Thursday, 10/15, 5:00 – 6:00 pm, 808 Commonwealth Avenue (Fuller Building), Room 109

and

Friday , 10/16 12:30 – 3:00 pm, 111 Cummington Street (MCS building) Room 135

Join representatives of the National Security Agency to learn about career opportunities in information assurance and intelligence.   NSA is The National Security Agency/Central Security Service (NSA/CSS) is home to America’s codemakers and codebreakers. It is a leading research and intelligence institution and the largest employer of mathematicians in the world. NSA offers careers in computer science, engineering, mathematics and a wide range of other fields. You will have the opportunity to ask questions and explore career paths with NSA employees directly involved in the hiring process.

More information about NSA is available at http://www.nsa.gov/about/index.shtml

Full tuition, fees, books, $17K stipend for graduate students, $12K stipend for undergraduate students, and hands-on experience in information security internships. If all conditions are met, upon program completion the one-year service per one year study requirement may lead to full-time permanent civilian positions with the Department of Defense.

For Boston University program information and requirements please visit the Boston University Metropolitan College Master program web site http://csmet.bu.edu/Programs/index.html

For information about the Scholarship requirements and forms please visit http://www.defenselink.mil/cio-nii/sites/iasp2/prospective.html.

If you are interested in this scholarship and qualify for it, please contact
Prof. Anatoly Temkin, Department of Computer Science, Metropolitan College, Boston University:
temkin@bu.edu
617-353-2567 (office)

Course Title: Ethical Hacking and Systems Defense
August 10 – 12, 2009, Harvard University.

Sponsors are providing student support in the form of scholarships to
aid selected students to attend the workshop. The scholarship includes
coverage of all costs of workshop attendance, including airfare (up to
$500), lodging, and meals. Interested students should register online
and include a brief statement detailing the reason why they would like
to attend. While sponsorships are available in priority to students
from US academia, a small number of sponsorships can will be given to
foreign students, but may not cover full travel or visa fees.

TIW Overview

When IT infrastructure technologies fail to keep pace with emerging
threats, we can no longer trust them to sustain the applications we
depend on in both business and society at large.

Ranging from Trusted Computing, to machine virtualization, new
hardware architectures, and new network security architectures,
trusted infrastructure technologies attempt to place security into the
very design of commercial off-the-shelf technologies.

The TIW is an open innovation event modeled as a highly interactive
summer school, consisting of lectures, workshops, and other lab
sessions. It is aimed at bringing together researchers in the field of
IT security with an interest in systems and infrastructure security,
as well as younger MS or PhD students who are new to the field.
Funding is available to support student attendance.

Agenda Highlights

- 4 keynote lectures
- 7 technology lectures: Trusted computing architecture, TPM module,
attestation, SW-based attestation, virtualization security, network
security, and trusted storage.
- 4 research workshops: HW security, attestation in practice, OS
security, verification and formal methods.
- 3 hands-on labs: TPM, trusted virtualization, trusted network connect.

Several social events and networking with other researchers are planned.

For more details on the workshop and how to register, please visit
http://www.cylab.cmu.edu/TIW

TIW Sponsors

- Carnegie Mellon CyLab
- Fujitsu
- HP Labs
- IBM
- NSA
- NSF
- Seagate

Contacts

Workshop details: Michael Willett <michael.willett@seagate.com>
Registration details: Tina Yankovich <tinay@andrew.cmu.edu>

Confirmed Speakers

Boris Balacheff, HP Labs
David Challener, Johns Hopkins APL
Paul Congdon, HP
Anupam Datta, CyLab/CMU
Virgil Gligor, CyLab/CMU
Ken Goldman, IBM Research
David Grawrock, Intel
Steve Hanna, Juniper Networks
Trent Jaeger, Penn State
Ruby Lee, Princeton University
Andrew Martin, Oxford University
Jonathan McCune, CyLab/CMU
Adrian Perrig, CyLab/CMU
Gianluca Ramunno, Politecnico di Torino
Donald Simard, NSA
Robert Thibadeau, Seagate
Leendert van Doorn, AMD

Venue

CyLab, Carnegie Mellon University
CIC Building
4720 Forbes Avenue
Pittsburgh, PA 15213

Sarah Zatko, a doctoral student at CAS Computer Science Department of the College of Arts and Sciences, won the Best Student Paper award at the MIT Spam Conference, March 26, 2009, (http://projects.csail.mit.edu/spamconf/agenda.html ). The paper, entitled “Markets Can Cure Spam Zombies Too”, is in collaboration with Professor Marshall Van Alstyne from the Information Systems Department of the School of Management who made this truly interdisciplinary work possible.

