Read more

“We believe few other universities are tackling cybersecurity research with the breadth and depth of Georgia Tech,” says Wenke Lee, co-director of the IISP and the John P. Imlay Chair II in Software for the School of Computer Science.

The inaugural year began by dissecting and defining Georgia Tech’s cybersecurity capacity, then creating new experiences for students, faculty and industry to coalesce around solutions. Astounding truths were revealed: cybersecurity research at Georgia Tech spans six critical thrusts, nine labs, and more than 460 researchers. Cybersecurity no longer is just a computer programmer’s problem; it is an urgent concern for disciplines as diverse as public policy, business, defense and ubiquitous computing.

Legacy in Computer Science

The IISP builds upon the successful Georgia Tech Information Security Center (GTISC), that was established in 1998 in the School of Computer Science after the Sam Nunn Information Security Forum. Attendees determined that Georgia Tech's strengths in technology and policy warranted it to take a leading role in improved security research, education and more reliable computing.

 Ralph Merkle, former director of GTISC, remarked during the early years: “For the past couple of decades we have put up with buggy code, unreliable computers, insecure computers, and computers that are vulnerable to viruses, worms, spam and other problems. All of this has to change. We need to have reliable computers, systems and networks that we can trust."

That mission now has evolved beyond the College of Computing to include the Ivan Allen College of Liberal Arts, Scheller College of Business, Georgia Tech Professional Education, Office of Information Technology, and of course the Georgia Tech Research Institute and College of Engineering – both of which have deep roots in secure information transfer and device design.

Mission and Focus

Under the IISP, Lee says focus is intently on three areas: research, education and commercialization. Objectives include:

• Increasing by 50% the volume of cybersecurity research by 2020
• Expanding pathways into the Master’s of Information Security degree
• Producing 60 Ph.D. candidates in the next five years
• Developing at least five commercial start-ups from academic or applied research

Affiliated faculty of the IISP conducted research projects conservatively valued at $24 million in the past year alone. More than 1,100 individuals attended new events organized by the IISP. Eighteen industry partners were engaged -- global businesses such as British Petroleum, Intel and IBM; Atlanta-based companies, such as Norfolk Southern Railway and The Home Depot, and information security alumni, such as Ionic Security, and Pindrop Security.

One of the most exciting aspects of the IISP’s first year, Lee says, was the success of graduate Musheer Ahmed (Ph.D. CS ’16). Ahmed’s graduate research, under the advisement of Prof. Mustaque Ahamad, led him to win the IISP’s inaugural Demo Day Finale.

Ahmed and Ahamad have filed a provisional patent for “FraudScope” to help insurers mine healthcare data and calculate risk among a provider pool. They are continuing translational research to develop a solution that addresses growing healthcare fraud and ensures that more healthcare dollars go to patient care. In addition to keen interest from businesses and entrepreneurs across Atlanta, FraudScope has received $400,000 in funding from the prestigious Wallace H. Coulter Foundation and Georgia Research Alliance.

“This work is an example of how Georgia Tech will and should expand its cybersecurity leadership,” says Bo Rotoloni, co-director of the IISP and director of GTRI’s Information & Cyber Science Directorate. “Industry is hungry for solutions and Georgia Tech has them.”

Second Steps Begin

Looking ahead, the IISP already has a busy second year in play. It is organizing a two-day cybersecurity symposium in Atlanta with the French Embassy; sending speakers to premier conferences with the Association for Computer Machinery, the Department of Defense and Federal Reserve, and again hosting the popular Georgia Tech Cyber Security Summit. Under Ahamad, who serves as associate director of education and outreach for the IISP, it is assisting development of new professional education offerings, degree expansions, and scholarship opportunities to attract more to the field. Under Michael Farrell, associate director of attribution research for the IISP, the group is preparing large-scale projects that allow Georgia Tech to pioneer new scientific approaches to difficult cybersecurity problems.

“And that’s just the first quarter of the year,” Lee says. “We are truly forming into a gateway for faculty, students, scientists, government and industry – the place for national and international collaboration. It’s exciting.”

See highlights from the IISP's first annual report.

The program was made possible by a cyber workforce development collaboration between Georgia Tech Professional Education, the Georgia Tech Research Institute, the Ivan Allen College School of Public Policy, the Institute for Information Security and Privacy, and the Ivan Allen College Sam Nunn School of International Affairs.

The technique will rely on receiving and analyzing side-channel signals, electromagnetic emissions that are produced unintentionally by the electronic devices as they execute programs. These signals are produced by semiconductors, capacitors, power supplies and other components, and can currently be measured up to a half-meter away from operating IoT devices.

By comparing these unintended side-channel emissions to a database of what the devices should be doing when they are operating normally, researchers can tell if malicious software has been installed.

“We will be looking at how the program is changing its behavior,” explained Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “If an Internet of Things device is attacked, the insertion of malware will affect the program that is running, and we can detect that remotely.”

The four-year project will also include two faculty members from Georgia Tech's School of Computer Science: Professors Milos Prvulovic and Alessandro Orso. Also part of the project will be a research team from Northrop-Grumman, headed by Matthew Welborn. Details of an early prototype of the side-channel technique, called “Zero-Overhead Profiling” because the monitoring doesn't affect the system being observed, were presented July 20th at the International Symposium on Software Testing and Analysis (ISSTA).

Within the next four years, an estimated 30 billion IoT devices will be in operation, doing everything from controlling home heating and air conditioning to sensing and managing critical infrastructure. The devices are usually small with limited processor power and memory. Their limited computing capabilities means they can’t run the kinds of malware protection software found on laptop computers, and they cannot use virtualization and other technology to protect the system software even when an application is taken over by an attacker. This means that once attackers compromise the internet-connected application, they typically “own” the entire IoT device and can even make it falsely respond to traditional queries about its own security status.

"The main challenge from a security perspective is to make these devices secure so somebody can't take them over," explained Zajic. "There will be a lot of processing power out there that needs to be monitored, but you can't just put traditional security software on that processor because is doesn't have enough power for both the security software and the tasks the device is supposed to be doing."

Zajic and Prvulovic pioneered research on measuring side-channel signals emitted from devices. These emissions differ from the signals the devices were intended to produce for communicating information across the Internet to other devices. The researchers have already shown that they can pick up the signals close to the devices using specially designed antennas, and one project goal is to extend the range to as much as three meters.

"When a processor executes instructions, values are represented as ones and zeroes, which creates a fluctuation in the current," Zajic said. "That creates changes in the electromagnetic field we are measuring, providing a pattern for what each part of the program looks like on a spectrum analyzer."

Key to detecting changes in the signals is getting a "before" recording of what these signals should look like to draw a comparison with an "after" set of signals for each combination of device and software. The researchers plan to evaluate each IoT device, sampling and recording its typical operation to create a database. To avoid recording overwhelming amounts of data, the system will take periodic samples from different stages of program loops.

"If somebody inserts something into the program loop, the peaks in the spectrum will shift and we can detect that," Zajic said. "This is something that we can monitor in real time using advanced pattern-matching technology that uses machine learning to improve its performance."

Detecting malware, however, is more of a challenge.

“The technique is currently 95 percent accurate at profiling – pinpointing the exact point in the IoT program code that is currently executing,” explained Prvulovic. “However, detection of malware is a much more difficult problem. Profiling is about identifying which part of the program is the best match for the signal, whereas malware detection is about detecting, with sufficient confidence, that the signal does not match any part of the original program, even when the malware is designed to resemble the original code of the application.”

Zajic and Prvulovic have been studying a wide range of devices to determine the emissions produced.

“We have more than one source on a circuit board, so we have been trying to localize the sources so we can build an antenna to give us the best possible signal,” said Zajic. “There are multiple places on the board where you connect to the same information, though it may be modulated at different frequencies.”

