addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupsimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1outlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Cyber Attacks and Defenses: Trends, Challenges, and Outlook

  • The Cove at UCI Applied Innovation

    5141 California Ave., Ste 200, Irvine, CA (map)

    33.641109 -117.854118

  • Located at California and Bison; enter from California. Plenty of free parking will be available.

  • Prof. Michael Franz (UCI)
    Professor of Computer Science and Electrical Engineering
    Director, Secure Systems Laboratory

    Please join us for the second of the Orange County ACM Chapter's 2017 bi-monthly evening program series.  

    Agenda

    6:30 PM Doors Open & Networking

    7:00 PM Announcements and Presentation

    8:30 PM Meeting Adjourned

    Event Details

    A cyber attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting. This is the situation today, which has been exacerbated by an increasing trend towards a software "monoculture" (in which there are only two major desktop operating systems and two major phone operating systems, one major office software suite, and so on).

    One possible defense is software diversity, which raises the bar to attackers. A lot of academic and industrial research is currently investigating such software diversity, from simple ASLR (address space layout randomization) to more complex whole-program randomization. In the latter, a diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets.

    Unfortunately, attackers have now started assembling their attacks on the target itself, circumventing diversity. Hence, in the arms race between attackers and defenders, we are already at the point where yet another set of defenses is needed, before the previous one is even fully deployed across the software industry. 

    My talk will present a time-line of attacks and defenses, clearly illustrating a "cat and mouse game" in which defenses are almost always reactive to attacks that have already happened.  I will discuss his vision of how to get ahead of the attackers, and close by stating why, in spite of the bleak situation today, I am confident that we will eventually be able to stop most kinds of cyber attacks completely.

    Speaker Bio

    Michael Franz is a Chancellor's Professor at the University of California, Irvine (UCI) and the director of its Secure Systems and Software Laboratory. He is a Full Professor of Computer Science in UCI's Donald Bren School of Information and Computer Sciences and a Full Professor of Electrical Engineering and Computer Science (by courtesy) in UCI's Henry Samueli School of Engineering. He is a Fellow of the ACM, a Fellow of the IEEE, and a co-founder of an Irvine-based software security startup company, Immunant, Inc.

    Prof. Franz was an early pioneer in the areas of mobile code and dynamic compilation. He created an early just-in-time compilation system, contributed to the theory and practice of continuous compilation and optimization, and co-invented the trace compilation technology that eventually became the JavaScript engine in Mozilla’s Firefox browser. He has graduated 25 Ph.D. students as their primary advisor. Franz received a Dr. sc. techn. degree in Computer Science (advisor: Niklaus Wirth) and a Dipl. Informatik-Ing. ETH degree, both from the Swiss Federal Institute of Technology, ETH Zurich.

    Co-sponsors

    This event is co-sponsored by the IEEE Orange County Computer Society.

Join or login to comment.

RSVPs closed

1 going

RSVPs closed

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy