Abstract

page

Visible to the public CherryPie: A Program Analysis to Assist the Detection of Logic Bombs

C. Durward McDonell, Mark Thober, Jonathan Myers, Raymond McDowell, Ian Blumenfeld

page

Visible to the public Tiros: Reachability analysis for AWS-based Networks Using Automated Theorem Proving

S. Bayless, B. Cook, C. Dodge, A. Gacek, A.J. Hu, T. Kahsai, B. Kocik, E. Kotelnikov, J. Kukovec, S. McLaughlin, J. Reed, N. Rungta, J. Sizemore, M. Stalzer, P. Srinivasan, P. Subotic, C. Varming, B. Whaley, Y. Wu

page

Visible to the public Semantic Analysis of AWS Access Control

John Backes, Pauline Bolignano, Byron Cook, Catherine Dodge, Andrew Gacek, Rustan Leino, Kasper Luckow, Neha Rungta, Oksana Tkachuk and Carsten Varming

event

Visible to the public  University of Kansas NSA Lablet, Inaugural Advisory Board Meeting
May 17, 2018 8:30 am - 6:00 pm EDT

The KU Lablet will host the inaugural meeting of the Advisory Board on May 17. The agenda includes:

  • Introductions
  • Overview of the NSA Lablet Program and the KU Lablet
  • First year project presentations
  • Discussion and Feedback: Advisory Member Perspectives on Technical Challenges
  • Workforce Development
  • Networking

Point of Contact: Dr. Perry Alexander, palexand@ku.edu

file

Visible to the public An Approach to Incorporating Uncertainty in Network Security Analysis

ABSTRACT: Attack graphs used in network security analysis are analyzed to determine sequences of exploits that lead to successful acquisition of privileges or data at critical assets.

file

Visible to the public Tutorial: System Monitoring for Security

ABSTRACT: Intrusive multi-step attacks, such as Advanced Persistent Threat (APT) attacks, have plagued many well-protected businesses with significant financial losses. These advanced attacks are sophisticated and stealthy, and can remain undetected for years as individual attack steps may not be suspicious enough. To counter these advanced attacks, a recent trend is to leverage ubiquitous system monitoring for collecting the attack provenance for a long period of time and perform attack investigation for identifying risky system behaviors.

file

Visible to the public Learning a Privacy Incidents Database

ABSTRACT: A repository of privacy incidents is essential for understanding the attributes of products and policies that lead to privacy incidents. We describe our vision for a novel privacy incidents database and our progress toward building a prototype.

file

Visible to the public Global Variation in Attack Encounters and Hosting

ABSTRACT: Countries vary greatly in the extent to which their computers encounter and host attacks. Empirically identifying factors behind such variation can provide a sound basis for policies to reduce attacks worldwide.

file

Visible to the public Surveying Security Practice Adherence in Software Development

ABSTRACT: Software development teams are increasingly incorporating security practices in to their software development processes. However, little empirical evidence exists on the costs and benefits associated with the application of security practices.