Ultimately, researchers expect the project – dubbed Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals (CAMELIA) – to be capable of monitoring several IoT devices simultaneously. That will require development of advanced processing techniques able to differentiate signals from each device, and new antennas able to pick up the signals from a greater distance.

CAMELIA is part of a DARPA program called Leveraging the Analog Domain for Security (LADS), which is investing in six different initiatives to address IoT security. The Georgia Tech-Northrop Grumman project is the only one of the projects led by an academic institution.

The research is supported by the DARPA LADS program under contract FA8650-16-C-7620. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the sponsoring agency.

Research News
Georgia Institute of Technology
177 North Avenue
Atlanta, Georgia 30332-0181 USA

Media Relations Contacts: John Toon (404-894-6986) (jtoon@gatech.edu) or Ben Brumfield (404-385-1933) (ben.brumfield@comm.gatech.edu).

Writer: John Toon

Read More

Researchers at the Georgia Tech Research Institute (GTRI) have developed a flexible, generic data-fusion software that simplifies interacting with sensor networks. Known as FUSE, it provides a framework to standardize the diverse IoT world. Its application programming interface (API) lets users capture, store, annotate and transform any data coming from Internet-connected sources.

“The Internet of Things has always been something of a Tower of Babel, because it gathers data from everywhere – from the latest smart-building microcontrollers and driver-assist vehicles to legacy sensors installed for years,” said Heyward Adams, a GTRI research scientist who is leading the FUSE project. “Traditionally, people wanting to utilize IoT information have had to examine the attributes of each individual sensor and then write custom software on an ad-hoc basis to handle it.”

Before FUSE, Adams said, a typical IoT task could require several manual steps. For example, users would acquire data from the Internet by manually finding and setting up the proper communication protocols. Then each data value would have to be assigned to a supporting database. Finally, the user would need to process the data, via approaches such as arithmetic manipulation or statistical evaluation, before it could be fed into a decision algorithm.

“FUSE lets us take a task that used to involve a week or two, and complete it in 10 or 15 minutes,” he said. “It provides a standard way of communicating in the unstandardized world of IoT.”

Adams explained that the technical challenges in creating an Internet of Things framework include not just receiving and transmitting sensor data that use different communication protocols and modalities, but also digesting and processing a variety of data encodings and formats. One particular challenge involves dealing with timing differences between incoming data sources.

To build their framework, the GTRI team developed advanced algorithms for handling the many different source types, communication modes and data types coming in over the internet. They also devised methods for managing interactions among data sources that use varying and unpredictable data rates.

The result was FUSE, with capabilities that include:

• Providing users with online forms that let them define the sources they need in the form of “domains” – abstract descriptions of how the targeted data interrelate;
• Gathering incoming raw data according to user specifications and mapping them into the specified domains. The data can then be transformed and manipulated using “tasks,” which are user-defined JavaScript functions or legacy software that run inside the FUSE service;
• Displaying the processed data to users on-screen via an interactive data visualization, exploration and analysis dashboard that supports most data types including numeric, logical, and text data. Users can also devise their own custom dashboards or other interfaces.

FUSE makes extensive use of the generic representational state transfer (REST) data capability. Referred to as RESTful, this widely used Internet standard supports the framework’s ability to receive and transmit divergent data streams.

The FUSE framework is designed to be massively distributable. Using load-balancing techniques, the service can spread IOT workloads across entire computer clusters. Moreover, FUSE can also operate on small and inexpensive microcontrollers of the type increasingly found in buildings and vehicles performing a variety of smart sensing tasks.

The development team has built a transform layer into FUSE that allows the framework to connect to legacy sensors, allowing integration of older devices that utilize diverse hardware and software designs. FUSE currently employs the open-source MongoDB program as its storage database, but GTRI researchers are developing adapters that let the service plug into common databases such as Oracle, MySQL and Microsoft SQL.

“One of the advantages of FUSE is that it can be broken up and distributed to accommodate any sensor and server architecture,” Adams said. “So it can grow and change as a business, facility or campus changes over time.”

Research News
Georgia Institute of Technology
177 North Avenue
Atlanta, Georgia 30332-0181 USA

Media Relations Contacts: John Toon (jtoon@gatech.edu) (404-894-6986) or Ben Brumfield (ben.brumfield@comm.gatech.edu) (404-385-1933).

Writer: Rick Robinson

The new technique, known as Semantic Inconsistency Search (SEISE), uses natural language processing to spot the differences between a compromised site’s expected content and the malicious advertising and promotional code. Using SEISE, the researchers found 11,000 infected sites among non-commercial top-level sponsored .edu, .gov and .mil domains worldwide, and are working to extend the method to other domains.

The research was supported by the U.S. National Science Foundation and Natural Science Foundation of China. It will be described in a presentation May 25, 2016 at the IEEE Symposium on Security and Privacy in San Jose. SEISE was developed by researchers from the Georgia Institute of Technology, Indiana University and Tsinghua University in China.

“The basic idea behind promotional infection is to attack websites that are highly-ranked and to leverage their importance to promote various things, most of them illegal,” explained Raheem Beyah, who is the Motorola Foundation Professor in Georgia Tech’s School of Electrical and Computer Engineering. “The bad content is nested into the prominent site to leverage the traffic of that domain. That gives the attackers a doorway to whatever they are promoting.”

Essentially, said Beyah, the attackers are stealing the site’s good name, even if they don’t install malware or otherwise inflict harm on web visitors.

“The attackers essentially become part of the prominent website’s brand and share in the ranking they have,” he added. “It’s like setting up operations inside a well-known coffee shop chain. The attacker leverages the brand by becoming co-located with it.”

The promotional attacks can be difficult to detect, especially if they don’t contain malicious computer code. But the semantic differences between the host site and the attacker’s code can tip off the SEISE algorithm. Once it has characterized the content expected on a website – educational information on an .edu page, for example – the pitches for gambling or inexpensive prescription drugs become obvious.

“If you are visiting the website for a prestigious university, you don’t expect to see information promoting casino gambling,” said Beyah. “If we expect one thing from the website and see something significantly different, there is a huge semantic gap that we can detect.”

SEISE doesn’t have to review an entire site to determine what should be there; it can sample the pages to learn context that makes attacker terms stand out. Because their domain purposes are clear and well established, the researchers began with education and government websites. They now hope to extend the automated approach to commercial and other domains whose intended purposes may be less consistent.

“We are trying to figure out how to get the context right for these domains so we can help companies detect these infections,” Beyah said. “There’s no reason to believe that the commercial domains are any less attractive to attackers than the non-commercial ones.”

Beyah and Georgia Tech Ph.D. student Xiaojing Liao began the work by using Google searches to find sites with known “bad words” denoting illicit products. They then utilized natural language processing to find terms associated with these known bad words, which were then used to train the SEISE before it was sent out to analyze 100,000 domains for the presence of the illicit terms. The approach identified 11,000 infected sites with a false detection rate of just 1.5 percent and coverage of more than 90 percent.

SEISE found promotional infections on the websites of top U.S. universities and government agencies, though the problem was truly worldwide, with three percent of .edu and .gov sites infected. Of the infected websites noted, 15 percent were in China and six percent were in the United States.

Sites are infected using proven attack techniques such as SQL injection, URL redirection and phishing to compromise the credentials of users, Beyah said. Though central websites of the organizations may be secure, pages of individual users and units may be more vulnerable – and still provide the prestige of the overall domain.

Existing techniques for detecting promotional infections rely on examining redirects and following links, or observing how sites change over time. But those techniques aren’t scalable and can’t be automated in the same way as the new semantic gap approach, Beyah said.

The researchers want to share their technique with the larger security community, and are discussing how best to make the algorithm available. “Our study shows that by effective detection of infected sponsored top-level domains (sTLDs), the bar to promotion infections can be substantially raised,” the authors wrote in their paper.

About those 11,000 compromised webpages? The researchers are attempting to contact the operators of all 11,000 of them to share the bad news. “We have spent a lot of time contacting those folks and letting them know what we have found,” Beyah said. “We’re still in the process of doing that because there are so many.”

This work was supported by the National Science Foundation through Grants CNS-1223477, CNS-1223495 and CNS-1527141 and by the Natural Science Foundation of China through Grant 61472215. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.

Research News
Georgia Institute of Technology
177 North Avenue
Atlanta, Georgia 30332-0181 USA

Media Relations Contacts: John Toon (jtoon@gatech.edu) (404-894-6986) or Ben Brumfield (ben.brumfield@comm.gatech.edu) (404-385-1933).

Writer: John Toon

Known as PrivacyGuard, the project is a first step toward establishing a practical way of ensuring end-to-end privacy for big data computations. To achieve this, researchers at Georgia Tech’s College of Computing are working to develop protocols that split the responsibility for data privacy protection into three areas – data entry, execution, and output.

“Our goals are to develop practical solutions for enabling a ‘need to know’ privacy model, and to protect private data from any unauthorized or unintended purposes in the big data life cycle,” said School of Computer Science Professor and Lead Principal Investigator Ling Liu. “By creating a practical and systematic framework with multiple checkpoints, we increase our opportunities to catch and eliminate threats.”

Liu and her colleague on the project, Georgia Tech Professor Calton Pu, are affiliates of the Institute for Information Security and Privacy (IISP). The IISP is Georgia Tech’s hub for cybersecurity and data protection research. 

The first step in creating end-to-end protection is to develop proper protocols for entering data so that sensitive information cannot be reconstructed from the final output of a big data computation. The second step is to create procedures that ensure data integrity, confidentiality, and availability are maintained during the execution phase while the information is being processed. The third protocol protects the final product of big data computations by preventing malicious users from being able to glean any sensitive information from a database.

The ability to perform efficient big data computations while preserving privacy in the cloud is critical. When these new protocols are in place, new opportunities will emerge for safe and effective data analytics. These opportunities may include healthcare applications that provide personalized medical treatments using an individual’s DNA sequence, or enabling advertisers to create targeted advertisements, without violation of data privacy.

“Big data and cloud computing are becoming more and more ubiquitous,” said Liu. “Once established, PrivacyGuard research will be integrated into Georgia Tech’s big data systems and analytics courses, contributing to the education of a new generation of data scientists that we hope will become privacy compliance advocates.”

About the Researchers:

Dr. Ling Liu, professor, School of Computer Science, College of Computing

An internationally recognized expert, Dr. Ling Liu is a professor in the College of Computing’s School of Computer Science at the Georgia Institute of Technology and an elected IEEE Fellow. She directs the research program in Distributed Data Intensive Systems program examining research issues and technical challenges in building distributed big data systems, ranging from performance, security, privacy, trust to availability. She has published more than 300 international journal and conference articles and served as a program chair for multiple IEEE and ACM conferences and is currently the editor-in-chief of IEEE Transactions on Services Computing. In addition, Dr. Liu has received numerous awards from the Institute of Electrical and Electronics Engineers, the Association for Computing Machinery, and many notable computing organizations. Professor Liu's current research is primarily sponsored by NSF, IBM, and Intel.

Dr. Calton Pu, Professor and the John P. Imlay, Jr. Chair in Software, School of Computer Science, and co-director of Center for Experimental Research in Computer Systems 

Calton Pu is currently a professor and John P. Imlay, Jr. Chair in Software at the College of Computing at the Georgia Institute of Technology and an elected IEEE fellow. Dr. Pu received his Ph.D. in computer science from the University of Washington. He has worked on several projects in systems and database research and provided many contributions to systems research including program specialization and software feedback. Professor Pu's recent research has focused on automated system management in clouds, information quality, and Big Data in the Internet-of-Things. Dr. Pu has published more than 70 journal papers and book chapters and an additional 280 conference and refereed workshop papers; he has also served on more than 120 program committees. Dr. Pu's prior research included government projects for DARPA and NSF. In addition, he has conducted industry research for IBM, Intel, and HP. 

In this new position, Beyah will manage activities associated with the School’s large number of corporate partners and affiliates, support the partnership with the ECE Advisory Board, and will lead strategic initiatives internal and external to the School. He will also work with faculty members to develop and sustain a culture of innovation and entrepreneurship within their groups.

Beyah joined the ECE faculty in 2011, where he holds the Motorola Foundation Professorship. He leads the Communications Assurance and Performance (CAP) Group and is a member of the Communications Systems Center (CSC) and the Institute for Information Security and Privacy (IISP). Prior to returning to Georgia Tech, Beyah was an assistant professor in the Department of Computer Science at Georgia State University, a research faculty member with the CSC, and a consultant with Andersen Consulting’s (now Accenture) Network Solutions Group. A two-time Georgia Tech ECE alumnus, he earned his M.S. and Ph.D. degrees in 1999 and 2003, respectively. He currently holds the Motorola Foundation Professorship in ECE.

Beyah’s research interests include network security, network traffic characterization and performance, privacy, and cyber-physical systems security with a focus on critical infrastructure. His group has discovered critical flaws in many power grid devices across the globe, and this work has resulted in the development of security patches for these devices.

Beyah’s work has been highlighted in many news outlets, including NSF Science 360 Radio, NetworkWorld, and Forbes. He is an NSF CAREER Award recipient, was one of 12 junior faculty members selected for DARPA’s 2010 Computer Science Study Panel, and received the inaugural Department of Computer Science Outstanding Performance Award while at Georgia State University. His work has resulted in 114 refereed or invited publications, and he has served as an associate editor or guest editor for several journals in the field.

Beyah has graduated six Ph.D. students and over 18 M.S. students, and his research group currently consists of five Ph.D. students and two M.S. students.

He is currently the chair of ECE’s Computer Systems and Software (CSS) group, and he is leading the formation of ECE’s new proposed M.S. Cyber Security degree.

Beyah is a member of the Georgia Tech Sloan University Center of Exemplary Mentoring (UCEM) committee and currently serves as director of the Georgia Tech Summer Undergraduate Research Experience (SURE) program. Prior to becoming director of SURE, Beyah regularly served as a graduate student mentor and faculty advisor with the program. He is also a faculty advisor for the Georgia Tech Louis Stokes Alliances for Minority Participation Program and is a regular participant in the Georgia Tech FOCUS Program, an annual graduate student recruitment event that takes place over the Martin Luther King Jr. holiday weekend. Along with two faculty members in the Woodruff School of Mechanical Engineering, Beyah co-founded the Academic and Research Leadership Network (ARLN). Supported by 17 engineering deans and the NSF, the mission of ARLN is to increase the representation of underrepresented groups in the academy.

Beyah is a member of the University of Pittsburgh’s School of Information Sciences Board of Visitors and a member of MARTA’s Cyber Security Advisory Board. He has contributed to the Atlanta community through activities with Atlanta Public Schools and is a 2014 graduate of Leadership Atlanta, the city’s most prestigious executive leadership program and a 2011 graduate of Leadership Georgia. He is a member of AAAS and ASEE, a lifetime member of NSBE, and a senior member of ACM and IEEE.

Ahmed examined two-years worth of Medicare claims data and found that his algorithm could accurately select which providers would be caught and indicted for healthcare fraud -- validating the technique as a risk predictor without the need for whistleblowers.

