May 27th - 29th
Baltimore, MD, USA
Intelligence and Security Informatics
NEWS
LINKS & SUBLINKS
Speakers
The LRM proceeds in three stages: Proof-of-concept research to demonstrate the functional feasibility of the AVATAR, does it work; proof-of-value research to investigate whether the AVATAR can create value across a variety of conditions; and proof-of-use research to address complex issues of operational feasibility at airports and ports-of-entry. The last research mile ends only when practitioners (border agents, security personnel) routinely use the AVATAR in the field. We argue that going the LRM negates the assumption that one must trade off rigor and relevance, showing it to be a false dilemma. Security researchers who take their solutions through the last research mile may ultimately have the greatest impact on science and society. We demonstrate the LRM with an example of the evolution of the AVATAR as it progresses through each phase of the Last Research Mile. The ultimate test of the AVATAR is whether it can identify subjects that exhibit anomalous behavior.
BIOGRAPHY:
Dr. Jay F. Nunamaker, Jr. is Regents and Soldwedel Professor of MIS, Computer Science and Communication. He is Director of the Center for the Management of Information and the National Center for Border Security and Immigration at the University of Arizona funded by the Department of Homeland Security (DHS) Center of Excellence program. Dr. Nunamaker was inducted into the Design Science Hall of Fame, May 2008. Dr. Nunamaker received the LEO Award for Lifetime Achievement from the Association of Information Systems (AIS) at ICIS in Barcelona, Spain, December 2002. He was elected a fellow of the AIS in 2000. He was featured in the July 1997 Forbes Magazine issue on technology as one of eight key innovators in information technology. He is widely published with an H index of greater than 60. He has produced over 368 journal articles, book chapters, books and refereed proceedings and has been a major professor for 97 Ph.D. students. His specialization is in the fields of system analysis and design, collaboration technology and deception detection. He has co-founded five spin-off companies based on his research. The commercial product of GroupSystems, ThinkTank based upon Nunamaker’s research, is often referred to as the gold standard for structured collaboration systems. He was a research assistant funded by the ISDOS project in industrial engineering at the University of Michigan and an associate professor of computer science and industrial administration at Purdue University. In his career he has received 100+ million dollars as the PI or Co-PI on sponsored research at the University of Arizona, Purdue University and the University of Michigan. He founded the MIS department at the University of Arizona in 1974 and served as department head for 18 years. From 1976-1991, Nunamaker served as chairman of the ACM Curriculum Committee on Information Systems and as a committee member from 2009-2014. Dr. Nunamaker received his Ph.D. in operations research and systems engineering from Case Institute of Technology, an M.S. and B.S. in engineering from the University of Pittsburgh, and a B.S. from Carnegie Mellon University. He received his professional engineer’s license in 1965.
Internet Voting - A Technical, Social, and Policy View
Jeremy Epstein
National Science Foundation
BIOGRAPHY:
Jeremy Epstein leads the National Science Foundation’s Secure and Trustworthy Cyberspace (SaTC) program, which is NSF’s flagship cybersecurity research program with over 670 active research grants and $75M in annual investments. He’s on loan from SRI International, where his research areas include voting system security and software assurance. Jeremy is associate editor in chief of IEEE Security & Privacy magazine, and founder of the Scholarship for Women Studying Information Security.
Jay F. Nunamaker, Jr.
Regents’ and Soldwedel Professor of MIS,
Computer Science and Communication
University of Arizona, Tucson, Arizona
Keynote Talk
Achieving Rigor and Relevance in Security Research: The Evolution of the AVATAR
This talk is about the development of an automated
security kiosk called the AVATAR for interviewing
subjects and assessing their credibility regarding
security issues. We will also describe an approach
and the steps for achieving rigor and relevance by
going the Last Research Mile (LRM). This process
involves guiding the AVATAR through successful
transition into security environments. The AVATAR
is equipped with a number of sensors that
records an individual’s physiological and behavioral
reactions when interviewed. Going the Last Research
Mile means using scientific knowledge and methods from psychology, linguistics, neuro science, engineering, computer science and information systems to address important problems for real people (border crossers, passengers) with real stakes in the outcome. The
AVATAR is being developed by the University of Arizona (BORDERS) through support from the Department of Homeland Security (DHS), Office of University Programs. BORDERS researchers have investigated over 500 cues including vocalics, linguistics, kinesics, cardiorespiratory, eye behavior and facial skin temperatures and many others.
Abstract Internet voting is both an inevitable
development and a technical impossibility. This talk will explore the policy imperatives, the social drivers, and the technical challenges that must be addressed - and the implications of moving forward before the issues are addressed.
