CS Grad Student Manna Earns Scholarship, Attends Black Hat

August 10, 2021

Gold Richarden, Modhuparna Manna, and Andrew Case posing together at the Black Hat Conference BATON ROUGE, LA – LSU Computer Science Ph.D. student Modhuparna Manna earned a competitive scholarship to attend the Black Hat annual cybersecurity conference—the premier such conference in the world—in Las Vegas, Nevada, last week. She was there as part of an LSU-industry partnership team to present recent memory forensics work she and other students in the LSU Applied Cybersecurity Lab have been helping to develop to protect people and organizations from malware.

Her team’s talk, “Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing,” was presented by Andrew Case—one of the world’s leading experts on memory forensics and director of research at Volexity (a national leader in incident response and threat intelligence), and industry partner in the Applied Cybersecurity Lab, where he collaborates on research and mentors students—together with LSU Professor of Computer Science Golden G. Richard III, head of the Applied Cybersecurity Lab and associate director for cybersecurity in the LSU Center for Computation & Technology.

“As research students in the Applied Cybersecurity Lab, we are part of a team that develops solutions to cybercrime,” Manna said. “Although this is a very daunting experience, we have the support and guidance of advisors like Golden and Andrew, who are pioneers in this field. In our research group, we have the freedom to develop our own research ideas and implement them in unique ways, and this project on Linux kernel tracing is a great example of the industry-leading work we get to do.”

The team’s recent successes in cybersecurity research are drawing national attention. Although Manna won’t graduate until December, she has already been offered and accepted a tenure-track position at the University of New Haven, a National Security Agency-designated CAE-CO school, or National Center of Academic Excellence in Cyber Operations, which recruits top talent to help increase U.S. national security.

LSU was recently chosen by the National Security Agency as the first non-member university to pilot the new designation process for its program, the top designation for cybersecurity in higher education in the United States, with 23 universities currently participating. LSU was also selected by the National Science Foundation as a Scholarships for Service (SFS) school in 2019 to help educate and employ top cybersecurity students through generous scholarships and guaranteed jobs in government upon graduation. Recent LSU SFS graduate Ryan Maggio now works as a cyber systems exploitation researcher at MIT’s Lincoln Laboratory, a Department of Defense-funded R&D center.

While Manna attended the Black Hat conference in person, another LSU Computer Science graduate student in the Applied Cybersecurity Lab, Raphaela Mettig, attended virtually—and for free; an exclusive perk that came with her team being invited to present a talk.

“Getting to attend Black Hat as a student is an incredible privilege,” Mettig said. “It’s one of the world’s biggest stages when it comes to cybersecurity research. Having the opportunity to not just hear from but also interact with some of the industry’s leading experts is an invaluable experience. You get to see a bit of everything that is going on in the cybersecurity field—the problems being worked on; current and future challenges.”

“I was extremely happy that Andrew and Dr. Richard were able to represent our research group on a stage like that,” Mettig continued. “It goes to show that the work we do at LSU is valuable in the real world, and as a student and researcher, that’s very inspiring.”

The team insight that led to the talk was how kernel instrumentation facilities can be used nefariously by malicious hackers to hijack commands in the kernel (the core of a computer’s operating system) to hide files and processes and exfiltrate data. A new such facility in the Linux operating system, called eBPF, or extended Berkeley Packet Filter, was intended to increase observability, scalability, and security by making the Linux kernel more flexible and programmable—a game-changer for large, cloud-based companies such as Netflix, Google, and Facebook.

These “cool, new features available for abuse,” as Case described them, were also demonstrated by another research team from the cloud monitoring company Datadog at Black Hat this year. Luckily, the LSU team’s talk offered not just warnings, but solutions—Case and Richard have already developed tools and techniques to help detect potential abuse, with more on the way. Importantly, their solutions do not rely on hamstringing the kernel instrumentation facilities themselves, leaving them fully functional and useful.

“During our research, we discovered that the kernel tracing infrastructure is enabled by default on nearly every Linux system used in production environments—this creates a significant attack surface that previous forensics approaches were unable to detect,” said Case, who’s taught digital forensics and incident response at Black Hat for 10 years in a row and was happy to see the conference add a specific forensics track for presentations in 2019, shifting the focus a bit from offensive hacking to defensive detection techniques. “The number and severity of modern threats necessitate that defenders maintain cutting-edge capabilities. It was highly motivating to see Black Hat add a digital forensics track that allows for such capabilities to be presented to the largest audience in the industry.”

The Applied Cybersecurity Lab remains focused on developing tools and techniques to combat increasingly sophisticated cybercrime that puts the security of computer systems and their users at risk. Most of those solutions rely on advanced knowledge of memory forensics, reverse engineering, malware analysis, and operating systems internals, which Case and Richard have studied for years.

“Andrew and I are both very interested in deep, technical cybersecurity and have collaborated on memory forensics research for almost 15 years,” Richard said. “Our shared goal in the research lab is to create cybersecurity ‘superheroes’ that fill a specific, high-end, very technical niche in the cybersecurity workforce.”

Manna’s scholarship to attend the Black Hat conference came from Black Hat and the EWF Future Female Leaders Scholarship Program. She was one of 50 female students selected, in part because of her already advanced knowledge and active research on malware and memory forensics.

“A basic knowledge of malware is extremely important for computer science students,” Manna said. “I am very thankful that I got the opportunity to go deeper into this challenging research and also look forward to soon be able to extend my knowledge to other students who share my enthusiasm for cybersecurity.”