Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Christian Dansby

2021 Capstone Initial Briefing

advertisement 
SCY MAJOR CAPSTONE BRIEF
A graduation requirement
SUDO APT-GET 2021CAPSTONE
Dennis Dias ‘92
ONR Chair, Cyber Science
SY401/402 Course Coordinator
dias@usna.edu
3 THINGS TODAY:
1) Understand the Capstone Requirements and
Timelines
1) Start brainstorming ideas
1) Form a team of 2-4 Midshipmen and find a
faculty advisor for your project
PROJECT PLAN IN PLACE BY 01 APR 2020!
WHY A CAPSTONE PROJECT?
● Project-Based Learning
● Application of all you have learned
● An opportunity to dive into something you are
interested in - technical or policy
● Publish and present!
Understand the Capstone Requirements & timelines
• Pick your team, advisor and project idea by 01 APR
• Over the summer, keep researching and learning
about your project
• SY401 - Fall - Updates in the semester (10% of grade)
• SY402 - Spring - Finalize project & poster/paper (40%
of grade)
• CAPSTONE DAY PRESENTATIONS APRIL 2021
• THIS IS A GRADUATION REQUIREMENT!
Cyber Operations Major Matrix
Fall
Sophomore
Year
Spring
Sophomore
Year
Fall
Junior
Year
SM286
Discrete Math
SY201 Cyber
Fundamentals
Python
(CYBER)
SY205H Cyber
Networking
Intro
(CYBER)
SY204
Programs &
Op Systems
C-Language
(CYBER)
SY301
Data
Structures
(CYBER/CS)
SY202 Cyber
Engineering
Control
System sIntro
(WSE)
SY303
Applied Cyber
Systems Arch
(CYBER)
Spring
Junior
Year
Fall
Senior
Year
Spring
Senior
Year
SY304 Social
Eng, Human
Factors
(CYBER)
SY403
Cyber Policy
& Planning
(CYBER)
SY406
Law &
Ethics
(CYBER)
SY401 Cyber
Ops I
Offense
SY402
Cyber Ops II
Defense
SY4XX
Elective
SY4XX
Elective
Honors
Elective:
SY416
Reverse
Engineering
Honors
Elective:
IC411
Operating
Systems
SY306 Web &
Database
Security
(CYBER/CS)
SY308 Data
Security
Principles
(CYBER/CS)
SY310
Network &
Wireless
(CYBER/ECE)
Honors Track & NSA CAE-CO Track:
add SY205H and electives SY416 &I C411
Start brainstorming ideas
Getting Started with Cybersecurity Science
Josiah Dykstra
• Computer science PhD
• 14 years at NSA
• Cybersecurity practitioner
• Cybersecurity researcher
• Active with the scientific community
• Advocate for cybersecurity science
SEE HIS TALK HERE
SEE HIS SLIDES HERE
Checklist - see Video for details
1.
2.
3.
4.
5.
6.
7.
8.
Formulate a question- the purpose for doing experimentation.
Is the topic non-trivial and important to solve?
Conduct a lit review/background research
Form your hypothesis, & make some predictions about your
hypothesis
Assemble a team to help execute the experiment, if necessary.
If studying human subjects, seek HRPP approval
Test your hypothesis. Collect data. Analyze. Check for errors
Document & share your work
FOCUS ON YOUR QUESTION
Limited only by your imagination
14 Cyber Ops Capstone Projects AY2019
46 Midshipman – 14 Projects
• Securing Critical Infrastructure: An Open Source Approach
• Vulnerabilities in shipboard 3D Printers
• Amazon Alexa - dolphin attack
• End-To-End Voting Methodology
• Profiling a Software Developer -The Link Between Personality and the Development of
Technical Skills
• Intel Software Guard Extensions in Military Drones
• Securing Gmail
• The Need for a Federal Data Breach Notification Law
• Hardening Autonomous Drones for Combat Augmentation
• Cyber Letters of Marque
• A Wild Ride on a Solid State Drive
• A Feasibility Survey of FAW Attack on Block chain
• WORTHY WAYPOINTS
• "Lowering the Barrier to Entry: Network Visualization in Real Time"
Visualizing Network Traffic using Hololens
1/C Knute Jones, 1/C Jacques Henot, 1/C Brandon Shields, 1/C Andrew Phiel
Dr. Robert Schuman, Microsoft
Background and
Goals
Can augmented reality better
communicate the architecture
and traffic of a network?
Approach
• Create Static
dashboard, Pinned in
space.
• Create Database and
import data
• Connect Hololens to
database
• Pull data from database
and display sample data
on dashboard.
Social Graph Model
Plan
A work in progress
Have each piece work in
concert.
• A cluster in the Cosmos
DB has been created.
• DB holds over
3,000,000 Records from
Kagle.com.
