How can we quantify the risks cyberattacks on the Internet of Things? How do apps circumvent Android’s permission system? What are the security implications of 5G technologies? How can deep learning be used for enhanced security?
These were among the diverse questions explored at the third annual CLTC Research Exchange, an annual showcase of the research recently funded by the Center for Long-Term Cybersecurity. Held on October 3 at the David Brower Center, in downtown Berkeley, this year’s Research Exchange brought together more than 100 members of the CLTC community for a day of sharing, learning, and networking.
“It’s a great opportunity to gather the clan together: the Berkeley cybersecurity research community, some of our corporate partners, government folks, our funders, and others who are interested in the range of research that’s going on across the Berkeley campus,” Steve Weber, Faculty Director for CLTC, said in his introductory remarks.
The day-long conference included a range of 15-minute presentations by researchers funded during the 2018-2019 cycle, as well as a series of “lightning talks,” five-minute presentations by researchers whose grants began at the start of 2019 (and whose work is still in progress).
In addition to academic researchers, the conference included several representatives from industry, including members of CLTC’s Corporate Membership Program, who came to connect with the Berkeley talent pool and learn about cutting-edge research.
“The value of this event is really the ability to see what else is out there,” said Ryan Liu, principal with Booz Allen Hamilton, who helps Fortune 500 companies solve cybersecurity challenges. “One of the benefits of the CLTC Research Exchange is that it really brings together not just that technical dynamic, but also the human element for the interdisciplinary approaches that you need to solve cybersecurity problems.”
The morning session of the conference included a range of presentations, including “Deep Fairness in Public Policy” by Matt Olfat, a PhD Candidate in the Department of Industrial Engineering and Operations Research (IEOR); “Cybersecurity Awareness for Vulnerable Populations,” by Ahmad Sultan, now the Associate Director of the Anti-Defamation League’s Center for Technology and Society; and “Embedding Cybersecurity into Design Education,” by Euiyoung Kim, Assistant Professor in the Department of Product Innovation Management in the Faculty of Industrial Design Engineering at TU Delft.
The morning’s first round of lightning talks featured Vivek Rao, a lecturer in the Haas School of Business whose talk, “Design Practices for Cybersecurity: Curriculum- and Device-Based Interventions,” addressed the value of building cybersecurity into the design phase of new products and services. “One of the incredible things about CLTC is that it brings together researchers of very different backgrounds,” Rao said in an interview. “I’m really excited to learn about blockchain AI, and more technical research directions, but then also critical provocations around what cybersecurity means and what good design and cybersecurity mean. This is a very unique forum for us to exchange ideas and build on each other’s work.”
Shafi Goldwasser, Director of the Simons Institute for the Theory of Computing, presented an update on her ongoing work on “Foundations of Data Privacy,” and Noura Howell, a PhD Candidate in the UC Berkeley School of Information, presented “Re-Imagining Urban Sensing through the Design of the Heart Sounds Bench,” a creative project aimed at raising awareness about privacy and the sharing of biometric data.
The talks took a more technical turn as Venkatachalam Anantharam, Professor in the UC Berkeley Department of Electrical Engineering and Computer Sciences (EECS), talked about “Model Agnostic Estimation of Threat Probabilities,” an overview of cutting-edge methods for determining the threat of future cyberattacks based on limited information. Jon Metzler, a lecturer in the Haas School of Business, presented “The Security Implications of 5G Networks.” And Sanjam Garg, an Assistant Professor in EECS, presented “Advanced Encryption Technologies for the Internet of Things and Data Storage Systems.”
Before lunch, Ann Cleaveland, Executive Director of CLC, moderated a panel of representatives from industry that included Ryan Liu, Principal for Booz Allen Hamilton; Andrew McClure, Principal, ForgePoint Capital; and Jenna McGrath, Cyber Economist for CyberCube. “One of our main goals at the CLTC is to act as a bridge or a two way translation belt between the basic research and the academic community here at Berkeley and our friends in industry and government,” Cleaveland said.
In the panel, Liu talked about the importance of thinking about cybersecurity in the business-to-business space. McClure said that he “spends a lot of my time thinking primarily what is coming down the road,” and that he appreciated the forward-looking orientation of the CLTC event. And McGrath noted that some of the research presentations were directly relevant to her work in assessing the risks of cyberattacks. “Cybersecurity is really exciting because it’s a new line of business for insurance companies to focus on,” she said.
The research presentations continued after lunch, as Alisa Frik, a postdoctoral researcher in the International Computer Science Institute (ICSI), introduced her research on “Privacy and Security Threat Models and Mitigation Strategies of Older Adults.” Min Du, a postdoctoral researcher in EECS, talked about “Enhancing Security Using Deep Learning Techniques.” And Kurt Hepler, Rohit Raghavan, Peter Rowland—a trio of alumni from the Master of Information Management and Systems (MIMS) program at the School of Information (I School)—presented “rIoT: Quantifying IoT Costs and Harms.”
In the next round of lightning talks, Daniel Aranki, a postdoctoral scholar at the I School, presented “Privacy Engineering: Education and Training”; EECS professor Venkatachalam Anantharam talked about “Enabling Online Anonymity for Vulnerable Individuals and Organizations”; Jeremy Gordon, a PhD student in the I School, presented “Covert Embodied Choice: Using Physiology Tracking In VR to Explore the Limits of Privacy During Decision-making”; and Nick Merrill, a post-doctoral fellow at CLTC, presented “Changing Representations of Cybersecurity,” which included an introduction to the work of the Daylight Security Research Lab.
In the next wave of presentations, Serge Egelman, Director of Usable Security and Privacy Research at ICSI, presented “50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System.” James Pierce, Assistant Professor of Design, California College of the Arts, and a Researcher at UC Berkeley’s CITRIS and the Banatao Institute, presented “Differential Vulnerabilities and Cybersecurity Toolkits.” And Karen Trapenberg Frick, Associate Professor, Department of City and Regional Planning, presented a talk on “Cybersecurity for Urban Infrastructure.”
The afternoon concluded with a series of lightning talks about ongoing research, including Ruoxi Jia, a PhD candidate in EECS, presenting “Towards Task-Specific and Efficient Data Valuation”; Xiaolong Wang, a postdoctoral researcher at ICSI, talking about “Learning Photo Forensics”; Noura Alomar, a researcher in ICSI, introducing “None of us is as Smart as All of us: Vulnerability Discovery and Management Processes in the Wild”; and Julia Bernd, a Researcher in ICSI, presenting her work about “Smart Home Surveillance of Domestic Employees.”
Before breaking for a networking reception, CLTC’s Ann Cleaveland restated the value of bringing together stakeholders from different parts of the cybersecurity ecosystem. “We always say the sign of success for one of these events is we don’t do much talking and everybody here talks to each other,” Cleaveland said. “And so if people walk away having met a researcher doing cybersecurity research at Berkeley that they didn’t already know, that’ll be a win for us.”