Presentations 2

3:00 pm to 4:00 pm
3:00 - 3:20
"Who Hit Me and Why Does It Matter: Legal and Policy Challenges in Attributing Cyber Attacks"
Bryan Cunningham is the Executive Director for UCI’s Cybersecurity Policy and Research Institute. He is a leading international expert in cyber security, privacy, trade secret protection, employee monitoring and government surveillance issues, with special expertise in US and European Union data protection law and compliance. Bryan developed this unique practice through extensive experience in senior US Government intelligence and law enforcement positions. Most recently, he served as Deputy Legal Adviser to then-National Security Advisor Condoleezza Rice. He also served six years in the Clinton Administration, as a senior CIA officer and federal prosecutor. He drafted significant portions of the Homeland Security Act and related legislation, helping to shepherd them through Congress. He was a principal contributor to the National Strategy to Secure Cyberspace, worked closely with the 9/11 Commission and has provided legal advice to Presidents, National Security Advisors, the National Security Council, and other senior government officials on intelligence, terrorism, cyber security and other related matters. Bryan is a cybersecurity and privacy lawyer who has advised clients on data and critical infrastructure protection and privacy programs.
3:20 - 3:40

"Automatic Generation of Inter-Component Communication Exploits for Android Applications"
Joshua Garcia, Associate Project Scientist, ISR, UC Irvine
Although a wide variety of approaches identify vulnerabilities in Android apps, none attempt to determine exploitability of those vulnerabilities. Exploitability can aid in reducing false positives of vulnerability analysis, and can help engineers triage bugs. Specifically, one of the main attack vectors of Android apps is their inter-component communication interface, where apps may receive messages called Intents. In this paper, we provide the first approach for automatically generating exploits for Android apps, called LetterBomb, relying on a combined path-sensitive symbolic execution-based static analysis, and the use of software instrumentation and test oracles. We run LetterBomb on 10,000 Android apps from Google Play, where we identify 181 exploits from 835 vulnerable apps. Compared to a state-of-the-art detection approach for three ICC-based vulnerabilities, LetterBomb obtains 33%-60% more vulnerabilities at a 6.66 to 7 times faster speed.

Joshua Garcia is an Associate Project Scientist at the Institute for Software Research at the University of California, Irvine (UCI) and the Software Engineering and Analysis Lab at UCI’s Department of Informatics. His current research interests including mobile security, testing, and analysis—and addressing problems of software architectural drift and erosion. Before joining UCI, he was a Postdoctoral Research Fellow at George Mason University’s Department of Computer Science. He received three degrees from the University of Southern California: a B.S. in computer engineering and computer science, an M.S. in computer science, and a Ph.D. in computer science. His industrial experience includes software-engineering or research positions at the NASA Jet Propulsion Laboratory, the Southern California Earthquake Center, and Xerox Special Information Systems.

3:40 - 4:00
"Privacy Compliance by Design: Enhancing Industry Software Practices For Compliance with Privacy Laws and Regulations"
Sameer Patil, Assistant Professor, Indiana University Bloomington

Sameer Patil is an Assistant Professor in the School of Informatics and Computing at Indiana University, Bloomington (IU) and a fellow of IU’s Center for Applied Cybersecurity Research (CACR). Prior to joining IU, he was an Assistant Research Professor in the Department of Computer Science and Engineering at New York University’s Tandon School of Engineering where he was a member of the NYU Center for Cybersecurity. Previously, he was a Research Scientist at Yahoo Labs in Sunnyvale, CA and at the Helsinki Institute for Information Technology (HIIT) in Finland. He has also held Visiting Professor appointments at the Vienna University of Economics and Business, Austria and University of Siegen, Germany. Sameer holds a Ph.D. in Information and Computer Science from the University of California, Irvine, two Master’s degrees (Computer Science & Engineering and Information) from the University of Michigan, Ann Arbor, and a Bachelor’s degree in Electronics Engineering from the University of Bombay, India. Sameer’s research interests lie at the intersection of Privacy and Cybersecurity, Human Computer Interaction (HCI), and Social Computing. The results of his research have been published at top-tier conferences, such as CHI, CSCW, and SOUPS, and he holds several US patents. Sameer’s research has been funded by the National Science Foundation and Google.