Abstract

Markets Can Cure Spam Zombies Too
Marshall Van Alstyne & Sarah Zatko
MIT Spam Conference, March 26, 2009,
http://projects.csail.mit.edu/spamconf/agenda.html

Can markets really solve the spam problem? Using sidepayments, Loder et. al [2] argue that attention markets can clear this information pollution, perhaps even better than any filter. But, what about fraud? Criminals send most spam using compromised machines called “zombies.” Won’t markets just invite these gremlins to seize real currency instead of CPU cycles [1]?

By using markets, the answer should be “No!” This seeming weakness provides leverage for an even greater strength. Consider how markets might first clear spam and then clear zombies too.

Markets can clear spam by recovering hidden information. No one knows the content of a message better than its author. So, use a revelation mechanism to force disclosure of sender private knowledge. Does a message contain spam or not? Knowing the answer, will the author place a bet on this fact? If a sender refuses to bet on what he already knows, then he signals his message contains spam.

This mechanism uses two Nobel Prize winning ideas, property rights (the Coase Theorem), and signaling / screening (Akerlof, Spence and Stiglitz) to create a right to avoid useless interruption. The approach screens messages from strangers who refuse to bet their content is not spam. When a recipient declares a message spam, this also signals her position on topics that waste her time. Attention bonds also avoid the recurring failure of content filters that need computers to understand English. The result is that, in theory, we reduce inbox spam, reward users with seized bets, and convey their preferences so they receive the mail they want.

In practice, attention bonds have been criticized for giving spammers a chance to seize bets or bet with other people’s money. But this is not how zombies work. Instead, zombies require (i) they remain undetected by average users and (ii) that when detected, average users lack the expertise to remove them [5]. A remedy can vanquish zombies by combining new theories of “two-sided networks” with established methods of fraud prevention. Markets might then provide three interlocking benefits – better detection, fraud insurance, and incentives matched to expertise.

First, stealing currency creates an audit trail. Spammers can no longer hide repeated or bulk theft of CPU cycles in periods of idle time. Identifying compromised computers can rely on the same mechanisms as those used to detect credit card fraud. Grandma did not buy 3 plasma TVs or send 5000 messages! Seeing the analogy between spending and sending allows us to attack the problem using the well-developed fraud prevention tools already deployed by the telecom and banking industries.

Second, this creates a market for insurance that protects users. Most credit card companies indemnify cardholders against fraud. Why? The expected value of increased business more than covers the expected cost of increased losses. Internet Service Providers (ISPs) that follow this example can cut their spam costs and capture banking revenues. Further, ISPs should condition the offer of fraud insurance on a grant of authority to maintain basic security on users’ machines. Customers who prefer to handle their own security may do so but they forfeit the free insurance. Such user subsidies are the essence of the free Internet pricing strategies established under “two-sided network” theory [3, 4].

Third, the proposed mechanism realigns ISP incentives to address both zombie problems. Transactions no longer remain hidden, and responsibility for correcting the problem shifts from inexpert users to expert ISPs who are fully capable of dispatching zombies. Machines become harder to infect because antivirus protection is up-to-date; infected machines become easier to identify; and incentives to correct infections shift to parties equipped to fix them.

[1] Lim, Jamus Jerome. (2008) “Zombies May Mean Attention Bonds Will Not Cure Spam.” Economists’ Voice: Letters, Vol. 5 [2008], Iss. 2, Art. 5.

[2] Loder, Theodore; Van Alstyne, Marshall; Wash, Rick, (2006) “An Economic Response to Unsolicited Communication.” Advances in Economic Analysis & Policy, Vol. 6 [2006], Iss. 1, Art. 2.

[3] Parker, Geoffrey and Van Alstyne, Marshall. (2005) “Two Sided Network Effects: A Theory of Information Product Design.” Management Science, Vol. 51 [2005] , Iss. 10, pp. 1494 – 1504.

[4] Rochet, J.C. and J. Tirole (2003). “Platform Competition in Two-Sided Markets.” Journal of the European Economic Association, MIT Press, vol. 1 (4), pp. 990 – 1029.

[5] van Eten, Michel J.G.; Bauer, Johannes M., (2008) “Economics of Malware: Security Decisions, Incentives and Externalities.” Research report of the Organization for Economic Cooperation and Development (OECD) – STI Working Papers 2008/1: May 29.

At this online fair potential applicants will be able to chat with recruiters, apply for jobs, and learn more about NSA – all from the convenience of their computer.  They can drop in at any time and it is absolutely free to attend. All they have to do is register at www.NSA.gov/Careers.  NSA recruiters can view their qualifications online, and they can apply to open positions on the spot.

We have many exciting opportunities available in Information Assurance, Engineering, and Computer Science. From the comfort of your computer you can:

• Explore opportunities with NSA

• Chat with NSA recruiters

• Apply to open positions

Register today at www.meetNSA.com

Event Date: Thursday, March 5

Time: 3 p.m. – 8 p.m. EST

For more information about NSA, visit www.NSA.gov/Careers.

