People at work in the Emergency Operations Center, stylized to illustrate cyber security for a UC Magazine feature on the Cyber Range.

Cyber Summer School

The Cyber Summer School will expose undergraduate students, graduate students, faculty and staff, and industrial and government partners to ongoing research covering human, political, economic, technological, and engineering aspects of cybersecurity.  The summer school aims to foster further interaction between academic researchers, local companies and government representatives to help take a giant step toward providing additions to cybersecurity workforce not only to the State of Ohio, but across all states in the US. 

The University of Cincinnati will deliver a Certificate of Completion and 24 Professional Development Hours in the area of Cyber Security to anyone who completes the entire workshop.


General Information

Dates: July 11–15, 2022
Hybrid/In-person: The modules will be delivered hybrid style. Registrants can opt for asynchronous delivery of the videos which will be made available after the Cyber Summer School is over.

The workshop will be over a period of a week and will consist of presentations of  modules covering the following aspects of cybersecurity:

  • Research in behavioral, policy and strategy aspects of cybersecurity (Richard Harknett, Greg Winger, Ryan Moore)
  • Research on economics aspects of cybersecurity (Michael Jones, Nitin)
  • Research in cybersecurity engineering (Marty Emmert, John Franco, Boyang Wang, Nan Niu, Ranga Vemuri, Anca Ralescu, Will Hawkins)

Schedule

Day 1: July 11, 2022

  • 8:30-8:45am: Opening Remarks (Marc Cahay, EECS Dept. Head); Welcome address (Pat Limbach, VP of Research@UC)
  • 8:45–10:15am: Module 1, Richard Harknett
  • 10:15-10:30am: Coffee Break
  • 10:30-11:30am: Module 2-Part 1, Greg Winger
  • 11:30am-12:30pm: Lunch
  • 12:30-1:30pm: Module 2-Part 2, Greg Winger
  • 1:30-1:45pm: Coffee Break
  • 1:45-3:45pm: Module 3 Ryan Moore

Day 2: July 12, 2022

  • 8:15-10:15am: Module 4 Michael Jones
  • 10:15-10:30am: Coffee Break
  • 10:30-11:30am: Module 5-Part 1 Boyang Wang
  • 11:30am-12:30pm: Lunch
  • 12:30-1:30pm: Module 5-Part 2 Boyang Wang
  • 1:30-1:45pm: Coffee Break
  • 1:45-3:45pm: Module 6 Nitin

Day 3: July 13, 2022

  • 8:15-9:45am: Module 7 Anca Ralescu
  • 9:45-10:00am: Coffee Break
  • 10:00-11:30am: Module 8 Boyang Wang
  • 11:30am-12:30pm: Lunch
  • 12:30-1:30pm: Module 9 Nan Niu
  • 2:00-2:15pm: Coffee Break
  • 2:15-3:45pm: Module 10 Will Hawkins

Day 4: July 14, 2022

  • 8:00-9:00am: Invited Speaker Jason Amstrong NSA Senior Operations Analytics Officer (SOAO) “WWII: German Enigma and Cryptography”Invited Speaker Jason Amstrong NSA Senior Operations Analytics Officer (SOAO) “WWII: German Enigma and Cryptography”
  • 9:00-10:30am: Module 11 John Franco
  • 10:30-10:45am: Coffee Break
  • 10:45am-12:0pm: Module 12 Mehdi Norouzi
  • 12:00-1:00pm: Lunch
  • 1:00-3:00pm: Module 13 Ranga Vemuri 
  • 3:00–3:15pm: Coffee Break
  • 3:15-4:30pm: Presentations Industrial
  • 4:30-6:00pm: Poster Session/Roundtables
  • 6:30-8:30pm: Dinner
  • Mid-Afternoon: Presentations by Industrial and Government Partners

Day 5: July 15, 2022

  • 9:00–9:45am: Invited Speaker Len Orlando (WPAFB)
  • 9:45–10:00am: Coffee Break
  • 10:00-10:30am: EECS Cyber programs Q&A 
  • 10:40-11:20am: SPIA Cyber programs Q&A 
  • 11:30am-12:00pm: School of IT Cyber programs Q&A
  • 12:10-1:00pm: Lunch
  • 1:00-1:30pm: Invited Speaker TBD LCMC-Death Star WPAFB
  • 1:30–3:00pm: Seth Adjei and Ankur Chattopadhyay (NKU)
  • 3:00–3:15pm: Coffee Break
  • 3:15–4:00pm: CHEST-NSF-IUCRC Marty Emmert
  • 4:00–5:00pm: Recruitment Roundtables
  • 5:00pm: Concluding Remarks: Marc Cahay, Richard Harknett, Hazem Said
Cybersecurity is a science, engineering, technology, and policy challenge that has social and economic impact on an interconnected and fast evolving world

