Challenges and Opportunities in Cyber Forensics |
|
Dr. Zeno Geradts
|
|
| Abstract: The growth of the field of cyber forensics has been rapid in the last decades. The challenge is to keep up with the speed of change in investigation of all digital products that are being developed continuously and often proprietary standards are used in manufacturing. In this presentation an overview will be given of the state of the art of the cyber forensic investigation within the Netherlands Forensic Institute, and also efforts within European Network Forensic Science Institutes and many other bodies (ISO, ASTM) to have best practices for investigation. Cyber forensics is often used for solving old crimes. Crimes such as hacking and other more sophisticated methods of intrusion are seen more often, and often case by case a lot of research and development is necessary. Often reverse engineering of software is necessary, and for this reason a good collaboration with industry is important in the field. Cloud computing makes investigation of digital traces even more complicated, especially if it is in across borders. Also in these cases standardization is necessary. Exchange of methods of investigation remains also important to have evidence based method for investigation, and error rates are known for the method. Within this presentation several examples will be presented of casework, and also a discussion will be given on current and expected issues. The field of cyber forensics has many challenges and many opportunities for developing new methods to investigate new developments in the field. |
|
| Biography: Zeno Geradts works since 1991 at the Netherlands Forensic Institute as a forensic scientist. He is expert witness in image analysis and biometrics (e.g. facial comparison) as well as R&D coordinator in digital evidence. In 2002 he received a PhD from the University of Utrecht based on research on computational matching of images from shoeprints, toolmarks, drugs pills and cartridge cases. He started in toolmarks where he wrote several hundreds of reports and in 1995 he switched to firearms and since 1997 he works at the digital evidence and biometrics department. At the American Academy of Forensic Sciences he has been chairman of the Engineering Section and since 2008 he has been chairman of the new section Digital Evidence and Multimedia. Currently he is in Director the section. He is chairman of the Euopean Network of Forensic Science Institutes Forensic IT working group. He (co-) authored in many publications and presented a wide variety of papers and workshops and is active on casework as expert witness and projects in digital evidence and multimedia (such as camera identification, repairing video streams, image analysis, heart beat detection from CCTV). |
|
Recent Advances in Live Forensics |
|
Prof. Golden G. Richard,
III
|
|
| Abstract: A number of factors have contributed to an increasing interest in live forensics, where the devices(s) under investigation continue to run while forensic evidence is collected and examined. These factors include a huge increase in the size of forensic targets, increasing case backlogs as more criminal activity involves the use of computer systems and other digital devices, and the need to turn around cases very rapidly to counter acts of terrorism or other criminal activity, where lives or property may be in imminent danger. In addition, a live investigation may reveal a substantial amount of volatile evidence that would be lost if only a traditional “pull the plug” investigation were performed. This volatile evidence includes lists of running processes, network connections, data fragments such as chat or email messages, and keying material for drive and file encryption. All of this volatile information can be crucial in expediting processing of a case, by providing critical contextual information that supplements traditional analysis, such as processing disk images. Early live forensics efforts typically involved running a number of statically linked binaries on the forensic target (e.g., ls, ps, lsmod, lsof, etc. under Linux) and capturing the output of these commands for later analysis. A physical memory dump might also be captured, but analysis of the physical memory dump was often limited to simple string searches. Recently, research into deeper, advanced techniques has substantially increased the capabilities of live investigation. Physical memory dumps can now be analyzed to reconstruct models of the current and historical states of a live system under investigation. This kind of analysis relies on deep understanding of data structures in the target’s operating system kernel as well as the layout of the address spaces of individual processes to extract evidence pertinent to an investigation. This talk provides a broad overview of recent advances in live forensics techniques, including deeper analysis of key kernel data structures to reveal historical system information (e.g., terminated processes, recently closed network connections), network stack analysis, extraction of clipboard data, solutions for operating systems version diversity, automatic modeling of kernel data structures, and live forensics for mobile devices. The impact of virtualized environments and virtual machine introspection on live forensics investigation will also be discussed. The talk is designed to be interactive and audience participation is strongly encouraged. |
|
| Biography: Golden G. Richard III is an experimental computer scientist by day and concert photographer by night. His research interests include digital forensics, operating systems internals, and reverse engineering. Golden is Professor of Computer Science and Director of the Greater New Orleans Center for Information Assurance at the University of New Orleans. He is also a GIAC-certified digital forensics investigator and co-founder of Digital Forensics Solutions, LLC, a private digital investigation and computer security firm. Golden is Chairman of the Board of Directors of the Digital Forensics Research Workshop (DFRWS), an Editorial Board of the Journal of Digital Investigation, and a member of the Secret Service Taskforce on Electronic Crime. He has never seen an episode of CSI and being from New Orleans, is unlikely to eat anything whose recipe contains the words "packet", "can", or "envelope". |
