware Invasion Brian Smith GSEC
Achieving Managements Security Commitment Sherry Desbrough GSEC
GIAC GCFW Assignment – Pass Terry Hasford GPPA
The Risks Involved With Open and Closed Public Key Infrastructure Philip Hlavaty GSEC
Firewall Fingerprinting: Using default TCP/UDP port combinations and Nmap to identify firewall types in a network Charles Hamby GSEC
Remote Access VPN Security Concerns and Policy Enforcement Mike Stines GSEC
Monitoring Web Server Logs Using Event Log Monitoring Steven Becker GSEC
The Difficulty of Detecting Rogue Wireless Access Points on a University or Organization Campus Anna Zapata GSEC
Detecting and Protecting Against Word Field Code Abuse Mark Soderlund GSEC
Vulnerabilities Secure Base Build of AIX 5.1 Al Un GSEC
Bastion Build Revisited Al Un GCUX
VPN Deployment: Remote Access via Cisco PIX Dwayne Foley GSEC
Slapper Paul Elwell GSEC
Contingency Planning for ACE/Server 5.0 Tikuo Chen GSEC
Event Correlation Systems – The New Threat Frontline Kevin McIntyre GSEC
GIAC GCIA Assignment – Pass Alex Wood GCIA
PGP For Everyday Use Jeremy Hoel GSEC
Under the radar: A look at three covert communications channels Jim Goltz GSEC
Creating a Home Test Lab Russell Elliott GSEC
GIAC GCIA Assignment – Pass Carl Gibbons GCIA
Intrusion Detection, Evasion, and Trace Analysis Michael Wyman GCIA
PureSecure(TM) Complete Intrusion Detection Jason Oseen GSEC
Security for a CRM environment Jason LaFrance GSEC
A Novice’s Guide to Securing Windows XP Home Edition Timothy Potter GSEC
Building a Cookerpot: Using honeypots to improve Mandrake Linux security Valter Santos GSEC
Protecting the Average Consumer-What’s wrong with Firewalls Thomas Hauer GSEC
Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network James Murphy GSEC
Steganography Policies for Protecting Your Web Site Toni Halley GSEC
Web Application Security – Layers of Protection William Fredholm GSEC
The Need for Information Security in Today’s Economy Jeff Tarte GSEC
Distributed Intrusion Detection Systems: An Introduction and Review Royce Robbins GSEC
Security Management Adam Wojnicki GSEC
Empowering Your IT Call Center as Information Security Advocates Carrollynn Brown GSEC
Patch Management, Getting Started Lee Debruin GSEC
Securing Wireless Networking Within The College District Case Study Gregory Evilsizer GSEC
Case Study On Improving The Security Of A Firm In A Legacy Application Setting Susan Bradley GSEC
Protecting Small Business Banking Susan Bradley GSEC
Setting Up and Securing a Small Network with OpenBSD Blair Heiserman GSEC
Ghosts in the machine: The who, why, and how of attacks on information security Cary Barker GSEC
A Case for Forensics Tools in Cross-Domain Data Transfers Dwane Knott GSEC
GIAC GCFW Assignment – Pass Brian States GPPA
Electronic Medical Records: Success Requires an Information Security Culture Thomas Roberts GSEC
Information Security in Higher Education: Threats & Response Thomas Roberts GSEC
Group Policy Security Risks and Best Practices Jenko Shih-jen Edward Hwong GSEC
Firewall Builder the GUI alternative James Coffey GSEC
Securing The Hp Nonstop Himalaya Using Safeguard Thomas Hamzik GSEC
GIAC GCIA Assignment – Pass Thomas Hoffecker GCIA
Security for Online Transaction Processing in a White Label Financial Switch Fabian Soler GSEC
GIAC GCFW Assignment – Pass Craig Duerr GPPA
Remote Users: Trust verses Necessity Chrystal Lionberger GSEC
A Case Study on Securing Medical Practitioners’ Offices and Making The Offices HIPAA-Aware Ira Victor GSEC
Development of a Network Intrusion Detection Policy Frank Yarnell GSEC
SSL Appliance Based Solutions for Corporate Web Farms: The Benefits, the Drawbacks, and the Vulnerabilities Matthew Fries GSEC
What is Seen is Screened Todd Emerton GSEC
InfoWar: Cyber Terrorism in the 21st Century Can SCADA Systems Be Successfully Defended, or are They Our “Achilles Heal”? Michael Ratledge GSEC
Securing Microsoft Exchange with Ciphertrust Ironmail John Warren GSEC
Impact of Automatic Update installation in Service Pack 3 from Microsoft on Windows 2000 workstation. Robert Blackwell GSEC
Bluetooth And Its Inherent Security Issues Tu Niem GSEC
GIAC GCFW Assignment – Pass Lesa Ludwig GPPA
GIAC GCFW Assignment – Pass Mark Hillick GPPA
Securing Our Critical Infrastructures Chris Brooks GSEC
PestPatrol in a Corporate Environment: A Case Study In Information Security Tim Strong GSEC
Ethics in Your Day, Your Job and Your Next Decision Norman Witt GSEC
Help We Just Fired Our Only IT Person! Doug Cox GSEC
Mitigating Web Application Risks With A Security Code Review And Appscan. Michael Blase GSEC
Linux.Slapper.Worm: Buffer Overflow Attacks Continue to Be a Problem Richard Fifarek GSEC
GIAC GCFW Assignment – Pass Mark Conger GPPA
Patch Management: Tackling the Remote Laptop and Teleworker – A Case Study Kay Cornwell GSEC
GIAC GCIA Assignment – Pass Erik Montcalm GCIA
Securing Task Station Computers Using Windows 2000 Group Policy Roger McClinton GCWN
Act Now! An Introduction To Canada’s PIPED Act and its Affect on Organizations and IT Departments Kevin Egan GSEC
GIAC GCIA Assignment – Pass Mohammed Haron GCIA
Is Your Storage Area Network Secure? An Overview of Storage Area Network from Security Perspective Mohammed Haron GSEC
