Paul Van Oorschot
Carleton University
Title: Information Security 2105
Abstract:
Security
technologies addressing Internet-related threats have a poor track record
against emergent problems. Recent examples include zero-day worms, DDoS, large-scale spam, identity theft, and botnets. We expect a continuing stream of increasingly
sophisticated, financially-motivated threats. Will Internet e-commerce survive?
Will Internet security be better or worse in ten years? We make some
projections, in a general-level talk.
Bio:
Paul Van Oorschot (Ph.D. Waterloo, 1988) is a Professor in the
School of Computer Science at Carleton University, and Canada Research Chair in
Network and Software Security. He is the founding director of Carleton's Digital
Security Group. He has worked in research and development in cryptography and
network security, including at Bell-Northern Research (Ottawa), and Entrust Technologies (Ottawa) as VP, Chief
Scientist, and Chief Security Architect. He is co-author of the standard
reference Handbook of Applied Cryptography, and serves regularly on
international conference program committees in security and
cryptography.
Bob Blakley
IBM
Abstract:
Simplicity, Reconciliation, and Security
Bio:
Bob
Blakley is chief scientist for Security and Privacy at
IBM. He was general chair of the 2003 IEEE Security and Privacy Conference and
has served as General Chair of the New Security Paradigms Workshop. He served on
the National Academy of Science's study group on Authentication Technologies and
Their Privacy Implications. He was named Distinguished Security Practitioner by
the 2002 ACM Computer Security and Applications Conference (ACSAC), and serves
on the editorial board for the International Journal of Information Security
(IJIS). Bob Blakley was the editor of the OMG CORBA
security specification, and is the author of "CORBA Security: An Introduction to
Safe Computing with Objects", published by Addison-Wesley. Blakley was also the editor of the Open Group's
Authorization API specification and the OASIS Security Services Technical
Committee's SAML specification effort. Blakley has
been involved in cryptography and data security design work since 1979 and has
authored or co-authored seven papers on cryptography, secret-sharing schemes,
access control, and other aspects of computer security. He holds nine patents on
security-related technologies.
Bill Aiello
University of British Columbia
Title: Enterprise Security: A Community of Interest
Based Approach
Abstract:
In this talk we
first argue that the best leverage points for defenses against worm attacks are
within enterprise networks rather than within ISPs, and we then describe an
architecture for enterprise worm defense. As a starting point, note that most
scanning worms succeed because hosts, such as desktop machines, are
inadvertently listening on a vulnerable port even though they are not a server
for that port's service. Thus,
propagation of a worm can occur from desktop to desktop within an
enterprise. But if a policy for
such inappropriate intra-enterprise communication could be defined and enforced,
the spread of such worms could be seriously curtailed. The enforcement of such intra-enterprise
host-to-host traffic filtering rules can engineered
into modern switches. But even with
such a physical security architecture in place,
defining such fined-grained traffic filtering rules presents a significant
challenge. The design space for
such a set of rules can be captured by three principle axes: security,
usability, and manageability. If
one envisions designing and deploying an enterprise network, including all
hardware and software, from the ground up, it may be possible to design and
enforce quite rigid internal-to-internal communication policies. But our work
does not require such a greenfield
approach. Rather it is aimed at a brownfield
environment-an existing large, complex enterprise network. In this talk, we present methods for
automatically generating filtering policies based on several weeks of training
data. Of course, a history-based
approach may block a perfectly legitimate communication if it didn't occur in
the training period, which is undesirable. To handle such possibilities, our
policies have two components. The first is a profile. This is a set of rules
defining which internal-to-internal packets are allowed. Several of the policies
we introduce allow for a specified rate of out-of-profile communication. The
rate, and the action to take when the rate is exceeded
is given by the throttling discipline (TD), which comprises the second component
of our policies. In the talk we
will describe an analysis of the usability and the security, and the tradeoffs
between them, of several natural profiles and throttling
disciplines.
This is joint work with C. Kalmanek, P. McDaniel,
S. Sen, O. Spatcheck, and J.
Van der Merwe
Bio:
After a postdoctoral fellowship in the Lab
for Computer Science at MIT, he joined Bell Communications Research where he
stayed for nine years working in complexity theory, parallel and distributed
computing, and cryptography. He
joined AT&T Research Labs in 1998 and was Director of Network Security
Research from 1999 through 2004.
This past January 2005 he assumed the Headship of the Department of
Computer Science at the University of British
Columbia.
His current research interest include
cryptography, networking, and network security.