|
The Use of Business Intelligence Techniques in Digital Investigations |
|
Prof. David Billard
|
|
| Abstract: More than ever, criminal or e-discovery cases involve huge amount of data to collect and process. The role of the forensic practitioner shifted from only extracting data from digital devices to the role of aggregating and processing these data in a synthetic way. We present the use of Business Intelligence tools for collecting and processing huge amount of data in order to render them usable by police forces or justice. We also discuss on the qualities one should attach to a digital evidence formed by a very large data set. |
|
| Biography: Prof. David Billard received is PhD in 1995 from the University of Montpellier (France). He is expert to the french courts since 1999 and has participated to numerous digital investigations in France and Switzerland. Since 2008 he is full professor at the University of Applied Sciences in Geneva and published papers in small scale digital device forensics and e-discovery. |
|
Se préparer pour l'inforensique en direct |
|
Martin Salois
|
|
| Abstract: L'investigation d'une attaque cybernétique est un défi énorme. Les vecteurs d'attaque sur un réseau informatique sont quasi illimités et prédire les éléments requis en cas d'incident s'avère une tâche très difficile. L'analyse de la mémoire vive est longtemps restée une source d'information négligée lors d'investigations numériques. En fait, les procédures forensiques de réponses aux incidents consistent encore très souvent à débrancher l'ordinateur afin de l'amener en laboratoire pour l'analyser. Cette pratique prive les investigateurs d'informations volatiles critiques qui auraient pu être capturées en mémoire comme, par exemple, l'analyse des connections réseaux actives, l'extraction des courriels et autres documents en rédaction, la capture des maliciels actifs en mémoire et, dans le cas d'une investigation criminelle, le contenu chiffré en cours d'utilisation. Malheureusement, les outils dans ce domaine sont loin d'être parfaits et requièrent encore beaucoup de travail. Cette présentation illustrera les constatations tirées à la mi-parcours d'un projet de trois ans amorcé avec la GRC qui consiste à définir un nouveau protocole pour l'inforensique en direct. Des recommandations seront effectuées afin de préparer les réseaux critiques pour mieux gérer les incidents à l'aide de l'inforensique en direct. |
|
| Biography: Martin Salois est diplômé en informatique de l'Université Laval, Québec, Canada, en 1997 et y a terminé une maîtrise en 1999, en collaboration avec Recherche et développement pour la défense Canada (RDDC) - Valcartier, où il travaille depuis en tant que scientifique. Le sujet de sa thèse de maîtrise et de son travail actuel est la détection et la prévention des codes malveillants dans le logiciel. Il est également intéressé par la visualisation et la compréhension des logiciels. |
|
(Reverse) Social Engineering Attacks in Social Networks |
|
Dr. Engin Kirda
|
|
| Abstract: Social network sites are some of the largest and fastest growing online services today. Facebook, for example, has been ranked as the second most visited site on the Internet, and has been reporting growth rates as high as 3% per week. One of the key features of social networks is the support they provide for finding new friends. For example, social network sites may try to automatically identify which users know each other and make friendship recommendations. In this talk, I present the first user study on reverse social engineering attacks in social networks. That is, I discuss and show how attackers, in practice, can abuse some of the friend-finding features that online social networks provide with the aim of launching reverse social engineering attacks. Our results demonstrate that reverse social engineering attacks are feasible and effective in practice. |
|
| Biography: Engin Kirda is an associate professor at the Northeastern University in Boston. Before that, he has held faculty positions at Institute Eurecom in the French Riviera and the Technical University of Vienna where he co-founded the Secure Systems Lab that is now distributed over five institutions in Europe and US. Engin is interested in systems, software and network security (with focus on Web security, binary analysis, malware detection). |
|
Building Secure Systems the First Time, Every Time |
|
 |
Dr. François
Cosquer
|
| Abstract: Combating cybercrime and protecting infrastructures and services is also an upstream battle. As motive and capability of criminals cannot be controlled, investing in reducing the opportunity for misuse and crimes is the only practical leverage. As most breaches are the results of inefficient security, controlling the surface of attacks becomes critical for the vendors community. Besides software quality - poorly defined requirements, weak design, configuration mistakes and ad-hoc testing procedures certainly play an important role in the security state of our IT and communication solutions today. The talk will present a recent initiative which integrates security throughout the end to end solutions lifecycle. Based on a collaborative knowledge-base system, the methodology allows designers, testers and auditors to maintain a clear understanding of the security posture of a given solution. The approach will be illustrated by a tool prototype demonstrating how the methodology can be partially automated. |
|
|
Biography: Dr. François
Cosquer is Head of Solutions Security for the Alcatel-Lucent Corporate
Solutions organization. He previously served as CTO Security and
Technology Strategist for the Alcatel-Lucent Enterprise Business Group.
