The Southeastern Conference (SEC) hosted its second themed SEC Academic Conference at Auburn University from April 8 to 10, with this edition focusing on cyber security. With its strengths in the area of “Cyber Security: A Shared Responsibility”, Mizzou Engineering was well represented.
The goals of this year’s SEC Academic Conference were to showcase member institutions’ achievements in cyber security, raise awareness of cyber security issues, promote cyber security as an interdisciplinary effort, establish collaborations and help students grow in the field. It included a variety of sessions and student poster presentations that helped reach these goals.
Electrical Engineering and Computer Science Assistant Professor Prasad Calyam participated in a panel discussion on the social, behavioral and economic elements of cyber security, and an MU Engineering student team led by Calyam finished runner-up in the SEC Student Cyber Challenge sponsored by Equifax. Two poster presentations featuring the latest cyber security research projects in MU Engineering were presented at the conference.
“They had some very eminent speakers from government and industry give very visionary talks,” Calyam said.
The highlight of the week for the Mizzou contingent was finishing second in the Student Cyber Challenge, coming in just slightly behind the University of Alabama team. The team of Dmitrii Chemodanov, Andrew Krall, Trevor Leach, Joe Chandler, Daniel Dunn and David Emily (advised by Calyam) earned high marks for their project, “Compartmentalized and Extensible Security Framework for Securing Pre-Existing Systems.”
The goal of the “hackathon” style challenge was for student teams to spend 48 hours developing a solution to a real-world cyber security problem presented by this year’s sponsor, Equifax, with the goal of limiting cyber threats to a federated data life cycle in an enterprise that uses cloud computing platforms. The final submissions were judged based on principles, execution, teamwork and the presentation made by each team.
The Mizzou team set about solving the problem by creating preventative measures that also were flexible and customizable to fit an organization’s current security posture.
“The big problem is insider threats,” Calyam said. “People inside the institution can put the institution at high probability for attackers to take advantage, and that’s what happens. You lose trust, you lose business, you lose reputation, and it’s hard to recover once you get hit.”
Their idea was analogous to diversification in the financial world. Instead of having a variety of stocks and bonds to protect against one sector ruining the whole fund portfolio, they provided diverse data-security risk management architectures to ensure that careless or malicious users cannot ruin the whole cyber security apparatus.
This included hierarchy to protect data from careless or malicious users, middleware extensions, determining risk levels for data type and user actions and more. The final result was a system that allows for the proper set of trade-offs between risk and system performance.
“You don’t want to require rebuilding of the entire system,” Calyam explained. “What our students did, and it’s there in the title … you fit in. They came up with an interesting way to improve security but not cause a usability drop.”
Calyam said the event was a tremendous experience, both in terms of learning and showcasing Mizzou’s skills in the cyber security realm. He said the hackathon experience was an exciting experience for the students because it not only taught them how to solve a real-world technical cyber security problem, but also helped them get exposed to many important soft skills such as team work, agile planning and professional presentation. He thanked the Provost’s Office, Dean’s Office and the EECS Department for helping secure the funding necessary for the team to attend the conference.