Research Slides from Attendies

Research Summaries from Attendies

 

Mark Perry mperry@uwo.ca

 

Although I have done some minor work in cybersecurity from the CS perspective (on secure agents, transactions and e-trading systems), for this workshop I am interested particularly in the overall picture of security policy.... balancing legal, technological, and practical needs. I would like to say something about the need for using FLOSS in key 'democratic' systems as a means of ensuring security (eg voting systems). Furthermore regulation of software could also be addressed.

 

David Skillicorn skill@cs.queensu.ca

 

I work in counterterrorism. The two main thrusts of my work are:

 

1. Detecting outliers in data when the outliers are actively trying to look like

    everyone else. We have shown that one way to make the problem easier

    is to deploy obvious analysis/surveillance. Ordinary people tend not to

    react much to this; those with something to hide do react (subconsciously

    at least). This acts to differentiate them more widely from the innocent.

    This has applications in other areas such as fraud detection and criminal

     investigation as well (indeed this idea is one of the staples of e.g.

     border surveillance).

 

2. Detecting intellectual and emotional state via leakage into written and

    spoken text. CS people have tended to concentrate on the content words

    in text as markers. There is now some work from psychology showing that

    the non-content words can be strong markers for certain kinds of behaviours

    of interest in a security setting, for example deception. We are looking at

    how well these models hold up in the context of email (the Enron email

    dataset) and web content (for example Hansard).

 

Patrick Hung Patrick.Hung@uoit.ca

 

 

 Patrick C. K. Hung has been an Assistant Professor at the Faculty of Business and Information Technology since July 2004. He is currently collaborating with Boeing Phantom Works (Seattle, USA) on an industrial security research project, and he has filed one US patent application "Mobile Network Dynamic Workflow Exception Handling System" with Boeing so far. He also holds NSERC Discovery Individual Grant "M-services computing security and privacy enforcement model" in 2005-2008.He has also been a visiting PhD student at RSA Laboratories West at San Mateo, California.

 

Research Interests: Security and Privacy, Services Computing, Business Process Integration and Management, Electronic Negotiation and Agreement.

 

Hugh Cowie Williams williams@math.ucalgary.ca

 

I am already a member of FISIC and I am the Director of CISaC , the University of Calgary's Centre for Information Security and Cyptography.  I will be representing the research interests of the members of CISaC at the meeting.  These interests are numerous and are best seen by going to the CISaC website at:  www.cisac.math.ucalgary.ca.

They are summarized in CISaC's Mission Statement:

 

CISaC's objective is to conduct multi-disciplinary research into all aspects of information protection, including mathematical foundations, secure communication and cryptography, quantum information science, privacy, and the security of computer networks, software, and hardware. This work ranges from abstract theory to software development and hardware fabrication, and means that membership in CISaC by individuals representing a wide variety of disciplines is essential.

 

We seek to foster cooperation between academia, industry and government in the research and development of tools for information security. The centre will promote such by involving students from undergraduate to post-doctoral levels, as well as faculty from the University of Calgary and other academic institutions. Further goals involve training students in cryptography and information security, thereby equipping them with suitable skills to find meaningful employment in these areas, as well as educating the public about the ever-growing challenges involved in protecting our private information from unauthorized intrusions.

 

José M. Fernandez jose.fernandez@polymtl.ca

 

I am an assistant professor in the Department of Computer Engineering of

the Ecole Polytechnique de Montreal, hired in 2004.  Here, I have started research efforts in Computer Network Security with colleagues and students in our department.  The main areas of current research include quantitative modelling of DoS-attack and protection strategies, mobile agent-based and evolutionary network protections, protection against DoS attacks in ad-hoc networks, and network malware modelling

and analysis.  All of these are new research efforts and yet

unpublished, my previous academic life (and publications) being in

Quantum Computing (Ph.D.) and Cryptography (M.Sc.).  In my previous

"industrial life", I have been a project manager in software development, a systems manager, and a computer security specialist, for both public and private sector.  I am presently a member of the board (in charge of conference scheduling) of the "Association de la sécurité de l'information du Montréal Métropolitain" (ASIMM, www.asimm.org), a

non-profit organisation with the mandate of fomenting awareness and

education in Information Security.