He and his faculty advisor, Prof. Mustaque Ahamad, have filed a provisional patent for the research and intend to form a private company. They anticipate that insurance providers and government healthcare programs will be most interested in the tool, which assigns risk scores to healthcare providers who are most likely to file fraudulent claims. He will use the prize money to help develop a software interface.

Ahmed believes that criminals who file fake medical claims for money are causing healthcare costs to rise for all Americans. In nearly a decade, the FBI's healthcare fraud team has charged more than 2,300 defendants who collectively falsely billed Medicare more than $7 billion. 

"If we catch the bad guys, we can lower healthcare costs," Ahmed says, who adds that most Americans don't realize healthcare identity fraud is a much bigger problem -- and harder to correct -- than stolen credit cards.

Venture capitalists and business leaders who served as judges at the Demo Day Finale picked Ahmed as the winner from among five student teams.

Investing in quality student work is an easy decision, said judge Paul Conley, managing director of the Paladin Capital Group.

"We're able to very efficiently deploy a little bit of capital alongside an entrepreneur, help them develop those ideas," he said after the event. "The ones that really achieve some traction or commercial success, we like to really get behind and back them as far as we can take them."

Also winning a cash prize at the Demo Day Finale was the research project, "Tying Public Key to Person with IDforWeb." Graduate students Yeongjin Jang and Mark Wisneski --  working with research scientist Pak Ho Chung -- received $2,000 to continue their work to help make public key infrastructure easier and more intuitive to use. The group aims to explore creative new ways for individuals to record and announce their public key for user-friendly verification.

As for Ahmed, he says he has been interested in healthcare fraud and cybersecurity since he was an undergrad studying computer science at Georgia Tech; it will remain his focus.

“I took an information security class the last semester of my degree, and I knew this is what I wanted to do.”

His PhD studies have been entirely focused on the problem of healthcare identity fraud. Now he is about to complete his doctoral degree on May 6 and immediately will turn his attention to developing FraudScope as a business -- right here in Atlanta.

11Alive News (WXIA-TV Atlanta)

More about Demo Day Finale

Beyah joined the ECE faculty in 2011, where he leads the Communications Assurance and Performance (CAP) Group and is a member of the Communications Systems Center (CSC) and the Institute for Information Security and Privacy (IISP). Prior to returning to Georgia Tech, Beyah was an assistant professor in the Department of Computer Science at Georgia State University, a research faculty member with the CSC, and a consultant with Andersen Consulting’s (now Accenture) Network Solutions Group. A two-time Georgia Tech ECE alumnus, he earned both his M.S. and Ph.D. degrees in 1999 and 2003, respectively.  

Beyah’s research interests include network security, wireless networks, network traffic characterization and performance, privacy, and cyber-physical systems security with a focus on critical infrastructure. His group has discovered critical flaws in many power grid devices across the globe, and this work has resulted in the development of security patches for these devices.

Beyah’s work has been highlighted in many news outlets, including NetworkWorld and Forbes. He is an NSF CAREER Award recipient, was one of 12 junior faculty members selected for DARPA’s 2010 Computer Science Study Panel, and received the inaugural Department of Computer Science Outstanding Performance Award while at Georgia State University.  His work has resulted in 110 refereed or invited publications, and he has served as an associate editor or guest editor for several journals in the field.

Beyah has graduated five Ph.D. students and over a dozen M.S. students. His research group currently consists of five Ph.D. students and two M.S. students, and he currently serves as director of the Georgia Tech Summer Undergraduate Research Experience (SURE) program. Prior to becoming director of SURE, Beyah regularly served as a graduate student mentor and faculty advisor with the program. He is also a faculty advisor for the Georgia Tech Louis Stokes Alliances for Minority Participation Program and is a regular participant in the Georgia Tech FOCUS Program, an annual graduate student recruitment event that takes place over the Martin Luther King Jr. holiday weekend.

Beyah is a member of the University of Pittsburgh’s School of Information Sciences Board of Visitors. He has contributed to the Atlanta community through activities with Atlanta Public Schools and is a 2014 graduate of Leadership Atlanta, the city’s most prestigious executive leadership program.

According to the executive order, the Commission “will make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between federal, state and local government and the private sector in the development, promotion and use of cybersecurity technologies, policies and best practices. The Commission's recommendations should address actions that can be taken over the next decade to accomplish these goals.”

The Commission will be led by Chair Tom Donilon, former National Security Advisor to President Obama, and Vice Chair Sam Palmisano, former CEO of IBM. The commission will submit its final report to President Obama on Dec. 1, 2016.

“It is an honor to be asked to serve on the Commission,” said Antón, now in her fourth year at Georgia Tech. “I look forward to working with the other members to address ways in which our nation can leverage technological advances to enhance cybersecurity while preserving privacy.”

Antón, who is an expert on software compliance with federal privacy and security regulations, is a professor and chair of the School of Interactive Computing at Georgia Tech. She holds additional appointments in both the School of Computer Science and the Scheller College of Business. Before joining Georgia Tech, she was a professor of computer science at North Carolina State University, where she is now an adjunct professor. Antón has been a leader in privacy and cybersecurity since the late 1990s. She is an ACM Distinguished Scientist and Senior Member of IEEE.

Antón has written more than 80 peer-reviewed technical papers, and testified before Congress as well as the Privacy and Civil Liberties Oversight Board. She has served on a number of privacy and security advisory boards, including for the U.S. Department of Homeland Security and the National Institutes of Standards and Technologies.

“Professor Antón has a wealth of experience in cybersecurity and privacy, and will bring strategic expertise to the important work of the new Commission on Enhancing National Cybersecurity,” said G. P. “Bud” Peterson, president of Georgia Tech.

“We are thrilled that Professor Anton has been named to this panel,” said Zvi Galil, dean and John P. Imlay Chair of the Georgia Tech College of Computing. “She is one of the country’s foremost experts on privacy issues, and she will bring that critical perspective to one of the most important security conversations facing the country right now.”

“I have charged the Commission on Enhancing National Cybersecurity with the critically-important task of identifying the steps that our nation must take to ensure our cybersecurity in an increasingly digital world,” President Obama said. “These dedicated individuals bring a wealth of experience and talent to this important role, and I look forward to receiving the Commission's recommendations.”

In addition to Anton, here are the other members of the Commission:

General Keith Alexander, USA (Ret) –  Chairman and CEO of IronNet, and former director of the National Security Agency.

Ajay Banga – president and CEO of MasterCard.

Steven Chabinsky – general counsel and chief risk officer for the cybersecurity technology firm CrowdStrike.

Patrick Gallagher – Chancellor and CEO of the University of Pittsburgh.

Peter Lee – corporate vice president of Microsoft Research.

Herbert Lin – Senior Research Scholar for Cyber Policy and Security at the Center for International Security and Cooperation and a Research Fellow at the Hoover Institution, both at Stanford University.

Heather Murren – private investor and member of the Board of Trustees of the Johns Hopkins University and the Johns Hopkins University Applied Physics Laboratory.

Joe Sullivan – chief security officer at Uber.

Maggie Wilderotter – Chief Executive Officer of Frontier Communications from 2004 to 2015, and then Executive Chairman of the company until April 1, 2016.

Read More

The event is hosted by the Institute for Information Security & Privacy (IISP) and aims to give students an early introduction to potential investors as they continue their research.

“The hardest part of moving great ideas out to market is finding a trustworthy partner,” says Wenke Lee, co-director of the IISP and a professor in the School of Computer Science who has successfully transferred research to private corporations. “It can be awkward to turn over your hard work to someone at the end of a long project. We hope to introduce students to potential investors earlier in the process to help them consider steps to take that could make their project more appealing to consumers. This is one way we think the Institute for Information Security & Privacy can help move solutions out to individuals who need better identity, data or hardware protection.”