Over the past 18 years, he has held senior positions with research
institutions, equipment vendors and telecommunications operators. He
draws on extensive experience in security architecture, networking,
operating systems, middleware and multimedia applications. He has been
speaker, panelist and chair at key industry events and conferences.
François graduated in Electronics and Computing and holds an
MSc in Computer Science and a Ph.D. in Computer Engineering. He
currently serves as Adjunct Professor at the Faculty of Engineering and
Computer Science, University of Concordia, Montreal. |
|
Pay as you Browse: Microcomputations as Micropayments in Web-based Services and its Impact on User's Privacy |
|
Dr. Aurélien
Francillon
|
|
| Abstract: Currently, several online businesses deem that advertising revenues alone are not sufficient to generate profits and are therefore set to charge for online content. We propose a complement to the current advertisement model; a micropayment model for non-specialized commodity web-services based on microcomputations. In our model, a user that wishes to access online content offered by a website does not need to register or pay to access the website; instead, he will accept to run microcomputations on behalf of the website in exchange for access to the content. We argue that this micropayment model is economically and technically viable and that it can be integrated in existing distributed computing frameworks. We analyze the security and privacy of our proposal and we show that it ensures payment for the content while preserving the privacy of users. Moreover, when replacing advertisements by microcomputations, incentives for user profiling are removed, allowing to increase user's privacy. |
|
| Biography: Dr. Aurélien Francillon is an assistant professor in the Networking and Security group at EURECOM. Prior to that he was a postdoctoral researcher in the System Security Group at ETH Zurich. He received a Master degree from Université Joseph Fourier and a PhD degree in 2009 from INRIA and Grenoble INP. His main contributions are in the security of embedded systems software, operating systems and networking. He has worked on topics such as code injection, code attestation, random number generation, hardware support for software security, error correcting codes as well as on broader security and privacy topics. He is the author of several publications in highly renowned conferences as well as a patent with ST Microelectronics and served in Wisec'11 and ACNS'11 program committees. |
|
Geolocalization of Proxied Services and its Application to Fast-Flux Hidden Servers |
|
Dr. Mohamed Ali Kaafar
|
|
| Abstract: Fast-flux is a redirection technique used by cyber-criminals to hide the actual location of malicious servers. Its purpose is to evade identification and prevent or, at least delay, the shutdown of these illegal servers by law enforcement. In this talk we will propose a framework to geolocalize fast-flux servers, that is, to determine the physical location of the fast-flux networks roots (mothership servers) based on network measurements. We performed an extensive set of measurements on PlanetLab in order to validate and evaluate the performance of our method in a controlled environment. These experimentations showed that, with our framework, fast-flux servers can be localized with similar mean distance errors than non-hidden servers, i.e. approximately 100 km. In the light of these very promising results, we also applied our scheme to several active fast-flux servers and estimated their geographic locations, providing then statistics on the locations of “in the wild” fast-flux services. |
|
| Biography: Mohamed Ali Kaafar is a permanent research scientist at INRIA Rhones Alpes in the LANETE team; Previously he was a researcher at the Run team in Liege, and received his PhD degree in computer science from Université of Nice Sophia Antipolis. He also received a Eng. and Ms degree in computer science and comp. networking from ENSI. Currently, his main research interests include Privacy Enhancing Technologies in emerging networks, Network Security and Anomaly detection and Internet Measurements for Cyber Criminality prevention. |