Hazem Said Professor & Director, UC's School of Information Technology

Details of Modules

Unviersity of Cincinnati faculty will lead and present informative sessions around cybersecurity including:

  • Behavioral, policy and strategy aspects of cybersecurity
  • Research in economics aspects of cybersecurity
  • Research in cybersecurity engineering

Research in behavioral, policy and strategy aspects of cybersecurity

This session examines the structure of cyberspace and how it creates an imperative to act to advance national interests through exploitation of vulnerabilities. The session uses the United States as a case study of how countries have shifted to this reality and discusses the US doctrine of persistent engagement as a national cybersecurity operational approach.  

Learning outcomes

  1. Learn core concepts of cybersecurity strategy and policy
  2. Understand the unique national security challenges posed by the digital domain
  3. Evaluate different forms of cyber strategic competition
  4. Assess different approaches to national cyber strategies 
  5. Review key assumptions supporting national cyber strategies

This session discusses cyberspace as political domain and its evolution as an arena of international competition.  It will review core challenges like the attribution problem as well as key actors and cases. In particular, this session will delve into how various geopolitical actors have adapted to the cyber domain and endeavored to uses its unique characteristics as tools for geopolitical gain.  

Learning outcomes

  1. Learn core concepts of cybersecurity strategy and policy
  2. Understand the unique national security challenges posed by the digital domain
  3. Evaluate different forms of cyber conflict
  4. Assess different approaches to national cyber strategies 
  5. Review key cases studies and strategies of international conflict in cyberspace

Even the strongest, most complex security system can easily be bypassed by one often overlooked vulnerability, the human operator. In this session we will discuss the human element of cyberattacks by examining the attack vectors that can be created by human error, manipulation, or a simple lack of understanding. We will then discuss methods to mitigate these risks through implementing security mechanisms, policies, and training.

Learning outcomes

  1. Identify commonly used human focused attack vectors.
  2. Understand the challenges faced by non-technical computer system user
  3. Examine technical security mechanisms that can help mitigate human attack vectors
  4. Understand the importance of effective cybersecurity policies and enforcement
  5. Assess different training methods for educating a cybermindful workforce

Research in Economics Aspects of Cybersecurity

An economic framework to understand the costs and benefits behind blockchain cyberattacks will be introduced. In a blockchain environment, traditional security tools of government coercion through fines and imprisonment are no longer applicable. A secure blockchain environment is enforced whenever the economic costs of a cyber-attack exceed the benefits. We will explore how the consensus protocols of proof-of-work and proof-of-stake may be economically vulnerable to attack. This session will also provide a brief introduction to game theoretical tools in ransomware attacks. We will explore questions that include: whether to negotiate through a third-party in a ransomware attack, and how attackers determine the digital currency and the amount of a ransom.

Learning outcomes

  1. Calculate economic costs and benefits of a blockchain attack
  2. Apply game theory models to negotiations in ransomware attacks
  3. Estimate the economic value that is vulnerable to attack in decentralized finance protocols

In this module, Dr. Wang will introduce the basic concepts of encryption, including symmetric key encryption and public-key encryption. Specifically, Dr. Wang will introduce the details of two common encryption algorithms that we use in practice, including Advanced Encryption Standard (AES) and RSA. In addition, Dr. Wang will introduce side-channel attacks, and utilize AES and RSA as two concrete examples to discuss how attackers can compromise secret keys of encryption algorithms by analyzing power consumption of target devices (such as microcontrollers and FPGAs). Recent research results on deep-learning-based side-channel attacks will also be briefly discussed.  

Learning outcomes

  1. Master basic knowledge in encryption
  2. Understand concepts of side-channel attacks
  3. Learn latest research outcomes in side-channel attacks

These two sessions aim to provide the conceptual understanding of the function of blockchains, design of blockchain, how blockchain is used as an application to cryptocurrencies mining, what is the mathematical puzzle? and how the difficulty levels are setup? what are the methods of securing distributed ledgers and proof of stake vs proof. It also covers the technological and management underpinnings of Blockchain operations as distributed data structures and decision-making systems, their functionality and different architecture types. Finally, we will advocate the application of Blockchain to the Real-Life applications.

