Thursday, June 30, 2022

Trusted CI co-PI Bart Miller wins award for landmark paper on dependable computing

Bart Miller, Trusted CI co-PI, and his two student co-authors were honored with the 2022 Jean-Claude Laprie Award in Dependable Computing on June 28 in Baltimore, Md. Miller, along with L. Fredriksen, and B. So, were presented the award during the opening session of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

The groundbreaking paper, “An Empirical Study of the Reliability of UNIX Utilities," published in 1990, launched the field of fuzz random testing, or fuzzing as it is commonly called. The paper created a new technique for easy-to-use software testing and then used that technique to evaluate UNIX utilities crashes. As part of this research, the authors also studied the root causes of the failures. They also released its code and data openly (a novelty at that time). The paper has been cited more than 1,300 times and was responsible for creating an entire new branch of testing and security research. Hundreds of papers and tens of PhD dissertations are produced each year in this area.

Today, fuzzing is taught in introductory software testing and security courses, is a prominent area of focus at numerous conferences, and is recognized by major companies. For example, Microsoft recently published a paper on how they integrate fuzzing in the life cycle of almost all their products. Similarly, Google recently reported that 80 percent of the bugs they find in production in the Chrome web browser are due to fuzzing. 

Fuzzing is heavily used in security research and is often the tool of choice for penetration testers. Thus, this paper has important implications for reliability and security research.

About Bart Miller

Bart Miller with his Cessna TR182 that he bought in 1980. He's had his commercial pilots license since 1979. 

Barton Miller is the Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison. Co-PI on Trusted CI, where he leads the software assurance effort. Research interests include software security, in-depth vulnerability assessment, and binary code analysis. In 1988, Miller founded the field of fuzz random software testing, a foundation of many security and software engineering disciplines. In 1992, Miller and his then­-student Jeffrey Hollingsworth founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation.” Miller is a Fellow of the ACM.

About the Jean-Claude Laprie Award in Dependable Computing

The award was created in 2011, in honor of Jean-Claude Laprie (1944-2010), whose pioneering contributions to the concepts and methodologies of dependability were influential in defining and unifying the field of dependable and secure computing. The award recognizes outstanding papers that have significantly influenced the theory and/or practice of dependable computing.

About IFIP WG 10.4 on Dependable Computing and Fault Tolerance

IFIP Working Group 10.4 was established in 1980 with the aim of identifying and integrating approaches, methods, and techniques for specifying, designing, building, assessing, validating, operating, and maintaining dependable computer systems (those that are reliable, available, safe, and secure). Its 75 members from around the world meet twice a year to conduct in-depth discussions of important technical topics to further the understanding of the fundamental concepts of dependable computing.

About the International Federation for Information Processing

IFIP is a non-governmental, non-profit umbrella organization for national societies working in the field of information processing. It was established in 1960 under the auspices of UNESCO as a result of the first World Computer Congress held in Paris in 1959. It is the leading multinational, apolitical organization in Information and Communications Technologies and Sciences.


Monday, June 27, 2022

Announcement of Trusted CI Director Transition

Dear Trusted CI community, friends, and partners,

After 10 years of directing Trusted CI, I am stepping down as Trusted CI Director today. I thank all of you for your support over the past decade - you have made my job both a huge privilege and a pleasure. I also extend my gratitude to NSF for providing this unique opportunity.

I’m excited to share that Jim Basney has agreed to accept the role of Trusted CI Director. Jim has served as Trusted CI’s Deputy Director for the past three years and has been part of its leadership team since its inception. I suspect most of you already know Jim and will join me in my optimism that Jim will serve as an excellent leader for Trusted CI’s second decade.

I thank Jim for his contributions as deputy, which I found invaluable, and I’m happy to also share that Jim will receive similar support from Sean Peisert, who has agreed to serve as Trusted CI Deputy Director going forward. Since Sean joined Trusted CI in 2019 he has made strong leadership contributions, including serving as a co-PI the last year  and leading annual challenges and the OSCRP effort.

Kelli Shute will be staying on as Executive Director and has my thanks for her contributions in this role both past and into the future. Jim, Sean, and Kelli will be supported by the rest of the current leadership team: Kathy Benninger, Professor Bart Miller, and Mark Krenz.

I ask you to join me in congratulating Jim and Sean, and providing them and the rest of the team with the same support and collaboration going forward which you extended to me over the past decade. You can contact Jim and Sean directly at jbasney@illinois.edu and sppeisert@lbl.gov.

While my stepping down as Trusted CI Director is part of a larger life change I am making in that I will be leaving Indiana University at the end of the month, I will remain involved with Trusted CI to support this transition. 

Thank you, it has been an honor.

Von


Wednesday, June 22, 2022

Indiana University Center for Applied Cybersecurity Research releases an “ Effective Cybersecurity for Research” Whitepaper

 The tension between cybersecurity and research has kept institutional cybersecurity efforts for research confined to the most sensitive research, especially in academia.  Evolving threats and new cybersecurity requirements scoped beyond individual awards are now slated to change the status quo.  They point to a future where securing research holistically is no longer optional.  Indiana University’s Center for Applied Cybersecurity Research released a paper this week outlining an approach to cybersecurity for research that shows great promise in breaking the prevailing security versus research impasse. It focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and secures not only research subject to rules and regulations, but all research.  It is being embraced by researchers voluntarily and accelerating research measurably.


