June General Meeting

Secure Operations Technology

Speaker: Andrew Ginter, VP Industrial Security, Waterfall Security Solutions

Most OT security programs seek to "protect the information" - the CIA, AIC, IAC or something of the information. The most secure sites though, do not "protect the information." Instead, secure sites protect physical industrial operations from information, more specifically from cyber attacks that may be embedded in information. All cyber attacks are information after all, and every bit of information can contain an attack.

Secure Operations Technology is a perspective, a methodology, and a set of best practices used by thoroughly-secured sites - in addition to classic IT-SEC techniques. For example, a typical SEC-OT site defines a single control-critical network that contains most or all of the site's industrial networks. Since all cyber attacks are information, a comprehensive inventory of offline and online information flows into the critical network is also a comprehensive inventory of all possible attack vectors targeting the network. SEC-OT sites then take measures to physically block or otherwise discipline the entire inventory of inbound information/attack flows.

This presentation is based on Andrew's new book by the same name. Complimentary copies of the book will be available to all CUUG members and attendees.

Andrew Ginter is the VP Industrial Security at Waterfall Security Solutions. He leads a team responsible for industrial cyber-security research, contributions to standards and regulations, and security architecture recommendations for industrial sites. Before Waterfall, Andrew led the development of SCADA system, IT/OT middleware, and OT security software products. He is a co-author of the Industrial Internet Consortium Security Framework and the author of the books SCADA Security - What's broken and how to fix it, and Secure Operations Technology.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, June 18, 2019 (N.B. This is the third Tuesday of the month)

Snacks at 17:30. CUUG Annual General Meeting begins at 18:00. Presentation begins immediately after AGM.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

RSVP to office at CUUG if you plan to attend.

Annual General Meeting and Elections

The Calgary UNIX Users' Group is holding its Annual General Meeting and election of the 2019/2020 Board of Directors. Nominees so far include the following:

• Christopher Aziz
• Alan Dewar
• Winson Duong
• Greg King
• Dick Miller

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, June 18, 2019

Snacks at 17:30. Meeting begins at 18:00.

Membership Renewals Due

It is annual renewal time for CUUG memberships. Membership fees remain at $50.00 (no GST), and cheques can be made payable to Calgary UNIX Users' Group. Our mailing address is as follows:

Calgary Unix Users' Group
Box 878, Station M
Calgary, Alberta, Canada, T2P 2J6

Invoices have been sent by email. If you have not yet received yours, please contact office at CUUG.

May General Meeting

Deterministic Behaviours are your Attacker's Friend

Speaker: Theo de Raadt, Founder, OpenBSD

Our compute environments depend upon many deterministic behaviours at many layers to give us the reproducible (final) results we want. Therefore an attacker who finds a error in software can create an exploit at home, and then replay the attack on other machines very successfully, since all the intermediate layers are known, identical and reproducible.

Introducing secret non-determinisms into the intermediate layers can perturb aspects of the attack methodology. In 1999 OpenBSD began pushing the stack-protector and address space randomization through a complete Unix ecosystem. Subsets of these methods became commonplace on other platforms in about 10 years.

Twenty years since beginning, we continue with additional approaches to decrease the success rates for attackers, still trying to remove tools from their toolbox. Recent new work in ROP gadget-reduction, per-function stack-protector cookies, and reduction of system abilities via pledge and unveil will be described, as well as some musing about layers which cannot be protected so easily.

Theo de Raadt is widely recognized as a world class security expert. In October 1995, Theo founded the OpenBSD project. OpenBSD is the most secure of the publicly available operating systems.

In 1999, Theo created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds of other network enabled products. It has become the most "vendor re-used" piece of open source software, with more than 95% of the SSH market.

Theo was awarded the Free Software Foundation's 2004 Award for the Advancement of Free Software, for recognition as founder and project leader of the OpenBSD and OpenSSH projects. His work has also led to significant contributions to other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH, his leadership of OpenBSD, his commitment to Free Software and his advancement of network security.

Theo is also well known for his advocacy of free software drivers. He has long been critical of developers of Linux and other free platforms for their tolerance of non-free drivers and acceptance of non-disclosure agreements.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, May 28, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

RSVP to office at CUUG if you plan to attend.

April General Meeting

A Cloud On Three Switches

Speaker: Raymond Burkholder, One Unified Net

In this case, the three switches are special purpose appliances running Linux and containing a series of interchangeable network ports. In this session, I am going to sketch out some of the subsystems and open-source tools I've used to build a redundant/resilient router/firewall/monitoring solution on these appliances. In addition, I will describe how I was able to fully automate the build of the solution. The result being a fully documented and repeatable build. The design allows any one of the three switches to be rebuilt while the other two handle production. The end result is a template for building cost-effective, horizontally-scalable virtualization solutions.

Raymond Burkholder is the founder of One Unified Net Limited. This has allowed him to take on a variety of challenges in network design, software development, and systems automation. His most recent stint was in Bermuda where he consulted on infrastructure for re-insurance companies, transitioned to handling day to day technical operations of an ISP, and moved on to optimizing the performance of the network, storage, monitoring, and virtualization infrastructure of a data center. He is now back in Canada taking a brief respite while looking for his next opportunity.

Raymond has a personal blog at https://blog.raymond.burkholder.net

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, April 23, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

Transition to Virtual Server

CUUG services are transitioning from our old physical server ("concord") to a new virtual server ("arnold", named in honour of our late Treasurer, Arnold Goldberg). The switch took place on the evening of Saturday, March 30, 2019. For the most part, this should be transparent, but there are a few things you need to know. For details, see the virtual server transition web page.

If you have any questions or concerns, please send email to crcadmin at CUUG.

March General Meeting

Your Smartphone Apps Are Spying on You

Speaker: Joel Reardon, Assistant Professor, University of Calgary

Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources. However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels. Side channels present in the implementation of the permission system allow apps to access the data without permission; whereas covert channels enable communication between two colluding apps so that one app can share its permission-protected data with another app lacking those permissions. Both pose threats to user privacy.

This talk presents research where we make use of our infrastructure that runs hundreds of thousands of apps in an instrumented environment. This testing environment includes mechanisms to monitor apps' runtime behaviour and network traffic. We look for evidence of side and covert channels being used in practice by searching for sensitive data being sent over the network for which the sending app did not have permissions to access it. We then reverse engineer the apps and third-party libraries responsible for this behaviour to determine how the unauthorized access occurred. We also measure the prevalence of the use of the technique in practice across other apps by using software fingerprinting methods.

Prof. Joel Reardon is an assistant professor at the University of Calgary. Prior to starting in Calgary, he did his Master's at the University of Waterloo, doctoral degree at the ETH Zurich, and a post-doctoral year at the UC Berkeley and the International Computer Science Institute (ICSI). His research interests relate to security and privacy including issues for storage and compliance as well as systems to make it easier to use. He also loves mountains, bicycles, and writing poetry.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, March 26, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

February General Meeting

Software Design Considerations for Multicore CPU Architectures

Speaker: Christopher Aziz, HPC analyst (retired)

Multicore processors have become as ubiquitous as they are inexpensive. Yet within the broad application base, their performance issues remain poorly understood.

At a deep level, multicore (and more generally multi-processor) problems are typically complex. It is human nature to be optimistic. Regrettably, some seemingly reasonable assumptions lead to false expectations, erroneous conclusions and ultimately disappointment.

This presentation will provide some clear software design considerations and explain some of the fundamental performance issues while debunking a few of the more misleading myths. The math will be limited to polynomials.

Chris Aziz has 30+ years experience as an HPC analyst with a special interest in floating point performance for scientific applications. He is a long time *nix systems user. For the past 20 years, Chris has regularly served as a CUUG director and a meeting organizer with many terms as CUUG President.

Slides from this presentation are available in PowerPoint and PDF format.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, February 26, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

January General Meeting

Embedded made easy: piCore

Speaker: Mark Olson, Solon Technology Consulting Services

"Internet of Things" is easy to say, but hard to do. Building the robust systems required for remote sensing and field data collection has traditionally required specialized skills, development tools, and hardware. Micro controller based solutions lack the libraries and community support necessary to easily implement sophisticated applications or integrate with other systems. As a result, solutions for smaller scale problems are considered uneconomic.

The piCore Linux distribution, a port of Tiny Core Linux to Raspberry Pi hardware, offers an alternative approach. Designed for small size and resilience to interruption, piCore facilitates the development of embedded systems using the tool sets and libraries already familiar to developers, which can be deployed on readily available, inexpensive, and broadly supported Raspberry Pi hardware.

In this session Mark will provide an overview of the piCore distribution, outline the considerations that need to be addressed when using this platform for embedded systems, and will briefly demonstrate a product prototype that has been developed using this platform.

Mark Olson has 20+ years experience in Information Technology, with experience in applications management, systems operation, and project management. He has had the opportunity to work for, consult to, or operate endeavours in the fields of Agriculture, Energy, Government, and Transportation. He is a long time CUUG member and Linux systems user.