|
Cyber-Infiltration Targeting Pedophiles: Feedback from a Regional Criminal Investigation Department in the French Gendarmerie |
|
Dr.Frank Crispino, PhD,
MPhil,
|
|
| Abstract: If Internet virtual world could give a sense of impunity to various behaviors satisfying their deeds, habituation can also trigger passive pedophiles into active sex offenders. Notwithstanding the need to fight cyber-pedopornography as first and foremost depicting and exploiting real child victims, grooming represents another misuse of Internet with an immediate danger for adolescent prays. Consistent with the 2007 Council of Europe Lanzarote Convention, French law of March 5th, 2007 allows special trained and Justice accredited cyber-investigators of a limited number of criminal services to pose as potential victims and to infiltrate pedophile networks. After screening the legal constraints and the French law enforcement agencies organization dedicated to this task, this paper will conclude with results obtained at regional level (Aquitaine region, south west of France) after one year of practice, underlining the relevancy of such an approach to fight sexual predators. |
|
| Biography: Qualified from the University of Lausanne (MPhil& PhD), Frank Crispino is a former Cadet of the French Air Force Academy (1985), 2004 graduate from the Joint Staff College (War College) in Paris. French Gendarmerie high ranking Officer (The Gendarmerie is a French police with a military status), Colonel Crispino willl have served until August 2011 as Head of the Gendarmerie Regional Criminal Investigations Department (CID) in Bordeaux, France, in charge of investigating serious, organized international crimes and preventing terrorist incidents over an area covering two French districts. During Summer this year, he will join back the Central Forensic Criminal Center (Pôle judiciaire) as representative (chargé de mission). He served previously from 1993 to 1999 at the Institut de Recherche Criminelle de la Gendarmerie Nationale (IRCGN – Forensic Lab of the Gendarmerie) as head of the Forensic Anthropology, afterwards in charge of the Fingerprints and Latent Traces Departments. From February 1999 to Summer 2002, he headed an European project within the Oslo Agreements to provide forensic capacities to the Palestinian Authority, then Scientific and Forensic Adviser of the European Union Special Adviser Office (EUSAO) in the West Bank and the Gaza Strip on Counter-terrorism. He left the Middle East after the destruction of the Palestinian forensic assets by the Israeli Defence Forces (IDF) in 2002. Medal-holder of the Legion d'Honneur, the Ordre National du Merite and of the Gendarmerie (with a mention at Gendarmerie level), Frank is father of three, still enjoying playing rugby... |
|
La police du cyberespace : mythe ou réalité? |
|
Frédérick
Gaudreau
|
|
| Abstract: Je ferai un survol de la lutte contre la cybercriminalité au Québec, des types de cybercriminalité et des motivations des cybercriminels. J'aurai également l'occasion d'échanger avec l'ensemble des personnes présentes sur les raisons d'être d'une cyber-police. |
|
| Biography: Frédérick Gaudreau exerce le métier de policier au sein de la Sûreté du Québec depuis 1997. Il détient présentement le grade de capitaine et occupe la fonction de responsable de la division de l’intervention au sein du Service de la Surveillance Technologique de la Grande fonction des enquêtes criminelles. M.Gaudreau est représentant de la Sûreté du Québec sur plusieurs comités et groupes de travail dont le groupe de travail Fédéral / Provincial / Territorial sur la cybercriminalité, le groupe de travail Interpol sur la criminalité contre l’enfance et le Microsoft BotNet TaskForce. Il est aussi membre du comité de pilotage du Centre National de Coordination contre l’Exploitation des Enfants. Il a également représenté la Sûreté du Québec lors de plusieurs colloques et congrès au Québec, au Canada et à l’international. De plus, il est membre de l’organisme POLCYB (The Society for Policing in Cyberspace) et du National Cyber-Forensic and Training Alliance (NCFTA). Il est responsable de la branche cybercriminalité de l’organisme Francopol. Il est aussi membre fondateur et membre du conseil d’administration de l’Association Francophone des Spécialistes en Investigation Numérique (AFSIN). En ce qui concerne sa formation, M. Gaudreau complète présentement un Baccalauréat en Sécurité Publique à l’Université du Québec à Trois-Rivières. Il détient également un certificat de l’institut d’études stratégiques et internationales (2009) de l’Association Canadienne des Chefs de Police (ACCP). |