A Case Study: Deployment of Virus Protection In The Global Enterprise Carl Alexander GSEC
Packet Sniffing In a Switched Environment Tom King GSEC
Security Considerations for Sharepoint Team Services on Windows 2000 Server Jonathan Davies GSEC
Secure Setup of a Corporate Detection and Scanning Environment Dieter Sarrazyn GSEC
GIAC GCIA Assignment – Pass Antonia Rana GCIA
Security Awareness – Implementing an Effective Strategy Chelsa Russell GSEC
GIAC GCIA Assignment – Pass Frans Kollee GCIA
Firewall on a Budget Scott Schimkowitsch GSEC
Securing an IIS 5.0 Web Server on Windows 2000 using Security Tools and Templates Graeme McLintock GSEC
GIAC GCIA Assignment – Pass Kerry Long GCIA
GIAC GCFW Assignment – Pass Greg Surla GPPA
Distributed Systems Security: Java, CORBA, and COM+ April Moreno GSEC
Aladdin Esafe Enterprise v3.0 Stacy Bolton GSEC
GIAC GCIA Assignment – Pass Nils Reichen GCIA
Securing a Web Development Workstation with the NSA Security Template Bill Sterns GCWN
Exploring Client-side Web Exploits Bill Sterns GSEC
Using A Reverse Proxy To Filter HTTP and HTTPS Mattison Ward GSEC
Combating the Lazy User: An Examination of Various Password Policies and Guidelines Sam Wilson GSEC
GIAC GCFW Assignment – Pass Sam Wilson GPPA
Solaris 10 Filesystem Integrity Protection Using Radmind Sam Wilson GCUX
Securing Mac OS X 10.1.5 Using Free Software David Shinberg GSEC
GIAC GCFW Assignment – Pass Penny Hermann-Seton GPPA
Security Features in IPv6 Penny Hermann-Seton GSEC
Design a Secure Windows 2000 Infrastructure Erik Weinmeister GCWN
Internet Email: Defense in Depth Howard Edin GSEC
The Life Cycle of A Security Awareness Program:What has and has not Worked John Turner GSEC
Are You a Responsible Internet Neighbour? Phillip Croft GSEC
Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts: A Case Study Ken Underwood GSEC
GIAC GCIA Assignment – Pass Dongmei Huang GCIA
GIAC GCIA Assignment – Pass Denis Brooker GCIA
Smart Cards – the All-in-One Security Platform for Today’s Corporate World Ee Chin Chong GSEC
Case Study: Adventures in Securing Mom and Pop Ken Davidson GSEC
Security Audit Report Mandar Rege GCUX
Stopping P2P: How to Rid Your Network of Unwanted P2P Traffic Russell Meyer GSEC
Challenges of Managing an Intrusion Detection System (IDS) in the Enterprise Russell Meyer GCIA
Information Assurance Using Biometrics Bryan Feltin GSEC
GIAC GCIA Assignment – Pass Jason Tant GCIA
Deploying Secure Public Kiosk Networks Jon Shaffer GSEC
Securing the SNMP Service Robert Hayden GCWN
Authenticating Nortel Contivity Clients Using RSA SecurID Tokens Rusty Fancher GSEC
Implementing Defense in Depth at the University Level G Michael Runnels GSEC
CyberPorn Tricks and Awareness Stephen Karrick GSEC
Security Aspects of a Samhain Client/Server Installation to Protect a Solaris Web Server Winston Holmes GCUX
System and Network Documentation Winston Holmes GSEC
Virii Generators: Understanding the Threat James Tarala GSEC
Implementing a Secure Microsoft Windows Server 2003 Terminal Services Infrastructure: A Case Study for ACME Healthcare, Inc. James Tarala GCWN
Steganography – See No Evil, Hear No Evil, Speak No Evil Chris Farrow GSEC
The University Has a Firewall – Isn’t That Enough? Why Users Still Need to Be Concerned About Computer Security Sherry Cummins GSEC
HIPAA/ISO 17799 Security Audit of GIAC Enterprises Onsite Employee Health Clinic Database Server Sherry Cummins GCUX
Developing a Secure and Portable Snort Sensor based on Red Hat 9 Frederick Larabee GCUX
Proactive Vulnerability Assessments with Nessus Jason Mitchell GSEC
SPAM: Recourse and Education Rodney Caudle GSEC
Assumptions in Intrusion Detection – Blind Spots in Analysis Rodney Caudle GCIA
Maintaining Departmental Security in a Centralized Environment: Keeping Things Secure When You Have to Cooperate Brent Veenstra GSEC
Novell Server Quick Security Guide for the Overworked Administrator Tony Flowers GSEC
Managing Network Firewalls -A Love/Hate Relationship James Medeiros GSEC
The Firewall Has Been Installed, Now What? Developing a Local Firewall Security Policy Richard Walker GSEC
Critical System Lifecycle: A Security Perspective Geoffrey Pascoe GSEC
GIAC GCIA Assignment – Pass Pedro Bueno GCIA
Inter-node Security Issues in 802.11b Wireless LAN Environments Patrick Sweeney GSEC
Buffer Overflows for Dummies Josef Nelissen GSEC
How to Effectively Secure Your Business Albert Yu GSEC
Continuously Anticipating the Network Attack Mark Georgas GSEC
Public-key Cryptography: PGP, SSL, and SSH Thomas Jonson GSEC
Designing a Secure Windows 2000 Network Infrastructure David Branscome GCWN
Securing a Red Hat Linux 7.2 Anonymous FTP Server with Security Support syslog Server Brian Melcher GCUX
Microsoft Internet Explorer 6.0 Security: Step-by-Step Chris Christianson GSEC
Aggressive Patching and the Use of a Standard Build: An OpenBSD example Michael Sullenszino GSEC
GIAC GCFW Assignment – Pass Robert Schiela GPPA
GIAC GCFW Assignment – Pass Blair Nason GPPA
Multi-Layered Approach to Small Office Networking David Taylor GSEC
Security Audit Report Zarina Musa GCUX
VPN-1 SecureClient – Check Point’s Solution for Secure Intranet Extension Ryan Gibbons GSEC
Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD Mansel Bell GSEC
GIAC GCIA Assignment – Pass Jared McLaren GCIA