Learning outcomes

  1. Understand the structure of a Blockchain and why/when it is better than a simple distributed database;
  2. Design and Analyze the incentive structure in a Blockchain based system and critically assess its functions, benefits and vulnerabilities;
  3. Evaluate the setting where a Blockchain based structure may be applied, its potential and its limitations;
  4. Analyze to what extent smart and self-executing contracts can benefit automation, governance, transparency and the Internet of Things (IOT) and Attain awareness of the new challenges that exist in monetizing businesses around Blockchains;
  5. Describe and understand the differences between the most prominent Blockchain structures and permissioned Blockchain service providers, as well as rising alliances and networks.

Research in Cybersecurity Engineering

This series of modules is to introduce some of the research in cybersecurity at UC and other universities nearby, as well as ask the participation of companies nearby to increase the synergy in research in cyber in Southwest Ohio. If successful, this would become an annual workshop on research in cybersecurity which could extend to the entire state of Ohio through our established OCRI.

This module is dedicated to a case study of using Machine Learning (ML) in malware detection based on understanding the context in which various program constructs appear. The ML algorithm to be used is introduced, then we will discuss the notion of context useful for our problem. A relevant data set will be discussed. Finally, all these will be integrated into an approach for malware recognition applied to the data set considered.

Learning outcomes

  1. Basic approach to supervised learning
  2. A particular model: Bayesian Learning
  3. An example of application in cybersecurity through a case study of malware classification using Bayesian Learning.

In this module, Dr. Wang will discuss several critical cybersecurity research problems that can be tackled by machine learning. The research problems will include network traffic analysis, malware detection, and wireless device authentication. Specifically, the speaker will explain how these problems can be formulated and tackled by machine learning, especially deep neural networks, discuss the limitations on the robustness and reliability of these AI-based solutions, and more importantly, how we can overcome these limitations based on Dr. Wang’s recent research.   

Learning outcomes

  1. Understand the limitations of AI in cybersecurity 
  2. Learn advanced knowledge to overcome the limitations  
  3. Being able to apply machine learning to various applications in cybersecurity

This module helps the students to explore certain software engineering issues related to cybersecurity, including the tracing and compliance of security policies like HIPAA in real-world (electronic health record) software applications, and the critical analysis of security policies and their breaches. The module will also provide the students some hands-on experience of using static analysis and penetration testing tools to detect software vulnerabilities in industrial-strength codebases.

Learning outcomes

  1. Understand the importance and limitation of security policies 
  2. Analyze and evaluate traceability approach to regulatory compliance
  3. Apply automated techniques to detect software vulnerabilities

In this module, students will learn to use the industry-standard tools for reverse engineering (i.e., Ghidra) and see the connection between it and network exploitation. As attackers become more and more adept at breaking into systems, software developers become more and more adept at keeping them out. This module will also introduce students to the techniques that application and system developers are deploying in order to prevent attacks on their systems (ASLR, NX bits, n-variant systems, control-flow integrity [CFI], etc.)

Learning outcomes

  1. Use Ghidra, one of the industry-standard reverse-engineering tools, to disassemble a malicious program;
  2. Define shell-code injection, return-to-libc, and (B)ROP attacks and use them to exploit a vulnerable program; 
  3. Understand the value of, and be able to employ, fuzzing for finding vulnerabilities in software;
  4. Recognize the utility of public-key cryptography in verifying that programs have not been altered between the time of their creation and the time of their execution;
  5. Describe the techniques that application developers can use to protect their programs against common attacks; and
  6. Explain the techniques that modern operating systems use to defeat common attacks against vulnerable programs.

Testing has been the standard for software and hardware validation for a very long time.  But testing has its problems: most notably it is impractical to test all execution paths and expensive failures in the field emerge, sometimes after a year of deployment, even after extensive testing.  Improved confidence in the safety and security of software, hardware, and systems can be achieved with formal methods.  In particular, "correct by construction" tools can create correct and safe code or VHDL from a trustworthy specification, SMT solvers can check the equivalence of two functions that are implemented differently and over different architectures, and they can also verify correctness of an implementation against a golden specification.  In this session the reason specifications can be trustworthy and some of the tools used to verify correctness from specifications will be demonstrated.  It should be noted that Amazon uses such tools to verify correctness of functions used by its AWS.

Learning outcomes

  1. Write a specification in some existing systems in some specification language such as Cryptol
  2. Design axioms for sound and complete proof systems
  3. Write function and safety properties of hardware or software in some specification language
  4. Prove the above properties in existing systems using the Software Analysis Workbench
  5. Use a Satisfiability/Satisfiability Modulo Theories, and Interactive Theorem Prover solver - that is, set up a logical expression to solve a given problem
  6. Understand the benefits and mechanics of Theorem provers and proof systems
  7. Understand soundness and completeness and why these are important for proving correctness

Taking advantage of redundancies in images using traditional image processing methods and/or integrating image representations extracted from pre-trained deep neural networks, an image can be encoded into a cover image or a video clip. In this module, we will cover the basics of image hiding, related evaluation measures, primary challenges, and recent advancements (State-of-the art DNN models) reviewing a case study.