|
Cybercrime in Canada, Past Present and Trends |
|
Michael Haring
|
|
Abstract:
|
|
| Biography: Staff Seargeant Michael Haring has been a member of the C division of the Integrated Technological Crime Unit (ITCU) since 1999 and became the non-commissioned officer in charge of operations in 2008. The C division of the ITCU is responsible for computer and digital forensics for all of Quebec for federal investigations and also offers support and liaison to local police forces for specialized analysis with the RCMP Technological Crime Branch in Ottawa. In addition, the ITCU has an investigative mandate for computer crimes committed against Canadian critical infrastructure. The unit has worked several international files involving the German, French, Swiss, US, British, Belgian and Venezuelan police forces and routinely works with other police forces in Quebec and Canada, including, the Montreal police, the Sureté du Quebec and the OPP . As a member of the ITCU, Staff Sergeant Haring was the recipient of two certificates of appreciation from the FBI for work done on both the Mafia Boy file, a computer attack on several major US internet companies, and for attacks against the US Supreme Court. A member of the RCMP since 1990, he was first stationed in Kelowna, British Columbia where he was a member of the police mountain bike patrol and then of the E Division underwater recovery team, the Kelowna search and rescue team and of the Big White Police Ski Patrol. Staff Sergeant Haring has a DEC from John Abbott College, a Bachelor of Commerce from McGill and has completed training courses from the RCMP and the FBI on computing and computer intrusion. |
|
Droit Européen et Français: La lutte contre la cybercriminalité laisse-t-elle encore une place à la liberté individuelle? |
|
Me Raphaël
Peuchot
|
|
Brief on Bill C-28 – CASL |
|
Lynne M. Perrault
|
|
| Abstract: An overview of Bill-C28 otherwise known as Canada's Anti-Spam Legislation (CASL) will be presented. Special attention will be brought to the sections of the Act that fall under the enforcement purview of the CRTC. |
|
| Biography: Lynne Perrault is the Director of Electronic Commerce Enforcement at the CRTC. She is responsible for ensuring that the CRTC enforcement responsibilities designated under the new Canadian Anti-Spam legislation (Bill C-28) are met. She joined the CRTC in December 2010. Ms. Perrault is the past Executive Director of the National Cyber-Forensics and Training Alliance Canada (NCFTA Cda), a position that she held from 2008 to 2011. Previously, Ms. Perrault was a Computer Forensics Officer in the Electronic Evidence Unit (EEU) of the Competition Bureau, which is an independent Canadian law enforcement agency that investigates complaints and monitors businesses for fair practices. Formerly, she worked as Case Officer in the Fair Business Practices branch at the Competition Bureau conducting both criminal and civil investigations resulting in enforcement efforts. She has more than 20 years of rich experience in forensic case management, evidence handling, forensic techniques, electronic evidence seizure, Internet research/investigations, interviewing and statement taking, fraud investigations, infringing intellectual property and competitor Intelligence, working within the judicial system, Internet threat investigations, policy development, legislative implementation and negotiated settlements. In the past, Ms. Perrault led the 2nd largest investigative firm in Ontario, expanding into three other provinces within 5 years. As a respected leader and young entrepreneur, she was twice recognized as one of Ottawa’s top 40 executives under 40 in 1997 and 1999 and nominated for Young Entrepreneur of the Year in 1998. |
|
Le contrôle judiciaire des enquêtes en matière informatique |
|
Me. Jean-C.
