Invited Speakers (in alphabetical order)
| Dr. Francois Cosquer, Security CTO and Technology Strategist, Alcatel Lucent Enterprise, Colombes, France |
 |
| Topic:
Real world security events: From incidents to solutions: Part 1 Abstract: Two Alcatel Lucent IT/Security professionals will share their real world experience going through a series of security incidents. They will describe a detailed analysis of the events from detection to closure. In parallel for each case study, possible countermeasures and solutions provided by Alcatel Lucent will be described. After a look into the future and evolutions of the threats and its impacts on the security industry, the session will close with an open Q&A. Biography: After relocating to France in 2007, Francois Cosquer is the Security CTO and a Technology Strategist for the Enterprise Business CTO Group at Alcatel-Lucent. He previously served as Chief Security Architect for Alcatel North America where he coordinated the security effort for Alcatel Solutions in North America and led the Security architecture on ATT project LightSpeed. He also served as the acting chair of the ATIS TOPS Council Focus Group on Network Security and Technical Editor for the ATIS IIF DRM taskforce, he was a speaker and served as a chair for various security sessions, such as USTA Telecom, Supercomm, VON, CTIA, Global Mobile Enterprise, Wireless Industry Congress, Globecom, and Broadband Services Forum. Francois came to Ottawa in 2001 to lead the Corporate Security Research Center. Prior to joining Alcatel, he worked in Europe for a number of Research Institutions, Equipment Vendors and Telecom Operators. Francois' 17 years experience covers networking, operating systems, middleware and multimedia applications. He is an author of several international publications and a co-author of a LNCS book on Advances in Distributed Systems. He is an Advisory Board Member at the Concordia Institute of Information Systems Engineering and for the European Commission Security & Dependability Task Force. Francois graduated in Electronics and Computing and holds a MSc degree in Computer Science and a Ph.D. degree in Computer Engineering. Francois holds an Adjunct Professor position at the Faculty of Engineering and Computer Science, Concordia University, Montreal. |
| Dr. Claude Crépeau, McGill University, Montreal, Canada |
 |
| Topic:
Generating everlasting security while it
lasts... Abstract: Everlasting security is a quality of certain cryptographic protocol that allow them to be secure today, and remain so for ever, regardless of technological advances. In this talk I will introduce some basic cryptographic primitives sufficiently powerful to implement very complex cryptographic tasks securely as long as the primitive is secure to start with. Then I will describe a few realistic scenarios, such as quantum cryptography and the bounded storage model, where such secure primitives may be obtained with everlasting security until new technologies are developed. Biography: Prof. Claude Crépeau received an M.Sc. degree from the Université de Montreal in 1986 and a Ph.D. degree from M.I.T., in 1990. He later was a postdoc at the Université Paris-Sud and has been a CNRS researcher at the Ecole Normale Superieure, Paris, since the end of 1991. He has been an Associate Professor at the Université de Montreal from 1995 to 1998 and became Associate Professor at McGill University in 1998. Claude has worked extensively at the design of cryptographic protocols, including Zero-knowledge protocols, Multiparty Computations, Two-Party Secure Function Evaluation. His major contribution has been to offer alternative (non computational) assumptions under which such protocols may be implemented using noisy channels and quantum channels. |
| Dr. Sushil Jajodia, Center for Secure Information Systems, George Mason University, Fairfax, USA |
 |
| Topic:
Topological Analysis of Network Attack
Vulnerability
Abstract: This talk will discuss issues and methods for survivability of systems under malicious attacks. To protect from such attacks, it is necessary to take steps to prevent attacks from succeeding. At the same time, it is important to recognize that not all attacks can be averted at the outset; attacks that are successful to some degree must be recognized as unavoidable and comprehensive support for identifying and responding to attacks is required. In my talk, I will describe the recent research on attack graphs that represent known attack sequences attackers can use to penetrate computer networks. I will show how attack graphs can be used to compute actual sets of hardening measures that guarantee the safety of given critical resources. Attack graphs can also be used to correlate received alerts, hypothesize missing alerts, and predict future alerts, all at the same time. Thus, they offer a promising solution for administrators to monitor and predict the progress of an intrusion, and take appropriate countermeasures in a timely manner. Biography: Sushil Jajodia is a University Professor, BDM International Professor of Information Technology, and the director of Center for Secure Information Systems at the George Mason University, Fairfax, Virginia. He joined GMU after serving as the director of the Database and Expert Systems Program within the Division of Information, Robotics, and Intelligent Systems at the National Science Foundation. Before that he was the head of the Database and Distributed Systems Section in the Computer Science and Systems Branch at the Naval Research Laboratory, Washington and Associate Professor of Computer Science and Director of Graduate Studies at the University of Missouri, Columbia. He has also been a visiting professor at the University of Milan and University of Rome "La Sapienza", Italy and at the Isaac Newton Institute for Mathematical Sciences, Cambridge University, England. Dr. Jajodia received his PhD from the University of Oregon, Eugene . The scope of his research interests encompasses information secrecy, privacy, integrity, and availability problems in military, civil, and