• Able to visualize “cubes”
and “spheres” in the
augmented reality
space.
• Files are parsed outside
of the database using
python.
Challenges
• Connecting to Database
• Connecting Hololens to
Database
• Going from python to
dropping data into DB
Figures, Images,
High Level View or
System Architecture
• Create a cleaner image
on the Hololens.
• Cut down on latency
from cpu to cloud to
Hololens.
• Connect the three main
environments.
Help
• Received resources
through Dr. Schuman by
allowance of his
Microsoft data services.
Product
Poster Gouge using PowerPoint 2010
Open Document
Create Poster Size
Click File> New >Blank Presentation > Create
Click >Design tab at the top of
the screen, >Page Setup
Type in poster size and orientation.
(Standard size is 40”w x 30”h
Conference/Chemistry Dept
size is 56” w x 40” h) >OK
Content First, then Design
Do not skip this step! Create an outline of the content you want to include. The
outline will determine the structure and consequently the design of your poster.
Once the outline is created, sketch a few blocks on paper to contain each outline topic.
Add all your content, text, pictures, graphs, to the poster file, keeping items organized
within the structure you created. Choose a background, formatting and other design
elements to complete the poster.
Design
Content
Insert Text
Contrast
Create a title by inserting a text box. Click>Insert
tab>Text Box. Click or click-and-drag where you want
your text to be. Begin typing.
To copy text from another document, make the text box first, then copy-and-paste into the text box. Resize text box and
font size as necessary. To resize text box, click on block handles to adjust in one direction. Hold shift and click on circle
handles to resize in proportion.
Backgrounds
Insert Images/Objects
Order
Images can be added to the poster in two ways, Insert
Picture from File or Copy-and-Paste.
To insert images,(.jpeg, .gif, .png formats) >Insert tab
>Picture, then Browse to the current location of the image
to select. Alternately, to use the Copy-and-Paste method,
right click on the on screen image, >Copy. Click onto the
active PowerPoint poster, right click for options and
>Paste.
Images can be resized proportionally by using the round
corner handles and dragging. Click and drag in the middle
of the graphic to move it. Select the picture to edit it with
options under the Format tab.
To place an image, text box or
graphic in front or behind
another, right click on the
object and select bring to
front, bring forward, send to
back or send backward.
Insert slides from other Presentations
To insert slides from another presentation and retain their background and formatting,
open the source presentation. In the (left) slide view panel, click on the slide you want to
copy. Right click >Edit>Copy. Go back to your poster presentation file. Click on the place
in the poster where you want to position your copied slide. On the Home tab, click on
the dropdown arrow under Paste and click >Paste Special
>Save to set auto–save timing.>OK
Proofread twice and ask someone not familiar with the project to read it
again. MSC cannot reprint posters for spelling mistakes.
Create separate Text Boxes for each unit of text, allowing them to
be moved independently from each other.
Outlines
Text Boxes, Images, and other graphic
elements can be outlined to group and
distinguish objects from their background.
Click >Shape Outline on the Drawing tools
Format tab and select the line color and
style desired.
Balance and Focus
Low resolution pictures will be “grainy” when blown up to poster size. When searching, look for images larger than 80k.
Do not try to download an image from a search thumbnail. Go to the source site to download. >Right click image>Save
Picture As> your folder. To check resolution at full final poster size, set your Zoom view to 100%. If the image needs
considerable editing, such as transparency , color fade or close cropping, ask the MSC staff for assistance in using
Photoshop or Illustrator.
Save your file frequently. >File >PPT Options>Save
Shadows
The shadow icon on the font
formatting toolbar (Home tab) is
very limited. To shadow text or
images, click >Shape Effects on the
Drawing toolbar (Home tab) and
select the shadow style desired.
SHORTCUT: Right click object >Format Shape and choose Fill, Line, Shadow, Picture or Text box formatting options.
Resolution
Tips
From the Design tab, click >Background Styles >Format
Background. Select Fill for a solid color; Fill Effects to create
a gradient; or Picture to select an image.
High contrast between the text and the immediate background makes the text the focal point and easier to read. The
best backgrounds are either very dark or very light with text in the opposite value. Mid range background
colors/values or busy images make it harder for the reader to distinguish the text. To correct this, consider putting an
outline, glow or shadow around the text, fade out the background image or place the text in a high contrast box over
the background.
White (empty) space is an essential design tool.
Use it to cushion text boxes from one another.
Margins will group objects and allow the eye to rest between units. Items aligned with one another create a sense of
organization and balance. Angles created by white space, color change and image content direct the eye. If content is
organized in a grid, it is essential to give the reader a direction to follow by grouping rows or columns closer together.
Format Text
Line Spacing
You can change the
color of the text, the
edge, and the fill as
well as other
options in the Home
tab.
