TCE 2015 Summer School on Cyber & Computer Security
Date(s) - 06/09/2015 - 09/09/2015
9:00 am - 5:00 pm
Categories No Categories
Room 1003, Electrical Engineering Faculty, Meyer building, Technion Haifa
TCE 2015 summer school will present security technologies integrated into current computing solutions and future technologies not yet in the market. Topics include innovation and entrepreneurship in big data: from preaching to (effective, efficient and secure) data science practices.
The program includes a two days’ workshop by Intel experts, presenting all security technologies integrated into computing solution, including future technologies not yet in the market.
9:00-9:30 Get together 9:30 -10:30 Big Data Integration
Avi Gal, IE&M Technion
10:30 -11:00 Coffee Break 11:00 -12:30 TLS/SSL – (Mis)Protecting our Connections' Security
Orr Dunkelman, University of Haifa
12:30 -13:30 Lunch 13:30 -14:30 National Culture and Innovation –
Miriam Erez, IE&M Technion
14:30 -15:15 PTC & IoT Overview –
Ziv Belfer, PTC
15:15-16:00 ThingWorx Application Development Overview –
Ariel Hadar, ThingWorx
16:00 -16:15 Coffee Break 16:15-17:15 Summer School Challenge Kickoff – IoT application developments using ThingWorx
Eldad Finkelstein, PTC
9:00-9:30 Get together 9:30 -10:45 Introduction to Disruptive Technologies / Innovations – Nava Levy, Intel 10:45 -11:00 Coffee Break 11:00 -12:15 Introduction to Disruptive Technologies / Innovations – Nava Levy, Intel 12:15 -13:15 One Key to Rule Them All: Detecting the Skeleton Key Malware –
Tal Be’ery & Itai Grady, Microsoft
13:15 -14:15 Lunch 14:15 -15:30 Fire Without Smoke –
Tomer Teller, Microsoft
15:30 -16:00 Protecting the Cloud from Inside: Threats, Defenses and Security Intelligence –
Alexandra Shulman-Peleg, IBM Cybersecurity Center of Excellence, Beer Sheva
16:00-16:15 Coffee Break 16:15-17:30 Connecting the dots: Machine Learning for Cyber Security –
Eyal Kolman, RSA Israel
Speakers and Abstracts
Tal Be’ery & Itai Grady, Microsoft
One Key to Rule Them All: Detecting the Skeleton Key Malware
Identity is one of the cornerstones of application security. On windows domains, identity is managed through Active Directory (AD) Domain service on the Domain Controller (DC). Therefore, it should come as no surprise that advanced attackers are actively targeting the DC.
Earlier this year, Dell Secureworks had shared a report on an advanced attack campaign utilizing a dedicated DC malware, named “Skeleton Key” Malware. The Skeleton Key malware modifies the DC behavior to accept authentications specifying a secret ”Skeleton key” (i.e. “master key”) password, thus enabling the attackers to login from any computer as any domain user without installing any additional malware while keeping the original users’ authentication behavior.
On this talk, we will explore the unique interaction between such malware functionality and the Kerberos authentication protocol; We will put a special emphasis on its manifestation over the network traffic. We will also share a script that implements the remotes detection of the skeleton key malware functionality.
Short Bio Tal Be'ery:
Tal Be’ery is a Senior Security Research Manager in Microsoft, formerly the VP of Research at Aorato (acquired by Microsoft), protecting organizations through entity behavior. Previously, Tal managed various security project teams in several companies. Tal holds a B.Sc and an M.Sc degree in Electrical Engineering and Computer Science and is a Certified Information Systems Security Professional (CISSP).
Tal is the lead author of the TIME attack against HTTPS, has been a speaker at security industry events including RSA, Blackhat and AusCERT and was included by Facebook in their whitehat security researchers list. Mr. Be'ery is a columnist for the securityweek.com magazine.
Short Bio Itai Grady:
Itai Grady is an experienced Security Researcher in Microsoft. Previously, Itai has been a member of various research and development teams for 15 years in several companies, including Aorato (acquired by Microsoft) and 8200 intelligence unit.
Itai holds a B.Sc degree in Computer Science.
Ziv Belfer, PTC
PTC & IoT Overview
This presentation will focus on major trends influencing product design processes and tools, including the evolution of Smart Connected products (SCP) & IoT IT which is revolutionizing products, the convergence of the digital and physical worlds and how customer are now creating, connecting, analyzing, operating and services their products.
Ziv Belfer is the General Manager of PTC Israel R&D center, the largest PTC R&D center in Europe and one the three main R&D centers worldwide. Mr. Belfer is also an Senior Vice President of Creo product development at PTC, leading a worldwide development organization developing most of PTC Creo applications. In the past 20 years, Mr. Belfer has lead the development of many advanced CAD/CAM/PLM technologies, starting with the early days of Pro/Engineer until today with a broad suit of Creo applications, these design and manufacturing applications are used by tens of thousands of customers to create and service products. Mr. Belfer received his bachelor’s degree in Mechanical Engineering and Master degree in CAD/CAM, Mechanical engineering from the Technion.
TLS/SSL – (Mis)Protecting our Connections' Security
A BEAST, a POODLE, a CRIME, a BREACH, a FREAK, and a Longjam enter a standard. Unfortunately, this is not the beginning of a joke, but only a short history of the recent attacks against the most widely used and deployed security protocol of the internet — TLS (the protocol formerly known as SSL). In this talk we will discuss why it is so hard to design and implement such a "simple" protocol in a secure manner, elaborating on these attacks (and related issues), why they exist, how to mitigate them, and why it is very likely we will hear about some new attacks in the near future.
Orr Dunkelman is an associate professor in the Computer Science department at the University of Haifa. His research focuses on cryptanalysis, cryptography, security, and privacy. Prior to joining the University of Haifa, Orr was a post-doctoral researcher at Weizmann Institute, Ecole Normale Superieure (Paris, France), and KU Leuven (Belgium). He is a recipient of the Krill prize (2014), and served as the program chair of FSE 2009, CT-RSA 2012, SAC 2015. He holds a Ph.D. and B.A. in Computer Science from the Technion.
Miriam Erez, Technion
National Culture and Innovation
There is a lay assumption that people in some cultures are more creative than in other cultures.
This presentation aims to examine this lay assumption and is going to shed light on the relationship between culture, creativity and innovation based on empirical research findings.
Miriam Erez is Professor of Organizational Psychology, Chair – Knowledge Center for Innovation, Faculty of Industrial Engineering & Management, Technion, Israel. She studies innovation management, cross-cultural OB and work motivation. She co-authored and co-edited five books, and 100 journal papers and book chapters. Erez received the IAAP 2002 Distinguished Scientific Award and the 2005 Israel Prize for management science. Erez is Fellow of AOM, APA, SIOP and IAAP. She serves as Area Editor of Cross–Cultural Management: An International Journal and she served as Editor of Applied Psychology: An International Review and on numerous editorial boards. She advised 100 graduate students.
Eldad Finkelstein, PTC
Summer School Challenge Kickoff – IoT application developments using ThingWorx
In this session you will get the overview of the IoT challenge, tools and guideline how to create your application.
The closing session of the challenge will be on Wednesday afternoon.
Eldad Finkelstein is a Technical Fellow working at PTC since 2007, previously working at Intel. In his currently role, Eldad is focusing on leading projects that leverage CAD advantage into IoT solutions. He also leading the IoT labs in PTC Israel, for internal research and development. Eldad holds a BSc in Computer Science from the Technion.
Avi Gal, IE&M Technion
Big Data Integration
In this talk I shall outline the main challenges academia and industry face when dealing with big data. Experiences from a European project that deals with urban mobility and disaster management will be shared as part of the talk.
Avigdor Gal is an Associate Professor at the Faculty of Industrial Engineering & Management at the Technion. His main area of research is data integration, and in particular dealing with aspects of uncertainty in data integration. Avigdor published more than 100 papers in journals, conferences, and books and participated in multiple projects, including EU projects, MAGNET, and German-Israeli bilateral projects. Recently, he was involved with the organization of conferences in the areas of complex event processing and process management and mining. He is the author of the book "Uncertain Schema Matching".
Ariel Hadar, ThingWorx
ThingWorx Application Development Overview
In this presentation, you will learn about ThingWorx, an Application Enablement Platform for IoT, including customer use-cases and demonstrations.
This presentation is the foundation for the IoT Challenge presented during the summer school.
Ariel Hadar is leading the sales and business development of IoT and Technology Platforms at ThingWorx, a PTC business.
With 16 years of experience in the software industry and almost a decade at PTC in the CAD, PLM, ALM and SLM business lines, Ariel is now establishing the new IoT business line in Israel and Middle-East. Ariel brings an extensive knowledge in sales, business development and marketing in software technologies, specialized in go-to-market strategies for new market and new products. Ariel holds an Executive MBA degree from the University of Haifa and BA in Business Management specialize in IT from Ruppin Academic Center.
Dr. Eyal Kolman has been applying machine learning research for industry, academia, and the Israeli navy, for almost two decades. For the RSA Israel CTO, he currently leads a research team focused on developing machine-learning solutions for the cyber-defense and IT security sectors.
Nava Levy, Intel
Workshop: Introduction to Disruptive Technologies/Innovations
The term Disruptive Technologies was coined by Prof. Christensen Clayton and since has been widely applied in academy, technology and business domains. In his famous book, The Innovator’s Dilemma, Prof. Christensen Clayton describes how these technologies cause great firms to fail and startups to thrive. These technologies range from digital cameras to mobile phones, from open source software to cloud computing. In this workshop we will learn what disruptive technologies are, why they pause a threat to established companies and how startups and companies can leverage them (or learn to defend against them). We will also illustrate with hands on examples how to identify disruptive trends/technologies (contrary to sustaining innovations) and illustrate their disruptive process.
Nava Levy joined Intel to the Strategic Technologies Group where she is responsible for identifying and incubating long-lead technologies that are transformational & disruptive for the domains of Cloud & Big Data. Nava brings with her over 20 years of experience in Hi-Tech as well as over 8 years in disruptive technologies, specifically in Cloud & Big Data domains in a variety of roles. Most recently Nava founded LerGO, a cloud based venture dedicated to kids’ education. Prior to that Nava led cVidya’s efforts in SaaS & Big Data as VP Cloud Solutions and before that she was the head of Amdocs' SaaS/Cloud program.
Dr. Alexandra Shulman-Peleg, IBM Cybersecurity Center of Excellence, Beer Sheva
Protecting the Cloud from Inside: Threats, Defenses and Security Intelligence
As cloud takes hold, a growing number of enterprises are transforming their business to operate over cloud platforms and infrastructures in order to cut costs and apply more resources to competitively innovate in their areas of core competence. One of the key characteristics of cloud platforms is massive automation aimed at scalable on-demand resource allocation with maximal server utilization. This gives rise to new security threats which are intensified by the growing use of the DevOps model of cloud application development combined with fast evolving open source cloud communities such as Open Stack and Cloud Foundry. Traditional security approaches, such as perimeter security, have become totally irrelevant for protecting cloud environments, and observably, there is a need for an approach that would take into account the flow of information and the interactions among computing resources within the cloud.
We present a cloud security approach, based on intra-cloud security intelligence, which protects the cloud platform across all of its stack layers (IaaS/PaaS/SaaS) and life cycle stages. We advocate that this approach, leveraging the internal cloud logic in all cloud layers and components, allows to facilitate the detection of advanced attacks and cyber threats that can be missed by other means. As two key examples, we address two emerging threats on cloud infrastructures: (1) NoSQL injections on databases and caches, and (2) threats on linux containers. Both NoSQL databases and containers have became main building blocks of cloud platforms, but they introduce new risks. For example, linux containers allow attacks on the shared resources such as the file system, network and kernel. We show how to minimized these risks by mitigating NoSQL injections and hardening the infrastructure and the workloads of linux containers, while illustrating the importance of utilizing cloud meta-data and controls.
Dr. Alexandra Shulman-Peleg is a senior research scientist at the IBM Cyber Security Center of Excellence (CCoE) in Be'er Sheva, Israel. Previously, she led research on cloud security at IBM Haifa Research Labs as well as held a position of a software team leader at RAD Data Telecommunications LTD. She received her Ph.D, M.Sc. and B.Sc. degrees in Computer Science from Tel-Aviv University. She has more than 30 scientific publications, which were published in leading journals, conferences and books.
Tomer Teller, Mircosoft Azure Cyber Security
Fire Without Smoke –
Today, most automated Malware analysis machines are focused on behavioral analysis: detecting known malicious patterns that occur in the system/network using techniques such as API call sequences and memory analysis. While these systems work and prove themselves in the field, attackers still manage to penetrate networks by coming up with never-seen-before patterns that evade the analysis. At that point, a new pattern is added to the system, and the usual cat & mouse game continues.
While analyzing millions of samples a day, looking for new trends and techniques we had to find a way to filter-out “the hot from the not”. We noticed that even if the sample execution path started with something that we were unfamiliar with, at the end of the process we reached a pattern we were familiar with and could identify.
Instead of chasing unfamiliar patterns, we would like to propose a novel, dynamic approach to automatically detect patterns, by using reverse call stack analysis while leveraging cloud computing and big data analysis.
Our research began with categorizing many atomic system operations, down to the IRP level, and monitoring them as they occur.
When a monitored operation was triggered, we back tracked, analyzed the call-stack of the executing thread, and concluded whether the execution path was known.
We run millions of benign and malicious samples in a cloud environment. We collect all the known execution paths to achieve a monitored operation. Thus, we detect new, unknown execution paths that evade behavioral analysis: we detect fire without smoke.
Our presentation will introduce the concept of misbehavior analysis. It shows that when defenders implement both the traditional behavioral analysis and our new misbehavior analysis, the costs for attackers dramatically increase. During our talk we will release a misbehavior analysis tool and discuss our findings.
Tomer Teller is a Senior Program Manager at the Microsoft Azure Cyber Security group in charge of Threat Detection and Security Research. Prior to his work at Microsoft, Tomer was the security innovations research manager and corporate technical spokesperson at Check Point.
He has been an active speaker at industry conferences and presented his work at Black Hat, RSA and OWASP.
Teller holds a B.Sc. in computer science and is a proud owner of multiple patents in the field of exploit mitigations.