“You’ve been hacked.” No one wants to hear those words. Hacking—sometimes benign, sometimes nefarious—happens all the time. For those working in the world of information technologies, nothing is more important than staying up to date on the most recent developments in security.
Sharing knowledge and research is part of that effort to stay current. The Third International Conference on Software Security and Assurance (ICSSA 2017), held at Penn State Altoona in July, gave industry and academics from countries all over the world the opportunity to share experiences regarding software security and assurance. The conference included technical papers, talks, panel sessions, and demonstrations at the Penn Building, part of Penn State Altoona’s downtown campus, and was co-chaired by Jungwoo Ryoo, division head for business, engineering, and information sciences and technology, and professor of information sciences and technology at Penn State Altoona; Hyoungshick Kim, professor at Sungkyunkwan University, South Korea; and Simon Tjoa, professor at St. Pölten University of Applied Sciences, Austria.
Opening day of summer school with Dr. Jungwoo Ryoo
Sounds like most other business conferences—attendees come to town for a few days, attend sessions and do sidebars with other professionals, and maybe squeeze in a little sightseeing in their spare time. In the case of ICSSA 2017, however, for some student attendees the conference was actually the finale. Students from Penn State Altoona, St. Pölten University of Applied Sciences, and Sungkyunkwan University and Seoul Women’s University (both of South Korea) spent the week before the conference at an intensive “summer school” on the Altoona campus.
School kicked off with a talk by Ryoo on the importance of software security followed by a week full of both lectures on the most current subjects in software security and hands-on work dealing with writing papers. “Most of the students had submitted academic papers for the conference,” Ryoo says. During the summer school they learned about the different parts of an academic paper—from abstract to conclusion—and how best to prepare them. Over the course of the week, the students applied what they learned and revised their papers.
Dr. Sebastian Schrittwieser, speaking on malware
Summer school faculty included an international array of security professionals. In addition to the three co-chairs, lectures were provided by Dr. Sebastian Schrittwieser, head of the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks and a professor for IT security at St. Pölten University of Applied Sciences, Austria; Dr. Syed Rizvi, assistant professor of information sciences and technology at Penn State Altoona; and Dr. Hae Young Lee, a director at DuDu IT, a security company in South Korea.
What is called “malware”—malicious software—can appear in forms as benign as pop-up ads or as dangerous as ransomware or viruses built to attack and destroy. In a world where 400,000 new malware samples pop up daily, combatting these forces is imperative. Dr. Schrittwieser, who gave the summer school lecture on malware, works with malware detection and analysis at the Josef Ressel Center. “Our research center focuses on malware that specializes in one system. We are able to detect malware based on its fingerprint.” For an example of malware in use, he cites the well-known Stuxnet worm, which interfered
Dr. Syed Rizvi discusses security challenges
with uranium centrifuges in Iran by “turning them a little faster which made them degrade faster.”
Dr. Hyung-Jong Kim, who heads the Creative Ethical Security Specialist (CES+) Education Team at Seoul Women’s University, where he is also an associate professor of information security, had a Pennsylvania connection even before ICSSA; in 2004–6 he conducted a cybersecurity research project at Carnegie Mellon’s CyLab in Pittsburgh. He describes his conference subject as “how we can share the information security knowledge with little kids.” The class was hands-on: “We developed some games, a YouTube video and some toys to disseminate.” They also discussed “encryption, passwords, some hacking defense.” The goal, Kim says, is to “focus on how we can share the knowledge effectively with children.” He acknowledges that while cybersecurity is important, it’s not an easy subject to understand and, really, “children don’t have any interest in it.”
Security professionals work with a constantly evolving environment when dealing with software; every new product, every new version comes with its own vulnerabilities, some of which may not be detected for years (hence the recent headlines on Spectre and Meltdown). Researchers are continually looking for weaknesses in systems. With that in mind, Professor Tjoa brought his expertise in “threat modeling” to the ICSSA summer school and conference. Using the tactic of “modeling a software,” Tjoa says, “we can find the vulnerability” and figure out ways to make the software more secure.
Dr. Simon Tjoa, professor at St. Pölten University of Applied Sciences, Austria, speaks about threat modeling
Penn State Altoona’s Lee Peterson, director of the Writing Commons and assistant teaching professor of English and women’s, gender, and sexuality studies, lectured the students in both writing workshops and English-as-a-second-language classes “on topics such as the writing process as taught in American universities as well as other higher education academic conventions such as peer review and the idea of research as kind of conversation,” she says. But Peterson’s lessons weren’t all lectures: “We spent half our time on these broader topics and the other half workshopping and revising papers the students would then present at the conference.”
Students appreciated the opportunities the summer school provided both in and out of the classroom. Seung Min Kim is a senior majoring in information security at Seoul Women’s University and attended to “learn how to write academic papers better. Every day we learn about various computer security issues and in the afternoon we write our papers.” She says the conference will be a help to her in graduate school. When the school week was over, students and lecturers took a break and toured Frank Lloyd Wright’s Fallingwater and the Flight 93 National Memorial before the start of the IC
Visiting Penn State Altoona’s Seminar Forest
Walking the trail from the Visitor Center to Memorial Plaza at Flight 93 National Memorial
ICSSA organizers were very pleased with the overall results. This was the first year a summer school was included as part of the conference, but it certainly won’t be the last. The 2018 ICSSA Conference will be held at Seoul Women’s University in South Korea and plans are in place to include a summer school.
—Therese Boyd, ’79