Secure Open-Source Network IDS Jared McLaren GSEC
GIAC GCFW Assignment – Pass Jared McLaren GPPA
GIAC GCIA Assignment – Pass Michael Meacle GCIA
How to Install IC Radius and Extend via Custom Perl Script Michael Meacle GSEC
Protecting your Internal Systems from a Compromised Host Michael Nancarrow GSEC
GIAC GCIA Assignment – Pass David Manley GCIA
Nessus: Vulnerability Scanning and Beyond Paul Schmelzel GSEC
GIAC GCIA Assignment – Pass Paul Schmelzel GCIA
Cyber IPB Steve Winterfeld GSEC
A Qualitative Risk Analysis and Management Tool – CRAMM Zeki Yazar GSEC
Iris Recognition Technology for Improved Authentication Penny Khaw GSEC
LaBrea – A New Approach to Securing Our Networks Leigh Haig GSEC
GIAC GCIA Assignment – Pass Brian Sheffler GCIA
Building a Secure Solaris 8 Backup Server Jason Christensen GCUX
SSH and Intrusion Detection Heather Larrieu GSEC
GIAC GCIA Assignment – Pass Jalal Moloo GCIA
GIAC GCIA Assignment – Pass Kris Wicks GCIA
Implementing n Internet Content Filtering and Reporting Program Eric Wilkens GSEC
GIAC GCIA Assignment – Pass Jon Repaci GCIA
A Tool for Running Snort in Dynamic IP Address Assignment Environment Shin Ishikawa GSEC
The Sun Enterprise Authentication Mechanism John Douglass GSEC
GIAC GCIA Assignment – Pass Mark Embrich GCIA
IDS Burglar Alarms: A How-To Guide Mark Embrich GSEC
GIAC GCIA Assignment – Pass Tim Newell GCIA
Echelon: The Dangers of Communication in the 21st Century Chad Yancey GSEC
A Solaris Backup Script How-to Stanley Hearn GSEC
GIAC GCIA Assignment – Pass Glenn Larratt GCIA
GIAC GCFW Assignment – Pass Glenn Larratt GPPA
Introduction to the Security Audit Process Jim Murray GSEC
GIAC GCIA Assignment – Pass Michael McDonnell GCIA
Protecting Against the Unexpected Keith Seymour GSEC
Distilling Data in a SIM: A Strategy for the Analysis of Events in the ArcSight ESM James Voorhees GCIA
The Limits on Wireless Security: 802.11 in Early 2002 James Voorhees GSEC
Computing Industry Certifications and Security Kurt Jensen GSEC
A Detailed Look at Steganographic Techniques and Their Use in an Open-Systems Environment Bret Dunbar GSEC
Deploying Microsoft HiSecurity Template on a Windows 2000 Professional Workstation within a Windows NT 4.0 Domain Joe Matyaz GCWN
GIAC GCIA Assignment – Pass Dan Hawrylkiw GCIA
Wireless Networking Security: As Part of Your Perimeter Defense Strategy Daniel Owen GSEC
Implementing a Windows 2000 Host Based Intrusion Detection System Richard Springs GSEC
GIAC GCIA Assignment – Pass Patrick Ethier GCIA
GIAC GCIA Assignment – Pass Karim Merabet GCIA
Leveraging the Load Balancer to Fight DDoS Brough Davis GCIA
Areas to Consider When Planning Virus and Software Updates of Remote Computers Jeff Markee GSEC
PGP in a Networked, Multi-user Environment Mark Fennig GSEC
GIAC GCFW Assignment – Pass Mark Fennig GPPA
GIAC GCFW Assignment – Pass Mark Ballister GPPA
Monitoring for Security Events Using Windows Management Instrumentation Stephen Seigler GSEC
GIAC GCIA Assignment – Pass John Hally GCIA
Steganography: What’s the Real Risk? John Hally GSEC
Defeating Perimeter Security With HTTP Marcus Bailey GSEC
Twists in Security for Law Enforcement Conrad Larkin GSEC
Secure Shell Daemon crc32 Compensations Attack Detector Vulnerability Tim Yeager GSEC
An Analysis of Terrorist Groups’ Potential Use of Steganography Stephen Lau GSEC
Violations of Basic Computer Security Principles within the Television Broadcast Community and Some Suggested Solutions Paul Claxton GSEC
GIAC GCIA Assignment – Pass James Hoover GCIA
Securing a Fortune Marc Westbrock GCWN
ELECTRONIC DATA RECOVERY A Critical Component of Security, Disaster Recovery and Company Survival Marc Westbrock GSEC
An Informal Analysis of One Site’s Attempts to Contact Host Owners Laurie Zirkle GSEC
Applying the CIS Linux Benchmark v1.1.0 Recommendations to a Mandrake 9.1 Laptop with Higher Security Enabled Laurie Zirkle GCUX
We’re Auditors – We’re Here to Help James Butler GSEC
GIAC GCIA Assignment – Pass Sean-Paul Heare GCIA
GIAC GCIA Assignment – Pass Dan Guinane GCIA
GIAC GCIA Assignment – Pass Jim Hendrick GCIA
GIAC GCFW Assignment – Pass Jim Hendrick GPPA
Finding dsniff on Your Network Richard Duffy GSEC
Host vs. Network-Based Intrusion Detection Systems David Trzcinski GSEC
GIAC GCIA Assignment – Pass Keven Murphy GCIA
Implementation of a Secure Wireless Network on a University Campus Greg Redder GSEC
Making Smart Cards Work in the Enterprise Brett Lewis GSEC
Research Guide to Web Resources at Microsoft.com and Applying This to Patching Internet Information Server Barry Dahling GSEC
GIAC GCFW Assignment – Pass Daniel Mengel GPPA
No Budget, no Policy: Leading the Bull by the Nose or Thank God for the Cisco IOS Firewall Feature Set Richard Haynal GSEC
GIAC GCIA Assignment – Pass Thomas Shepherd GCIA
An Exploration into Biometrics, Security Architecture Design, and Security Policies Thomas Shepherd GPPA
GIAC GCFW Assignment – Pass Eve Edelson GPPA
Researching a Topic on the Internet Eve Edelson GSEC
Rootkit: Attacker Undercover Tools Saliman Manap GSEC
A Secure Windows 2000 Infrastructure David Heed GCWN
GIAC GCIA Assignment – Pass David Heed GCIA
Step-by-step Guide to Securing Red Hat 7.1 Linux Lawrence Grim GCUX
Security Awareness: Help the Users Understand Kenton Smith GSEC
