What does it take to move an idea into action as a company? A number of IST graduates have succeeded in developing startups into viable companies. IST Startup week is intended to share their stories, and to help students understand all of the work that goes into a successful startup.
Who knows, you could be the next Steve Jobs or Bill Gates.
More info at:
http://news.psu.edu/story/402158/2016/04/06/student-success/ist-startup-week-celebrates-five-years-penn-state
Tuesday, April 12, 2016
Tuesday, April 5, 2016
Seminar - Exploiting Memory Errors on the Data Plane
Seminar
Tuesday, April 12, 10am 222 IST Building
By: Zhenkai Liang National University of Singapore
“Exploiting Memory Errors on the Data Plane” As defense solutions against control-flow hijacking attacks gain wide deployment, controloriented exploits from memory errors become difficult. As an alternative, attacks targeting noncontrol data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, no systematic methods to automatically construct them from memory errors have been developed. In this work, we study exploits of memory errors from the data angle. We have developed a new technique, called data-flow stitching, which systematically finds ways to join data flows in the program to generate data-oriented exploits. We have constructed new attacks on the data plane from known vulnerabilities. The constructed exploits can cause significant damage, such as disclosure of sensitive information (e.g., passwords and encryption keys) and escalation of privilege. We further study the expressiveness of such data-oriented exploits. By identifying data-oriented gadgets and gadget dispatchers, we demonstrate that data-oriented exploits can be used to construct Turing complete computations.
Tuesday, April 12, 10am 222 IST Building
By: Zhenkai Liang National University of Singapore
“Exploiting Memory Errors on the Data Plane” As defense solutions against control-flow hijacking attacks gain wide deployment, controloriented exploits from memory errors become difficult. As an alternative, attacks targeting noncontrol data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, no systematic methods to automatically construct them from memory errors have been developed. In this work, we study exploits of memory errors from the data angle. We have developed a new technique, called data-flow stitching, which systematically finds ways to join data flows in the program to generate data-oriented exploits. We have constructed new attacks on the data plane from known vulnerabilities. The constructed exploits can cause significant damage, such as disclosure of sensitive information (e.g., passwords and encryption keys) and escalation of privilege. We further study the expressiveness of such data-oriented exploits. By identifying data-oriented gadgets and gadget dispatchers, we demonstrate that data-oriented exploits can be used to construct Turing complete computations.
Thursday, March 31, 2016
Seminar by Patrick McDaniel
Monday, April 11, 12pm
222, IST Bldg.
By: Patrick McDaniel
Penn State University
“EIGHT YEARS OF MOBILE SMARTPHONE SECURITY”
The introduction of smart phones in 2008 forever
changed the way users interact with data and computation.
These platforms and the network and cloud services supporting them have
led to a renaissance of mobile computing. At the same time,
changes in the nature of personal computing heightens concerns about
security and privacy. Such concerns prompted an ongoing area of
scientific study exploring smartphone and application security. Through
these efforts, the technical community has become
increasingly aware that applications can and often do work against
the user's best interests and house new forms of malware.
This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.
This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.
Wednesday, March 30, 2016
Careers with USAID talk--April 6th
Please join us for the upcoming SIA Alumni Career
Talk with Rachel Sayre (’11) on Wednesday, April 6th from 5:30 – 7:30 p.m. in 112 Katz.
Sayre, the Senior Disaster Specialist at the US Agency for
International Development (USAID), will discuss her career path since
graduating from SIA. She’ll offer advice to those interested in careers
in international development, and in US government agencies. She’s
attentive to issues of gender in careers, and to the opportunities and
challenges specific to women. Rachel’s talk is
part of her visit to campus as a Penn State Alumni Achievement Award
winner, recognizing her exemplary professional accomplishments before
the age of 35.
Tuesday, March 29, 2016
Thursday, March 24, 2016
Eight Years of Mobile Smartphone Security
Seminar
Monday, April 11, 12pm
333, IST Bldg.
