10 Dec 2015
Doubleheader

Understanding Return Oriented Programming (ROP) (1 – 2 pm ET)
and
Cybersecurity Automation – The Path from Sense Making to Decision Making (2:15 – 3:15 ET)

Mark your calendars and come join your friends in the CAE community for a Tech Talk presentation. We are a warm group that shares our technical knowledge. CAE Tech Talks are free and conducted live in real-time over the Internet so no travel is required. You can attend from just about anywhere (office, home, etc.) Capitol Technology University (CTU) hosts the presentation(s) using their online delivery platform (Adobe Connect). The presentation along with questions and answers is conducted live in real-time using VOIP and chat. Just log in as “Guest” and enjoy the presentation(s).
Below is a description of the presentation(s) and logistics of attendance:

Date: Thursday 10 Dec 2015
Time: 1pm – 2pm ET
Title/Topic: Understanding Return Oriented Programming (ROP)
Audience Skill Level:  Introductory to Intermediate
Presenter: Josh Stroschein (Dakota State University)
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Note: An overflow room is available at the address below:
http://capitol.adobeconnect.com/cae2/

Just log in as “Guest” and enter your name. No password required.

Description:
Return Oriented Programming is a technique used to bypass data execution prevention techniques implemented by vendors such as Microsoft.  This technique allows an attacker to modify the control flow of a program without injecting any code.  This presentation will introduce participants to the principals of ROP, building ROP gadgets, and using ROP to exploit a vulnerable application.

Date: Thursday 10 Dec 2015
Time: 2:15 pm – 3:15 pm ET
Title/Topic: Cybersecurity Automation – The Path from Sense Making to Decision Making
Audience Skill Level:  All levels
Presenter: Ehab Al-Shaer (University of North Carolina Charlotte)
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Note: An overflow room is available at the address below:
http://capitol.adobeconnect.com/cae2/
login as “Guest” and enter your name. No password required.
Description:
The incredible growth of cyber connectivity (e.g., mobility, clouds, IoT and cyber-physical) has significantly increased the potential and sophistication of cyber-attacks. Ensuring validity and effectiveness of cyber configurations (including security policies) is key to enforce secure accessibility, and system hardening for proactive defense. Furthermore, and not less important, is ensuring the agility of the cyber configuration to respond to attacks (or potential threat) and maintain the mission integrity effectively (i.e., minimize damage) and timely. However, this has been an extremely challenging and daunting task for most enterprises (agencies, institutions, service providers etc), because they often contain thousands-to-millions of physical and/or virtual cyber devices that must be configured correctly, while considering the hidden interdependencies between configurations and services in order to guarantee the secure system behavior.
This talk will present the state-of-the-art techniques and tools to support cybersecurity automation, describe the active community effort within NSF IUCRC CCAA (https://www.ccaa-nsf.org) in addressing these challenges, and illustrating emerging and future research challenges of cybersecurity automation for active cyber security and resiliency. 

CAE Tech Talks are also recorded
CTU will post a recording of the live presentation(s) on its website:
https://capitol.instructure.com/courses/sis_course_id:CAE_Tech_Talk/external_tools/4

Contact
Announcements for CAE Tech Talk events can be found in the news and calendar section of the CAE community website: www.caecommunity.org
For questions on CAE Tech Talk, please send email to CAETechTalk@nsa.gov