Anti-virus Software: The Challenge of Being Prepared for Tomorrow’s MalWare Today Lisa Galarneau GSEC
GIAC GCIA Assignment – Pass Gregory Lajon GCIA
Overview of Nimda John Phillips GSEC
Building a Cost Effective Syslog Server using Solaris For Intel and SunScreen Lite – Honor Harpal Parmar GCUX
A Secure Windows 2000 Infrastructure for GIAC Enterprises Harpal Parmar GCWN
Securing a Windows 2000 IIS Web Server – Lessons Learned Harpal Parmar GSEC
A Guide to Building and Securing an Intranet Mail Server/Hub with AIX 5L Version 5.1 on an IBM RS/6000 Server Devon Caines GCUX
GIAC GCFW Assignment – Pass Orazio Mistretta GPPA
GIAC GCIA Assignment – Pass Orazio Mistretta GCIA
Basic Travel Security Revisited Thomas Palmer GSEC
Can Hackers Turn Off Your Lights? Jonathan Stidham GSEC
GIAC GCFW Assignment – Pass Tracy Thurston GPPA
Conducting an electronic information risk assessment for Gramm-Leach-Bliley Act compliance. Kevin Bong GSEC
GIAC GCIA Assignment – Pass Kevin Bong GCIA
GIAC GCFW Assignment – Pass Kevin Bong GPPA
GIAC GCIA Assignment – Pass Reuben Rubio GCIA
GIAC GCIA Assignment – Pass Alan Woodroffe GCIA
GIAC GCIA Assignment – Pass Mark Maher GCIA
GIAC GCIA Assignment – Pass Philipp Stadler GCIA
GIAC GCFW Assignment – Pass Philipp Stadler GPPA
GIAC GCFW Assignment – Pass Justin Ginsberg GPPA
Proactively Guarding Against Unknown Web Server Attacks William Geiger GSEC
The Code Red Worm John Dolak GSEC
Security and the 802.11b Wireless LAN Sean Griffin GSEC
AIX 4.3 Installation Checklist Kenneth Lee GCUX
SuSE Linux 7.1 Professional Installation Checklist Felix Schallock GCUX
Disconnect from the Internet – Whale’s e-Gap In-Depth Kevin Gennuso GSEC
How to Choose an Intrusion Detection Solution Baiju Shah GSEC
Security from Scratch… How to Achieve It Alan Davies GSEC
GIAC GCFW Assignment – Pass Chris Kellogg GPPA
The Weakest Link: The Human Factor Bradley Fulton GSEC
Protecting Sensitive Data in Secure Domains Mikael Trosell GSEC
Electronic Data Retention Policy Brian Wrozek GSEC
Cisco Router Hardening: Step-by-Step Dana Graesser Williams GSEC
GIAC GCIA Assignment – Pass Harvey Lange GCIA
Linux Red Hat 7.1 Security Assessment Bente Petersen GCUX
GIAC GCIA Assignment – Pass Bente Petersen GCIA
GIAC GCIA Assignment – Pass John Melvin GCIA
Protect your enterprise against clients centric attacks, using Windows 2000 GPO Thierry Agassis GCWN
Information Security: Handling Compromises Craig Bowser GSEC
Enforce Network Access Control through Security Policy Management Process and Enforcement Craig Bowser GSEC
Why Small Businesses Need to Secure Their Computers (and How to Do It!) Bruce Diamond GSEC
A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors to Consider Leslie Peckham GSEC
Kerberos Authentication in Windows 2000 Vishwas Gadgil GSEC
GIAC GCIA Assignment – Pass Vernon Stark GCIA
Using Snort v1.8 with SnortSnarf on a Red Hat Linux System Richard Greene GSEC
Firewall Rule Review Rita Will GSEC
Spyware and Network Security Lester Cheveallier GSEC
GIAC GCFW Assignment – Pass Eric Mroczka GPPA
A Virus and a Worm: Lessons Learned from Sircam and Code Red in a University Environment Marc Mazuhelli GSEC
GIAC GCFW Assignment – Pass Lorna Hutcheson GPPA
GIAC Enterprises: Fortunes for the Future – Implementing Active Directory with Defense in Depth Lorna Hutcheson GCWN
Successful Partnerships for Fighting Computer Crime Beth Binde GSEC
GIAC GCIA Assignment – Pass Beth Binde GCIA
How to Build and Secure a General Purpose “Internet Ready” Workstation Robert Beswick GCUX
Manage your Security Initiative as a Project Rex Robitschek GSEC
Cheese Worm: Pros and Cons of a “Friendly” Worm Bryan Barber GSEC
Backup Rotations – A Final Defense Stephen Lennon GSEC
Using Open Source to Create a Cohesive Firewall/IDS System Thomas Dager GSEC
The China Syndrome Charles Bacon GSEC
Logfile Analysis: Identifying a Network Attack Michael Fleming GSEC
GIAC GCIA Assignment – Pass Stephen Pedersen GCIA
GIAC GCIA Assignment – Pass Mike Poor GCIA
Public Servers Vulnerability Assessment Report Ricky Smith GCUX
Group Policies for GIAC Enterprises Ricky Smith GCWN
GIAC GCIA Assignment – Pass Ricky Smith GCIA
Filtering Routers in a Small Office/Home Office with a Mixed OS Environment Ricky Smith GSEC
GIAC GCIA Assignment – Pass Janice Slocumb GCIA
System Security and Your Responsibilities: Minimizing Your Liability Gary Holtz GSEC
Implementing/Re-Implementing Change Control Policies Derek Milroy GSEC
Open File Shares: An Unexpected Business Risk Jaime Carpenter GSEC
GIAC GCIA Assignment – Pass Wes Bateman GCIA
Vulerability Scanning in the Corporate Enterprise Peter Nichols GSEC
Risk Assessment in the University Setting Kent Knudsen GSEC
Preventing Your Computer from Becoming a Zombie Jamy Klein GSEC
GIAC GCFW Assignment – Pass Jamy Klein GPPA
Security Awareness – Everyone’s Business Bev Memory GSEC
Auditing a University Solaris System Geoffrey Poer GCUX
GIAC GCIA Assignment – Pass Geoffrey Poer GCIA
GIAC GCIA Assignment – Pass Nathan Kim GCIA
GIAC GCIA Assignment – Pass Brian Credeur GCIA
Guide to Deploying a Windows 2000/Exchange 2000/File/Print Server in a Single Server Environment Gary Pasikowski GCWN
Prosecution: A Subset of Incident Response Procedures Gary Pasikowski GSEC
Business Consideration and Network Implementation of Generally Accepted Security Standards Patrick Nolan GSEC
Is It Really Gone? Grant Thompson GSEC
Creating Security Policies – Lessons Learned Mark Worthington GSEC
GIAC GCFW Assignment – Pass Eric Waddell GPPA
GIAC GCFW Assignment – Pass David Stokes GPPA
Overview of Biometric Encryption Mark Wood GSEC
GIAC GCIA Assignment – Pass Michael Lastor GCIA
The Future of Fighting Viruses: A History and Analysis of the Digital Immune System Michael Bussa GSEC
To CVP or not to CVP Kurt Koenigsknecht GSEC
GIAC GCFW Assignment – Pass Kurt Koenigsknecht GPPA
GIAC GCFW Assignment – Pass Georgios Sagos GPPA
GIAC GCIA Assignment – Pass Bill Phillips GCIA
GIAC GCFW Assignment – Pass Bill Phillips GPPA
GIAC GCFW Assignment – Pass Ben Laws GPPA
Solaris 8 (sparc) Security Checklist for JFY, Inc. Ben Laws GCUX
Wireless LANs – the Big New Security Risk Gordon Mitchell GSEC
Inverse Mapping Using Disguised TCP Resets Minna Kangasluoma GSEC
Securing the Wile Modem: A Case Study on the Use of Policies, War Dialers and Firewalls for Phone Lines Archie Woodworth GSEC
Securing Unix Step by Step George Markham GCUX
GIAC GCFW Assignment – Pass Norrie Bennie GPPA
Certificate Revocation in Public Key Infrastructures Scott Fairbrother GSEC
GIAC GCIA Assignment – Pass Miika Turkia GCIA
Instruments of the Information Security Trade Mark Graff GSEC
GIAC GCFW Assignment – Pass Mason Richardson GPPA
Central Auditing of Windows NT Using Windows Script Host (WSH) Roger Mclaren GCWN
OpenBSD Escorting Firewall Step by Step Guide Benjamin Eason GCUX
GIAC GCIA Assignment – Pass Charles Hutson GCIA
Stronger Authentication Methods: Biometrics and Public Acceptance Mark Wolansky GSEC
Detecting Torrents Using Snort Rick Wanner GCIA
NetTop for Data Privacy through Secure Desktops Rick Wanner GSEC
Secure Browsing Environment Robert Peter Sorensen GSEC
GIAC GCIA Assignment – Pass Robert Peter Sorensen GCIA
GIAC GCFW Assignment – Pass Robert Peter Sorensen GPPA
Securing NT4 Workstations in an Educational Computer Lab Environment Eric Nooden GSEC
GIAC GCFW Assignment – Pass Scot Hartman GPPA
Securing SNMP Windows Stephen Cicirelli GSEC
GIAC GCFW Assignment – Pass Stephen Cicirelli GPPA
Checklist for Securing RedHat Linux 7.1 on an IBM Thinkpad Laptop Paul DePriest GCUX
The Importance of the Ramen Worm Paul DePriest GSEC
GIAC GCFW Assignment – Pass Tanya Baccam GPPA
Do You Copy? Security Issues with Digital Copiers Kevin Smith GSEC
Step-by-step Guide to Securing an IRIX Mediabase Video Web Server Robert Drollinger GCUX
GIAC GCIA Assignment – Pass Peter Szczepankiewicz GCIA
Usefulness and Shortcomings of the Pre-configured Security Policy Templates that are Included with Windows 2000 Yong Choe GCWN
Black ICE 2.5 Events, False Positives and Custom Attack Signatures Alan J Mercer GSEC
Malicious Code: VBS/OnTheFly (Anna Kournikova) Marco Smitshoek GSEC
GIAC GCFW Assignment – Pass Marco Smitshoek GPPA
Intrusion Report for SANS University Gaspar Modelo Howard GCIA
The Hacking of Microsoft Ernest Quaglieri GSEC
Implementing Site-to-Site IPSEC VPNs Using Cisco Routers Millie Ives GSEC
GIAC GCFW Assignment – Pass Gavin Vallance GPPA
Kerberos Network Authentication Security Protocol – Recent Security Vulnerabilities Jay Holcomb GSEC
PC Week hack of 1999 Shawn Balestracci GSEC
GIAC GCFW Assignment – Pass Chris Talianek GPPA
Securing an AIX 5.2 Development Server Chris Talianek GCUX
GIAC GCIA Assignment – Pass Chris Talianek GCIA
Installing and Securing an SSH Server with HP Secure OS Software for Linux and Cryptography Kenneth Gallo GCUX
GIAC GCIA Assignment – Pass Michael Semling GCIA
Information Warfare: Are You Battlefield Ready? Phillip Conrad GSEC
Basic Steps to Hardening a Standalone Windows 2000 Installation Todd Anderson GSEC
Installing and Securing a Shell Access Server Using Red Hat 6.2 Linux Stephen Gibson GCUX
Nessus – Get on Board Greg Brooks GSEC
BIND 8 Buffer Overflow in TSIG Richard Biever GSEC
GIAC GCIA Assignment – Pass Chris Hayden GCIA
NetBus Chris Hayden GSEC
Attacks from Within: A Look at Security Concerns for ASPs Tyson Kopczynski GSEC
AES: The New Key on the Block Christopher Silveira GSEC
Importance of a Standard Methodology in Computer Forensics Jim McMillan GSEC
GIAC GCIA Assignment – Pass Donald Pitts GCIA
SOHO OpenBSD Intranet IMAP Server Donald Pitts GCUX
Log Consolidation with syslog Donald Pitts GSEC
Protecting Your Home Computer from the Internet, Can You Keep the Heat Out? Robert Ashworth GSEC
GIAC GCIA Assignment – Pass Robert Ashworth GCIA
Securing Information on Laptop Computers James Purcell GSEC
Limiting the Exposure of a Netware Server in an IP World Dana Mclaughlin GSEC
GIAC GCFW Assignment – Pass Dana Mclaughlin GPPA
Scripting as a Method of Establishing a Reliable Baseline Posture George Moncrief GSEC
Firewall Load Balancers Megan Restuccia GSEC
Hacktivism – A Free Form of Expression or a Digital Vandalism Eva Dadok GSEC
GIAC GCFW Assignment – Pass Graham Bennett GPPA
GIAC GCIA Assignment – Pass Michael Worman GCIA
An Explanation of “TCP Wrappers” for the Security Manager Richard Branicki GSEC
Security Audit Report Gary Needham GCUX
Securing Microsoft Outlook 2000 Using the Outlook Security Update in a Microsoft Exchange Server 5.5 Environment Brad Peer GSEC
