ATTENTION PROSPECTIVE PRESENTERS AND MENTORS!!!

CFP for all tracks, including Proving Ground and Proving Ground Mentor submissions  open as of noon on Wednesday, January 4th, 2017. 

 

The general CFP for all tracks other than Proving Ground will close Wednesday, May 10th. 

Acceptance/Rejection letters will go out Wednesday, June 14th.

 

Proving Ground Call for Presenters and Proving Ground Call for Mentors will close Wednesday, February 15th.  

Mentor/Mentee match-ups will be announced starting Wednesday, March 29th.  

For more information on the Proving Ground program, please visit https://www.bsideslv.org/pgcfp/ (Speakers) or https://www.bsideslv.org/pgcfm/ (Mentors)

Proving ground mentor and new speaker signups will now use the same OpenConf platform as all our other talks. Please use the "Make Submission" link below, and select "Proving Ground" or "Proving Ground Mentor" as your topic in order to begin the PG process.

If you hit a snag, or have any questions about the new process, please email provingground[at]bsideslv[dot]org and Tottenkoph, SecurityMoey, or Guy will help walk you through it.

Special thanks to those signing up to be a mentor. This program couldn't happen without you!

 

BSidesLV 2017 will consist of eight speaking tracks, two workshop tracks, the content of the tracks below will be determined by this open Call For Presenters, as well as some select curated presentations for our "Hire Ground" and "I Am The Cavalry" events.

 

BSidesLV is committed to keeping our conference vendor-pitch free. Any abstracts that reflect a sales approach or talk of the product and not the tech will be rejected out of hand. Speakers sneaking a sales or product pitch in under the guise of a tech talk will be pulled from stage and publically shamed and humiliated on Social Media. All talks are vetted through our CFP committee (except some select presentations in "I Am The Cavalry" and "Hire Ground") and any talks submitted on behalf of someone else (i.e.: not submitted by one of the primary authors) will not be considered.

 

Please refer to the Sample Submission below, for proper formatting!

 

• Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience.

 

• Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health/burnout, Law, Privacy, Regulations, Risk, Crypto, Activism, etc. Again, interactive discussions with your peers and fellow researchers. Not passive lectures “at” an audience.

 

• Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, discussing what matters, behind closed doors. Think about it.

 

• Ground Truth –  Focused on innovative computer science and mathematics applied to security. Topics of interest include machine learning, natural language processing, Big Data technologies, cryptography, compression, data structures, zero knowledge proofs or just about anything academically publishable that usually baffles review committees for other conferences.

 

• PasswordsLV – Focused on the (in)security of passwords and other authentication solutions, bringing together security researchers, password crackers, and experts in password security from around the globe in order to better understand and address the challenges surrounding digital authentication. This track explores all facets of authentication security, from analysis and education to creating, securing, cracking, and exploiting authentication solutions. See passwordscon for more information.

 

• Training Ground –  Consists of workshops and classes to give your students hands-on experience learning the latest and greatest. We accept proposals for 1/2 day, full-day and 2-day workshops.

 

• I Am The Cavalry –  Security that affects public safety and human life. Where our domain overlaps others, we must gather teammates and forge an alliance. Technical discussions cover medical devices, cars, and other connected technologies with a higher consequence of failure. Non-technical talks cover issues where security overlaps with the human condition, and building skills to influence change outside the echo chamber. See I Am The Cavalry or @iamthecavalry for more information.

 

• Hire Ground –   Our career track: Mock Interviews, Open Resume Review, Recruiter Bingo.

 

-= Team BSidesLV =-

 

Sample Submission

Note to the reader: This is a completely made up talk (courtesy of the fine folks at ShmooCon). While it's not a perfect fit for a BSides event,  it should give you an idea of what types of information to include, the lowest level of detail to use, and the overall flow of a good submission.

1. Title of Presentation

Template Management using Osiris

2. Presenter(s) Name

Bruce Potter

3. Bio

Bruce Potter is jack of many trades and master of none… well, maybe public speaking, but that’s about it. Bruce has been doing security related things for nearly 20 years, which makes him feel old. Bruce is the founder of The Shmoo Group, helps out with ShmooCon, and has more Shmoo-branded shwag in his basement that he’ll publicly admit.

4. Abstract

Osiris is an open source integrity monitoring software system written by the Shmoo Group many years ago. It is used in many organizations as a scalable means to monitor for changes created by change management violations and penetration by external actors. One of the challenges with Osiris (and any integrity monitoring tool) is minimizing the amount of noise created by inconsequential changes. Osiris addresses this problem through the use of templates that limit the scope of monitoring based on the host OS and user customizations. Unfortunately as OS’s evolve, the set of files that SHOULD be monitored can often change and osiris templates don’t account for these changes.

We have developed a lightweight tool to monitor running systems to instrument changes over time and ultimately recommend changes to the currently deployed templates. Rather than performing full blown scans and checksumming to look for changes, this tool will only examine MAC times thereby dramatically reducing a “normal” instrumentation scan. Administrators are able to look at the statistical data under the tool and determine what changes to accept to the running template. We have also developed a public database of templates based on results from the tool so that organizations can provide updated templates back to the community.

5. Detailed Outline

• Who we are (3 mins) – We’re The Shmoo Group. We developed osiris originally and for many years it was maintained by member Brian Wotring. We have many years experience in integrity monitoring research, engineering including leveraging hardware modules to provide better assurance of integrity measurements.

• Quick Osiris Background (5 mins) – Osiris is a multi platform integrity monitoring tool that has been widely deployed. However, many in the audience may be unfamiliar with how it works. We’ll provide an architectural overview of Osiris and discuss a few use cases

• The Problem with Template “Drift” (15 mins) – Over the last year, we’ve examined several operating systems and examined how and when core, critical files were moved to new locations/names/etc. These changes were usually occurred during the application of patches rather than administrative activities. We will present data on how large the problem is and how the movement (or “drift”) of these files caused some of them to fall out of bounds for the existing Osiris templates

• A lightweight solution (15 mins) – The whole purpose of Osiris templates is prevent scanning all files on the filesystem. A scanner that attempts to identify drift through checksumming would be counterproductive to the performance goals of Osiris. Our solution was to examine the MAC times of all files on the filesystem as a low priority thread. We then examine the MAC times and look for files that fall in to the following 3 buckets

  • M/C time did not change and file is in Osiris template (good)

  • M/C time changed a small number of times (1-2), nearby files did the same. Files not in Osiris template (candidates for inclusion)

  • M/C times changed constantly. Files outside Osiris template (probably user specific files that aren’t system security relevant. Not a good candidate for inclusion)

• Demo (10 mins) – We’ll show the interface we created for template management and demonstrate the process an administrator goes through to update system templates. We’ll also demonstrate our database and service that can help jumpstart an administrators modifications.

• Questions (2 minutes)

6. List of other conferences

We presented our data on system file drift at BSides Antarctica in July. However that research as been updated and the tools and database are completely new.

7. Why is this a good fit for BSides LV

We feel that integrity management is an important capability for any modern enterprise, especially with the ease of which adversaries can modify attacks and malware to avoid detection by AV and IPS. We feel that our template update system provides a key component that is otherwise missing in integrity management systems.

8. Previous experience

We have presented at BSidesLV  before. We have also delivered presentations at DefCon, Blackhat, The Gathering of The Shmoo, and InfoSec Anonymous.

You can see video of our best previous presentation here: https://youtu.be/dQw4w9WgXcQ

 

9. List of facilities requested

We need to be able to project 2 different systems at one time for our demonstration. Please let us know if that’s a problem as we’ll retool our demo to accommodate one screen.