School of Information Sciences

Information Assurance Seminar Series (Past Seminars)

This Seminar Series brings researchers and practitioners to Pittsburgh to explore emerging developments and research in the area of Information Assurance. The field of Cyber Security faces new challenges and demands on a daily basis: the iSchool hosts these seminars to expose students, faculty, and business leaders to leading edge issues, both theoretical and applied. 

Professionals and investigators who would like more information on this series, or have an idea for a topic, are invited to contact James Joshi, Lead Faculty for the Laboratory for Education and Research on Security Assured Information Systems. The seminars are open to the public.

2015

Friday, October 30, 2015

1:30 p.m. - 4:00 p.m.
IS Building, 3rd floor

"Cybersecurity Awareness Symposium"

The Cybersecurity Awareness Symposium is hosted by the School of Information Sciences Scholarship for Service (SFS) Fellows and LERSAIS.

Are you Cyber Aware of internet threats? Join us for an afternoon of free presentations and refreshments. All members of the Pitt community are welcome to attend!

PRESENTATIONS:

1:30-2:00 pm: Donald McKeon, SEI/CERT, Cryptographic Shortcomings of Vehicle Immobilizers

2:00-3:00 pm: Dr. Stuart H. Rubin, Space and Naval Warfare Systems Center (SSC), Achieving Cybersecurity Using Semantic Diversity

3:00-3:30 pm: Chris Geary, Federal Bureau of Investigation - Cyber Crimes

3:30-4:00 pm: Sean Sweeney, University of Pittsburgh - Chief Information Security Officer, NIST Cybersecurity Framework

1

Friday, October 30, 2015

2:00 p.m.
Refreshments will be served prior to the colloquium
IS Building, 3rd floor

Stuart Rubin, Senior Scientist, Space and Naval Warfare Systems Center

"Acheiving Cybersecurity using Semantic Diversity"

Abstract: Information reuse and integration is needed to provide our military forces with information dominance. This implies protecting our ever-more complex software systems from infiltration. This, in turn, requires higher-level compilers to make semantic diversity cost effective. This talk will encompass the following topics and provide for a follow-up question-answer session.

Bio: Dr. Stuart H. Rubin is a senior scientist at the Space and Naval Warfare Systems Center (SSC) in San Diego, code 71730 (Advanced Concepts & Applied Research). He was previously a tenured associate professor of computer science at Central Michigan University (CMU). He received a Ph.D. in Computer and Information Science from Lehigh University in 1988. He was previously an ONT Post-Doctoral Fellow, at NOSC, for three years. He has over 27 Assigned Navy Patents, over 273 Refereed Publications, and received SSC-PAC's Publication of the Year Awards in 2007, 2009, 2010, and 2011. He is a SIRI Fellow and serves in leadership roles in numerous IEEE technical societies.

1

Friday, September 11, 2015

2:00 p.m.
1:30 p.m., Refreshments will be served prior to the colloquium
2:00 p.m. - 3:00 p.m., Colloquium
3:00 p.m. - 3:30 p.m., Q&A session
IS Building, 3rd Floor

Fred Schneider, Samuel B. Eckert Professor of Computer Science, Cornell University

"Blueprint for a Science of Security"

Abstract: Cybersecurity today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe to ensure some attackers succeed---not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday's attacks and instead start building systems whose trustworthiness derives from first principles. Yet, today we lack such a science base for cybersecurity. That science of security would have to include attacks, defense mechanisms, and security properties; its laws would characterize how these relate. This talk will discuss examples of such laws and suggest avenues for future exploration.

Bio: Fred B. Schneider is a Samuel B. Eckert Professor of Computer Science at Cornell University, and chair of the department. Schneider currently also serves as the Chief Scientist for the NSF-funded TRUST Science and Technology Center, and on numerous boards and committees.

Schneider's research has focused on various aspects of trustworthy systems—systems that will perform as expected, despite failures and attacks. His early work concerned formal methods to aid in the design and implementation of concurrent and distributed systems that satisfy their specifications. He is author of two texts on that subject. He is also known for his research in theory and algorithms for building fault-tolerant distributed systems. More recently, his interests have turned to system security. His work characterizing what policies can be enforced with various classes of defenses is widely cited, and it is seen as advancing the nascent science base for security. He is also engaged in research concerning legal and economic measures for improving system trustworthiness.