The paper can be accessed by visiting this EDUCAUSE library page:  Effective Cybersecurity for Research


Tuesday, May 24, 2022

2022 NSF Cybersecurity Summit- Call for Participation is now open- Submission deadline June 10th

We are pleased to announce that the 2022 NSF Cybersecurity Summit is taking place the week of October 17th with the training and workshops occurring on Tuesday, October 18th, and plenary sessions occurring on Wednesday, October 19th, and Thursday, October 20th. 

The final program is still evolving, but we will maintain our mission of providing a format designed to increase the NSF community’s understanding of cybersecurity strategies that strengthen trustworthy science: what data, processes, and systems are crucial to the scientific mission, what risks they face, and how to protect them. 

Call for Participation (CFP)

Program content for the Summit is driven by our community. We invite proposals for plenary presentations & workshops. The deadline for CFP submissions is July 8th. To learn more about the CFP, please visit: www.trustedci.org/2022-summit-cfp

Student Program

 To support workforce development, the Summit organizers invite several students to attend the Summit at no cost every year. Both undergraduate and graduate students may apply, and no specific major or course of study is required, as long as the student is interested in learning and applying cybersecurity innovations to scientific endeavors. To learn more about the student program, visit our website: https://www.trustedci.org/summit2022/students

On behalf of the 2022 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in October.

More information can be found at: https://www.trustedci.org/2022-cybersecurity-summit

 

Friday, May 13, 2022

Tuesday, May 10, 2022

Trusted CI Webinar: Ransomware: Threats & Mitigations, June 27th @11am EST

This event was originally scheduled to occur on May 23rd and has been rescheduled to June 27th.

REN-ISAC's Sarah Bigham and Krysten Stevens will be presenting the talk, Ransomware: Threats & Mitigations, on Monday June 27th at 11am (Eastern).

Please register here.

The education industry has unceremoniously emerged as the second most common target for ransomware. It continues to evolve in how it is used as a fund-raiser for criminal organizations and how the technology works, to keep its victims guessing as to defense and eradication. Institutions face the difficult challenge of preserving academic freedom, easy access to information, and open collaboration while defending from threat actors who exploit these same characteristics. This presentation will focus on the current threats and provide guidance on protecting against ransomware attacks.

Speaker Bios:

Sarah Bigham: joined the REN-ISAC in March 2014. As Lead Security Analyst, her day-to-day responsibilities include managing the REN-ISAC Blended Threat  Workshops, working closely with the National Council of ISACs (NCI), FBI, DHS, and other state and federal peers to stay abreast of new and emerging threats, as well as special projects, and  member relations. Before coming to the REN-ISAC, Sarah worked at Harvard University as a Systems Support Specialist focusing on campus-wide Identity & Access Management (IdM) and HIPAA compliance for Harvard University Health Services. Prior to that, Sarah was a defense contractor at the United States Naval Academy where she focused on user and desktop support across the Yard for all faculty, staff, and midshipmen. Sarah holds an Associate of Applied Science in Computer Network Management from Anne Arundel Community College (Annapolis, MD) and a Bachelor of Science in Information Systems Management from University of Maryland Global Campus. 

Krysten Stevens joined REN-ISAC as Director of Technical Operations in 2020. She has a background in IT security analysis and cyber threat intelligence from Purdue University, where she used her leadership and expertise to train other security analysts, create security awareness programs, and develop threat intelligence strategies on an organizational level. Krysten graduated from Purdue University Global with an MS Cybersecurity Management in 2020, and she holds CISSP and GCTI certifications. When not at work, Krysten enjoys spending time with her husband, two children, five cats, and two golden retrievers (who refuse to retrieve).

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, May 5, 2022

Call for Trusted CI Framework Cohort Participation

 

The Framework Cohort is a six month, group engagement aimed at facilitating adoption and implementation of the Trusted CI Framework among NSF Major Facilities. During the engagement, members of the cohort will work closely with Trusted CI to adopt the Trusted CI  Framework at their facility, emerging with a validated assessment of their cybersecurity program and a strategic plan detailing their path to fully implement each Framework Must.Cohort members will participate in six monthly workshops (each three hours) and spend no more than eight hours each month outside of the workshops on cohort assignments. The second cohort will meet from July to December 2022.

 Since January 2022, Trusted CI has been working with six Major Facilities in the inaugural Framework cohort: GAGE, LIGO, NOIRLab, NRAO, NSO and OOI. As this inaugural Framework cohort approaches completion in June 2022, Trusted CI is looking for Major Facilities that are interested in participating in the upcoming second cohort.

 NSF Major Facilities interested in participating in the Framework cohort should respond to the call by completing the form at the bottom of this page: https://www.trustedci.org/trusted-ci-framework-cohort-participation

If you have any questions, please contact us at info@trustedci.org.