End-To-End Voter-Verifiable Elections: Scantegrity and Random-Sample Elections
BIOGRAPHY:
Alan T. Sherman is a professor of computer science at the University of Maryland, Baltimore County (UMBC) in the CSEE Department and Director of UMBC’s Center for Information Security and Assurance. His main research interest is high-integrity voting systems. He has carried out research in election systems, algorithm design, cryptanalysis, theoretical foundations for cryptography, applications of cryptography, cloud forensics, and cybersecurity education. Dr. Sherman is also an editor for Cryptologia and a private consultant performing security analyses. Sherman earned the PhD degree in computer science at MIT in 1987 studying under Ronald L. Rivest. www.csee.umbc.edu/~sherman
Dr. Mark Segal, Ph.D
NSA
BIOGRAPHY:
Dr. Mark E. Segal is Chief of Computer and Information Sciences Research in the National Security Agency/Central Security Service’s Research Directorate. In this role, Dr. Segal is responsible for leading an organization conducting research in computer science, data science, and natural language processing, and applying the results of this research to NSA/CSS’s Signals Intelligence, and Information Assurance missions. Prior to this assignment, Dr. Segal was the Deputy Director of NSA/CSS’s Laboratory for Telecommunications Sciences, whose research focus was telecommunications and computer networking. Dr. Segal also served as a Director of Cybersecurity Operations in the NSA/CSS Threat Operations Center, where he led a team in a 24x7 operations center focused on protecting DoD networks from cyber exploits. Dr. Segal is the recipient of a National Intelligence Meritorious Unit Citation and a Presidential Rank Award. Prior to joining NSA, Dr. Segal worked at Telcordia (formerly Bellcore) as a research manager and researcher. He served as Executive Director of Software Technology Research at Telcordia, and conducted research in distributed computing, multimedia systems, dependable systems, and cyber security. Dr. Segal holds BS, MS and PhD degrees in Computer and Communications Sciences from the University of Michigan in Ann Arbor.
Voting presents a difficult security engineering challenge because the requirements include both results integrity and unlinkability of votes to voters. Technologies now exist that enable voters to verify the integrity of the election outcome without revealing how they voted. These technologies do not base their results integrity on correct procedures, software, or hardware; instead, they are “implementation independent” in that any error in implementation that changes the election outcome will, with overwhelming confidence, be detected by the voters.
I will discuss two of these technologies: Scantegrity and Random Sample Elections (RSE). In November of 2009 and 2011, voters in Takoma Park, Maryland, cast ballots for the mayor and city council members using the Scantegrity II voting system—the first time any End-to-End (E2E) voting system with ballot unlinkability has been used in a binding governmental election. This election demonstrated that E2E cryptographic voting systems can be effectively used and are appreciated by the general public.
RSE reduces the costs of elections by a factor of a thousand by replacing mass elections with a much smaller election by a randomly-chosen anonymous sample of the registered voters. A crucial technical feature of this system is the “verifiable randomness” used to select the sample in a way that cannot be manipulated or predicted by even a national laboratory, yet is verifiable by anyone after the election. One application of RSE is to empower grassroots organizations to conduct their own verifiable elections to demonstrate substantial support for a single referendum question. An interdisciplinary team is refining and implementing the RSE concept and proving properties about it.
Donna F. Dodson
Deputy Cyber Security Advisor at National Institute of Standards and Technology
A Researcher’s Perspective on Cybersecurity Operations Challenges
Almost every week there is a story in the news about how a complex cyber system has been exploited by a cyber actor. Many times the news story will describe how sensitive information was stolen or how the system itself was
damaged or disabled. To prevent future cyber exploits from
occurring, researchers in academia, industry, and government are constantly looking for new ways to make systems more robust, to detect malicious behavior, and to monitor system health. While scientifically interesting, many kinds of Cybersecurity research projects tend not to be
directly applicable to organizations responsible for protecting cyber systems.There are also many operational challenges that are not addressed in current research.This talk will provide an operational perspective on Cybersecurity gaps in current practice and suggest potential research directions to address some of these gaps.
Cybersecurity - Facing the Nation's Challenges Together
BIOGRAPHY:
Donna F. Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and Technology and Director of NIST's National Cybersecuity Center of Excellence. Dodson oversees cyber security program to conduct research, development and outreach necessary to provide standards, guidelines, tools, metrics and practices to protect the infor-mation and communication infrastructure. This includes collaborations with industry, aca-demia and other government agencies in research areas such as security management and assurance, cryptography and systems security, identity management, security automation, secure system and component configuration, test validation and measurement of security properties of products and systems, security awareness and outreach and emerging security technologies. She received two Department of Commerce Gold Medals and three NIST Bronze Medals. She was a Fed 100 Award winner for her innovations in cybersecurity and in 2011 was included in the top 10 influential people in government information security.