Five student teams representing the School of Computer Science and School of Electrical Computing and Engineering are polishing their presentations now to deliver TED-style talks before the elite panel of business leaders from Washington D.C, Philadelphia, and Atlanta. Research with the best chance of commercialization or demonstrating the most impact toward resolving an industry need receives a cash prize – up to $5,000 this year.

Initial cybersecurity research concepts were presented at the inaugural Fall Demo Day, held Oct. 28 at the Georgia Tech Cyber Security Summit, where more than 300 attendees viewed and voted on the best research work from Georgia Tech and GTRI. The top five finalists now advance to the finale. All finalists represent graduate students – some of whom have been working on their projects for many years.

“It means a great deal for me to know that my research can have a huge positive impact outside of the lab,” says Musheer Ahmed, a graduating PhD student (advised by Professor Mustaque Ahamad) whose patented, data analytics system assigns risk scores to healthcare providers and already has caught the eye of other incubator programs interested in its potential. “All students strive for this but never know if that will materialize with their work. I hope the momentum will continue and my work can be commercialized.”

Another team – “IDforWeb” -- hopes to gather validation from the Demo Day judges that they have an easy-to-use platform for secure transactions and communication authentication. IDforWeb seeks to create “killer apps” that improve public key infrastructure (PKI) with new ease of use.

“I'm glad that people believe the 10+ year-old PKI usability problem is an important problem to solve, and agree with us that new technologies like smartphones and blockchains offer some new angle,” said Pak Ho Chung, a researcher in the School of Computer Science, referring to the Fall audience that voted them through to the Spring Finale.

All projects that will be presented at Demo Day represent a broad range of solutions for healthcare, e-commerce, application development and more, says Bo Rotoloni, co-director of the IISP who also leads the information and cyber sciences directorate for the Georgia Tech Research Institute (GTRI).

“The investors coming to judge our first Demo Day are going to see unique ideas by Georgia Tech and clever solutions to existing and emerging challenges. We believe one of academia’s roles is to explore big ideas, prove the potential, and create new market spaces. Several of these finalists do that well.”

Due to limited space, registration is encouraged for the event.

The IISP Demo Day Spring ’16 Finalists are

"Cybersecurity Inspired Health Insurance Fraud Detector"
Musheer Ahmed
Advisor: Mustaque Ahamad

"PARS: A Uniform and Open-source Password Analysis and Research System"
Shukun Yang
Advisor: Raheem Beyah

"Preventing Use-after-free with Dangling Pointers Nullification"
Byoungyoung Lee and Chengyu Song
Advisor: Taesoo Kim

"Tying Public Key to Person with ‘idforweb’ "
Pak Ho Chung, Yeongjin Jang and Mark Wisneski
Advisor: Wenke Lee

"UCognito: Private Browsing without Tears"
Meng Xu and Yeongjin Jang
Advisor:  Taesoo Kim and Wenke Lee

Judges are

Robin Bienfait, chief enterprise innovation officer, Samsung

Paul Conley, managing director, Paladin Capital Group

John Lee, senior associate, Osage Partners

Glenn McGonnigle, general partner, TechOperators

Sig Mosley, managing partner, Mosley Ventures

Researchers are using the same principle to identify devices on electrical grid control networks, using their unique electronic “voices” – fingerprints produced by the devices’ individual physical characteristics – to determine which signals are legitimate and which signals might be from attackers. A similar approach could also be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants and other critical industrial systems.

The research, reported February 23 at the Network and Distributed System Security Symposium in San Diego, was supported in part by the National Science Foundation (NSF). While device fingerprinting isn’t a complete solution in itself, the technique could help address the unique security challenges of the electrical grid and other cyber-physical systems. The approach has been successfully tested in two electrical substations.

“We have developed fingerprinting techniques that work together to protect various operations of the power grid to prevent or minimize spoofing of packets that could be injected to produce false data or false control commands into the system,” said Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “This is the first technique that can passively fingerprint different devices that are part of critical infrastructure networks. We believe it can be used to significantly improve the security of the grid and other networks.”

The networked systems controlling the U.S. electrical grid and other industrial systems often lack the ability to run modern encryption and authentication systems, and the legacy systems connected to them were never designed for networked security. Because they are distributed around the country, often in remote areas, the systems are also difficult to update using the “patching” techniques common in computer networks. And on the electric grid, keeping the power on is a priority, so security can’t cause delays or shutdowns.

“The stakes are extremely high, but the systems are very different from home or office computer networks,” said Beyah. “It is critical that we secure these systems against attackers who may introduce false data or issue malicious commands.”

Beyah, his students, and colleagues in Georgia Tech’s George W. Woodruff School of Mechanical Engineering set out to develop security techniques that take advantage of the unique physical properties of the grid and the consistent type of operations that take place there.

For instance, control devices used in the power grid produce signals that are distinctive because of their unique physical configurations and compositions. Security devices listening to signals traversing the grid’s control systems can differentiate between these legitimate devices and signals produced by equipment that’s not part of the system.

Another aspect of the work takes advantage of simple physics. Devices such as circuit breakers and electrical protection systems can be told to open or close remotely, and they then report on the actions they’ve taken. The time required to open a breaker or a valve is determined by the physical properties of the device. If an acknowledgement arrives too soon after the command is issued – less time than it would take for a breaker or valve to open, for instance – the security system could suspect spoofing, Beyah explained.

To develop the device fingerprints, the researchers, including mechanical engineering assistant professor Jonathan Rogers, have built computer models of utility grid devices to understand how they operate. Information to build the models came from “black box” techniques – watching the information that goes into and out of the system – and “white box” techniques that utilize schematics or physical access to the systems.

“Device fingerprinting is a unique signature that indicates the identity of a specific device, or device type, or an action associated with that device type,” Beyah explained. “We can use physics and mathematics to analyze and build a model using first principles based on the devices themselves. Schematics and specifications allow us to determine how the devices are actually operating.”

The researchers have demonstrated the technique on two electrical substations, and plan to continue refining it until it becomes close to 100 percent accurate. Their current technique addresses the protocol used for more than half of the devices on the electrical grid, and future work will include examining application of the method to other protocols.

Because they also include devices with measurable physical properties, Beyah believes the approach could have broad application to securing industrial control systems used in manufacturing, oil and gas refining, wastewater treatment and other industries. Beyond industrial controls, the principle could also apply to the Internet of Things (IoT), where the devices being controlled have specific signatures related to switching them on and off.

“All of these IoT devices will be doing physical things, such as turning your air-conditioning on or off,” Beyah said. “There will be a physical action occurring, which is similar to what we have studied with valves and actuators.”

In addition to those already mentioned, the research included graduate students David Formby, the paper’s first author; Preethi Srinivasan and Andrew Leonard.

This research was supported by the National Science Foundation under grant number 1140230. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

CITATION: David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers and Raheem Beyah, “Who’s in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems,” (NDSS 2016). 

Research News
Georgia Institute of Technology
177 North Avenue
Atlanta, Georgia 30332-0181 USA

Media Relations Contact: John Toon (404-894-6986) (jtoon@gatech.edu).
Writer: John Toon

Can we protect the power grid, telecommunication networks, financial data, “smart” products, and our private information, while still enjoying the benefits technology affords us?

American universities are helping to answer that question, leading the way with multidisciplinary research, technology development, and education.

The second in a series on university research from the Association of American Universities (AAU), this link shows what university faculty, researchers, students, and alumni are doing to help secure electronic communications and data.

Read more from the AAU.