John McHugh
Dalhouse University
Title:
Network Awareness and Network Security
Abstract:
Routine acquisition
and aggregation of network data offers an opportunity to understand some of the
forces that drive the internet. It also offers an opportunity to detect and
understand a variety of phenomena that are related to overtly questionable or
malicious activities on the part of network users and abusers. In
this talk, I will summarize a variety of large and small scale observations that
have resulted from such monitoring activities and suggest a program of future
research that we wish to carry out. Key to both the past and future work is the
choice of suitable abstractions for the representation of both data and analysis
results. The talk will also consider some of the issues associated with the
management of the quantities of the data involved as well as techniques for
analyzing the data and presenting the analysis results.
Bio:
John
McHugh is a professor and Canada Research Chair in Privacy and Security at
Dalhousie University in Halifax, NS
where he also directs the Privacy and Security Laboratory. Before joining the
faculty at Dalhousie, he was a senior member of the technical staff at the
CERT Coordination Center, part of the Software Engineering Institute at
Carnegie
Mellon University where he did research in
survivability, network security, and intrusion detection. He was also affiliated
with CyLab and the Center for Wireless and Broadband
Research, both part of the Department of Electrical and Computer Engineering at
CMU. Prior to joining CERT, Dr. McHugh was a professor and chairman of the
Computer Science Department at Portland
State University in Portland, Oregon where he held a Tektronix
Professorship. He has been a member of the research faculty at the
University of North Carolina and has taught at UNC and at Duke University. For a number of years,
Dr. McHugh was a Vice President of Computational Logic, Inc., a contract
research company formed to further the application of formal methods of software
design and analysis in support of security and safety critical systems.
While at CLI, he developed tools for the analysis of covert channels in
multilevel secure systems and worked on the problems associated with the
efficient implementation of formally specified systems. He has also worked
for the Research Triangle Institute, the Naval Research Laboratory, the National
Oceanic and Atmospheric Administration, the University of Minnesota, and the U.S. Patent Office. Dr.
McHugh received his PhD degree in computer science from the
University of Texas at Austin. He has a MS degree in computer
science from the University of
Maryland, and a BS degree in physics
from Duke
University.
Elias
Levy
Symantec
Title:
Dionaea: On the automatic collection of malicious code
samples through honey pot farms.
Abstract:
Threat
intelligence is the beginning of any attempt at threat mitigation. In this talk Mr. Levy will present the
architecture of Symantec's automated malicious code sample collection honey pot
farm, which has been in operation for over two years. He will discuss its
history and the challenges it faces.
Bio:
Elias
Levy is a security architect for Symantec Security Response, where he has been
designing honeypot and IDS/IPS testing technologies
since 2002. From 1999 to 2002, Levy was cofounder, CTO, and spokesperson of
SecurityFocus, which Symantec acquired in 2002. While
there he designed the company's vulnerability and malicious code databases, and
the DeepSight Alert Services and Threat Management
System technologies. From 1996 to 2001, Levy was the moderator of the Bugtraq vulnerability disclosure mailing list. For his work
in Bugtraq he was named in the top ten most
influential person of the decade in the computing industry by Network Computing
magazine. Levy is an editorial board member of the CVE (Common Vulnerabilities
and Exposures) and co-edits and writes the Attack Trends column of the IEEE
Privacy & Security magazine.
Roundtable Discussion: Spear-heading a Canadian Security Research Network
Discussion Leader: Jim Brookes, MITACS
Abstract:
Canada
has an opportunity to take a leadership position in Information Security
research. There is a strong base of academic researchers at universities across
the country as well as a growing group of Canadian companies offering
information security products and services. In addition, FISIC, the Forum for
Information Security Innovation in Canada, is a national security forum
with a mission to accelerate Canadian innovation in information security by
supporting advanced research, collaboration, education and innovative commercial
solutions. This session will
involve an overview of FISIC and a roundtable discussion of opportunities for
experts from universities, industry and government to come together to form a
national research network.
Bio:
Jim
is the Chief Operating Officer for MITACS, a Network of Centres of Excellence for the Mathematical Sciences
addressing issues in key sectors of the nation's economy, including information
security. Jim previously worked in the telecommunications sector with BC Tel,
Stentor and TELUS, including the position of VP of
Local Services (BC Tel/TELUS) where he grew a $2 B market and VP of Business
Transformation (TELUS). Jim has testified as an expert witness at several
landmark regulatory proceedings. Jim has a B.A. and M.A. in Economics from
Simon
Fraser University. Jim is a member of the Board of
Directors two high technology start-ups, and several other organizations.