To specify the spacing between
lines within a text box, click on
the line spacing icon on the
Paragraph toolbar (Home tab),
> Line Spacing Options, choose
Exactly and specify height.
Align and Distribute
To display drawing guides, click >View and check off the
Grid and Guides box.
To display the ruler, go to the View menu and select Ruler.
Move guides to measure distance from center for precise
alignment. Snap option is also available. Position guides,
drag objects close to guide so it snaps into alignment.
Arrange objects on the slide individually or group objects to
allow them to be aligned as one unit.
On the Drawing tools Format tab, click >Arrange >Align to
distribute.
Print Requests and MSC Graphics Technology Lab
MSC Graphics is located beyond Circulation, room 105, Main Deck, Nimitz Library . Hours are Mon-Thurs 0730-2245, Fri 1900-2200, during the academic term.
Bring your files on a cd, by email or short term file-sharing. Sign into the lab, fill out a poster request form and allow for 15 minutes to sit with a graphic artist to review
your file. Please proofread content before requesting printing. There are NO REPRINTS.
MSC will not be able to print posters at the last minute. Please allow three business days for printing.
Phone: 410-293-5857, Email: mscgraphics@usna.edu
Vehicle Telematics and Vulnerabilities
1/C Ryan Chow, 1/C Yixin Ye
Prof Melaragno, Cyber Science Department
Problem Statement
With the amount of information
involved with operating a modern
automobile, how can we take
advantage of it to achieve tactical
objectives?
What kind of information can we
gather from wireless
transmissions from an
automobile? Is it enough for
fingerprinting?
Approach
1.Set up testbed
System Specifications
❖Using a KerberosSDR
(Figure 3) to set up a DF
array.
❖Antenna spacing factor
must be taken into
account (typically ~0.3).
Multiply wavelength with
spacing factor to attain
physical spacing distance
needed between
antennas.
❖Use a Raspberry Pi to
process and present
Images
or Models
data using open source
software.
2.Establish location
and volume of traffic
3.Prepare for
fingerprinting
4.Fingerprint and
collect data
Figure 1. Linear Array
5.Gather collection and
attribute
Results
❖Raspberry PI 3 and SD
card needed and
assembled
❖Etcher burn program for
SD card
❖Antennas in a linear or
circular array for direction
finding
❖Linear array cannot tell if
you’re in front or behind not ideal.
❖Circular array can
discern direction better,
but spikes due to
antenna positioning suggest perform linear
array first for simplicity.
❖HackRF One performs
the physical bearing
tests.
❖As in Figure 4, the aim is
to fingerprint and localize
a target by plotting
bearing lines onto a map.
Challenges,
Our main challenge is the ability
to scale this project. We may or
may not be able to conduct
attribution, but if we are unable
to, it would be an excellent
opportunity to further research.
Figure 4. Example from previous
research for localization through
bearing plotting.
6.Expand volume of
traffic if possible
Figure 2. Circular Array
Figure 3. 4 Channel Coherent
KerborosSDR
Figure 5. Team members. MIDN Ryan
Chow (left), MIDN Yixin Ye (right)
Letters of CYBER Marque & Reprisal
1/C Lucian Rombado, Eric Roque-Jackson, Hank Secrist, Addi Williams
Professor Jeffrey Kosseff, Cyber Science Department
Research Question
Two Approaches
When implementing
letters of marque and
reprisal as a tool within
the cyber realm, what
governmental, political,
legislative, and worldly
considerations need to
be made and what are
the potential outcomes?
Active Approach:
This is centered around the
argument that the
government should regulate
offensive cyber for the
private sector in a similar
fashion to letters of marque:
- The government has an
oversight committee to
qualify and license private
OCO companies.
- When a private company
gets hacked, they have the
opportunity to contact a
licensed OCO company to
conduct an operation on
their behalf.
Passive Approach:
This is centered around the
argument that the utilization
of offensive cyber is
comparable to that of home
defense. The government
will push out word to private
companies telling them they
have the right to ‘hack back’
if attacked in cyberspace.
- Eliminates the need for
letters of marque (at least in
the short term) and gives
companies the freedom to
respond to cyber attacks as
they feel is appropriate.
What is a letter of
marque?
A government license in
the Age of Sail that
authorized a private
person, known as a
privateer or corsair, to
attack and capture
vessels of a nation at war
with the issuer.
https://en.m.wikipedia.org//
wiki/Letter_of_marque
History
- Letters of Marque &
Reprisal can be traced back
to the 13th Century but
became widespread during
the Age of Sail in the 18th
Century. Upon capturing a
vessel they would be
brought to the Court and if
deemed an appropriate
target, rewarded. If not, then
there would be revocation of
the letter of marque,
forfeiture of prize money, or
award tort to the injured
vessel/crew.
Additional Considerations
- An oversight committee
would likely include
members from the NSA,
DHS, FBI, and
CYBERCOM at the
least.
