Abstract

page

Visible to the public CherryPie: A Program Analysis to Assist the Detection of Logic Bombs

Submitted by akarns on Thu, 05/09/2019 - 12:40pm

C. Durward McDonell, Mark Thober, Jonathan Myers, Raymond McDowell, Ian Blumenfeld

page

Visible to the public Tiros: Reachability analysis for AWS-based Networks Using Automated Theorem Proving

Submitted by Byron Cook on Thu, 05/09/2019 - 12:36pm

S. Bayless, B. Cook, C. Dodge, A. Gacek, A.J. Hu, T. Kahsai, B. Kocik, E. Kotelnikov, J. Kukovec, S. McLaughlin, J. Reed, N. Rungta, J. Sizemore, M. Stalzer, P. Srinivasan, P. Subotic, C. Varming, B. Whaley, Y. Wu

page

Visible to the public Semantic Analysis of AWS Access Control

Submitted by ajgacek on Thu, 05/09/2019 - 12:26pm

John Backes, Pauline Bolignano, Byron Cook, Catherine Dodge, Andrew Gacek, Rustan Leino, Kasper Luckow, Neha Rungta, Oksana Tkachuk and Carsten Varming

event

Visible to the public  University of Kansas NSA Lablet, Inaugural Advisory Board Meeting
May 17, 2018 8:30 am - 6:00 pm EDT

Submitted by RCJBob on Tue, 05/01/2018 - 4:04pm

The KU Lablet will host the inaugural meeting of the Advisory Board on May 17. The agenda includes:

  • Introductions
  • Overview of the NSA Lablet Program and the KU Lablet
  • First year project presentations
  • Discussion and Feedback: Advisory Member Perspectives on Technical Challenges
  • Workforce Development
  • Networking

Point of Contact: Dr. Perry Alexander, palexand@ku.edu

file

Visible to the public An Approach to Incorporating Uncertainty in Network Security Analysis

Submitted by David Nicol on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: Attack graphs used in network security analysis are analyzed to determine sequences of exploits that lead to successful acquisition of privileges or data at critical assets.

file

Visible to the public Tutorial: System Monitoring for Security

Submitted by Katie Dey on Tue, 03/07/2017 - 9:23pm. Contributor:

ABSTRACT: Intrusive multi-step attacks, such as Advanced Persistent Threat (APT) attacks, have plagued many well-protected businesses with significant financial losses. These advanced attacks are sophisticated and stealthy, and can remain undetected for years as individual attack steps may not be suspicious enough. To counter these advanced attacks, a recent trend is to leverage ubiquitous system monitoring for collecting the attack provenance for a long period of time and perform attack investigation for identifying risky system behaviors.

file

Visible to the public Learning a Privacy Incidents Database

Submitted by Jessica Staddon on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: A repository of privacy incidents is essential for understanding the attributes of products and policies that lead to privacy incidents. We describe our vision for a novel privacy incidents database and our progress toward building a prototype.

file

Visible to the public Global Variation in Attack Encounters and Hosting

Submitted by ghita_mezzour on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: Countries vary greatly in the extent to which their computers encounter and host attacks. Empirically identifying factors behind such variation can provide a sound basis for policies to reduce attacks worldwide.

file

Visible to the public Surveying Security Practice Adherence in Software Development

Submitted by Laurie Williams on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: Software development teams are increasingly incorporating security practices in to their software development processes. However, little empirical evidence exists on the costs and benefits associated with the application of security practices.