CS Grad Student Manna Earns Scholarship, Attends Black Hat

August 10, 2021

Gold Richarden, Modhuparna Manna, and Andrew Case posing together at the Black Hat Conference BATON ROUGE, LA 鈥� 海角社区 Computer Science Ph.D. student Modhuparna Manna earned a competitive scholarship to attend the Black Hat annual cybersecurity conference鈥攖he premier such conference in the world鈥攊n Las Vegas, Nevada, last week. She was there as part of an 海角社区-industry partnership team to present recent memory forensics work she and other students in the 海角社区 Applied Cybersecurity Lab have been helping to develop to protect people and organizations from malware.

Her team鈥檚 talk, 鈥淔ixing a Memory Forensics Blind Spot: Linux Kernel Tracing,鈥� was presented by Andrew Case鈥攐ne of the world鈥檚 leading experts on memory forensics and director of research at Volexity (a national leader in incident response and threat intelligence), and industry partner in the Applied Cybersecurity Lab, where he collaborates on research and mentors students鈥攖ogether with 海角社区 Professor of Computer Science Golden G. Richard III, head of the Applied Cybersecurity Lab and associate director for cybersecurity in the 海角社区 Center for Computation & Technology.

鈥淎s research students in the Applied Cybersecurity Lab, we are part of a team that develops solutions to cybercrime,鈥� Manna said. 鈥淎lthough this is a very daunting experience, we have the support and guidance of advisors like Golden and Andrew, who are pioneers in this field. In our research group, we have the freedom to develop our own research ideas and implement them in unique ways, and this project on Linux kernel tracing is a great example of the industry-leading work we get to do.鈥�

The team鈥檚 recent successes in cybersecurity research are drawing national attention. Although Manna won鈥檛 graduate until December, she has already been offered and accepted a tenure-track position at the University of New Haven, a National Security Agency-designated CAE-CO school, or , which recruits top talent to help increase U.S. national security.

海角社区 was recently chosen by the National Security Agency as the first non-member university to pilot the new designation process for its program, the top designation for cybersecurity in higher education in the United States, with 23 universities currently participating. 海角社区 was also selected by the National Science Foundation as a Scholarships for Service (SFS) school in 2019 to help educate and employ top cybersecurity students through generous scholarships and guaranteed jobs in government upon graduation. Recent 海角社区 SFS graduate Ryan Maggio now works as a cyber systems exploitation researcher at MIT鈥檚 Lincoln Laboratory, a Department of Defense-funded R&D center.

While Manna attended the Black Hat conference in person, another 海角社区 Computer Science graduate student in the Applied Cybersecurity Lab, Raphaela Mettig, attended virtually鈥攁nd for free; an exclusive perk that came with her team being invited to present a talk.

鈥淕etting to attend Black Hat as a student is an incredible privilege,鈥� Mettig said. 鈥淚t鈥檚 one of the world鈥檚 biggest stages when it comes to cybersecurity research. Having the opportunity to not just hear from but also interact with some of the industry鈥檚 leading experts is an invaluable experience. You get to see a bit of everything that is going on in the cybersecurity field鈥攖he problems being worked on; current and future challenges.鈥�

鈥淚 was extremely happy that Andrew and Dr. Richard were able to represent our research group on a stage like that,鈥� Mettig continued. 鈥淚t goes to show that the work we do at 海角社区 is valuable in the real world, and as a student and researcher, that鈥檚 very inspiring.鈥�

The team insight that led to the talk was how kernel instrumentation facilities can be used nefariously by malicious hackers to hijack commands in the kernel (the core of a computer鈥檚 operating system) to hide files and processes and exfiltrate data. A new such facility in the Linux operating system, called eBPF, or extended Berkeley Packet Filter, was intended to increase observability, scalability, and security by making the Linux kernel more flexible and programmable鈥攁 game-changer for large, cloud-based companies such as Netflix, Google, and Facebook.

These 鈥渃ool, new features available for abuse,鈥� as Case described them, were also demonstrated by another research team from the cloud monitoring company Datadog at Black Hat this year. Luckily, the 海角社区 team鈥檚 talk offered not just warnings, but solutions鈥擟ase and Richard have already developed tools and techniques to help detect potential abuse, with more on the way. Importantly, their solutions do not rely on hamstringing the kernel instrumentation facilities themselves, leaving them fully functional and useful.

鈥淒uring our research, we discovered that the kernel tracing infrastructure is enabled by default on nearly every Linux system used in production environments鈥攖his creates a significant attack surface that previous forensics approaches were unable to detect,鈥� said Case, who鈥檚 taught digital forensics and incident response at Black Hat for 10 years in a row and was happy to see the conference add a specific forensics track for presentations in 2019, shifting the focus a bit from offensive hacking to defensive detection techniques. 鈥淭he number and severity of modern threats necessitate that defenders maintain cutting-edge capabilities. It was highly motivating to see Black Hat add a digital forensics track that allows for such capabilities to be presented to the largest audience in the industry.鈥�

The Applied Cybersecurity Lab remains focused on developing tools and techniques to combat increasingly sophisticated cybercrime that puts the security of computer systems and their users at risk. Most of those solutions rely on advanced knowledge of memory forensics, reverse engineering, malware analysis, and operating systems internals, which Case and Richard have studied for years.

鈥淎ndrew and I are both very interested in deep, technical cybersecurity and have collaborated on memory forensics research for almost 15 years,鈥� Richard said. 鈥淥ur shared goal in the research lab is to create cybersecurity 鈥榮uperheroes鈥� that fill a specific, high-end, very technical niche in the cybersecurity workforce.鈥�

Manna鈥檚 scholarship to attend the Black Hat conference came from Black Hat and the EWF Future Female Leaders Scholarship Program. She was one of 50 female students selected, in part because of her already advanced knowledge and active research on malware and memory forensics.

鈥淎 basic knowledge of malware is extremely important for computer science students,鈥� Manna said. 鈥淚 am very thankful that I got the opportunity to go deeper into this challenging research and also look forward to soon be able to extend my knowledge to other students who share my enthusiasm for cybersecurity.鈥