June 5, 2009 (Friday) - Concordia University, Montreal, Quebec, Canada
The Computer Security Laboratory at the Concordia Institute for Information Systems Engineering (CIISE) is organizing an one day colloquium on Information Systems Security.
Location: EV2.260 at the EV
building, 1515 St. Catherine W., Montreal
[Google
map] [Concordia
campus map]
Date: June 5, 2009 [Program]
Registration:
Registration is free. You can pre-register by filling out the
registration form available at the front desk of CIISE, or get it from here:
[doc] [pdf]
For further information, please contact Ms. Sheila Anderson
- E-mail: anderson(at)ciise.concordia.ca
- Phone: 514-8482424 ext 3180
Invited Speakers (in alphabetical order)
| Dr. Carlisle Adams, Professor, University of Ottawa, Ottawa, Canada |
 |
|
Topic:
Credential Systems: Promise, Risks, and Possible Mitigations Abstract: Concerns about the degradation of privacy in our increasingly digital world has led a number of researchers to explore the creation of Privacy Enhancing Technologies (PETs). One such PET is the concept of a credential system, which allows the construction of privacy-preserving access control infrastructures in online environments. Credential systems hold much promise for those interested in retaining some control over their personal information but, as with any technology, there can be risks associated with widespread deployment. This talk will give a brief introduction to credential systems and some of the associated risks, and discuss recent research into possible mitigation techniques for these risks. Biography: Dr. Adams is a professor at the University of Ottawa. Prior to his appointment at the University of Ottawa, he worked for 13 years in cryptography and security engineering in the high-tech industry in Ottawa, Canada. He was a Senior Cryptographer at Nortel Secure Networks, the business unit within Nortel that spun out to form Entrust, Inc. At Entrust, he held the positions of Senior Cryptographer, Senior Manager - Standards Program, and Principal Architect - Advanced Security. |
| Dr. Francois Cosquer, Security CTO and Technology Strategist, Alcatel Lucent Enterprise, Colombes, France |
 |
| Topic:
Measuring and Improving Security : From Design to Deployment Abstract: "Security is a process" - "If you cannot measure it, you cannot improve it!" These famous quotes hold some very strong message as to how our industry can help improve security. This session will discuss how we can move from a reactive approach to security towards a more proactive information risk management. Firstly, by carefully base lining security properties (eg. access control, authentication, integrity etc.) using the ITU X.805 standard based approach, security coverage can be improved in products and solutions during the design phases. Secondly, by defining security assurance indicators using a methodology based on ISO2700x, the deployment phases can also benefit from innovative monitoring tools that can provide near-real-time assurance that security policies are effectively implemented in networks and services infrastructures. At a time when Corporations face IT security budget pressures combined with increasing compliance and regulations, standard based approaches - covering design and deployment and using business driven security metrics - can help measure and improve security business value. Biography: Dr. François Cosquer is CTO Security and Technology Strategist for the Alcatel-Lucent Enterprise Business Group. Over the past 18 years, he has held senior positions with research institutions, equipment vendors and telecommunications operators. He draws on extensive experience in security architecture, networking, operating systems, middleware and multimedia applications. He has been speaker, panelist and chair at key industry events and conferences. François graduated in Electronics and Computing and holds an MSc in Computer Science and a Ph.D. in Computer Engineering. He currently serves as Adjunct Professor at the Faculty of Engineering and Computer Science, University of Concordia, Montreal. |
| Dr. Rob Malan, Chief Technology Officer (CTO) and Co-Founder, Arbor Networks, United States |
 |
|
Topic: Internet Security -- a Weather Report Abstract: Dr. Malan will give an overview of Internet-wide security from the vantage point of the cloud. This will include a summary of both Arbor Network's real-time ATLAS infrastructure as well as the findings from Arbor's world-wide security survey of ISP's. This will lead to a discussion of botnets, denial-of-service attacks, dns infrastructure vulnerabilities, route hijacking, and other problems facing the Internet infrastructure. Biography: His thesis work at the University of Michigan formed the basis for Arbor Networks' technology, leading to his authoring of the company's patents. He has successfully transitioned technology from research prototype to product during his tenure in industry, which includes work at the IBM T.J. Watson Research Laboratory and Hewlett- Packard. Malan began his networking career working as a researcher on the Mach operating system project at Carnegie Mellon University. He has authored 18 papers that have been published in top-tier information security and networking journals, and conference proceedings. He holds a Ph.D. and MSE in Computer Science from the University of Michigan, and a B.S. in Computer Engineering from Carnegie Mellon University. |
| Mr. Stu Jacobs, YCS Consulting Principal Consultant and Adjunct Lecturer Boston University |
 |
|
Topic: Industrial Security Governance and Human
