Jeff Avery, Cybersecurity Engineer
Writer(s): Kristyn Childres
Before Jeff Avery chose Purdue for graduate school in cybersecurity, he spoke to his future advisor, Gene Spafford, by phone. “That really helped me make my choice,” Jeff said. “It meant something to me – the fact that he would take the time to talk to me. I took it as an indication that he’d be a great mentor during my graduate years.”
Using deception to distract attackers
Jeff’s graduate research focused on applying deception to security patches – attempting to deceive attackers who might try to reverse-engineer a software update to identify which vulnerabilities it fixed. Adding deception to a patch can cause an attacker to spend more time analyzing the code, so that the vulnerability gets fixed while the attackers are distracted. You can apply deception to the code itself (or to its behavior or location) or use deceptive techniques when writing the text users will see about the code.
Jeff says that app update notifications on your iPhone are a perfect example of something that might be deceptively generated to distract hackers. “The text about the update might say, ‘This update fixes bugs A, B and C' – but in reality, bugs A, B and C might not even exist,” he said.
“That’s the beauty of deception,” he said. “You can almost do almost anything. A lot of it depends on context and timing.” He found that specific deception techniques can make it difficult for attackers to distinguish between an unpatched system and a deceptively patched system.
“In general, deception is not a one-stop shop,” Jeff said. “It enhances other security techniques to make them stronger. But those techniques can make deception itself stronger. Deception is just one piece in that fits into the puzzle of security.”
Always interested in puzzles, Jeff was drawn to study security because of his father’s history in the military. He credits his strong work ethic, instilled by his mother, a teacher, with his success in grad school and says that his brother, a Ph.D. candidate at MIT studying biomedical engineering, pushed him to be a better student and researcher.
Jeff received his Ph.D. in August 2017. He now works for Northrup Grumman as a software engineer in McLean, Virginia, where he is part of the Future Technical Leaders Program.