Schneider is a frequent consultant to industry, believing this to be an efficient method of technology transfer and a good way to learn about the real problems. He provides technical expertise in fault-tolerance and computer security to a variety of other firms, including Intel, Lincoln Laboratories, and Riskive. In addition, Schneider has testified about cybersecurity research at hearings of the US House of Representatives Armed Services Committee (subcommittee on Terrorism, Unconventional Threats, and Capabilities), as well as the Committee on Science and Technology (subcommittee on Technology and Innovation and subcommittee on Research and Science Education).

1

Wednesday, April 1, 2015
7:00 p.m.
6:30 p.m., Meet the Speaker with pizza
IS Building, 3rd Floor

IEEE Communications Society meeting in conjunction with the Telecommunications & Cyber Security Seminar Series presents:

Dr. Glenn Ricart, Founder and CTO of US Ignite

The Gigabit Applications Frontier

Abstract: What end-user applications might be newly enabled in the dozens of cities being newly wired for end-user gigabit by Google, AT&T, CenturyLink, and others? What might be the impact on citizens in these cities? How might gigabit provide an unfair advantage to smart cities? How might these capabilities and applications change the architecture for what we today call cloud computing?

Bio: Dr. Glenn Ricart is founder and CTO of US Ignite, a national non-profit working closely with the White House Office of Science and Technology Policy, the National Science Foundation, and a dozen other large corporate sponsors who are working to answer these questions.

1

Friday, March 27, 2015
2:00 p.m.
1:30 p.m., Coffee reception
IS Building, Room 404

Dr. Apu Kapadia, Assistant Professor, School of Informatics and Computing, Indiana University Bloomington

Privacy in the Age of  Pervasive Cameras: When Electronic Privacy gets Physical

Abstract: Cameras are now commonplace in our social and computing landscapes and embedded into consumer devices like smartphones and tablets. A new generation of wearable devices (such as Google Glass) will soon make “first-person” cameras nearly ubiquitous, capturing vast amounts of imagery without deliberate human action. “Lifelogging” devices and applications will record and share images from people’s daily lives with their social networks. These devices that automatically capture images in the background raise new privacy concerns, and suitable techniques are needed to identify and prevent the sharing of sensitive images. I will discuss our research exploring privacy harms of pervasive cameras, understanding people's privacy perceptions and behaviors in the context of lifelogging, and two mechanisms for detecting sensitive images.

Bio: Apu Kapadia is an Assistant Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University Bloomington. He received his PhD in Computer Science from the University of Illinois at Urbana-Champaign (UIUC) in October 2005. Following his doctorate, he joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies (ISTS), and then as a Member of Technical Staff at MIT Lincoln Laboratory.

Apu Kapadia is interested in topics related to systems’ security and privacy. He is particularly interested in accountable anonymity; pervasive, mobile, and wearable computing; crowdsourcing; and peer-to-peer networks. For his work on accountable anonymity, two of his papers were named as Runners-up for PET Award 2009: Outstanding Research in Privacy Enhancing Technologies. His work on usable privacy controls was given the Honorable Mention Award (Runner-up for Best Paper) at the Conference on Pervasive Computing in 2007. Apu Kapadia has received five NSF grants, including the NSF CAREER award in 2013 and a Google Research Award in 2014.

1

2014

Friday, November 14, 2014

3:00 p.m.
2:30 p.m., Coffee reception
IS Building, Room 404

Dr. Adam Lee, Associate Professor, University of Pittsburgh

Application-Centric Access Control Analysis

Abstract: To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an absolute sense, detached from the application-specific context within which an access control scheme will ultimately be deployed. In this talk, by contrast, we formalize the access control suitability analysis problem, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of a specific application or environment. This process involves both reductions to assess whether a scheme is capable of securely implementing a workload, as well as cost analysis using ordered measures to quantify the overheads of using each candidate scheme to service the workload. We will broadly overview the theory behind this research, as well as discuss software tools that our group has developed to explore instances of this problem.