Learning outcomes

  1. Students will learn simple image processing concepts
  2. Students will understand the difference between Shallow features and deep neural network representations
  3. Students will learn basics of image encoding and watermarking for privacy/security improvement 
  4. Students will learn how to hide an image in a cover image taking advantage of different type of visual features

Trust in integrated circuit (IC) functionality has become a significant concern due to the emergence of highly distributed, multi-institutional process of IC design and development.  In particular, the use of “third-party” foundries for IC manufacturing, where fab lines are often owned by potentially untrusted entities, necessitates the analysis of possible attack methods and the development of threat models and defense methodologies.  

‘Trust’ in this context encompasses at the three mutually related concerns: (1) Trust in the third-party services such as IP providers and foundries (that what they do and provide is functionally as trustable as what equivalent in-house services would provide). (2) Trust that no one can take unfair advantage of the IC design. (3) Trust that the fabricated IC functions and performs exactly as expected – nothing more and nothing less.  Trust is closely related to, but not the same as, correctness, safety and security. 

Research at the University of Cincinnati (UC) has been focused in various topics central to the development of trustworthy ICs. This talk presents current and emerging research directions in split manufacturing, logic encryption/obfuscation, design camouflaging, Trojan detection, reverse engineering, run-time monitoring and side-channel attacks.  

Learning outcomes

  1. Obtain basic knowledge about the vulnerabilities in the integrated circuit design and manufacturing process.   
  2. Understand various attacks exploiting those vulnerabilities.
  3. Appreciate emerging solutions to mitigate those attacks.

Day 5: UC Cyber Program Recruitment and Partnership Session

Morning: Invited Talk, Len Orlando, WPAFB, “Regional Opportunities and Work Force Development for Cyber Physical System’s Security, Assurance, and Trust”

Presentations about cyber related programs at UC

Department of Electrical Engineering and Computer Science (EECS) Presentation (30 minutes): This talk will give an overview of the educational programs in the field of cybersecurity available in the EECS Department.

Starting in the fall of 2021, the EECS Department is offering a BS in Cybersecurity Engineering which combines advanced courses in cybersecurity with fundamental courses in mathematics, computer science, and electrical engineering into a program that adheres to the ABET Engineering Accreditation Commission (EAC) guidelines for Cybersecurity programs and the NSA /DHS Center for Academic Excellence in Cyber Operations.  Each student will complete courses in one of four tracks--Cyber Operations; Network and Data Security; Hardware and Cyber-Physical Systems Security; or Industrial Security--while also completing additional courses in the other tracks, along with required courses in mathematics for cryptography and security and in cybersecurity policy.  This degree provides students with the analytical and computational skills to design, implement, and protect the secure systems needed in today’s world. This new degree offers a series of classes which will complement the new program to be delivered by the School of IT and the new BA in Cyber Strategy and Policy proposed by the Department of Political Science. In addition, the EECS Department offers an undergraduate certificate and a NSA graduate certificate in Cyber Operations.

SPIA presentation: The School of Public and International Affairs is home to the Center of Cyber Strategy and Policy, which is a highly influential research center focused on national and international cyber security strategies. The School offers a new BA in Cyber Strategy and Policy, which provides both technical skills and expertise in the political, economic, social, technology, and organizational challenges that cyber insecurity creates and how to address that insecurity through improved policy, strategy, and law. The School offers graduate MA/PhD degrees in Public Administration and Political Science in which students can work with leading international scholars in cyber security studies as their focus.

School of IT presentation: The School of Information Technology (SoIT) is home to the National Security Agency/Department of Homeland Security Center for Academic Excellence in Cyber Defense. The Bachelor of Science in Cybersecurity degree was first started in 2014 as a specialization area. The program is offered both online and on campus for full time and part time students. Over 200 students already graduated from the program and occupies roles such as Cybersecurity Analyst, Information Security Analyst, Security Operations Center Team Leads, Digital Forensics and Incident Response Analyst, Cyber Threat Detection Analyst, Penetration Tester, Cyber Risk Consultant, Cyber Threat Hunter, Threat Intelligence Analyst, Senior Information Security Specialist, and Cyber Security Counter Measures among others. Graduates are employed in a wide variety of sectors with companies such as Veeva Systems, Equifax, RoundTower Technologies, Splunk, GE Aviation, CBTS, Marathon Petroleum, Deloitte, Black Lantern Security, US Bank, Veeva Systems, and the Cincinnati Insurance Companies among others.

