Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

 ISTS logo

Securing the e-Campus 2017 - Exact time and dates TBD

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

RIOTS logo 

Professor Sean Smith, Director of the ISTS and Bill Nisen, Associate Director, spoke at the

School House residential cluster on the Internet of Risky Things  - February 21, 2017, 5:30 PM

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA

2015 Presentations

Day One Presentations - July 14, 2015

Keynote Address: Data Privacy and Security on the Digital Campus

Devon Chaffee - Executive Director of the ACLU of New Hampshire

What is this, a school for ants? In Search of a Better Model for Information Security in Higher Ed

Joshua Beeman - Information Security Officer, University of Pennsylvania

Despite decades of concerted effort, we continue to see 0-days, bugs, and breaches worldwide.  Some security practitioners have come to the discouraging conclusion that we are not much better off than when we started, and that success may be unobtainable.  This session proposes that the way we frame Information Security shapes not only our professional outlook, but how successful we will be at affecting change across the many layers of our organization.  Mental models such as "cyberwar" and “cybercrime” will be discussed, as will the fictional character Derek Zoolander, and a suggestion for a "really, really, ridiculously good" mental model for information security in higher education.

Future of IDS: Considerations for Keeping Up with Increasing Network Growth

Harry Hoffman - Director, Security and Resilience, Massachusetts Institute of Technology

Campus networks are now planning 40G and 100G upgrades. This talk will focus on various strategies, both architectural and hardware based, to keep up with the growth in these networks. We'll look at several popular solutions that exist and what the future might hold.

Using DNS to Protect Clients from Malicious Domains

Melissa Muth - Senior Information Security Analyst, University of Pennsylvania

Protecting against security threats is especially difficult on large University networks without centralized network security controls. Antivirus software and patching aren't enough to protect clients from zero-day threats, polymorphic malware, and malicious third-party ads hosted on otherwise legitimate websites. A DNS sinkhole is a lightweight method that the University of Pennsylvania is using to protect against these threats, leading to a 97% reduction in compromises. This talk will describe the architecture and lessons learned when going from pilot to production.

Day Two Presentations - July 15, 2015

Prioritizing Web Application Vulnerabilities – A Hacker’s Perspective 

Nick Silver - Principal Solutions Architect at Veracode

The best application risk models not only capture technical risk factors, but also the business context in which an asset lives. Traditionally, this is done by auditing application owners on an array of questions in order to properly classify the asset and its data – but that takes time which could be better spent elsewhere. We interviewed dozens of hackers and asked them which vulnerabilities they would look for first depending on the type of attack they wanted to carry out. We’ll walk through several examples of how to use this data as a shortcut means for prioritizing risk without the need for any pesky audit questionnaires.

From Data Straight-jacket to Armored Data: Duke's Protected Network for Conducting Research with Sensitive Data

Richard Biever - Chief Information Security Officer and Director of Identity Management, Duke University 

Mark DeLong - Director of Research Computing, Duke University

In 2011, Duke started work on a “protected network” to house administrative sensitive data (e.g. SSNs). Since that time, Duke OIT, the IT Security Office, and research groups have made technical and policy modifications to the network resulting in over 30 research groups using the environment and relying on technical controls such as multi-factor for remote access, audit logging and analysis within Splunk, and segmentation within the environment. The model has shifted from a completely isolated and unplugged network with fixed resources to a model of well partitioned and isolated network with flexibly allocated computational and storage resources. Thanks to the involvement of Duke’s research groups, especially in the social sciences, a new set of IT and analysis tools are being developed and tested to provide fast and secure movement of data into the environment (SDN) and browser-based, fast-provisioning of desktop environments with research analysis tools built in. Tools to deploy on-demand cluster computing resources are also under development. Work is underway to use Internet2 technologies to federate authentication, making access to the Protected Network easier for collaborators at other universities. The result is that researchers are finding that computational resources can be matched to the demands of their analysis and their research teams, and the security context is less a constraint on their research plans.

Last Updated: 2/25/16