Bio: Dr. Adam J. Lee is currently an Associate Professor of Computer Science at the University of Pittsburgh, where he previously held the position of Assistant Professor (2008-2014). Prior to joining the University of Pittsburgh, he received the MS and PhD degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his BS in Computer Science from Cornell University (2003). His research interests lie at the intersection of the computer security, privacy, and distributed systems fields.  Dr. Lee's research has been supported by the NSF and DARPA, and he is an NSF CAREER award winner (2013).

1

Friday, October 10, 2014

3:00 p.m.
2:30 p.m., Coffee reception
IS Building, Room 404

Dr. Anupam Datta, Associate Professor, Computer Science & Electrical and Computer Engineering, Carnegie Mellon University

Privacy through Accountability: A Computer Science Perspective

Privacy through accountability refers to the principle that entities that hold personal information about individuals are accountable for adopting measures that protect the privacy of the data subjects. In this talk, I will cover computational treatments of this principle. This emerging research area, which my research group has played a pivotal role in developing, has produced precise definitions of privacy properties and computational accountability mechanisms to aid in their enforcement. After providing an overview of the research area, I will focus on two of our recent results in Web privacy.

First, I will present our joint work with Microsoft Research on building and operating a system to automate privacy policy compliance checking in Bing. Central to the design of the system are (a) LEGALEASE -- a language that allows specification of privacy policies that impose restrictions on how user data is handled; and (b) GROK -- a data inventory for Map-Reduce-like big data systems that tracks how user data flows among programs. GROK maps code-level schema elements to datatypes in LEGALEASE, in essence, annotating existing programs with information flow types with minimal human input. Compliance checking is thus reduced to information flow analysis of big data systems. The system, bootstrapped by a small team, checks compliance daily of millions of lines of ever-changing source code in the data analytics pipeline for Bing written by several thousand developers.

Second, I will describe the problem of detecting personal data usage by websites when the analyst does not have access to the code of the system nor full control over the inputs or observability of all outputs of the system. A concrete example of this setting is one in which a privacy advocacy group, a government regulator, or a Web user may be interested in checking whether a particular web site uses certain types of personal information for advertising. I will present a methodology for information flow experiments based on experimental science and statistical analysis that addresses this problem, our tool AdFisher that incorporates this methodology, and findings of opacity, choice and discrimination from our experiments with Google.

Bio: Anupam Datta is an Associate Professor at Carnegie Mellon University where he holds a joint appointment in the Computer Science and Electrical and Computer Engineering Departments. His research focuses on the scientific foundations of security and privacy. Datta's work contributed towards creating a computational basis for the research area of Privacy through Accountability. Specific foundational contributions include a formalization of privacy as contextual integrity, a formalization of purpose restrictions on information use, and a suite of accountability mechanisms for privacy protection. His research group produced the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule for healthcare privacy. His group's work with Microsoft Research produced the first automated privacy compliance analysis of the production code of an Internet-scale system -- the big data analytics pipeline for Bing, Microsoft's search engine.

Datta has also made significant contributions to the research area of Compositional Security. Specifically, his work led to new principles for securely composing cryptographic protocols and their application to several protocol standards, most notably to the IEEE 802.11i standard for wireless authentication and to attestation protocols for trusted computing. Datta has authored a book and over 50 other publications on these topics. He serves as Associate Editor of the Journal of Computer Security and the Journal of Computer and System Sciences, as well as the 2013-14 Program Co-Chair of the IEEE Computer Security Foundations Symposium. Datta obtained Ph.D. (2005) and M.S. (2002) degrees from Stanford University and a B.Tech. (2000) from IIT Kharagpur, all in Computer Science.

1

Friday, October 3, 2014

2:00 p.m.
1:30 p.m., Coffee reception
IS Building, Room 404

Dr. Mustaque Ahamad, Professor, Computer Science, Georgia Institute of Technology

The Growing Attack Surface: Has the Telephone Gone the Internet Way?

As telephony converges with the Internet with technologies like Voice-over IP (VoIP), it offers several benefits including richer applications and reduced communication costs. However, this convergence also enables malicious actors to use the traditionally trusted telephony channel to craft new attacks like caller-id spoofing, voice phishing, voice spam, and malware distribution for smart phones. A data-driven understanding of telephony based threats presents new and different challenges. Also, it is unclear if threat intelligence is being shared effectively across telephony and the Internet. This talk will describe early experience with setting up a telephony honeypot to better understand threats coming over the telephone. Analysis of data collected by the honeypot provides evidence of several types of attacks that have now become common. It will also describe how cross channel attacks are becoming increasingly common. Such attacks utilize both the Internet and telephony channels to  craft attacks and defraud users. The talk will end with potential defenses and how cross channel intelligence can potentially help us better defend against a variety of attacks.

