Keynote: Toward a Science of Cyberdeception
For decades, secure software development methodologies have focused mainly on keeping attackers out---by eliminating software vulnerabilities or by detecting and mitigating their exploitation. But aggressively keeping detected attackers out has an unfortunate side-effect: it denies defenders critical threat intelligence that is only observable from longer, more substantive adversarial interactions. Software cyberdeceptions, such as honeypotting, are an important avenue for gathering this prized threat data, but are often designed and deployed unscientifically, and with services that attract and deceive only weak threats whose TTPs are less valuable to defenders than those of skillful adversaries.
In this talk, I will argue that a more rigorous science of software cyberdeception has the potential to offer many powerful advantages for cyberdefense, and might even be considered an "easy win" relative to traditional strategies that are unscalable or provably hard by comparison. However, it requires a deeply interdisciplinary approach that forces us to rethink how we approach certain aspects of software engineering, testing and evaluation, economics of security, human-computer interaction, software virtualization, and risk management.
Dr. Kevin Hamlen is a Eugene McDermott Professor of Computer Science at the University of Texas at Dallas, and director of the Software Languages Security Lab (SL)^2. His research on software binary analysis, formal methods approaches to security, malware active defense, and software cyberdeception has received numerous best paper awards, including twice receiving an NYU-Poly Best Applied Security Paper of the Year award, and has been spotlighted by thousands of news headlines worldwide, including in The Economist and New Scientist. He is the recipient of both the NSF CAREER and AFOSR Young Investigator Awards, as well as support from Navy, NSA, Army, and DARPA. Dr. Hamlen received his PhD from Cornell University and his BS from Carnegie Mellon University, where he received the Allen Newell Award for his research on proof-carrying code.