By: Patrick McDaniel
Penn State University
“EIGHT YEARS OF MOBILE SMARTPHONE SECURITY”
The introduction of smart phones in 2008 forever changed the way users interact with data and computation. These platforms and the network and cloud services supporting them have led to a renaissance of mobile computing. At the same time, changes in the nature of personal computing heightens concerns about security and privacy. Such concerns prompted an ongoing area of scientific study exploring smartphone and application security. Through these efforts, the technical community has become increasingly aware that applications can and often do work against the user's best interests and house new forms of malware.
This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.
This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.
BIO
Patrick McDaniel is a Distinguished Professor in the School of Electrical Engineering and Computer Science at the The Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, and Fellow of IEEE and ACM. Dr. McDaniel is also the program manager and lead scientist for the Army Research Laboratory's Cyber-Security Collaborative Research Alliance. Patrick's research efforts focus on a wide range of topics in security technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including the IEEE Symposium on Security and Privacy and the USENIX Security Symposium. Prior being a Senior Research Staff Member at AT&T Labs/Research, Patrick was a software architect and project manager in the telecommunications industry.
Monday, March 21, 2016
Reverse Engineering Competition
Description
Dakota State University (DSU) and the University of NebraskaKearney (UNK) is hosting a 5
day reverse engineering (RE) challenge.
The competition will start at 8am central on Monday, March 28th and end on Friday, April 1st at 10am central.
The challenges will test a variety of skills necessary for any reverse engineer and all skill levels are welcome to apply. The challenges are arranged in categories, with increasingly more difficult challenges in each category. The initial challenges are designed to develop, or test, basic skills and progress to intermediate and then advanced challenges.
If you take on the challenge you might have to reverse PDFs, .NET binaries, obfuscated PHP, Javascript, x86, x64,C++, PE, ELF, MachO, and so on. Registration Is Open!
Go to http://0xevilc0de.com/to register
Registration & Questions Registration will open throughout the competition. If you have any questions please email joshua.stroschein@dsu.edu.
Contest Participants will receive instructions on where to download the challenges at the start of the competition. Instructions will be sent to the email address used to register. This event is sponsored inpart by DSU’s Center of Excellence.
This is a virtual event, you are not required to be present at DakotaCon in order to participate. Scoring Challenges will be assigned a point value based off of the difficulty. Total points awarded will be calculated using the point value from the challenge and the time of submission (for a correct answer). Point value decreases as the competition progresses. An overall score board will be maintained and accessible throughout the competition. Rules This is an individual competition, any indications of cheating will result in dismissal.
The competition will start at 8am central on Monday, March 28th and end on Friday, April 1st at 10am central.
The challenges will test a variety of skills necessary for any reverse engineer and all skill levels are welcome to apply. The challenges are arranged in categories, with increasingly more difficult challenges in each category. The initial challenges are designed to develop, or test, basic skills and progress to intermediate and then advanced challenges.
If you take on the challenge you might have to reverse PDFs, .NET binaries, obfuscated PHP, Javascript, x86, x64,C++, PE, ELF, MachO, and so on. Registration Is Open!
Go to http://0xevilc0de.com/to register
Registration & Questions Registration will open throughout the competition. If you have any questions please email joshua.stroschein@dsu.edu.
Contest Participants will receive instructions on where to download the challenges at the start of the competition. Instructions will be sent to the email address used to register. This event is sponsored inpart by DSU’s Center of Excellence.
This is a virtual event, you are not required to be present at DakotaCon in order to participate. Scoring Challenges will be assigned a point value based off of the difficulty. Total points awarded will be calculated using the point value from the challenge and the time of submission (for a correct answer). Point value decreases as the competition progresses. An overall score board will be maintained and accessible throughout the competition. Rules This is an individual competition, any indications of cheating will result in dismissal.
Friday, March 4, 2016
Hack the Pentagon Contest
The Department of Defense has announced a bounty contest called Hack the Pentagon. After registration, participants will be directed to a number of targets for hacking. The purpose is to uncover possible unknown vulnerabilities.
The contest is in April, and I will have further information soon. However, until then here is a good article on the competition:
Subscribe to:
Posts (Atom)