Bio: Dr. Mustaque Ahamad is a professor of computer science at the Georgia Institute of Technology, and a global professor of engineering at New York University Abu Dhabi. He also serves as chief scientist of Pindrop Security, which he co-founded in 2011. Dr. Ahamad served as director of the Georgia Tech Information Security Center (GTISC) from 2004-2012. As director of GTISC, he helped develop several major research thrusts in areas that include security of converged communication networks, identity and access management, and security of healthcare information technology.  His research interests span distributed systems and middleware, computer security and dependable systems. He has published over one hundred researchpapers in these areas.  Dr. Ahamad received his Ph.D. in computer science from the State University of New York at Stony Brook in 1985. He received his undergraduate degree in electrical and electronics engineering from the Birla Institute of Technology and Science, Pilani, India.

1

Friday, September 26, 2014

2:00 p.m.
1:30 p.m., Coffee reception
IS Building, Room 404

Dr. Manish Parashar, Professor, Computer Science, Rutgers University

Exploring Clouds as Enablers of Science

Cloud computing has emerged as a dominant paradigm that has been widely adopted by enterprises. Clouds provide on-demand access to computing utilities, an abstraction of unlimited computing resources, and support for on-demand scale up, scale down and scale out. Clouds are also rapidly joining high-performance computing system, clusters and Grids as viable platforms for scientific exploration and discovery. As a result, understanding application formulations and usage modes that are meaningful in such a hybrid infrastructure, and how application workflows can effectively utilize it, is critical. In this talk, I will l explore the role of clouds in science and engineering. I will also explore how science and engineering applications can benefit from clouds and how the cloud abstraction can lead to new paradigms and practices. This talk is based on research that is part of the CometCloud autonomic cloud-computing project at the NSF Cloud and Autonomic Computing Center at Rutgers.

Bio: Manish Parashar is Professor of Computer Science at Rutgers University. He is also the founding Director of the Rutgers Discovery Informatics Institute (RDI2) and site Co-Director of the NSF Cloud and Autonomic Computing Center (CAC). His research interests are in the broad areas of Parallel and Distributed Computing and Computational and Data-Enabled Science and Engineering. Manish serves on the editorial boards and organizing committees of a large number of journals and international conferences and workshops, and has deployed several software systems that are widely used. He has also received a number of awards and is Fellow of AAAS, Fellow of IEEE/IEEE Computer Society and Senior Member of ACM. For more information please visit http://parashar.rutgers.edu/

1

Friday, September 12, 2014

3:00 p.m.
2:30 p.m., Coffee reception
IS Building, Room 404

Dr. Bradley Malin, Associate Professor, Biomedical Informatics and Computer Science, Vanderbilt University

Balancing Risk and Utility in De-identified Data Sharing

The past decade has brought forth dramatic advances in our ability to collect, share, and analyze personal data.  At the same time, information technology has enabled access to a vast quantity of personal information with relative ease.    

This is a particularly exciting time in the biomedical domain, as health information and high-throughput genome sequencing technologies become ubiquitous. Thus, as researchers push forward to make the most of new exciting opportunities, they are increasingly confronted with challenges to traditional protections for the corresponding participants.  This talk will thus review why certain protections, such as privacy through “de-identification”, appear to be eroding and how this could impact how personal information is collected, shared, and studied.  It will then illustrate that privacy may not be as dead as some have made it out to be, how protections can be measured and managed to more effectively to protect research subjects, and how computational mechanisms such as new types of cryptography may be applicable to managing and learning from big databases.  This talk will draw upon examples from the speaker’s experiences with establishing the country’s largest de-identified biorepository tied to an electronic medical record system (EMR) and directing a privacy research program for a consortia of academic medical centers conducting genomics research with EMR data.

