Date
SUMIT_2018, the 14th annual cyber security conference took place on Thursday, October 25, 2018. Security at University of Michigan IT (SUMIT) is the university’s flagship event for National Cybersecurity Awareness Month and is an exciting opportunity to hear recognized experts discuss the latest technical, legal, policy, and operational trends, threats, and tools in cybersecurity and privacy.
Video and Materials
- Opening Remarks & Welcome
Ravi Pendse, Vice President for IT and CIO, U-M - The Physics of Embedded Security: Tickling Sensors with Malicious Sound Waves and RF
Kevin Fu, associate professor, College of Engineering, U-M - Keeping a Low Profile?: Technology, Risk and Privacy among Undocumented Immigrants
Allison McDonald, Ph.D. candidate, College of Engineering, U-M - Putting the Security Back into Cybersecurity
Cindy Cohn, executive director of the Electronic Frontier Foundation & U-M aluma - DataSifter: Sharing of Sensitive Information via Statistical Obfuscation
Ivo Dinov, professor, School of Nursing and Medical School, U-M - Panel Discussion: Evolving National and International Norms of Security and Privacy
Denise Anthony, professor, School of Public Health, U-M; Barb McQuade, professor from practice, Law School, U-M; Florian Schaub, assistant professor, School of Information and College of Engineering, U-M
SUMIT 2018 Event Photos
View a complete photo gallery from SUMIT_2018 on Flickr.
Photography by Joel Iverson, ITS Communications
Speakers
Associate Professor of Electrical Engineering and Computer Science, College of Engineering, University of Michigan
The Physics of Embedded Security: Tickling Sensors with Malicious Sound Waves and RF
Abstract: Medical devices, autonomous vehicles, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyberphysical systems remain secure against an adversary using intentional interference to fool sensors? Physics-based cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. Transduction attacks using audible acoustic, ultrasonic, and radio interference can manipulate sensors found in devices ranging from fitbits to hard drives to implantable medical devices to cubesats with implications to file system integrity and human safety. Defenders can fight back with physics and more trustworthy software APIs.
Bio: Professor Kevin Fu is an associate professor of Electrical Engineering and Computer Science at the University of Michigan.
Professor Fu received his Ph.D. in Electrical Engineering and Computer Science from MIT in 2005 and joined the faculty at Michigan in January 2013. Prior to joining U-M, he was an associate professor of Computer Science at University of Massachusetts Amherst. He has served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, and MIT CSAIL, and is a member of the NIST Information Security and Privacy Advisory Board. He previously worked for Bellcore, Cisco, HP Labs, Microsoft Research, and Holland Community Hospital.
Professor Fu is the recipient of a Sloan Research Fellowship, an NSF CAREER award, and best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. He was chosen as one of MIT Technology Review’s TR35 Innovator of the Year in 2009 and was selected for the Federal 100 Award in 2013. He was named a top influencer in health information security by HealthcareInfoSecurity in 2016. He is a Senior Member of the Association for Computing Machinery.
Ph.D. Candidate, Electrical Engineering and Computer Science, College of Engineering, University of Michigan
Presenter
Keeping a Low Profile?: Technology, Risk and Privacy among Undocumented Immigrants
Abstract: Undocumented immigrants in the United States face risks of discrimination, surveillance, and deportation. We will present our research on the technology use, risk perceptions, and protective strategies of this vulnerable community. To a great extent, our participants’ behaviors with respect to security and privacy reflect that of the broader population — despite some concerns, they did not take significant steps to protect themselves. We will discuss these findings in detail, and present four factors we found to likely explain these difficulties. We will then discuss the implications of these findings for privacy researchers, policymakers, technology designers, educators and communities at large. We will also outline the steps our research team has been taking to provide community-focused trainings, as well as our continued research into privacy behaviors and challenges of vulnerable communities and allied organizations.