Creating a Certificate-Enabled Public Web Site With Windows 2000 Michael Reiter GCWN
GIAC GCFW Assignment – Pass Michael Reiter GPPA
Consolidated Security Event Monitoring for Microsoft Windows NT 4.0 Server Jeff Shawgo GCWN
GIAC GCFW Assignment – Pass Pat Malone GPPA
GIAC GCFW Assignment Patrik Sternudd GPPA
Snort Overdrive Patrik Sternudd GCIA
Securing an OpenBSD 3.5 System for use with Honeyd Nicholas Smith GCUX
GIAC GCFW Assignment – Pass Michael Gauthier GPPA
Security Audit Intrusion Report Michael Gauthier GCIA
Security Assessment Michael Gauthier GCUX
Windows NT Web Server Auditing Dean Farrington GCWN
GIAC GCFW Assignment – Pass Mark Evans GPPA
GIAC GCFW Assignment – Pass Jim O’Brien GPPA
Security Issues in NIS Jim O’Brien GSEC
How Does Network Security Scanning Work Anyway? Ronald Black GSEC
GIAC GCIA Assignment – Pass Rhonda Maluia GCIA
An Elementary Introduction to Sendmail Jay Coleson GSEC
Critical Infrastructure Protection: Establishing an Information Sharing and Analysis Center Can Be Like Developing an Organizational Security Policy Frances Wentworth GSEC
Security Implications of Update Agent Software Shaun Glaim GSEC
Securing Windows 2000 with Security Templates John Jenkinson GCWN
GIAC GCFW Assignment – Pass John Jenkinson GPPA
AIX Version 4.3.3 on Power2 3xx Series RS/6000 John Jenkinson GCUX
Using VAX/VMS to Augment Security of a Large UNIX Environment John Jenkinson GSEC
GIAC GCIA Assignment – Pass John Jenkinson GCIA
Build Securely a Shadow Sensor Step-by-Step Powered by Slackware Linux Guy Bruneau GCUX
The History and Evolution of Intrusion Detection Guy Bruneau GSEC
SANS GIAC Intrusion Detection Curriculum Parliament Hill 2000 Guy Bruneau GCIA
A Risk Assessment Approach to NT Security Glenn Davis GCWN
GIAC GCIA Assignment – Pass Glenn Davis GCIA
GIAC GCIA Assignment – Pass Curtis Blais GCIA
GIAC GCFW Assignment – Pass Curtis Blais GPPA
GIAC GCFW Assignment – Pass Jeffrey Roth GPPA
Audit of Gauntlet 5.5 Firewall (Running on Solaris 2.6 with BIND 8.2.3-REL) Jeff Holland GCUX
Know Yourself: Vulnerability Assessments Adrien de Beaupre GSEC
Trinity v3 DDoS: Tomorrow’s Headline? David Sheridan GSEC
Why Your Switched Network Isn’t Secure Steven Sipes GSEC
Linux DNS (Domain Name Server) System Setup Checklist Martin Tremblay GCUX
Promoting Security from the Middle Siegfried Hill GSEC
The Impact of Cumulative Secure and High Secure Windows 2000 Professional Security Templates on a Workstation Running SCT Banner Siegfried Hill GCWN
DSL and Computer Security Issues Joanne Ashland GSEC
GIAC GCIA Assignment – Pass Jasmir Beciragic GCIA
GIAC GCFW Assignment – Pass Jasmir Beciragic GPPA
Cookies and Exploits Jasmir Beciragic GSEC
Public Domain FTP Buffer Overflow Vulnerabilities Feb. – Oct. 1999 Ralph Durkee GSEC
GIAC GCFW Assignment – Pass Brian Estep GPPA
GIAC GCIA Assignment – Pass Brian Estep GCIA
Windows NT Security Step-by-Step Charles John GCWN
GIAC GCIA Assignment – Pass Dan Chervenka GCIA
GIAC GCIA Assignment – Pass Joseph Rach GCIA
Corporate LAN Intranet Server Compromise Jason DePriest GSEC
GIAC GCFW Assignment – Pass Jason DePriest GPPA
Security Audit Report Daniel Robb GCUX
The Evolution of Malicious Agents Lenny Zeltser GSEC
Consultants Report from Auditing UNIX Lenny Zeltser GCUX
Designing a Secure Windows 2000 Infrastructure Lenny Zeltser GCWN
GIAC GCIA Assignment – Pass Donald Tomczak GCIA
GIAC GCIA Assignment – Pass Kevin Pietersma GCIA
GIAC GCIA Assignment – Pass Michael Wee GCIA
GIAC GCIA Assignment – Pass John Dietrich GCIA
GIAC GCIA Assignment – Pass David Blaine GCIA
GIAC GCIA Assignment – Pass Kevin Miller GCIA
Database Encryption Things you know before you encrypt James Summers GSEC
GIAC GCIA Assignment – Pass James Summers GCIA
GIAC GCIA Assignment – Pass JD Baldwin GCIA
Firewalls: What I Wish I’d Known When I Was Getting Started William Davis GSEC
GIAC GCIA Assignment – Pass William Davis GCIA
GIAC GCFW Assignment – Pass Dave Chen GPPA
Integration Of Single Sign On Within The Framework Of An J2EE Environment In Banking Field<br>French Translation Philippe Gros GSEC
GIAC GCFW Assignment – Pass Richard Hammer GPPA
Enhancing IDS using, Tiny Honeypot Richard Hammer GCIA
The Inside-Out Firewall Vulnerability Richard Hammer GSEC
GIAC GCIA Assignment – Pass Donna Andert GCIA
GIAC GCIA Assignment – Pass Javier Romero GCIA
GIAC GCIA Assignment – Pass Suzanne Vanpatten GCIA
The Packet Filter: A Basic Network Security Tool Daniel Strom GSEC
GIAC GCIA Assignment – Pass Daniel Strom GCIA
GIAC GCIA Assignment – Pass Andrew Korty GCIA
GIAC GCIA Assignment – Pass David Nolan GCIA
GIAC GCIA Assignment – Pass Bob Long GCIA
Good News, Bad News: The Infosec Issues of Usenet Bob Long GSEC
GIAC GCFW Assignment – Pass Marc Panet-Raymond GPPA
GIAC GCIA Assignment – Pass Shane Boothe GCIA
GIAC GCIA Assignment – Pass David Hesprich GCIA
GIAC GCIA Assignment – Pass Jim Clausing GCIA
GIAC GCIA Assignment – Pass Joe Dietz GCIA
GIAC GCIA Assignment – Pass Kirk Becker GCIA
Windows NT and Novell Host Based Intrusion Detection Using Native Logging and 3rd Party Log Reporting Tools Robert Grill GSEC
GIAC GCFW Assignment – Pass Jerry Shenk GPPA
GIAC GCIA Assignment – Pass Jerry Shenk GCIA
GIAC GCIA Assignment – Pass James Kirby GCIA
GIAC GCIA Assignment – Pass Martin Walker GCIA

