Program

Invited Talk at IWSPA 2020

Security Metrics and Risk Analysis for Enterprise Systems

Anoop Singhal, Ph.D.,

Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899

Email: psinghal@nist.gov

Abstract

Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security Analysts need objective metrics to manage the security risk of an enterprise systems. In this talk, we will give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one system compare with another?” We will present a methodology for security risk analysis that is based on the model of Attack Graphs and the Common Vulnerability Scoring System (CVSS). We will also present a framework for detection and forensic analysis of Advanced Persistent Threats.

Speaker Bio:

Dr. Anoop Singhal, is currently a Senior Computer Scientist and a Program Manager in the Computer Security Division at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD. He has several years of research experience at NIST, George Mason University and AT&T Bell Labs. He received his Ph.D. in Computer Science from Ohio State University, Columbus, Ohio. His research interests are in system security, active cyber defense, network forensics, cloud computing security and data mining systems. He is a member of ACM, senior member of the IEEE and he has co-authored over 50 technical papers in leading conferences and journals. He has taught several graduate level courses in Computer Science as an adjunct faculty and given talks at RSA, IEEE and ACM conferences. He has two patents in the area of attack graphs and he has also co-edited a book on Secure Cloud Computing and Network Security Metrics.

AgenDA (All Times are in CDT)

Keynote is live with 30 mins presentation + 10 min Q&A

Tutorials are live with 30 mins presentation + 5 min Q&A

Long Papers (L): 15 MIN RECORDED PRESENTATION + 2 MIN PRESENTER NOTES + 3 MIN Q&A

Short Papers (S): 10 MIN RECORDED PRESENTATION + 2 MIN PRESENTER NOTES LIVE + 3 MIN Q&A

Welcome Session (9:15 AM to 9:30 AM)

Keynote 1: Invited Talk (9:30 AM to 10:10 AM)

  • Invited Talk: Security Metrics and Risk Analysis for Enterprise Systems

Speaker: Anoop Singhal, NIST

Session 1: 10:10 AM to 10:30 AM

  • Long Paper: Privacy-preserving SVM on Outsourced Genomic Data via Secure Multi-party Computation, Huajie Chen, Ali Burak Ünal, Mete Akgün and Nico Pfeifer

Break (10:30 AM to 10:40 AM)

Session 1 (contd.): 10:40 AM to 12:00 PM

20-iwspa-Information-Theoretically_Secure_Data_Outsourcing.ppsx

  • Tutorial 1: Recent Advances in Information-Theoretically Secure Data Outsourcing

Speaker: Sharad Mehrotra and Shantanu Sharma, University of California, Irvine, USA.

  • Short Paper: Diverse Datasets and a Customizable Benchmarking Framework for Phishing, Victor Zeng, Ayman El Aassal, Shahryar Baki, Rakesh Verma, Luis Moraes and Avisha Das.

  • Short Paper: Towards Automatic Detection and Explanation of Hate Speech and Offensive Language, Wyatt Dorris, Ruijia Hu, Nishant Vishwamitra, Feng Luo and Matthew Costello.

Break (12:00 PM to 1:00 PM)

Session 2: 1:00 PM to 1:55 PM

  • Tutorial 2: Adversarial Machine Learning for Text Data

Speaker: Daniel Lee and Rakesh Verma, University of Houston, Texas, USA.

  • Long Paper: Mitigating File-Injection Attacks with Natural Language Processing, Hao Liu and Boyang Wang.

Break (1:55 P.M. to 2:05 P.M.)

Session 2 (contd.): 2:05 PM to 3:00 PM

  • Long Paper: Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security, Qingtian Zou, Anoop Singhal, Xiaoyan Sun and Peng Liu.

  • Long Paper: Phish-GAN: Generating Phishing Attacks Using Feature-Oriented Adversarial Deep Neural Networks, Ahmed Aleroud and George Karabatis.

  • Short Paper 3: Dissecting Cyberadversarial Intrusion Stages via Interdisciplinary Observations, Aunshul Rege, Shanchieh Yang, Alyssa Mendlein, Katorah Williams, Shao-Hsusan Su and Stephen Moskal.