Bio: Allison McDonald is a third-year Ph.D. student working with J. Alex Halderman and Florian Schaub at the University of Michigan. Her research interests lie in the intersection of technology and society, particularly in the areas of privacy and security. McDonald studies topics such as internet censorship, surveillance, usable privacy, and security education. She is also interested in exploring the disparity in understanding between the developers and users of technology, and the consequences this disparity has on how technology is used, perceived, and legislated.
Executive Director of the Electronic Frontier Foundation
Keynote Speaker
Putting the Security Back into Cybersecurity
Abstract: The world is waking up to something that digital security experts have known for a very long time: digital security is hard. Really hard. And the larger and more complex the systems, the more difficult it is to make them secure and trustworthy. So why aren’t the governments of the world encouraging, supporting, and celebrating important security work in the myriad systems we use every day, from our phones to our power grid? Because law enforcement wants to take advantage of the same holes that criminals do—a result that puts us all at risk.
Bio: Cindy Cohn is the executive director of the Electronic Frontier Foundation. From 2000 to 2015, she served as EFF’s legal director as well as its general counsel. Ms. Cohn first became involved with EFF in 1993, when EFF asked her to serve as the outside lead attorney in Bernstein v. Dept. of Justice, the successful First Amendment challenge to the U.S. export restrictions on cryptography.
The National Law Journal named Ms. Cohn one of 100 most influential lawyers in America in 2013, noting: "[I]f Big Brother is watching, he better look out for Cindy Cohn." She was also named in 2006 for "rushing to the barricades wherever freedom and civil liberties are at stake online." In 2007, the National Law Journal named her one of the 50 most influential women lawyers in America. In 2010, the Intellectual Property Section of the State Bar of California awarded her its Intellectual Property Vanguard Award and in 2012 the Northern California Chapter of the Society of Professional Journalists awarded her the James Madison Freedom of Information Award.
Professor of Health Behavior and Biological Sciences, School of Nursing, and professor of Computational Medicine and Bioinformatics, Medical School, University of Michigan
DataSifter: Sharing of Sensitive Information via Statistical Obfuscation
Abstract: There are no practical and effective mechanisms to share sensitive information in health, financial, intelligence, socioeconomic and other high-dimensional data without compromising either the utility of the data or exposing private personal or secure organizational information. Excessive scrambling or encoding of the information makes it less useful for modeling, or analytical processing. Insufficient preprocessing may expose sensitive information and introduce a substantial risk for re-identification of individuals from various stratification techniques. To address this problem, we developed a novel statistical method (DataSifter) for on-the-fly de-identification of structured and unstructured sensitive high dimensional data, such as clinical data from electronic health records (EHR). This technique provides complete administrative control over the balance between risk of data re-identification and preservation of the data information. Under careful set up of user-defined privacy levels, our simulation experiments suggest that the DataSifter protects privacy while maintaining data utility for different types of outcomes of interest. The application of DataSifter on ABIDE data provides a realistic demonstration of how to employ the proposed algorithm on EHR with more than 500 features.
Bio: Dr. Ivo Dinov is an associate professor in the School of Nursing, director of the Statistics Online Computational Resource (SOCR), and associate director of the Michigan Institute for Data Science (MIDAS). He is an expert in mathematical modeling, statistical analysis, computational processing and scientific visualization of large datasets (big data). His applied research is focused on informatics, multimodal biomedical image analysis, and distributed genomics computing.
Dr. Dinov is also a core member of the University of Michigan Comprehensive Cancer Center. Examples of specific research projects Dr. Dinov is involved in include longitudinal morphometric studies of development (e.g., Autism, Schizophrenia), maturation (e.g., depression, pain) and aging (e.g., Alzheimer’s disease, Parkinson’s disease). He also studies the intricate relations between genetic traits (e.g., SNPs), clinical phenotypes (e.g., disease, behavioral and psychological test) and subject demographics (e.g., race, gender, age) in variety of brain and heart related disorders. Dr. Dinov is developing, validating and disseminating novel technology-enhanced pedagogical approaches for scientific education and active learning.