In addition to undergraduate programs that focus on hands-on technical skills, problem solving skills, and communication skills, the SoIT offers Master’s and Doctoral programs with specializations in Cybersecurity. At the graduate level, research methodologies and evidence-based practices are introduced to expand the learner’s abilities, knowledge, and skills to address complex problems following scientific methodology. The new Data-Driven Cybersecurity graduate certificate is a four-course graduate program that provides immersive experience on principles of cybersecurity, enterprise security, applied machine learning, and data-driven cybersecurity. Students in the graduate program work on research and applied cybersecurity projects.

Furthermore, the SoIT offers, in partnership with the Ohio Cyber Range Institute, professional development programs through innovative four-week workshop that leads to industry credentials such as Network+ and Security+ among others.

In this presentation, you will learn about:

  •  The information technology space as the study of solutions and needs that connect people, information, and the technology of the time.
  • The Cybersecurity programs available for undergraduate, graduate, and workforce development.
  • SoIT centers and their research and applied projects, especially those in the Cybersecurity space.

Afternoon: Invited Talk, Ryan Wofarth, Air Force Life Cycle Management Center (AFLCMC)/EZAD. “TBD“

Combatting Psyber-Security Attacks: Seth Adjei and Ankur Chattopadhyay (Northern Kentucky University)

Existing literature shows that cyber-psychological issues among online users are on the rise, with mental health being the new cybersecurity attack surface, and COVID related misinformation, disinformation, and “fake news” being the corresponding attack vector amidst the ongoing pandemic. The threat of an online user being a victim to this is so significant that the World Health Organization calls this a COVID 'infodemic'.

Psychological experts have termed this as a form of COVID psyber-security attack (COVID-PSA). Recently, there has been a few research and development (R&D) initiatives to address this current threat landscape of the COVID 'infodemic'. However, this research area is still a new, emerging one with a lot of prospective scope of work. In this novel R&D project, we have attempted to address this COVID-PSA threat by implementing a data analytics driven knowledge recommender, which is meant to be an adviser for users regarding the credibility of online COVID information.

We have designed and developed a unique web extension as this knowledge recommender’s maiden proof-of-concept prototype. It can be plugged into a web browser as an add-on and can indicate whether the online information is real or fake on a COVID website that users visit. Our unique COVID infodemic adviser tool includes textual data classifiers, which are trained on COVID information related real and fake benchmark datasets and uses advanced natural language processing techniques to parse the online textual information from websites.

Our tool is a timely technological intervention for providing users with valuable insights on trustworthiness of COVID websites, for safeguarding them against potential COVID-PSA, and for raising overall awareness of looming infodemic threats. This first of its kind tool, which we have built, can contribute to further innovation, and lead to future path breaking research directions plus intellectual property intended for societal benefits.

Learning outcomes

  1. Obtain basic knowledge about the topic of psyber-security and its connection with COVID infodemic
  2. Understand how the COVID infodemic is related to a psyber-security attack that exploits human vulnerabilities
  3. Appreciate emerging solutions, like text mining techniques plus NLP-based implementations, to address the COVID infodemic and mitigate these psyber-security attacks

 

 

CHEST Activities and outreach efforts: Marty Emmert (EECS Dept. at UC)

Professor Marty Emmert in the EECS Department is leading the NSF sponsored Industry/University Collaborative Research Center (IUCRC) for Hardware and Embedded Systems Security and Trust (CHEST). To date, CHEST is the largest active IUCRC with six academic members: University of Cincinnati (lead university); University of Virginia; University of Texas at Dallas; Northeastern University; University of Connecticut; and University of California, Davis. Part of the CHEST charter includes workforce development and developing security, assurance and trust methodologies for Artificial Intelligence (AI) systems. This highly integrated group of Carnegie Research 1 universities provides a strong, existing collaborative platform to further expand existing efforts to promote public understanding of privacy, confidentiality, ethics, safety, and especially security implications of AI. All of our CHEST academic partners have similar programs, teaching, and research faculty in Cybersecurity, AI, and Machine Learning. In addition, CHEST has 25 industrial and DoD sponsors that will leverage the education, training tools, and modules we develop through this effort.

With the addition of the new BS in Cybersecurity Engineering, the University of Cincinnati will become a beacon in the field of cybersecurity, a giant step for providing the much needed workforce not only to the State of Ohio, but across all states in the US, which will secure its position of leader in the field worldwide.

Late-Afternoon: Recruitment and Partner Session – Roundtables

Concluding remarks: M. Cahay, R. Harknett, and Hazem Said