Bio: Bradley Malin, Ph.D. is an Associate Professor and Vice Chair of Biomedical Informatics in the School of Medicine, an Associate Professor of Computer Science in the School of Engineering, and Affiliated Faculty in the Center for Biomedical Ethics and Society at Vanderbilt University.  He founded and currently directs the Health Information Privacy Laboratory (HIPLab), which develops technologies that enable privacy in the context of real world organizational, political, and health information architectures.  Of note, since 2007, he has directed a privacy research and advisory program for the NIH-sponsored Electronic Medical Records and Genomics (eMERGE) network and currently serves as co-chair of the Data Privacy Task Force of the Patient Centered Outcomes Research Institute (PCORI).  From 2010-2013, he assisted the Office for Civil Rights at the U.S. Department of Health and Human Services in the development of guidance for de-identification in accordance the HIPAA Privacy Rule.  His research on de-identification (and re-identification) has been cited by the U.S. Federal Trade Commission and featured in various popular media outlets, including Nature News and Scientific American. He is an elected fellow of the American College of Medical Informatics and a recipient of the Presidential Early Career Award for Scientists and Engineers (PECASE). He completed his education at Carnegie Mellon University, where he received a bachelor's in biology, master's in public policy and management, and doctorate in computer science.

1

Friday, September 5, 2014

2:00 p.m.
IS Building, 3rd Floor

Ron Baklarz C|CISO, CISSP, CISA, CISM, NSA-IAM/IEM, Chief Information Security Officer, Amtrak

Information Security: It's Not a Job, It's an Adventure

Chief Information Security Officer (Baklarz) will discuss his experience in CISO-roles from the Naval Nuclear Program to the U.S House of Representatives. In addition to his perspectives and experiences with each of these organizations, he will discuss information security as a vocation and the specific areas of incident response, disaster recovery, security program development, risk management, and compliance issues.

Ron Baklarz has over twenty-five years in the Information Security field developing “first-of-a-kind” information security programs within government, military, and private sector organizations including the Naval Nuclear Program, U.S. House of Representatives, Prudential Insurance Company, The American Red Cross, MedStar Health, and Amtrak. Ron is currently the Chief Information Security Officer at Amtrak and he has held various information security consulting, technical, and operational positions throughout his career.

In addition to holding professional certifications in the fields of information security and auditing, Ron earned a BS Business Management from Point Park University and MS Information Science and CAS Telecommunications both from the University of Pittsburgh.

2013

Friday, November 15, 2013

2:00 p.m.
IS Building, Room 404

Dr. Ashwin Machanavajjhala, Assistant Professor, Department of Computer Science, Duke University

Title/Abstract TBD

Bio: Ashwin Machanavajjhala is an Assistant Professor in the Department of Computer Science, Duke University. Previously, he was a Senior Research Scientist in the Knowledge Management group at Yahoo! Research. His primary research interests lie in data privacy, systems for massive data analytics, and statistical methods for information extraction and entity resolution. He is a recipient of the NSF CAREER award in 2013. Ashwin graduated with a Ph.D. from the Department of Computer Science, Cornell University. His thesis work on defining and enforcing privacy was awarded the 2008 ACM SIGMOD Jim Gray Dissertation Award Honorable Mention. He has also received an M.S. from Cornell University and a B.Tech in Computer Science and Engineering from the Indian Institute of Technology, Madras.

1

Friday, November 1, 2013

2:00 p.m.
IS Building, Room 404

Dr. Tao Zhang, Chief Scientist, Cisco Systems

Securing Large-Scale Consumer Vehicle Networks

Abstract: Vehicles are facing increasing security vulnerabilities as they become connected to the Internet and with each other. Researchers and hackers were able to modify the software on electronic control units (ECUs). They have placed unauthorized devices and software on vehicles to control a wide range of vehicle functions. More worrisome are attacks over wireless communications. Malware can propagate onto vehicle electronic systems through multiple venues. Vehicle-to-vehicle (V2V) communications will introduce another new domain of security challenges. These vulnerabilities, unfortunately, represent only the beginning of the many more challenges that must be addressed as more communication applications are brought into vehicles.

Addressing these and future vehicle security challenges requires the solutions to meet many vehicle-specific requirements. A solution must be highly scalable to support, for each automaker, millions of new vehicles each year, tens of millions of vehicles in operation, tens to over a hundred devices on each vehicle, and many more spare parts.  This list goes on. This talk will highlight these security challenges and discuss selected solutions.