Slides from this presentation are available in PDF format.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, January 22, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

December Holiday Social

CUUG December Holiday Season Social Evening

It's December, and in keeping with our tradition of recent years, CUUG members and their invited guests will get together for a social evening at the Regency Palace restaurant on Tuesday, December 11, 2018. We'll have a private room and have food from the buffet. Attendees pay for their own drinks.

If you are a CUUG member and would like to join us, please e-mail office at cuug.ab.ca so that we can get a good count of how many people to expect. If you would like to bring a guest, please let us know your guest's name as well.

We look forward to seeing you there!

Regency Palace Restaurant

5:45 PM, Tuesday, December 11, 2018

This event is for CUUG members and invited guests.

November General Meeting

Hardware as Software: How To Write A Cycle-Accurate Emulator

Speaker: Dr. Thierry Lavoie, Ph.D., Manager - Static Analysis Technologies (SAT), Synopsys

Software is commonly advertised as portable across hardware. However, the promises of portability fall short in practice and most software are to various degrees dependent on their hardware. This was especially true at the beginning of the personal computing era. As older hardware fades out and disappears from the market, programs designed for these systems are lost. Or are they?

This talk will explore cycle-accurate hardware emulation and how to emulate systems and programs based on the 6502 processor, famously used in the Apple II, Atari 2600, and the Nintendo Entertainment Systems. The main topics that will be discussed are the basic architecture of an emulator and how it interprets programs, memory device emulation, challenges of achieving cycle accurate emulation, system emulation with multiple processing units (including video and audio), and debugging.

Dr. Thierry Lavoie is a former senior engineer turned manager in the Software Integrity Group at Synopsys. He holds a Bachelor of computer engineering, and a Master's degree and a Ph.D. in static program analysis from the University of Montreal, where he also lectured on compilers and data structures for several years. He is currently the principal voter on the ISO C++ Standard Committee for Synopsys. He has implemented parsers for PHP, Java, and C/C++, has a knack for exotic data structures, and loves designing software for complex problems.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, November 27, 2018

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

October General Meeting

The Top 20 Cyberattacks on Industrial Control Systems

Speaker: Andrew Ginter, VP Industrial Security, Waterfall Security Solutions

This presentation reviews the top twenty cyberattack classes for industrial control systems, and evaluates three different control system security postures for a single site against these attacks. Business decision makers are often reluctant to allocate funds for security program improvements on the basis of qualitative risk assessments or hypothesized probabilities for attacks that have not yet occurred at a site. Andrew shows how to use the spectrum of attacks as a tool for explaining the consequences of existing vs. proposed security postures. This spectrum of attacks suggests a specific answer to the question, "What is the simplest attack with serious consequences that our current security posture does not defeat reliably?"

For anyone interested in more details, this presentation is based on the 2017 paper by the same name.

Andrew Ginter is the VP Industrial Security at Waterfall Security Solutions, an Assistant Professor at Michigan Technological University, and an author and speaker on SCADA Security topics. He has led teams developing SCADA, IT/OT middleware, and SCADA security products, and was awarded patents for middleware and SCADA security technologies. He holds Applied Mathematics and Computer Science degrees from the University of Calgary, and is located in Calgary, Alberta.

Central Library

5:30 PM, Tuesday, October 23, 2018

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

September General Meeting

The Importance of PKI (Public Key Infrastructure) Management

Speaker: Fady Bashay, Senior Security Consultant, Difenda Inc.

With more and more companies embracing new technologies such as Cloud computing, IOT and mobiles Apps, PKI becomes more crucial to protect any organization. PKI is now emerging as a core for securing such new Technologies.

We will describe what is PKI and what is the technology behind digital certificates. We will explore how PKI is deployed in an enterprise environment. We will explain the different technical components that need to be deployed.

Usage of PKI has exploded in recent years. In the process, many organizations have lost control over their PKI assets. We will talk about the general best practices and what are the risks associated with using certificates.

And finally, we will explain some of the top concerns that CISO's have today with respect to the use of certificates. How are certificates being used by hackers and malicious users to breach organizations.

Fady Bashay is a Security Consultant who specializes in PKI, Certificate lifecycle management, cryptography and key management. He has a Master of Engineering Information System Security from Concordia University in Montreal and is currently working at Difenda Inc. as Senior Security Consultant.

Central Library

5:30 PM, Tuesday, September 25, 2018

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

2018 Board of Directors

At the June 2018 Annual General Meeting, the following people were elected to the Board of Directors for 2018/2019:

• Christopher Aziz (President)
• Alan Dewar (Secretary-Treasurer)
• Winson Duong
• Greg King
• Dick Miller