SANS Industrial Control Systems Resources: Summit Archives


ICS Security Summit – Orlando, Florida

  • https://files.sans.org/summits/scada13/ – 2013
  • https://files.sans.org/summits/scada12/ – 2012
  • https://files.sans.org/summits/scada11/ – 2011
  • https://files.sans.org/summits/scada10/ – 2010
  • https://files.sans.org/summits/scada09/ – 2009
  • https://files.sans.org/summits/scada08/ – 2008
  • ICS Security Summit – Rome, Italy – 2011

    ICS Security Summit – Amsterdam, Netherlands – 2008

    from: https://ics.sans.org/resources/summit-archives

    Resources: Whitepapers

    SANS Forensics Whitepapers


    White Papers are an excellent source for information gathering, problem-solving and learning. Below is a list of White Papers written by forensic practitioners seeking GCFA, GCFE, and GREM Gold. SANS attempts to ensure the accuracy of information, but papers are published “as is”.

    Errors or inconsistencies may exist or may be introduced over time. If you suspect a serious error, please contact webmaster@sans.org.

    SANS Forensics Whitepapers
    Paper Author Cert
    Intelligence-Driven Incident Response with YARA Ricardo Dias GCFA
    Review of Windows 7 as a Malware Analysis Environment Adam Kramer GREM
    Straddling the Next Frontier Part 2: How Quantum Computing has already begun impacting the Cyber Security landscape Eric Jodoin GCFA
    Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise Kenneth Zahn GREM
    Detailed Analysis Of Sykipot (Smartcard Proxy Variant) Rong Hwa Chong GREM
    Windows ShellBag Forensics in Depth Vincent Lo GCFA
    A Detailed Analysis of an Advanced Persistent Threat Malware Frankie Fu Kay Li GREM
    Forensic Images: For Your Viewing Pleasure Sally Vandeven GCFA
    Analyzing Man-in-the-Browser (MITB) Attacks Chris Cain GCFA
    Using IOC (Indicators of Compromise) in Malware Forensics Hun Ya Lock GREM
    A Journey into Litecoin Forensic Artifacts Daniel Piggott GCFA
    MalwareD: A study on network and host based defenses that prevent malware from accomplishing its goals Dave Walters GREM
    Clash of the Titans: ZeuS v SpyEye Harshit Nayyar GREM
    An Opportunity In Crisis Harshit Nayyar GREM
    Comprehensive Blended Malware Threat Dissection Analyze Fake Anti-Virus Software and PDF Payloads Anthony Cheuk Tung Lai GREM
    Creating a Baseline of Process Activity for Memory Forensics Gordon Fraser GCFA
    Automation of Report and Timeline-file based file and URL analysis Florian Eichelberger GCFA
    Repurposing Network Tools to Inspect File Systems Andre Thibault GCFA
    Enhancing incident response through forensic, memory analysis and malware sandboxing techniques Wylie Shanks GCFA
    Using Sysmon to Enrich Security Onion’s Host-Level Capabilities Joshua Brower GCFA
    Indicators of Compromise in Memory Forensics Chad Robertson GCFA
    Forensicator FATE – From Artisan To Engineer Barry Anderson GCFA
    Computer Forensic Timeline Analysis with Tapestry Derek Edwards GCFA
    Windows Logon Forensics Sunil Gupta GCFA
    Windows Logon Forensics Sunil Gupta GCFA
    What’s in a Name: Uncover the Meaning behind Windows Files and Processes Larisa Long GCFA
    Analysis of a Simple HTTP Bot Daryl Ashley GREM
    XtremeRAT – When Unicode Breaks Harri Sylvander GREM
    Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI) Jean Agneessens GREM
    Mobile Device Forensics Andrew Martin GCFA
    Mac OS X Malware Analysis Joel Yonts GCFA
    Building a Malware Zoo Joel Yonts GREM
    Mastering the Super Timeline With log2timeline Kristinn Gudjonsson GCFA
    A Regular Expression Search Primer for Forensic Analysts Timothy Cook GCFA
    Identifying Malicious Code Infections Out of Network Ken Dunham GCFA
    Live Response Using PowerShell Sajeev Nair GCFA
    Forensic Analysis on iOS Devices Tim Proffitt GCFE
    CC Terminals, Inc.Forensic Examination Report: Examination of a USB Hard Drive Brent Duckworth GCFA
    Unspoken Truths – Forensic Analysis of an Unknown Binary Louie Velocci GCFA
    Forensic Analysis of a SQL Server 2005 Database Server Kevvie Fowler GCFA
    Taking advantage of Ext3 journaling file system in a forensic investigation Gregorio Narvaez GCFA
    Lessons from a Linux Compromise John Ritchie GCFA
    Forensic Analysis of a Compromised NT Server(Phishing) Andres Velazquez GCFA
    Analysis of a serial based digital voice recorder Craig Wright GCFA
    Analysis of an unknown USB JumpDrive image Roger Hiew GCFA
    Forensic Investigation of USB Flashdrive Image for CC Terminals Rhonda Diggs GCFA
    Discovering Winlogoff.exe Jennie Callahan GREM
    GIAC GREM Assignment – Pass Joe Fresch GREM
    Analysis of an unknown disk Jure Simsic GCFA
    Integrating Forensic Investigation Methodology into eDiscovery Jeff Groman GCFA
    Analysis of a Windows XP Professional compromised system Manuel Humberto Santander Pelaez GCFA
    Analysis of a Commercial Keylogger installed on multiple systems Merlin Namuth GCFA
    GIAC GREM Assignment – Pass David Chance GREM
    Reverse Engineering the Microsoft exFAT File System Robert Shullich GCFA
    How not to use a rootkit Mike Wilson GCFA
    Forensic Analysis on a compromised Linux Web Server Jeri Malone GCFA
    Analysis of a Red Hat Honeypot James Shewmaker GCFA
    GIAC GREM Assignment – Pass James Shewmaker GREM
    Forensic with Open-Source Tools and Platform: USB Flash Drive Image Forensic Analysis Leonard Ong GCFA
    Forensic analysis of a Windows 2000 computer literacy training and software development device Golden Richard GCFA
    GIAC GREM Assignment – Pass James Balcik GREM
    Forensic Analysis Procedures of a Compromised system using Encase Jeffrey McGurk GCFA
    Forensic analysis of a Compromised Windows 2000 workstation Charles Fraser GCFA
    Forensic Analysis on a compromised Windows 2000 Honeypot Peter Hewitt GCFA
    Evaluation of Crocwareis Mount Image Pro as a Forensic Tool Hugh Tower-Pierce GCFA
    Forensic Tool Evaluation-MiTeC Registry File Viewer Kevin Fiscus GCFA
    Camouflaged and Attacked? Bertha Marasky GCFA
    Review of Foundstone Vision as a forensic tool Bil Bingham GCFA
    Forensic Analysis of a Compromised Intranet Server Roberto Obialero GCFA
    Analysis of an IRC-bot compromised Microsoft Windows system Jennifer Kolde GCFA
    HONORS-Analysis of a USB Flashdrive Image Raul Siles GCFA
    Safe at Home? David Perez GCFA
    Evaluation of a Honeypot Windows 2000 Server with an IIS Web/FTP Server Kenneth Pearlstein GCFA
    Forensic Analysis of a USB Flash Drive Norrie Bennie GCFA
    Open Source Forensic Analysis – Windows 2000 Server – Andre Arnes GCFA
    Forensic Analysis of dual bootable Operating System (OS) running a default Red Hat 6.2 Linux server installation and Windows 98 Mohd Shukri Othman GCFA
    An Examination of a Compromised Solaris Honeypot, an Unknown Binary, and the Legal Issues Surrounding Incident Investigations Robert Mccauley GCFA
    Forensic Analysis of an EBay acquired Drive Daniel Wesemann GCFA
    Analyze an Unknown Image and Forensic Tool Validation: Sterilize Steven Becker GCFA
    Malware Adventure Russell Elliott GREM
    Binary Analysis, Forensics and Legal Issues Michael Wyman GCFA
    Analysis on a compromised Linux RedHat 8.0 Honeypot Jeff Bryner GCFA
    Forensic analysis of a compromised RedHat Linux 7.0 system Jake Cunningham GCFA
    Validation of Norton Ghost 2003 John Brozycki GCFA
    Forensic Analysis of Shared Workstation Michael Kerr GCFA
    Forensic Analysis on a Windows 2000 Pro Workstation David Cragg GCFA
    Sys Admins and Hackers/Analysis of a hacked system Lars Fresen GCFA
    Validation of ISObuster v1.0 Steven Dietz GCFA
    GIAC GREM Assignment – Pass Gregory Leibolt GREM
    Analysis of a Potentially Misused Windows 95 System Gregory Leibolt GCFA
    Forensic Analysis Think pad 600 laptop running Windows 2000 server Brad Bowers GCFA
    Validation of Restorer 2000 Pro v1.1 (Build 110621) Denis Brooker GCFA
    Analysis of a Suspect Red Hat Linux 6.1 System James Fung GCFA
    Dead Linux Machines Do Tell Tales James Fung GCFA
    Analysis and Comparison of Red Hat Linux 6.2 Honeypots With & Without LIDS-enabled Kernels Greg Owen GCFA
    Analyzing a Binary File and File Partitions for Forensic Evidence James Butler GCFA
    Becoming a Forensic Investigator/Use of Forensic Toolkit Mark Maher GCFA
    Discovery Of A Rootkit: A simple scan leads to a complex solution John Melvin GCFA
    GIAC GREM Assignment – Pass Lorna Hutcheson GREM
    Forensic Analysis of a Windows 2000 server with IIS and Oracle Beth Binde GCFA
    Forensic Analysis of a Sun Ultra System Tom Chmielarski GCFA
    Reverse Engineering msrll.exe Rick Wanner GREM
    Forensic Validity of Netcat Michael Worman GCFA
    CC Terminals Harassment Case Dean Farrington GCFA
    Forensic analysis of a compromised Linux RedHat 7.3 system Kevin Miller GCFA
    Validation of Process Accounting Records Jim Clausing GCFA
    Building an Automated Behavioral Malware Analysis Environment using Open Source Software Jim Clausing GREM
    Forensic analysis of a Windows 98 system Jerry Shenk GCFA
    Forensic analysis of a Compromised Red Hat 7.2 Web Server Martin Walker GCFA