Bio: Dr. Tao Zhang is the Chief Scientist for Cisco Connected cars at Cisco Systems. He is a Fellow of the IEEE. For over 25 years, he has been directing research and product development in mobile and vehicular networks. He has co-authored two books “Vehicle Safety Communications: Protocols, Security, and Privacy” and “IP-Based Next Generation Wireless Networks,” published in 2012 and 2004 respectively by John Wiley & Sons. He holds 33 US patents covering areas such as security, mobility management, information dissemination, and energy-conversing protocols for wireless, mobile ad-hoc, sensor, and vehicular networks. Dr. Zhang was a founding member of the Board of Directors of the Connected Vehicle Trade Association (CVTA) in the US. He is the Chair of the IEEE Communications Society Technical Committee on Vehicular Networks and Telematics Applications. He has been serving on editorial boards or as a guest editor for a number of leading technical journals. He has been serving on the industry advisory boards for several research organizations and has been an adjunct professor at multiple universities.

1

Friday, October 11, 2013

Noon
IS Building, Room 403

Dr. Attila Yavuz, Research Scientist, Bosch Research & Technology Center

ETA: Efficient and Tiny Authentication for Heterogeneous Wireless Systems

In this talk, we develop a new cryptographic scheme called Efficient and Tiny Authentication (ETA), which is especially suitable for resource-constrained devices. That is, ETA does not require any expensive operation at the signer side and therefore is more computationally efficient than traditional signatures. Moreover, ETA has much smaller private key, signature and public key sizes than that of its counterparts (e.g., multiple-time and online/offline signatures, pre-computed tokens). ETA is also fully tolerant to packet loss and does not require time synchronization. All these properties make ETA an ideal choice to provide authentication and integrity for heterogeneous systems, in which resource-constrained devices produce publicly verifiable signatures that are verified by resourceful devices (e.g., gateways, laptops, high-end sensors).

Bio: Dr. Attila A. Yavuz is a member of security and privacy research group within Robert Bosch Research and Technology Center North America. He joined Bosch in 2011, after he graduated from North Carolina State University (NCSU) with a PhD degree in Computer Science. He received a BS degree in Computer Engineering from Yildiz Technical University in 2004 and a MS degree in Computer Science from Bogazici University in 2006, both in Istanbul, Turkey.

1

2012

Friday, November 30, 2012

2:00 p.m.
IS Building, Room 404

Tanvir Ahmed, a Principal Member of Technical Staff with the Database Security Group at Oracle

Access Control on Data through SQL Transformation

Abstract: In relational database management systems, object privileges protect objects from injurious actions. For example, select on a table or a view.  A limitation of object privilege is that it cannot define fine-grained privileges, such as, a select privilege on a subset of the rows of a table. To enforce fine-grained access control, primarily “views” are used. In addition, a functionality of such management systems is to manage data for all forms of applications.  This requires that access control policy for data is expressed in terms of application-level operations. The main obstacle to enforcing such application-level operational and fine grained privileges is performance.  In this talk, we discuss how SQL transformation techniques are used for efficient enforcement of application-level access control policies for data. 

Tanvir Ahmed is a Principal Member of Technical Staff with the Database Security Group, Oracle, CA. He is working on Oracle Real Application Security (RAS), Oracle 12c. Oracle RAS is a database authorization solution for end-to-end application security.  He earned the B.S. degree in Computer Science from the University of Mississippi, Oxford, and the M.S. and Ph.D. degrees in Computer Science at the University of Minnesota, Twin Cities. His research areas include access control, system security, distributed systems, and software development methodologies.

Thursday, November 8, 2012

10:30 a.m.
IS Building, Room 405

Alexander Clemm, Principal Engineer, CISCO Systems.

On the Road Towards Network-embedded Management

Traditional management architectures, in which smart management applications outside the network manage "dumb" devices inside the network, are rapidly evolving.  Increasingly, management tasks are becoming embedded inside the network itself. This is driven by factors such as the need to reduce total cost of ownership, to increase network resilience and independence of outside components, and to reduce complexity for network operators.  While the first wave targeted mainly the automation of management functions at individual devices one node at a time, the focus of attention is increasingly beginning to shift towards holistic management tasks that concern the network as a whole. This presentation examines those trends in more detail and presents two examples of research projects in decentralized network-embedded management  that were conducted in cooperation between Cisco and University researchers.  The first project (with KTH/Sweden) concerns an  algorithm and protocol to support Network Threshold Crossing Alerts  to monitor aggregated status information that transcends individual network devices, such as the average link utilization across the whole network exceeding a certain threshold. The second project (with UFRGS/Brazil) concerns a system that uses a peer-to-peer algorithm to automatically place measurement probes in a network such that the number of detected service level violation across the network is maximized.  