Vulnerabilities Abstract: Mr. Jacobs will discuss how human vulnerabilities affect the industrial security lifecycle and Security Governance. This talk will consider how a Systems Engineering approach can reduce the impact of human nature on information security assurance. Consideration is given to selection of minimally intrusive mechanisms that constrain human errors yet are able to achieve industrial objectives and support compliance verification of legislative obligations. Biography: Currently Mr. Jacobs serves as an Industry Security Subject Matter Expert for the Alliance for the Telecommunications Industry Solutions (ATIS) Telecommunications Management and Operations Committee (TMOC) and the Network Performance, Reliability and Quality of Service Committee (PRQC). Presently, Mr. Jacobs is providing security engineering support on activities within the ATIS PRQC and Packet Technologies and Systems (PTSC) committees and ITU-T Study Groups 4 and 9. In this role, he served as the Technical Editor of an ATI Technical Report titled: "Information & Communications Security for NGN Converged Services IP Networks and Infrastructure". Mr. Jacobs also served as the Technical Editor of ITU-T M.3410, "Guidelines and Requirements for Security Management Systems". Mr. Jacobs is also an Adjunct Instructor at Boston University with responsibilities for teaching the graduate courses MET CS-654 “Network and Computer Security”, MET CS 690 “Network Security” and MET CS 695 "Computer Security for Business". Along with being responsible for the initial development of these graduate courses, Mr. Jacobs provides advice and guidance on security curricula issues to the MET Computer Science department. He retired from Verizon in 2007 where he served as a Principal MTS with responsibility for security architecture development, security requirements analysis and standards development activities. Mr. Jacobs served as Verizon’s lead security architect with responsibility for security on numerous Verizon RFPs (Sonet ADMs, WDM, G-MPLS, VoIP/IMS, IPTV, VLANs, VPNs, Firewalls, IDS/IPS, Security Management) and provided general security consulting within Verizon on wireless and wired networks, SS7, CALEA/LI, vulnerability analysis, intrusion detection and systems engineering methodologies. Mr. Jacobs served as Verizon's security subject matter expert for ANSI-ATIS, ITU-T SG4 and SG17, TMF, OIF, MSF, OMG and IETF activities. Mr. Jacobs routinely participated in ATIS PTSC-SEC, PRQC-SEC and TMOC-AIP committees. In addition, Mr. Jacobs pursued applied research in network design and security, in particular wireless networks, public key infrastructures, network authentication schemes, distributed computing security mechanisms (including autonomous agent systems, authentication mechanisms for Mobile IP, Mobile Ad-Hoc Self Organizing Networks and Intelligent Agents). |
| Dr. Rei Safavi-Naini, Chair in Information Security, iCore, University of Calgary, Alberta, Canada |
 |
|
Topic:
Random key pre-distribution with security against node compromise. Abstract: Random key pre-distribution schemes provide an elegant solution to the problem of secure key establishment in resource constrained sensor networks. We revisit the security of these schemes against node compromising adversaries and show that guaranteed security can only be obtained at very high communication cost. We then propose a new approach that provides security against such adversaries with only a small additional communication cost. We show the security guarantee of this system analytically and also through extensive simulations. Biography: Rei Safavi-Naini is the iCORE Chair in Information Security and co-director of Centre for Information Security and Cryptography at the University of Calgary, Canada. Before joining University of Calgary in 2007, she was a Professor of Computer Science and the Director of Telecommunication and Information Technology Research Institute (now ICT Research Institute) at the University of Wollongong Australia. She is associate editor of IEEE Transaction on Information Theory and ACM Transactions on Information and System Security, has served on the program committee of major conferences in cryptology and information security. Her research interest includes cryptography, network security, and digital and privacy rights management. She holds a PhD in Electrical Engineering from University of Waterloo, Canada. |
| Dr. Mohammad Zulkernine, Assistant Professor, Queens University, Ontario, Canada |
 |
|
Topic:
Bridging the Gap - Building and Monitoring Trustworthy Software Abstract: Software systems must be engineered with reliable protection mechanisms, while still delivering the expected functionalities. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide adequate methods and tools to achieve security goals. This presentation will discuss some methods and tools for building secure software systems proposed by the Queen's Reliable Software Technology (QRST) research group. Despite rigorous use of many preventive measures and protective shields there exist faults and security loopholes, which elude their detection efforts and do not surface until the software is operational. Several studies have shown that no matter how much effort has been put into the early stages of the software development, building fault or vulnerability free software has proven nearly impossible in practice. These faults may lead to serious software failures, and security loopholes often leave the system vulnerable to attacks and abuses. Given that, it is very important to have tools which can be used for online monitoring of the "trustworthiness" of software systems. This presentation will also discuss some research on automatic monitoring for software failures and intrusions. Biography: Mohammad Zulkernine is a faculty member of the School of Computing of Queen’s University, Canada, where he leads the Queen’s Reliable Software Technology (QRST) research group. He received his B.Sc. in Computer Science and Engineering from Bangladesh University of Engineering and Technology in 1993. Dr. Zulkernine received an M.Eng. in Computer Science and Systems Engineering from Muroran Institute of Technology, Japan in 1998. He received his Ph.D. from the Department of Electrical and Computer Engineering of the University of Waterloo, Canada in 2003, where he belonged to the university’s Bell Canada Software Reliability Laboratory. Dr. Zulkernine's research focuses on software engineering (software reliability and security), automatic software monitoring and intrusion detection, methods and tools for reliable and secure software. His research work are funded by a number of provincial and federal research organizations of Canada, while he is having an industry research partnership with Bell Canada. He is a senior member of the IEEE and a member of the ACM. Dr. Zulkernine is also cross-appointed in the Department of Electrical and Computer Engineering of Queen's University, and a licensed professional engineer of the province of Ontario, Canada. |