talk: Results from the SFS Summer Research Study on NetAdmin, 12p Fri 9/8

UMBC Cyber Defense Lab

Results from the SFS Summer Research Study at UMBC

Enis Golaszewski, UMBC

12:00–1:00pm, Friday, 8 September 2017
ITE 228 (or nearby), UMBC

In summer 2017, UMBC held a cybersecurity research workshop that featured the UMBC Scholarship For Service (SFS) cohort working with the cooperation of the UMBC Department of Information Technology (DoIT) to analyze the security of NetAdmin, a software tool developed and used by DoIT. The workshop included six new SFS scholars transferring to UMBC from Montgomery College and Prince George’s Community College and provided students with experience in analyzing the security of software while uncovering serious flaws in the NetAdmin tool. NetAdmin allows authorized research faculty at UMBC to make research servers running on campus accessible to connections originating from off-campus.

Because NetAdmin directly modifies the campus firewall, possible security weaknesses in its architecture, implementation, or usage could present a significant risk to UMBC computer systems. During the four-day study, students uncovered multiple critical security flaws and developed recommendations for mitigating them. These flaws include architectural weaknesses, injection attack vulnerabilities, and susceptibility to man-in-the-middle attacks. The workshop was successful for improving the security of NetAdmin as well as integrating the incoming SFS scholars with the existing UMBC cohort.

In this talk, we will focus on the technical details of our security analysis of the NetAdmin tool.

Enis Golaszewski is a PhD student and SFS scholar in computer science working with Dr. Sherman on protocol analysis and the security of software-defined networks. Email:

Host: Alan T. Sherman,


Posted

in

, , , , ,

by

Tags: