Title: Fighting hackers and finding vulnerabilities
Presenter: Dr. Sven Dietrich, City University of New York
Date : 2020. 02. 17(Mon) 12:00 ~ 13:00
Location : #B101, Woojung Building
In this talk we will describe how one can deal with hackers aka the “bad guys” and associated vulnerabilities in systems, software, and mobile personal devices. Computer security incident handling allows for proper routing of the problem to the right team to best handle it. While vulnerability discovery can be proactive and reactive, a good interplay of both will solve the problem faster and track down its origins as we consider the basics of security design.
As we install new infrastructures, there are many opportunities to insert themselves into the cracks in the system. Abuse can take advantage of incomplete or inaccurate specification of the information needed for proper processing of input, allowing to bypass protection mechanisms and challenging trust relationships. Social engineering, fuzzing, or brute forcing are such examples of first steps towards a workable exploit. Engineering defenses against such attacks must be carefully thought through.
We will illustrate a few attacks and outline the (flawed) assumptions designers and defenders made, and add some recent issues from the crypto and blockchain worlds.
Dr. Sven Dietrich is an Associate Professor in the Mathematics and Computer Science Department at the City University of New York (CUNY), John Jay College of Criminal Justice since August 2014, and is also affiliated with the PhD program in Computer Science at the CUNY Graduate Center since 2015, both in New York City. Prior to joining CUNY John Jay, Dr. Dietrich was Computer Science faculty at the Stevens Institute of Technology, a Senior Member of the Technical Staff at the Carnegie Mellon University Software Engineering Institute and CERT Research, and a Senior Security Architect at the NASA Goddard Space Flight Center.
Dr. Dietrich’s research has focused on network security, especially on the analysis of distributed denial-of-service (DDoS) attacks, botnets, and the mitigation of such attacks, formal verification of security protocols, applied cryptography, software security, malware, and the ethics of computer security research. He helped discover and analyze the first DDoS attacks on the University of Minnesota in 1999 and analyze the associated malware, which is illustrated in his 2004 book “Internet Denial of Service: Attack and Defense Mechanism” and his upcoming 2020 book “Peer-to-peer botnets and DDoS.”
Dr. Dietrich has organized security conferences as the former Chair of the IEEE Computer Society Technical Committee on Security and Privacy (Security and Privacy Symposium aka Oakland conference, Security and Privacy Workshops, Computer Security Foundations), as the former President of the International Financial Cryptography Association (Financial Cryptography and Data Security), and as a program committee member in others. In particular, Dr. Dietrich has co-organized the Dagstuhl Seminar of the Ethics of Data Sharing, the Dagstuhl Seminar on the Security of Software-Defined Networks, and chaired the German Informatics Society sponsored DIMVA conference in 2014. He has served on the IEEE Computer Society Board of Governors, and also as the Technical Activities Chair there.
Dr. Dietrich has a Doctor of Arts in Mathematics, a MS in Mathematics, and a BS in Computer Science and Mathematics from Adelphi University, New York.