Results will be presented Tuesday, Feb. 23 at the 2016 Network and Distributed System Security Symposium (NDSS '16) in San Diego, Calif., by researchers Wei Meng, Ren Ding, Simon Chung, and Steven Han under the direction of Professor Wenke Lee.

The study examined more than 200 participants who used a custom-built app for Android-based smartphones, which account for 52 percent of the U.S. smartphone market according to comScore’s April 2015 report. Georgia Tech researchers reviewed the accuracy of personalized ads that were served to test subjects from the Google AdNetwork based upon their personal interests and demographic profiles; and secondly, examined how much a mobile app creator could uncover about users because of the personalized ads served to them.

Researchers found that 73 percent of ad impressions for 92 percent of users are correctly aligned with their demographic profiles. Researchers also found that, based on ads shown, a mobile app developer could learn a user’s:

• gender with 75 percent accuracy,
• parental status with 66 percent accuracy,
• age group with 54 percent accuracy, and
• could also predict income, political affiliation, marital status, with higher accuracy than random guesses.

Some personal information is deemed so sensitive that Google explicitly states those factors are not used for personalization, yet the study found that app developers still can discover this information due to leakage between ad networks and app developers.

“Free smart phone apps are not really free,” says Wei Meng, lead researcher and a graduate student studying computer science. “Apps – especially malicious apps – can be used to collect potentially sensitive information about someone simply by hosting ads in the app and observing what is received by a user. Mobile, personalized in-app ads absolutely present a new privacy threat.”

How it Works

• Mobile app developers choose to accept in-app ads inside their app.
• Ad networks pay a fee to app developers in order to show ads and monitor user activity – collecting app lists, device models, geo-locations, etc. This aggregate information is made available to help advertisers choose where to place ads.
• Advertisers instruct an ad network to show their ads based on topic targeting (such as “Autos & Vehicles”), interest targeting (such as user usage patterns and previous click thrus), and demographic targeting (such as estimated age range).
• The ad network displays ads to appropriate mobile app users and receives payment from advertisers for successful views or click thrus by the recipient of the ad.
• In-app ads are displayed unencrypted as part of the app’s graphical user interface. Therefore, mobile app developers can access the targeted ad content delivered to its own app users and then reverse engineer that data to construct a profile of their app customer.

Unlike advertising on a website page, where personalized ad content is protected from publishers and other third parties by the Same Origin Policy, there is no isolation of personalized ad content from the mobile app developer.

For the smartphone dependent population – the 7 percent of largely low-income Americans, defined by Pew Internet ("U.S. Smartphone Use in 2015"), who have neither traditional broadband at home nor any other online alternative – their personal information may be particularly at risk.

“People use their smartphones now for online dating, banking, and social media every day,” said Wenke Lee, professor of computer science and co-director of the Institute for Information Security & Privacy at Georgia Tech. “Mobile devices are intimate to users, so safeguarding personal information from malicious parties is more important than ever.”

The study acknowledges that the online advertising industry is taking steps to protect users’ information by improving the HTTPS protocol, but researchers believe the threat to user privacy is greater than HTTPS protection can provide under a mobile scenario.

The researchers contacted Google AdNetworks about their finding.

Download the complete research paper.

Additional research at NDSS '16

Georgia Tech's School of Computer Science will present three additional papers at the conference.

• "Enforcing Kernel Security Invariants with Data Flow Integrity" by Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, and Wenke Lee
• "How to Make ASLR Win the Clone Wars: Runtime Re-Randomization" by Kangjie Lu, Stefan Nurnberger, Michael Backes, and Wenke Lee
• "OpenSGX:  An Open Platform for SGX Research" by Prerit Jain, Soham Desai, Ming-Wei Shih, and Taesoo Kim in partnership with KAIST of South Korea researchers Seongmin Kim, JaeHyuk Lee, Changho Choi, Youjung Shin, Brent Byunghoon Kang, and Dongsu Han

Read more

Listen here (5:39)

High-volume DDoS attacks that overwhelm servers with large amounts of malicious traffic in order to shut down a particular website have received a significant amount of study. However, low-volume attacks have not.

Low-volume attacks—while generally receiving less attention from scholars and media outlets—account for a significant percentage of all DDoS assaults. They can take down a website and be as damaging, but may use less bandwidth, are often shorter in duration, and may be designed to distract a security team from the aftershocks of follow-on attacks. In fact, according to Neustar, Inc., around 54 percent of DDoS attacks were found to be relatively small at less than 5 Gbps, yet 43 percent leave behind malware or viruses. Neustar’s April 2016 report found that 82 percent of corporations were attacked repeatedly.

“This has been a 25-year problem with no practical solution,” says Taesoo Kim, lead principal investigator for the study and assistant professor in Georgia Tech’s School of Computer Science. “Our goal is to create a precise and timely detection method that identifies attacks by how they subtly change the resource consumption of a machine. With little to no degradation of system performance, we believe we can mitigate the threat and write a new signature for it inside the hardware within approximately 10 seconds so a network interface card will recognize it again. This effectively puts an anti-virus patch into your hardware in real time.”

Under the project name ROKI, Kim and colleagues propose to first establish a baseline of resource consumption using three Intel hardware features. Next, they will develop continuous analysis algorithms to compare a packet’s effect on system performance against historical consumption under similar scenarios. A new path-reconstruction engine will then produce a sequence of instructions to nullify an attack and encode the finding into the network interface card to stop current or future attack traffic.

“ROKI has the potential to achieve both timeliness and precision,” says Wenke Lee, co-PI on the project and co-director of the Institute for Information Security & Privacy at Georgia Tech. “We don’t need to know what an attack looks like, just that it deviates from the baseline. Existing defenses against low-volume DDoS attacks lack precision and they cannot create a response in a timely manner. This will.”

The research is part of DARPA’s Extreme DDoS Defense (XD3) program (awarded under contract #HR0011-16-C-0059) and began in April. First deliverables are expected in approximately 18 months, beginning with a prototype to demonstrate the core idea. The project is expected to be complete in three years. Field exercises to mitigate previously unknown DDoS attacks will occur in 2019.

About the Researchers

Taesoo Kim, assistant professor, School of Computer Science, College of Computing

He received his Ph.D. in Computer Science from the Massachusetts Institute of Technology in 2014 and since has taught at Georgia Tech, attracting nearly $6 million in research awards to the university, inclusive of this announcement. He leads and co-leads projects on large-scale analytics, scalable manycore operating systems, defense mechanisms to harden software, and tag-tracking. His thesis work focused on the design of an intrusion recovery method for operating systems, web applications, distributed web services, and web frameworks that is today the foundation of a company called Nerati.

William Harris, assistant professor, School of Computer Science, College of Computing

He studies program synthesis, analysis and verification and has developed tools that generate programs to help operating systems meet specified security requirements even if the underlying components may not be trusted.

Wenke Lee, the John P. Imlay Jr. Professor, School of Computer Science, and co-director of the Institute for Information Security & Privacy at Georgia Tech

Dr. Lee has worked on large-scale network monitoring, botnet detection, and malware analysis for more than 10 years. His research interests also include systems and network security, applied cryptography, and data mining.

Clifton (Trent) Brunson, research scientist, Georgia Tech Research Institute

In his prior academic studies and work, he has performed multiple projects for the Air Force Research Laboratory and DARPA in the areas of cryptography, insider threats, programming languages, cyber battle damage assessment, agentless network monitoring, and IPv6.

About Georgia Tech’s College of Computing

The Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 9th nationally by U.S. News and World Report, the College’s unconventional approach to education is expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit www.cc.gatech.edu

Will the United States' CISO have any real authority? Will the new hardware and software bought with these funds be as insecurely configured or poorly implemented as the current systems? Two weeks ago Rob Joyce, chief of the NSA's Tailored Access Operations (TAO), publicly reminded defenders that attackers know what actually is on a target network, whereas agency leaders often only think they know their own information environment. What should be and what is are often different, and this delta is usually the most fertile area of the attack surface.

This additional funding should be applied in two ways, first addressing the present and second looking to the future:

1)    Compel federal government agencies to prove they are doing the basics:

• inventory authorized and unauthorized devices (know what you’ve got)
• inventory authorized and unauthorized software (know what it’s running)
• reduce and control use of admin privileges
• read your logs (yes, really read them!)
• establish secure configs for all apps and devices, roll this out, don’t deviate, and patch it aggressively.

None of this is new, but actually doing it consistently would be novel for much of the U.S. government.  The new CISO and cognizant officials can’t keep admiring the problem, but actually must measure progress and hold poor performance accountable.

2)    Fund research and development for cybersecurity across disciplinary lines – computer science, engineering, policy, etc:

• Attribution of cyberthreats
• Consumer-facing privacy
• Cyber-physical systems

Reward those working on hard problems and seek revolutionary gains.  Don’t be afraid to fail.  Create the next! 

Michael Farrell is chief scientist for the Cyber Technology & Information Security Lab (CTISL) and associate director of attribution for the Institute for Information Security & Privacy (IISP) at Georgia Tech.

Read more in New Scientist (free site registration required)

Read more in The Washington Post.

Read more in The Digital Download Privacy & Security Monthly Newsletter

Listen to a recording of the debate.

Read more in Military & Aerospace Electronics

AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Mailchimp; Orange (NYSE: ORAN) and (Euronext: ORA); Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members

1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; dotmailer; Dyn; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Listrak; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec and Twitter.

A complete member list is available at http://www.m3aawg.org/about/roster.

The IISP aligns the expertise of 200 researchers and nine labs across four colleges and the Georgia Tech Research Institute (GTRI) to form a single gateway to all cybersecurity efforts. Its purpose is to connect academia, industry and government to seamlessly develop vital solutions for national security, economic continuity and individual safety.

It is led by Co-Directors Bo Rotoloni, a principal research engineer at GTRI, and Wenke Lee, a professor in the College of Computing and one of the world’s most prolific cybersecurity researchers. Associate directors include experts in law, business management, computing and defense.

“Cybersecurity is no longer just a computer science problem for programmers; this is an issue that now touches every area of society,” says Lee, whose research involves protecting industrial control systems, hardening defense equipment and secure Internet browsing. “It involves new policy considerations, better initial product design and more training for the professionals involved. We are doubling down to discover, connect and solve modern cybersecurity threats.”

Georgia Tech Executive Vice President for Research Stephen Cross says this effort is essential at a time when consumers readily trade private personal data for convenience and the public has become more dependent on cyber-physical systems.

“Georgia Tech has the academic foundational research and educational programs, the technology transfer and applied research that make a real impact with industry and government, and the ability to understand and study the broader, societal impact,” Cross says. “Cybersecurity work takes place in these three spheres, and the Institute for Information Security & Privacy has been built at the intersection of all three.”

Initial research will focus on six areas: privacy policy, consumer-facing privacy, attribution, risk, trust and cyber-physical systems.

“Under the IISP, we expect to double our current cybersecurity research activity to move more research out to the marketplace, to develop new continuing education programs for professionals and to broaden the cybersecurity curriculum so it is taught across more degree fields at Georgia Tech,” says Rotoloni. “We want to be a catalyst for an information security industry in Georgia that is already attracting national attention and embolden it through joint research projects with companies of all sizes and critical government agencies.”

For more about the Institute for Information Security & Privacy, see http://iisp.gatech.edu

Read more in The Augusta Chronicle.

Jimmy Carter, former US president and a Nobel laureate at studied at Georgia Tech. Apart from him, there are many great personalities who have studied at Georgia Tech are Mike Duke, the CEO of WalMart, Nobel laureate Kary Mullis, astronaut William S. McArthur, Richard H. Truly, former head of NASA and many others.

Read more in TimesFreePress.com

Read more in Defense News.

Researchers at the Georgia Institute of Technology are working on a new, multi-year project funded by the National Science Foundation, called “Resource Public Key Infrastructure,” to help end Internet trickery. It begins with new tools that allow ISPs to better verify the true owner of a network and legitimate traffic paths.

“We know it’s easy to lie on the Internet,” says primary investigator Russ Clark, a senior research scientist in the School of Computer Science at Georgia Tech. “It happens because of a weakness in the trust relationship between routing protocols. Those protocols were not designed to recognize imposters and especially not fake ISPs.”

Clark, along with Cas D’Angelo and Scott Friedrich from Georgia Tech’s Office of Information Technology and undergraduate student Sam Norris (EIA), will address the Internet identity problem with new protocols such as RPKI, the Resource Public Key Infrastructure.

Trust is determined in the router and the server resources alongside. To verify that network owners are legitimate, Georgia Tech will add a new type of server to the routing infrastructure as a first step. Next, it will update the software inside routers, gradually deploying the changes through the Southern Crossroads Internet Exchange (SoX), documenting observations, and creating a recipe for others across the United States to follow.

“This solution has been known for about the past five years, but network operators are reluctant to try it out of fear of slowing down traffic for customers in the interim,” Clark says. “The NSF tasked Georgia Tech with moving deployment along. We’re going to prove that it’s possible, work through the pains, and show others how to do it.”

The deployment will happen in phases.

In addition to Georgia Tech researchers and labs, Clark and his team help manage the Southern Crossroads (SoX) regional network where 21 member institutions come together for shared network services. The project team expects to deploy over SoX in the next year.

“In the quest to make the Internet faster, we’ve often tried to find the shortest route to a website. This is making us vulnerable,” Clark says. “Now, we need to find the smartest route.”

The paper "Visualization of Test Information to Assist Fault Localization" co-authored by James Jones (who received his PhD in CS from Georgia Tech and currently an associate professor at University of California - Irvine), the late Mary Jean Harrold (CS), and John Stasko (IC), won the ACM SIGSOFT “Impact Paper Award” at the conference.  The paper, which was published at the International Conference on Software Engineering (ICSE ‘02), is one of the most cited software-engineering papers and has influenced many subsequent research endeavors, particularly in the popular field of spectra-based fault localization. The plaque that recognizes Harrold’s contribution will be hung in the CS Faculty Lounge, and the check that comes with it will be donated to Harrold’s Graduate Fellowship (both courtesy of her family).

Additionally, two papers won ACM SIGSOFT Distinguished Paper Awards at the conference: 

• "A User-Guided Approach to Program Analysis" by Ravi Mangal (MS CS), Xin Zhang (MS CS), Aditya V. Nori (external collaborator), and Assistant Professor Mayur Naik (CS). Both Ravi and Xin are advised by Naik.

• "Users Beware: Preference Inconsistencies Ahead" by Farnaz Behrang (MS CS), Myra Cohen (external collaborator), and Associate Chair Alex Orso (CS). Farnaz is advised by Orso.

Between these two papers, Georgia Tech bagged 25% of the Distinguished Paper Awards given at FSE 2015, says Naik.

Besides the above two papers, a third paper "FlexJava: Language Support for Safe and Modular Approximate Programming" by Jongsea Park (MS CS), Xin Zhang (MS CS), Assistant Professor Hadi Esmaeilzadeh (CS), Naik, and Assistant Professor Bill Harris (CS) also was accepted to FSE ‘15.

Read more in Forbes Online

Electrical engineering moved up two spots to place fourth, tying its previous best ranking, which was last held in 2011. Computer engineering remained strong at sixth place, maintaining the same position as last year.

