Capitol hosts CAE Tech Talks on cybersecurity automation, return-oriented programming

The task of securing networks and systems has become increasingly complex – so much so that it may require taking humans out of the loop in favor of automated systems, Dr. Ehab Al-Shaer, director of the Cyber Defense and Network Assurability (CyberDNA) Center at the University of North Carolina Charlottte, said in a CAE Tech Talks presentation hosted by Capitol Technology University on December 10.

With attack surfaces increasing and adversaries becoming ever more sophisticated, cybersecurity professionals are having trouble fulfilling their mandate, Al-Shaer said, making a strong case for cyber-automation as the way forward.

 “There is disappointment within the cybersecurity community about how much progress we have made compared to how much progress we promised 10 years ago,” he said. “We had an agenda to achieve a number of goals, to make the cyber arena much more safe. However, we can see that none of these grand challenges has been sufficiently addressed.”

“The main reason is not that we didn’t do a good job or that we didn’t focus on the right problems, but because cyber is a dynamic environment and keeps changing, we face increasing complexity every day in the systems that we create,” Al-Shaer said. “We have cyber integrating with physical systems, including health care and automotive systems. Many of them are highly critical infrastructure systems. We have the Internet of Things, with all your devices and peripherals connected together in a way that offers better services but also a larger attack space. What we spoke about ten years ago is not what we have today.”

Human error is implicated in most system vulnerabilities, Al-Shaer said, pointing to firewall configuration as an example. A December 2008 report from the Center for Strategic and International Studies found that “inappropriate or incorrect security configurations were responsible for 80% of Air Force vulnerabilities.”

He then proceeded to demonstrate how proper configuration can be ensured through policies, rules and Boolean formulas combined with tools that can verify compliance. ConfigChecker, dubbed “network access control verification in a box,” is an example of such a tool.

Al-Shaer’s presentation was one of two featured in the December 10 Tech Talks event, part of a regular series hosted by Capitol Technology University, a DHS and NSA-designated Center of Academic Excellence since 2003.

Also featured was Josh Stroschein, a professor in  the Dakota State University cybersecurity cyber ops program who is completing his doctorate in cybersecurity. A specialist in reverse engineering and malware analysis, Schoschein provided an overview of return-oriented programming, a hacking technique that enables malicious actors to bypass security defenses and execute code.

“If we can overwrite certain addresses memory places in that stack, then we can take over control and execution of that program,” he noted, pointing to buffer overflow vulnerabilities as an example. After reviewing common methods of threat mitigation, such as stack cookies, data execution prevention, and address space layer randomization, he proceeded to show how a skillful hacker can use ROP to bypass these protections, call Windows API functions, and get their shell code to run.

Both talks were hosted in real time over the internet using the Capitol Live platform, and then archived on the Capitol Technology University portal. Visit this page to view or download the talks, along with other events in the CAE series.

Pictured: 1) Dr. Ehab Al-Shaer; 2) Josh Stroschein