    from: http://digital-forensics.sans.org/community/whitepapers

    SANS Digital Forensics Community: Summit Archives


    SANS has held Digital Forensics Summits over the past years. Presentations given at these Summits are available for public viewing and download here.

    Interested in learning more?

    Forensics and Incident Response Summit 2012

    US Digital Forensic and Incident Response Summit 2010

    US Digital Forensic and Incident 2009

    Pen Testing Resources: Whitepapers


    White Papers are an excellent source for information gathering, problem-solving and learning. Below is a list of White Papers written by penetration testing practitioners seeking certification. SANS attempts to ensure the accuracy of information, but papers are published “as is”.

    Errors or inconsistencies may exist or may be introduced over time. If you suspect a serious error, please contact webmaster@sans.org.

    Featured Papers

    This featured paper includes some really useful techniques that penetration testers should master. Read it, learn it, and live it, as you extend your skills.

    Paper Author Certification
    Practical El Jefe Vedaa, Charles GCIH
    Correctly Implementing Forward Secrecy Schum, Chris GCIH
    Powercat Douglas, Mick GPEN
    Detecting Crypto Currency Mining in Corporate Environments D’Herdt, Jan GCIH
    Penetration Testing: Alternative to Password Cracking Catanoi, Maxim GPEN
    Automated Defense – Using Threat Intelligence to Augment Poputa-Clean, Paul GCIH
    Cyber Breach Coaching Hoehl, Michael GCIH
    AIX for penetration testers Panczel, Zoltan GPEN
    Let’s face it, you are probably compromised. What next? Thyer, Jonathan GPEN
    Secure Design with Exploit Infusion Wen Chinn, Yew GCIH
    An Analysis of Meterpreter during Post-Exploitation Wadner, Kiel GCIH
    Creating a Threat Profile for Your Organization Irwin, Stephen GCIH
    Modeling Security Investments With Monte Carlo Simulations Lyon, Dan GWAPT
    A Qradar Log Source Extension Walkthrough Stanton, Michael GCIH
    Differences between HTML5 or AJAX web applications Thomassin, Sven GWAPT
    Small devices needs a large Firewall Mastad, Paul GCIH
    Are there novel ways to mitigate credential theft attacks in Windows? Foster, James GCIH
    Digital Certificate Revocation Vandeven, Sally GCIH
    Incident Response in a Microsoft SQL Server Environment Walker, Juan GCIH
    Web Application Penetration Testing for PCI Hoehl, Michael GWAPT