Matthew Franz: Papers and Conference Presentations

Here is a collection of conference presentations and papers over the last few years:

  • How Secure is Secure? Conducting Threat Oriented Product Evaluations - describes a methodology for conducting product security evaluations of network devices and applications - CanSecWest core/01 (April 2001)
  • An Attack Tree for the Border Gateway Protocol - applies attack tree methodology popularized by Bruce Schneier to the Border Gateway Protocol - IETF Draft RFC (September 2002)
  • BGP Vulnerability Testing - analysis based vulnerability testing conducted against a number of popular BGP implementation. Includes assessment of best practices and scans of core internet routers as well as a few slides on PIF (protocol independent fuzzer) - BlackHat USA 03 (July 2003) and NANOG (June 2003)
  • A Future of SCADA and Control System Security - short presentation and vulnerabilities and countermeasures in control system networks - American Petroleum Institue Security Conference (April 2003)
  • Integrating IT and Control System Security - attempts to identify common ground between IT and Control System Security where there has been much FUD about the relevance of security problems and solutions - KEMA Cyber Security Conference (March 2003)
  • Industrial Ethernet Security: Threats and Countermeasures - overview of vulnerabilities common to control system networks and identifies security best practices for the plant environment - appeared in Industrial Ethernet Handbook (June 2003)
  • Vulnerability Testing of Industrial Network DeviceS - summary of TCP/IP stack testing of several embedded operating systems common in remote IO, ethernet-serial gateways, and programmable logic controllers (PLC) - ISA Industrial Network Security Conference (October 2003)
  • Protocol Implementation Testing: Challenges and Opportunties brief presentation on fuzz-testing tools and methodology - NISCC Workshop (January 2004)
  • ModbusFW: Deep Packet Inspect for Industrial Ethernet - general discussion of filtering/access control technology for industrial networks and demonstration of use of ModbusFW NISCC Electronic Security of SCADA Control & Automation Systems. (May 2004)
  • Flexible Threat Modeling - some random thoughts (unpublished) on threat modeling and the limitations of attack trees and as effective tools for addressing design and implementation flaws in systems. (May 2004)
  • The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems - results of joint research Cisco/BCIT sponsored by NISCC.
  • A Peek into Industrial Port Probes - a powerpoint based a few hours of running Dshield queries for 3 protocols (unpublished, August 2005)
  • Finding the Holes Before the Hackers Do - short presentation on finding vulnerabilities in control systems - (October 2005, Byres & Franz, ISA Expo 2005)
  • Uncovering Cyber Flaws - non-technical article on vulnerability discovery. (January 2006, ISA InTech)
  • SCADA Vulnerability Disclosure: A Case Study in Critical Infrastructure Information Sharing - a short editorial that appeared in theSpring 2006 PCSF Newsletter.
  • SCADA Vulnerability Discovery and Disclosure - this caused some mild to moderate irritation among some SCADA Vendors at the Spring PCSF meeting.
  • The Challenge of Open Security Testing Framework for Control Systems - this was a short (20 minute) presentation I gave at PSCF during a session testing criteria/frameworks/standards (or whatever) - most of it is relevant to any type of structured security testing.
  • A Rough Start of a Toolset for Assessing Java/J2EE Web Apps - a short prezo I gave at the kickoff of the Austin OWASP chapter. Nothing special here.
  • ICCP Exposed: Assessing the Attack Surface of the Utility Stack. See S4 Abstracts
  • OPC Security Whitepaper - written with Eric Byres and other folks from BCIT. (Available on Digital Bond Site). See this Blog Entry for information.