Hébert
|
|
| Abstract: Si le progrès des nouvelles méthodes d’enquête – concomitant à la sophistication de la criminalité – est commandé par un souci d’accroître la répression de la criminalité, des technologies offrent aux enquêteurs des moyens de s’immiscer davantage dans la sphère d’intimité de l’individu. Les interrogations quant à la légitimité du recours à de tels moyens ne doivent pas occulter la question logique de la suffisance ou non de cette adaptation. L'interdiction faite aux agents gouvernementaux de s'intéresser de trop près à la vie des citoyens touche à l'essence même d’un État démocratique. Du coup, la vie en société crée des demandes concurrentes : soucieux de leur vie privée, les gens veulent également être protégés contre les arnaqueurs. La répression du crime et la sécurité sont des préoccupations légitimes tout aussi valables. Voilà pourquoi la Constitution canadienne admet la validité des fouilles, perquisitions et saisies non abusives. L’équilibre signifie que le droit à la protection contre les enquêtes de l'État est régi par des restrictions acceptables. Prétendre que seuls les criminels ont quelque chose à cacher n'est pas une justification à la gourmandise gouvernementale. Dans un pays libre, on ne devrait pas s'empêcher de participer à des discussions sociales par crainte que les conversations soient secrètement enregistrées et transcrites sans autorisation légale indépendante. On ne devrait pas non plus se soucier des informations consignées dans un téléphone cellulaire. La vie privée est une notion protéiforme dont le caractère raisonnable reste fluide. Sous réserve d’un éventuel braquage du pouvoir judiciaire susceptible de refroidir l’enthousiasme des agents de l’État, l’invasion de la vie privée des citoyens devient massive. Récemment, la Cour suprême du Canada (affaire Morelli) a sonné l’alerte. L’opinion majoritaire opina qu’une fouille d’ordinateur est très envahissante et attentatoire à la vie privée. En effet, cet instrument technologique contient souvent une correspondance intime, des détails financiers, médicaux et personnels. Ils révèlent même nos intérêts particuliers, préférences et propensions, enregistrant dans l’historique et la mémoire cache tout ce que nous recherchons, lisons, regardons ou écoutons sur Internet. Il arrive fréquemment que des agents de l’État entrent dans un endroit, prennent possession d’un ordinateur pour l’examiner dans un lieu inconnu et inaccessible au propriétaire. Sans supervision ni contrainte, ils vérifient tout le contenu du disque dur : courriels envoyés et reçus, pièces jointes, notes personnelles et correspondance, réunions et rendez-vous, dossiers médicaux et financiers et tout autre document téléchargé, copié, numérisé, créé et sauvegardé. Les enquêteurs examinent aussi l’historique des cyber pérégrinations d’un utilisateur, les sites consultés et ce qui est apparemment vu sur la toile — généralement de façon délibérée, mais parfois de façon accidentelle. Notre réflexion portera sur le contrôle judiciaire des enquêtes en matière informatique. Lorsque des fouilles, perquisitions ou saisies inconstitutionnelles résultent de conduites ou pratiques gouvernementales inacceptables, la considération de l’administration de la justice s’en trouve ternie. |
|
| Biography: Me. Jean-C. Hébert exerce actuellement la profession d’avocat, principalement dans les secteurs de droit criminel et pénal, droit administratif, droit professionnel et disciplinaire. Il est aussi professeur associé au département des sciences juridiques de l’Université du Québec à Montréal. Jean-C. Hébert possède une Maîtrise en droit pénal de l’Université de Montréal en 1982 et licencié en droit en 1969 de la même université. Membre du comité de la Revue du Barreau de 1976 à 2010, il a reçu en 2007 la médaille du Barreau de Montréal. Jean-C. Hébert a participé à de nombreux comités du Barreau, groupes de travail gouvernementaux et plusieurs commissions d’enquête. Il est signataire de textes dans différentes revues juridiques (plus d’une centaine de titres) et auteur d’un livre Le droit pénal des affaires (paru en 2002), d’un essai intitulé Fenêtres sur la justice (paru en 2006) et d’un nouvel essai La passion de défendre (à paraître). Jean-C. Hébert est aussi chroniqueur au Journal du Barreau du Québec et il contribue ponctuelle dans la presse écrite sur l’actualité judiciaire pour le compte de la Société Radio-Canada. |
|
Measuring the Unmeasurable: A Vulnerability-Centric Approach to Network Security Metric |
|
Lyngyu Wang
|
|
| Abstract: The security risk of a network against potential intrusions has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic. There exist some standard approaches to measuring individual vulnerabilities in a network, but incorrect compositions of such results may lead to misleading conclusions about the network's overall security. For example, a network with less vulnerabilities or a more diversified configuration is not necessarily more secure. To obtain correct compositions of individual measures, we need to first understand the interplay between network components. Such an understanding becomes possible with advances in modeling network security using attack graphs. In this talk, I will review several related work on composing individual vulnerabilities' metric scores for an indicator of the overall security of networks. |
|
| Biography: Lingyu Wang received the Ph.D. degree in information technology from George Mason University. He is an Associate Professor in the Concordia Institute for Information Systems Engineering (CIISE), Concordia University, Canada. His current research interests include database security, data privacy, vulnerability analysis, intrusion detection, and security metrics. |
|