Obama Administration Outlines Cyber Security Strategy – Security Fix (Washington Post 1/23/09). details…

Full tuition, fees, books, $17K stipend, and hands-on experience in information security internships. If all conditions are met, upon program completion the one-year service per one year study requirement may lead to full-time permanent civilian positions with the Department of Defense.

For Boston University program information and requirements please visit the Boston University Metropolitan College Master program web site http://csmet.bu.edu/Programs/index.html

For information about the DoD Scholarship requirements and forms please visit http://www.defenselink.mil/cio-nii/sites/iasp/.

Please contact the center for an application from.

Contact Dalia Yassa
Assistant Director, Center for Reliable Information Systems and Cyber Security (RISCS)
email:yassa@bu.edu
Tel: 617-358-4805

Application deadline: January 31, 2009

My group, the National Information Security Group (NAISG, http://www.naisg.org) is combining the June meeting of our New England chapter with our annual charity fundraiser for a totally different kind of event.

A> Presentation… Mike Rothman, the well-known author of The Pragmatic CSO (http://www.pragmaticcso.com) and The Daily Incite (http://securityincite.com), will present “An Evening with the Pragmatic CSO.”  This will not be about technology; it will be about being an effective security administrator, manager or executive.   Regardless of whether you are a CSO or an administrator, you need to communicate what you are going to do within the context of your business and track your effectiveness. The methodology also addresses getting budgetary approval, interfacing with auditors, and just figuring out what it’s going to take to be a premier security practitioner. Mike will also be available to sign copies of the Pragmatic CSO after the session.

B> High-Velocity… Strap on your racing helmets and suit up.  We will be hitting the track for some serious go-kart racing.

C> Give-Aways… We have a number of fully-licensed (NFR) copies of Windows Vista Ultimate and Office 2007 Professional to give away to attendees.  Copies are limited and these will be provided on a first-paid, first-served basis.  (A special thanks to Culminis and Microsoft for donating these for this event.)

WHEN IS IT?

The event will take place on Thursday night, June 21, at F1 Boston in Braintree, MA starting at 6:45 PM.  This is our regular meeting night, but at a very different location.

HOW DO I REGISTER OR FIND MORE INFORMATION?

Check it out here: http://www.naisg.org/events.

HOW CAN I HELP TO SPONSOR THIS EVENT PLUS GET SOME PR FOR MYSELF?

We are very glad you asked.  We do need sponsors for this event.  Remember that all net proceeds from the event will be donated directly to charity (The Caitlin Raymond International Registry, http://www.crir.org).  Please see http://www.naisg.org/events/f1boston/sponsor.htm for more information.

AND SPECIAL THANKS TO OUR SPONSORS:

> Vericept, the leading provider of comprehensive compliance and content control solutions. Vericept mitigates internal risk by providing enterprise-wide visibility that enables full control of the information exchanged inside and outside an organization. Vericept’s patent-pending Intelligent Content Analysis Control Engine dramatically reduces security risks and “insider threats” within an organization, including regulation compliance violations, corporate governance concerns, internal policy infractions, information leaks and unacceptable Internet usage.  http://www.vericept.com.

> MIS Alliance, the leading provider of IT and MIS consulting services to the greater Boston area.  MIS Alliance is a Microsoft Gold Certified Partner and a Small Business Specialist, and can either become your IT organization or provide consulting services for your existing one.  http://www.misalliance.com.

> DNSstuff.com, a Web application providing expertise and all the tools necessary to ensure that your DNS operates smoothly, efficiently and safely. It is one of the largest and most trusted communities of IT professionals on the Web.  DNSstuff.com has donated annual memberships to its premium site for fifty attendees.  http://www.dnsstuff.com.

> Culminis Alliance, an international not-for-profit organization devoted to the development and growth of the IT community by supporting user groups and the IT professional community.  Culminis has donated copies of Windows Vista and Office 2007 to attendees of our event.  http://www.culminis.com.

> Microsoft, maker of Windows and Office systems, as well as much, much more.  Microsoft has donated copies of Windows Vista and Office 2007 to attendees of our event.  http://www.microsoft.com.

Full tuition, fees, books, $17K stipend, and hands-on experience in information security internships. If all conditions are met, upon program completion the one-year service per one year study requirement may lead to full-time permanent civilian positions with the Department of Defence.

For Boston University program information and requirements please visit the Boston University Metropolitan College Master program web site http://csmet.bu.edu/Programs/index.html

For information about the DoD Scholarship requirements and forms please visit http://www.defenselink.mil/cio-nii/sites/iasp/.

Please contact the center for an application from.

Contact Dalia Yassa
Assistant Director, Center for Reliable Information Systems and Cyber Security (RISCS)
email:yassa@bu.edu
Tel: 617-358-4805

Application deadline: January 31, 2009