The College of Engineering ranked fifth, and all of the programs offered by the College placed among the top seven of their respective disciplines. Georgia Tech also retained its seventh place standing among all public universities.

“We have incredible academic and research programs in ECE, thanks to the efforts of the finest faculty, staff, and students anywhere,” said Steven W. McLaughlin, professor and the Steve W. Chaddick School Chair. “I sincerely appreciate everything that everyone does to help make 'ECE the place to be.'"

Note: U.S. News & World Report released the 2016 Best Colleges rankings on Sept. 9. At the initial publication of the Best Undergraduate Engineering Programs rankings – both of programs where a doctorate is the highest degree offered and programs where a doctorate is not offered – a database error caused schools to receive incorrect ranks. As a result, the rank of the Georgia Tech College of Engineering has been adjusted from sixth place to fifth place. This article, which was first published on September 10, 2015, has been updated to reflect that change. Read here for more details.

Read more in Marketplace

Read more in the Atlanta Journal-Constitution

Ph.D. students Byoungyoung Lee and Chengyu Song, with Professors Taesoo Kim and Wenke Lee, of Georgia Tech received $100,000 from Facebook to continue their research and increase its impact to make the Internet safer.

Their research, “Type Casting Verification: Stopping an Emerging Attack Vector,” explores vulnerabilities in C++ programs (such as Chrome and Firefox) that result from “bad casting” or “type confusion.” Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions. The researchers developed a new, proprietary detection tool called CAVER to catch them. CAVER is a run-time detection tool with 7.6 percent - 64.6 percent overhead on browser performance (Chrome and Firefox, respectively). The 11 vulnerabilities identified by Georgia Tech have been confirmed and fixed by vendors.

“It is time for the Internet community to start addressing the more difficult, deeper security problems,” says Wenke Lee, professor in the School of Computer Science and an adviser to the team. “The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on ‘stack overflow’ and ‘heap overflow’ bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs—in particular ‘use-after-free’ and ‘bad casting’—and our tools discovered serious security bugs in widely used software, such as Firefox and libstdc++. We are grateful to Facebook for this recognition.”

The work was selected for Facebook's second ever Internet Defense Prize award, which recognizes superior quality research that combines a working prototype with significant contributions to the security of the Internet -- particularly in the areas of protection and defense. The award is meant to recognize the direction of the research and to inspire researchers to focus on high-impact areas.

“Designing defensive security technology has never been more important, and that’s why we are once again offering the Internet Defense Prize to stimulate high quality research in this area,” said Ioannis Papagiannis, Security Engineering Manager at Facebook. “The Georgia Tech team’s novel technique for detecting bad type casts in C++ programs is the type of standout approach we want to encourage. We look forward to seeing what the team does next to create broader impact and improve security on the Internet.”

“Georgia Tech’s award-winning entry exemplifies the groundbreaking security research that has become a hallmark of the USENIX Security Symposium,” said Casey Henderson, Executive Director of the USENIX Association. "Their trailblazing work stood out among the many outstanding submissions judged by the USENIX Security Awards Committee and Facebook. We look forward to their continued progress enabled by the Internet Defense Prize in the coming year.”

About the Georgia Tech College of Computing

The Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 9th nationally by U.S. News and World Report, the College’s unconventional approach to education is expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit www.cc.gatech.edu.

The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

“The project has wide implications for any industry and anyone who needs to send secure information, make sure it is not manipulated during transfer, and that it arrives securely in tact – but especially for those banking, shopping or trading online,” says Dr. Wenke Lee, primary investigator and professor in the College of Computing. “If we have the ability to fully track how data is processed until it reaches the intended recipient, then we can better detect and stop advanced persistent threats (APT).”

For example, currently it is not possible for a network intrusion detection system to determine whether data sent from an end-host was modified by a malicious browser extension after a user completed a web form. State-of-the-art information flow tracking today typically applies only to a single layer (such as the program level), or does not utilize the full semantics at all layers (to verify if input was entered by the original user, for example).

THEIA will track and record information at three layers: user interaction with a program, program processing of data input, and program and network interactions with an operating system. Together, THEIA will monitor secure data flow from user to program, from program to file system storage, and storage to network output, and back again. Such completeness is critical to APT detection.

“Our ultimate goal is to provide complete transparency, or full visibility, into host events and data so that APT activities cannot evade detection,” Lee says. “THEIA represents what could be a significant advance over state-of-the-art approaches, which typically are forced to make arbitrary trade-offs between verifying accuracy and maintaining total computational efficiency.”

THEIA would make no such compromise. THEIA will record the sufficient amount of data at runtime, replay and analyze recorded events in semi-real-time when suspicious alerts are triggered, or analyze data completely offline.

Lee, a co-director of the Institute for Information Security and Privacy at Georgia Tech, has conducted cyber security research from Atlanta since 2001. Lee’s research interests include systems and network security, applied cryptography, and data mining. Most recently, he has focused on botnet detection and malware analysis, security of mobile systems and apps, and detection and mitigation of information manipulation on the Internet. Lee has published over 140 articles. In 2006, Lee co-founded Damballa, Inc., a spin-off from his lab that focuses on botnet detection and mitigation.

The DARPA-AFRL project is funded with $4,253,126 over 48 months. Participating in the work will be Dr. Taesoo Kim, assistant professor; Dr. Alessandro Orso, associate chair; Dr. Simon Chung, research scientist, all with the School of Computer Science, College of Computing; and Dr. Albert Brzeczko, research engineer at Georgia Tech Research Institute (GTRI).

Their work can help improve national security and also the functional safety and resiliency of automotive or industrial control systems, which are increasingly connected to the wider world through personal devices or other means.

The first project, titled “BFT++: Attack Tolerance in Hard Real-Time Systems,” will develop the foundations, principles and techniques for building attack-tolerant cyber physical systems.

“Many intrusion tolerance techniques slow down the control system, which is undesirable and may be life-threatening in a weapons system,” said primary investigator Taesoo Kim, assistant professor in the School of Computer Science at Georgia Tech. “We will develop the techniques to detect failure due to an attack, replace the compromised node with a back-up, and reconstitute it – all within the hard, real-time requirement. In addition, we will develop software and system diversification techniques to ensure that an attack is detected early.”

More specifically, the techniques will eliminate common software vulnerabilities in different nodes of a networked group and distribute a security protection into multiple – but not all – nodes of the group, so that protection strength remains undiluted without reducing total performance overhead.

The second project, titled “Embedasploit: a Pen-test in a Box for Industrial Control Systems,” will create a system to fingerprint an industrial control network, catalog its known flaws, emulate the whole system for simulation and outline a model that prevents hackers from listening to system activity, injecting malicious traffic or obtaining binary code. The research will be tested on engine control units in a modern car.

“Assessing the security of industrial control systems today often takes the form of a ‘penetration test’ that requires someone familiar with security practices, reverse engineering, real-world exploitation and the intricacies of a particular industrial domain,” says primary investigator Wenke Lee, director of the Georgia Tech Information Security Center in the School of Computer Science. “All of that is rare in a single team or person, so we propose an end-to-end system that can automatically detect, and adapt inside new systems and networks.”

Each is a three-year project. Additional researchers include Tielei Wang at Georgia Tech, Salvatore Stolfo at Columbia University, and Brendan Dolan-Gavitt at New York University Polytechnic School of Engineering, along with graduate students at Georgia Tech, Columbia and NYU Poly. Results – including technical papers, teaching materials, software prototypes and experiment data (when appropriate) – will be made available via the project’s web page maintained at the Georgia Institute of Technology [http://gtisc.gatech.edu].

 About Georgia Tech’s College of Computing

The Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 9th nationally by U.S. News and World Report, the College’s unconventional approach to education is expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit www.cc.gatech.edu.