Quick Research Update

News from the NEU Security Lab.
android malware mobile networks research systems

It’s been a little while since my last post, so I thought I’d write a quick update on some of what’s been happening in the lab and, in particular, talk about a couple of papers that we published recently at ACSAC 2013: Beehive and PatchDroid.

CSAW 2013 Finalists Announced

Teams announced for the CSAW 2013 final round.

This morning, NYU Poly announced the set of teams that will participate in the final round of CSAW CTF 2013. EpicPhail, composed of undergrads from Northeastern and UC Santa Barbara, will be participating due to our second place (overall) qualification ranking.

CSAW 2013 Qualifiers

CTF report for the CSAW 2013 qualification round.

For the 2013 CSAW qualifiers held this weekend, we put together EpicPhail, a combined undergraduate stacked team from Northeastern and UCSB. Together, we managed to place a very respectable second place, solving all of the available challenges! Thanks to the organizers for putting together a great CTF as always. We’ll hopefully be able to field a team at the final round at NYU Poly, once we figure out travel details for the California-based members of the team.

Publication Round-up

Catching up on this year's publications from our research group.
networks research systems

Work often gets in the way of regular blog updates. But, as the summer is winding down, I wanted to take these few moments of relative quietude to mention a couple of the papers our group published this year. In an upcoming post (hopefully soon), I’ll preview two that will be appearing at ACSAC in December.


In which the new organizers prove themselves worthy of the challenge.

As usual, Shellphish managed to qualify for DEFCON CTF and travel to Vegas to compete in the finals. The big question this year, of course, was what the new organizers – LegitBS – had in store for the teams. They had already hinted in the run-up to quals that the challenges we were up against were going to be quite different than in years past, and it absolutely turned out to be the case.

CSAW 2012 Qualifiers

CTF report for the CSAW 2012 qualification round.

InSolution has a nice write-up on our CTF group’s recent qualification for CSAW 2012. CSAW has been a great venue for cybersecurity education over the past few years, and the CSAW CTF is a highlight of the academic CTF circuit.

NSF Scholarship for Service Award

Supporting the teaching mission for cybersecurity education.

The school has a nice writeup on our recent $4.5M NSF Scholarship for Service award (mirror) to help fund cybersecurity education at Northeastern. Agnes Chan is leading this effort, along with co-PIs David Kaeli in ECE and myself. This follows closely on the heels of Northeastern’s designation as a National Center of Academic Excellence in Cyber Operations (mirror) by the NSA in May.

3Qs: The Expanding Role of CYBERCOM

Should the military take a more active role in defending against attacks?

I was recently asked to comment on the draft proposal (mirror) to modify CYBERCOM’s standing rules-of-engagement to allow for offensive responses to attacks against national assets. It’s a significant, and not entirely unexpected, move on the part of the DoD that points to both our increasingly reliance on computing infrastructure and our growing awareness of how vulnerable we really are. Regardless of how the current proposal fares, I expect that we’ll see further moves towards treating our computing infrastructure as a national asset to be defended.