[Busec] [Fwd: CISE Seminar: 8/18/16: Mario Caselli, University of Twente]

Manuel Egele megele at bu.edu
Tue Aug 16 10:22:13 EDT 2016

Hi all, 

please see the CISE seminar announcement below. Marco just presented
this work last week at USENIX Security. Thus, for those who could not
make it to Austin, this is a good opportunity to catch up on some of the
work that was presented at this top tier security venue.


-------- Forwarded Message --------
From: BOSTON UNIVERSITY <dejoseph at bu.edu>
Reply-to: dejoseph at bu.edu
To: megele at bu.edu
Subject: CISE Seminar: 8/18/16: Mario Caselli, University of Twente
Date: Mon, 15 Aug 2016 08:03:40 -0400 (EDT)

                                     Center for Information
                                    and Systems Engineering
                                      Co-sponsored with the
                                        Division of Systems
                                       Thursday, August 18,
                                     15 St. Mary's St, Room
                                    (Refreshments at 9:45am)
                                    Specification Mining for
                                     Intrusion Detection in
                                          Networked Control
                                              Mario Caselli
                                       University of Twente
                                       In this talk, I will
                                    discuss a novel approach
                                     to specification-based
                                     intrusion detection in
                                     the field of networked
                                       control systems. Our
                                       approach reduces the
                                    substantial human effort
                                       required to deploy a
                                        intrusion detection
                                    system by automating the
                                         development of its
                                    specification rules. We
                                     observe that networked
                                      control systems often
                                      include comprehensive
                                      documentation used by
                                        operators to manage
                                     their infrastructures.
                                     Our approach leverages
                                     the same documentation
                                    to automatically derive
                                    the specification rules
                                    and continuously monitor
                                    network traffic. In this
                                    paper, we implement this
                                               approach for
                                      BACnet-based building
                                     automation systems and
                                     test its effectiveness
                                           against two real
                                    infrastructures deployed
                                       at the University of
                                    Twente and the Lawrence
                                          Berkeley National
                                     Laboratory (LBNL). Our
                                    successfully identifies
                                    process control mistakes
                                            and potentially
                                    misconfigurations. This
                                    confirms the need for an
                                     improved monitoring of
                                    networked control system
                                      infrastructures. This
                                     work has been recently
                                      presented at the last
                                            Usenix Security
                                        Symposium in Austin
                                     Marco Caselli is a PhD
                                             student at the
                                    department of "Services,
                                         Cyber-security and
                                             Safety" of the
                                    University of Twente. He
                                    received his MSc degree
                                    in computer engineering
                                     from the university of
                                    Rome "Sapienza" in 2012.
                                     His research interests
                                       focus on security of
                                         industrial control
                                       systems and building
                                          automation with a
                                           special focus on
                                    infrastructures. Before
                                      starting his Ph.D. he
                                        worked for GCSEC, a
                                    organization created to
                                     advance cyber security
                                              in Italy, and
                                        Engineering SpA, an
                                      international company
                                               for software
                                       Faculty Host: Manuel
                                          SUBSCRIBE TO LIST
                                        View our profile on
                                         BOSTON UNIVERSITY,
                     15 Saint Mary's Street, Brookline, MA 02446
                                              megele at bu.edu
                                               Forward this
                                             email | Update
                                        Profile | About our
                                           service provider
                                    Sent by dejoseph at bu.edu
                                      in collaboration with
                                           Constant Contact
                                          Try it free today

More information about the Busec mailing list