commercial sectors. He has authored six books, edited twenty-eight books and conference proceedings, and published more than 300 technical papers in the refereed journals and conference proceedings. He received the 1996 Kristian Beckman award from IFIP TC 11 for his contributions to the discipline of Information Security, 2000 Outstanding Research Faculty Award from GMU's School of Information Technology and Engineering, and 2008 ACM SIGSAC Outstanding Contributions Award for his research and teaching contributions to the information security field and his service to ACM SIGSAC and the computing community. Dr. Jajodia has served in different capacities for various journals and conferences. He is the founding editor-in-chief of the Journal of Computer Security and on the editorial boards of IEE Proceedings on Information Security, International Journal of Cooperative Information Systems, International Journal of Information and Computer Security, and International Journal of Information Security and Privacy. He is a past editor of ACM Transactions on Information and Systems Security and IEEE Transactions on Knowledge and Data Engineering. He is the consulting editor of the Springer International Series on Advances in Information Security. He has been named a Golden Core member for his service to the IEEE Computer Society, and received International Federation for Information Processing (IFIP) Silver Core Award "in recognition of outstanding services to IFIP" in 2001. He is a past chair of the ACM Special Interest Group on Security, Audit, and Control (SIGSAC), IEEE Computer Society Technical Committee on Data Engineering, and IFIP WG 11.5 on Systems Integrity and Control. He is a senior member of the IEEE and a member of IEEE Computer Society and Association for Computing Machinery. The URL for his web page is http://csis.gmu.edu/faculty/jajodia.html. |
| Mr. Carlos Solari, VP, Security Strategy and Solutions, Alcatel Lucent Corporate CTO, Murray Hill, New Jersey, USA |
 |
| Topic:
Real world security events: From incidents to solutions: Part 2 Abstract: Two Alcatel Lucent IT/Security professionals will share their real world experience going through a series of security incidents. They will describe a detailed analysis of the events from detection to closure. In parallel for each case study, possible countermeasures and solutions provided by Alcatel Lucent will be described. After a look into the future and evolutions of the threats and its impacts on the security industry, the session will close with an open Q&A. Biography: Carlos Solari joined Alcatel-Lucent as Bell Labs Security Solutions Vice President in April 2006. Recently, he has transitioned to lead the same capacity from the CTO Organization. In this role, Carlos leads a team that defines and implements the security strategy positioning Alcatel-Lucent as the vendor of choice for secure, reliable networks, services and applications. Prior to joining Alcatel-Lucent, Carlos served as President of Solari Innovations, Inc., providing consulting services in the area of security strategies, IT architecture development and IT best practices. Carlos has extensive experience in the field of information systems security as applied in the areas of homeland security, law enforcement, public safety and defense; with over 25 years in various government and private industry positions, including 13 years service in the U.S. Army as an officier and 6 years with the Federal Bureau of Investigation as a senior executive. From 2002 to 2005, he served as Chief Information Officer for the Executive Office of the President - the White House. He was responsible for the implementation of a complete computing modernization for the White House and its supporting offices with IT security a central part of the work. He is a graduate of Washington and Lee University in Lexington, Virginia with a BS in Biology (1979), and the Naval Postgraduate School in Monterey, California; MS in Systems Technologies (1990). |
| Dr. Doug Stinson, David R. Cheriton School of Computer Science, University of Waterloo, Canada |
 |
|
Topic:
Recent Results on the Design and Analysis of Manual Authentication
Protocols Abstract: There has been considerable recent interest in manual authentication protocols, where a Sender S and a Receiver R are connected by an insecure channel as well as a narrowband authenticated (i.e., a "manual") channel. S wishes to send a "long" message over the insecure channel, which is authenticated to R using a short authenticator sent over the manual channel. S and R are assumed to have have no shared secret key, nor is there is an infrastructure to support public-key cryptography. It is of interest to design protocols in this setting that are secure against an active adversary. In this talk, we will discuss how manual authentication protocols can be designed and analyzed. We consider non-interactive as well as interactive schemes, and we look at both unconditionally secure protocols and protocols that are provably secure in the random oracle model. This talk is based on joint work with Atefeh Mashatan. Biography: Douglas Stinson received the B.Math. degree from the University of Waterloo, in 1978, the M.Sc. degree from the Ohio State University in 1980, and the Ph.D. degree in combinatorics and optimization from the University of Waterloo in 1981. He has held academic positions at the University of Manitoba, where he was an NSERC University Research Fellow, and the University of Nebraska-Lincoln. Currently he holds the position of Professor and University Research Chair in the David R. Cheriton School of Computer Science at the University of Waterloo. He held the NSERC/Certicom Industrial Research Chair in Cryptography from 1998 to 2003. His research interests include cryptography and computer security, combinatorics and coding theory, and applications of discrete mathematics in computer science. He is the author of over 200 research papers as well as the popular textbook Cryptography: Theory and Practice, the third edition of which was published in 2005. |