Cyber - surveillance and Protection of Critical Computing Infrastructures

Submitted by dagenais on Mon, 2014-02-10 11:48
Event dates: 
Thursday, February 6, 2014 - 08:30 to 16:00

One-day tutorial workshop meeting, held in Ottawa, presenting recent technical advances made in the AHLS Project. The event is intended for DND’s managers and technical staff involved in cyber-security.

 

8h30–8h45 Introduction

(Mario Couture, DRDC)

Introduction.

 

8h45–9h45: Scalable Observation Infrastructure, Advanced Centralized Data Store and Pattern Identification

(Prof. Michel Dagenais, Ecole Polytechnique) Slides

After a brief introduction about the context of the project, the participants and the outside collaborations, the presentation will first focus on the Scalable Observation Infrastructure, or how to obtain, with low overhead, precise and detailed information about all aspects of the execution of different computer systems of interest. Then, the second aspect covered is the Advanced Host-based Centralized Data Store and Software Pattern Identification, explaining how to combine the information from multiple sources and provide a highly efficient special purpose database to support very fast navigation and pattern matching through huge traces.

 

10h00-11h00: New Techniques for Host-based Anomaly Detection

(Prof. Abdelwahab Hamou-Lhadj, Concordia University) Slides

In this presentation, I will present new techniques that my research group and I have developed for host-based anomaly detection in the context of the Advanced Host-Level Surveillance project in collaboration with DRDC, Valcartier, QC. I will put an emphasis on the machine learning methods we have used. I will also show how these techniques are used to detect attacks with high precision (and low false positive rates). In addition, I will present TotalADS, a tool that combines multiple anomaly detectors for better system protection. TotalADS is built on state of the art tracing and trace analytic capabilities. Finally, I will discuss future directions and plans.

 

11h00–12h00: The Protection of Operating Systems against Sophisticated Attacks

(Prof. Ashvin Goel, University of Toronto) Slides

An operating system kernel is typically the most trusted software component of a computer system because it runs with the highest privileges. A kernel bug or vulnerability therefore poses a dangerous threat to system security. In this talk, we will describe the challenges in securing a kernel, and then describe modern techniques for instrumenting, debugging and securing a kernel, so that the kernel can be protected against sophisticated attacks.

 

13h00–14h00: Cyber-surveillance and Protection of Small-scale Computing Systems

(Prof. Chamseddine Talhi, ETS) Slides

Cyber-surveillance and protection of small-scale systems is challenging. Indeed, we have to deal with memory, energy, and connectivity constraints while trying to build efficient surveillance mechanisms. The target mechanisms i) should be as optimized as possible, ii) can sometimes rely on remote servers capabilities, and iii) should adapt themselves to the resource consumption level of the monitored devices. In this presentation, I will present the progress of a research thread that investigates the surveillance of small-scale systems; recently integrated in to the AHLS project.

 

14h00–16h00: Discussion