Dr. Alexander Clemm is a Principal Engineer at Cisco. As a member of the Network Operating Systems Group's Technology Architecture team, he provides technical direction and leadership for technology that relates to manageability of Cisco networking products from original conception to delivery to the customer. This includes management instrumentation, management and programming interfaces for management applications, and networking capabilities aimed at facilitating operational tasks.  He has several dozen publications and patents in this area and is author and/or editor of several books, including "Network Management Fundamentals" and, very recently, "Network-Embedded Management and Applications".   Alex is General Co-chair of the 2013 IFIP/IEEE International Symposium on Integrated Management (IM 2013); in the past he was co-chair of Manweek (now CNSM) 2007, DSOM 2007, and the TPC of IM 2005. 

Friday, October 26, 2012

2:30 p.m.
IS Building, Room 501

Mudhakar Srivatsa, Research Scientist in the Network Technologies Department at the IBM Thomas J. Watson Research Center

Deanonymizing Mobility Traces: Using Social Networks as a Side-Channel

Abstract: Location-based services, which employ data from smartphones, vehicles, etc., are growing in popularity. To reduce the threat that shared location data poses to a user’s privacy, some services anonymize or obfuscate this data. In this paper, we show these methods can be effectively defeated: a set of location traces can be deanonymized given an easily obtained social network graph. The key idea of our approach is that a user may be identified by those she meets: a contact graph identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized users. We demonstrate the effectiveness of our approach using three real world datasets: University of St Andrews mobility trace and social network (27 nodes each), SmallBlue contact trace and Facebook social network (125 nodes), and Infocom 2006 bluetooth contact traces and conference attendees’ DBLP social network (78 nodes). Our experiments show that 80% of users are identified precisely, while only 8% are identified incorrectly, with the remainder mapped to a small set of users.

Bio: Dr. Srivatsa is a Research Scientist in Network Technologies Department at IBM Thomas J. Watson Research Center. He received his PhD in Computer Science from Georgia Tech. His research interests primarily include network analytics and secure information flow. He serves as a technical area leader for Secure Hybrid Network research in US/UK International Technology Alliance in Network and Information Sciences and as a principal investigator for Information Network Research in Network Science Collaborative Technology Alliance where he is working on adversarial analysis of co-evolving networks (social, information, and communication).

Friday, October 19, 2012

1:30 p.m.
IS Building, Room 501

Dr Surya Nepal, Principal Research Scientist, CSIRO ICT Centre

Social Media and E-Government

Abstract: Over the years, governments have diversified their online services and increased their online engagement with citizens. Increasingly, social media technologies are playing an important role in the way government and citizens interact. In partnership with the Australian Government's Department of Human Services (referred thereafter as DHS), we are trialling specific social media technologies, namely an online community and a social media monitoring tool, to see if it could serve as an effective way to support specific groups of citizens and the service delivery arm of the government. In this seminar, we present the design of these tools and corresponding underlying research problems such as trust model, recommender system, visualisation and bootstrapping and sustainability of the community. We also present the initial results.   

Bio: Dr Surya Nepal is a Principal Research Scientist at CSIRO ICT Centre, Australia. He is a research team leader of "Distributed Systems" team. His main research interest is in the development and implementation of technologies in the area of service-oriented architectures, web services, cloud computing and social networks. He received his PhD from RMIT University, Australia and MSc from AIT, Thailand. He has published several journal and conference papers in the areas of multimedia databases, web services and service-oriented architectures, and security, privacy and trust in collaborative environment, cloud computing and social networks. In Recent years, Dr. Nepal has been working on the project of delivering citizen centric services. He is also a programme committee member in many international conferences. Dr. Nepal is currently the secretary of service science society, Australia.