- In order to qualify as a
private OCO authority,
private companies
would at least have to
adhere to NIST
standards and have
their employees pass
background checks.
The Way Forward
- Finalize our two
approaches with depth.
- Complete a draft of our
paper and prepare to
make plans for multiple
sources of
proofreading.
- Continue to update
advisor with paper
progress.
References
●
●
●
●
●
●
●
●
US Constitution
Talinn Manual
Dr. Libicki
Online Resources
Dr. Orr
Jim Barnett
Michael Schmitt
Dmitri Alperovitch
M
UPCOMING:
-
Captain Evan Field
Ron Gula
Jay Johnson, SMU
Shamoil Shipchandler, SMU
Form a team of 2-4 Midshipmen and find a
faculty advisor for your project
● 2-4 per TEAM!
● Capstone vs Independent Research
● Find a faculty advisor or Subject Matter
Expert (SME)
● You WILL provide feedback on each other
during SY401/402
Capstone Tracker for the Class of 2020
WE are NOT Passing down projects this year
Capstone vs Independent Research
Past Cyber Operations Research
& Capstone Projects
• Vulnerability Assessment on Navigation Information System
• Analysis of Russia’s Information Operations on the 2016 Election
• Detection of Malware C2 Channels using Semi-supervised Multi-label
Classification Machine Learning
• Internet of Things (IoT): Challenges and Potential for Achievement in
Resiliency
• 4GE LTE: Improvised Wireless Device Development and Defeat
• Support of Development of Cyber Wargame Best Practices
• How to Build an (Offensive) Cyber Force
• Hidden-Markov Model-Augmented Fingerprint Based Positioning
• Firmware Analysis of Solid State Drives
• Redefining War Crimes to Account for Advances in Machine Learning
• Due Process in 2017: Ethics and Technology
• Vulnerabilities in Digitally Complex Maritime Systems
HRPP
• USNA’sHuman Research Protection Program
• Long Process - should start in Spring 2020
• Work with your faculty advisor
Need to purchase items?
• Start early - evolving process
• Be reasonable
• Look for free sources with your .edu email
• AWS, Azure
• Kaggle.com for data
Reference Documents!
• Department Capstone Instruction
• 2019 Capstone Day Program
• SY401 - Fall - Updates in the
semester (10% of grade)
• SY402 - Spring - Finalize project &
poster/paper (40% of grade)
Hopper Hall, USNA’s New Cyber Building
Advancing Multidisciplinary Cyber Education
• $120M construction, break ground October 2016, target completion Spring 2020
• Will co-locate similarly “cyber-focused” academic majors:
• Cyber Operations, Computer Science, Information Technology, Computer Engineering,
Systems Engineering and Electrical Engineering
• Collaborative use of new and innovative spaces
• Will have first USNA Secure Facility (SCIF), with classrooms, labs, and a lecture hall
ACTION ITEMS - from SY401 Page
TURN IN BY 01 APR 2020
1) CAPSTONE OVERVIEW AND PROPOSAL
2) MIDN-FACULTY CAPSTONE AGREEMENT
01 APR 2020 DEADLINE
Questions?
dias@usna.edu
(443) 418-8220
Capstone Office Hours in early
MARCH in MI (evenings)
Come to Capstone Day 22 APR
SY401 Offensive Cyber Operations
• Fall Course: SY401 to mirror and end-to-end Offensive Cyber
Operation
• Infrastructure Requirements – Reconnaissance (passive/active) –
Data Analysis – Tactical Cyber Operations Planning – Initial Access
(compiling exploits) – Remote Exploitation (Metasploit) Enumeration (malware/payload development) – Post Exploitation
(obfuscation)
• Hands on based lectures to discuss the aforementioned in the
context of OCO Tools – Tactics – Techniques – Procedures via Kali
Linux and OPEN SOURCES
• Field Trips to Raytheon and NSA/ICC
• Homework (25) to measure knowledge
• Labs (15) to measure hands-on skills
required to execute each phase of an
end-to-end OCO operation (CLI&GUI)
• Exams (3) to measure competency in
handling specific OCO-based scenarios
SY402 Defensive Cyber Operations
• Spring 2019 SY402 to mirror the identify, prepare, detect, respond,
resolve model
• Understanding how:
• Virtualization and simulation support infrastructure defense
• Systems and networks are connected
• To monitor networks
• To detect network exploitation/attack
• To design, maintain, and build large networks
using the principles of extensibility and flexibility
• To handle/respond an event when it occurs
• To manage the associated risk
• Tools include VMWare, OSSEC, Snort, and Python
• Guest Lectures from Ron Gula, Martin Roesche, and a NSA CAPS STDP
Related documents
rtf
rtf
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
ARTICLE ON CYBER SAFETY
ARTICLE ON CYBER SAFETY
Download
advertisement