Professor, Health Management and Policy, School of Public Health
Panelist with Barb McQuade & Florian Schaub
Evolving National and International Norms in Security and Privacy Law
Abstract: Globally, laws related to privacy and cybersecurity are on the rise. This panel will explore whether this is a new now, and if so: what are the implications of a nation-state (or group of states) attempting to shape international privacy and/or security law? What does it mean for the EU to push, and the world to react to, the EU General Data Protection Regulation (GDPR)? What if the U.S. or Russia were to pass a law that mandated backdoors be built into encryption programs?
Bio: Denise Anthony, Ph.D., a sociologist, is Professor of Health Management & Policy in the School of Public Health, and in the Department of Sociology (by courtesy), at the University of Michigan.
Professor Anthony’s work explores issues of cooperation, trust and privacy in a variety of settings, from health care delivery to micro-credit borrowing groups to online groups such as Wikipedia and Prosper.com. She is also interested in the role of organizations and institutions in health care delivery. Her current work examines the use of information technology in health care, including effects on quality, on the organization of health care, as well as the implications for the privacy and security of protected health information. Her multi-disciplinary research has been funded by grants from the National Science Foundation and others, and published in sociology as well as in health policy and computer science journals, including among others the American Sociological Review, Social Science and Medicine, Journal of the American Medical Informatics Association, Health Affairs, and IEEE Pervasive Computing.
Prior to joining the University of Michigan in 2018, she was Professor and past-Chair (2007-11) in the Department of Sociology at Dartmouth College, and Adjunct Professor in the Department of Community and Family Medicine at Geisel School of Medicine, and a faculty affiliate at The Dartmouth Institute for Health Policy and Clinical Practice. From 2014-17 she served as Vice Provost for Academic Initiatives at Dartmouth. From 2008-2013 she served as Research Director of the Institute for Security, Technology, and Society (ISTS) at Dartmouth.
Professor from Practice, Law School, University of Michigan
Panelist with Denise Anthony & Florian Schaub
Evolving National and International Norms in Security and Privacy Law
See abstract above
Bio: Barbara McQuade is a professor from practice at the University of Michigan Law School. Her interests include criminal law, criminal procedure, national security, data privacy, and civil rights. From 2010 to 2017, Professor McQuade served as the U.S attorney for the Eastern District of Michigan. Appointed by President Barack Obama, she was the first woman to serve in her position. Professor McQuade also served as vice chair of the Attorney General's Advisory Committee and co-chaired its Terrorism and National Security Subcommittee. As U.S. attorney, she oversaw cases involving public corruption, terrorism, corporate fraud, theft of trade secrets, civil rights, and health care fraud, among others.
Before becoming U.S. attorney, Professor McQuade served as an assistant U.S. attorney in Detroit for 12 years, serving as deputy chief of the National Security Unit, where she handled cases involving terrorism financing, export violations, threats, and foreign agents. Professor McQuade began her career as a law clerk for U.S. District Judge Bernard A. Friedman in Detroit, and then practiced law at the firm of Butzel Long in Detroit. Professor McQuade previously taught at the University of Detroit Mercy School of Law.
Assistant Professor of Information, School of Information, and Assistant Professor of Electrical Engineering and Computer Science, College of Engineering, University of Michigan
Panelist with Denise Anthony & Barb McQuade
Evolving National and International Norms in Security and Privacy Law
See abstract above
Bio: Florian Schaub is an assistant professor in the School of Information. His research focuses on empowering users to effectively manage their privacy in complex socio-technological systems. His research interests span privacy, human-computer interaction, mobile and ubiquitous computing, and the Internet of Things. Before joining the University of Michigan, he was a postdoctoral fellow in the School of Computer Science at Carnegie Mellon University. He received his doctoral degree and Diploma in Computer Science from the University of Ulm, Germany, and a Bachelor in Information Technology from Deakin University, Australia.