Friday, September 21, 2012

1:00 p.m.
IS Building, Room 501

Fabio Maino, Distinguished Engineer at Cisco

Locator/ID Separation Protocol (LISP):  security consideration in the design of a next generation network architecture

Abstract: The Locator/ID Separation Protocol (LISP) is an open IETF experimental standard that, by introducing a level of indirection, effectively decouples identity from location by using two different IP addresses that belong to two different namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. This talk, after providing an introduction to LISP and describing the use cases to which it applies, will focus on the security considerations that are leading the design of the LISP security architecture.

Bio: Fabio Maino is a Distinguished Engineer at Cisco, where he leads an amazing team of engineers dedicated to a simple task: make Internet better by adding one level of indirection, LISP. After receiving his PhD in Computer and Network Security from Politecnico di Torino, Italy, Fabio moved to California to join Andiamo System that was later acquired by Cisco. While in Andiamo Fabio designed the security layer of the Fibre Channel architecture, implemented in what became the Cisco MDS 9000 family of storage switches. Fabio is one of the main architects of Cisco Trustsec, and is an active contributor to multiple standardization bodies.

2011

Wednesday, October 26, 2011

2:30 p.m.
IS Building, Room 411

Bill Claycomb, Senior Member of Technical Staff at Carnegie Mellon University’s Software Engineering Institute & Lead Research Scientist for the CERT Enterprise Threat and Vulnerability Management Team

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Since 2001, the CERT Insider Threat Center has collected and analyzed over 700 actual cases of insider crimes involving fraud, IT sabotage, theft of intellectual property, and national security espionage. Using data-driven empirical analysis of socio-technical insider activity, CERT has developed system dynamics based models to describe interactions between insiders and their environment.  This talk will detail CERT’s research on insider threats, explain the models we have developed, and explore difficult issues such as measuring the impact of insider crime.  This talk will also include demonstrations of insider activity as well as a discussion of technical controls that could be implemented to prevent or detect such activity.

Friday, October 28, 2011

Noon
IS Building, Room 405

Dr. Gabriel Ghinita, Assistant Professor, Department of Computer Science, University of Massachusetts, Boston

Geometric and Cryptographic Transformations for Private Matching of Spatial Datasets

Co-hosted by the 2011 Telecommunications Seminar Series

Abstract: Private matching (or joining) of spatial datasets is crucial for applications where distinct parties wish to share information about nearby geo-tagged data items. To protect each party's data, only joined pairs of points should be revealed, and no additional information about non-matching items should be disclosed. Previous research efforts focused on private matching for relational data, and rely either on space-embedding or on SMC techniques. Space-embedding transforms data points to hide their exact attribute values before matching is performed, whereas SMC protocols simulate complex digital circuits that evaluate the matching condition without revealing anything else other than the matching outcome. However, existing solutions have at least one of the following drawbacks:
(i) they fail to protect against adversaries with background knowledge on data distribution;
(ii) they require a non-colluding third party to assist in the matching;
(iii) they compromise privacy by returning false positives; and
(iv) they rely on complex and expensive SMC protocols.
In this talk, I will introduce two approaches to perform private matching on spatial datasets. First, I will discuss a geometric transformation that still requires a non-colluding third party, but it is efficient and it is not vulnerable to background knowledge attacks. Next, I will present a two-party protocol based on homomorphic encryption that eliminates the need for a third party, and provides strong privacy guarantees in the semi-honest model.

Bio: Dr. Gabriel Ghinita is an Assistant Professor with the Department of Computer Science, University of Massachusetts, Boston. His research interests lie in the area of data security and privacy, with a focus on privacy-preserving transformation of microdata, private queries in location-based services and privacy-preserving sharing of sensitive datasets. Prior to joining the University of Massachusetts, Dr. Ghinita was a research associate with the Cyber Center at Purdue University, and a member of the Center for Education and Research in Information Assurance and Security (CERIAS). He also held visiting researcher appointments with the National University of Singapore, Chinese University of Hong Kong and Hong Kong University. Dr. Ghinita has served as reviewer for top journals and conferences such as IEEE TPDS, IEEE TKDE, IEEE TMC, VLDBJ, VLDB, WWW, ICDE and ACM SIGSPATIAL GIS.

Colloquia

It is part of the School's mission to disseminate research ideas and findings through Colloquia. New students and faculty enjoy this vibrant intellectual community.