 

Stephen W Neville Stephen.Neville@ieee.org

 

I am a research in the University of Victoria's ECE department and my primary research interests are in the are of systems-level cyber-security and privacy research particularly focused to issues occurring within corporate-scale networks. I am currently constructing a $500k cyber-security research facility funded through the CFI New Opportunities grant program specifically focused on recreating corporate-scale network traffic environments up to full 1 Gbps  bandwidths. If possible I would be interested in giving a short mini-presentation about this facility at the workshop

 

Mourad Debbabi debbabi@encs.concordia.ca

 

At the Concordia Univeristy, I am part of the Computer Security Laboratory. We

are very active in IT security. We are doing research on various aspects

including: Crypto-protocol specification and validation, malicious code

detection, security analysis and hardening of free and open source software,

security design patterns, security evaluation techniques and cyber forensics.

 

Lewis Robart Robart.Lewis@ic.gc.ca

 

My name is Lewis Robart, Industry Canada, and I and my colleague David Gibson will be attending the Cybersecurity workshop of CASCON 2005 on October 17. We work within the Spectrum Engineering Branch of Industry Canada, specifically within the IP Telecom and Security Group.

 

Our group's overall objective is to ensure reliable telecommunications services, through engineering investigation and analysis of emerging technologies. We accomplish this objective through academic partnerships, industry collaboration, standards development, and engineering analyses within our Protocol Analysis Laboratory.

 

The group encourages and promotes research interests in network security amongst Canadian academia through engineering studies of advanced tools, techniques and methodologies for protocol design and network protection. In addition, academic partnerships have investigated security of wireless LAN systems and intrusion detection and prevention systems.

 

Industry collaboration helps increase industry awareness of telecommunications issues and promotes security related products, tools, and methodologies. Canadian industry competitiveness is improved through deployment of secure telecommunications systems through best practices and standards. Transfer of results from technical investigations leads to new products/processes and product improvements. Our relationship with academic partners helps transfer knowledge, expertise and skilled academics from universities to Canadian high tech industries. Industry collaboration helps our group drive international standardization efforts.

 

Our group also influences standards directions and content. We present analysis findings to contribute in building a more secure global telecom infrastructure. We participate in a broad range of national, regional and international Standards Development Organizations, including the ITU-T SG13 (NGN) and SG17 (Security). We use the standards activities to help guide our work and to shape our understanding of the industry directions.

 

Nadia Tawbi tawbi@ift.ulaval.ca

 

My research interests related to security are:

 

 

Urs Hengartner uhengart@cs.uwaterloo.ca

 

Our research is in the area of information privacy for future

computing environments, such as pervasive computing or sensor

networks.  We have found that existing techniques for controlling

access to information are not sufficient in these new environments and

that they can easily lead to privacy violations.  For example, there

might be complex types of information, such as a person's calendar

entry, which could leak other kinds of information, such as her or

other people's current location.  Furthermore, access decisions could

be constrained based on confidential information about an individual's

context and could leak this confidential information.  We have

addressed these challenges by introducing several new concepts, such

as information relationships, which allow us to make access control

aware of the semantics of information.  Furthermore, we have studied

how to avoid privacy violations caused by confidential

context-sensitive constraints and how to increase a client's privacy

when using context-sensitive services.

 

Andrew Patrick Andrew.Patrick@nrc-cnrc.gc.ca

 

I am a Senior Scientist at the National Research Council of Canada and

an Adjunct Research Professor in the Department of Psychology at

Carleton University. My research area is the human factors of

technology and human-centric service design. My current research

interests include developing interfaces for effective and usable

privacy systems, trust decisions in privacy and e-commerce contexts,

and the usability and acceptance of security systems. More information

about my research activities and recent papers can be seen at

www.andrewpatrick.ca.

 

Michel Barbeau michel.barbeau@sympatico.ca

 

My interests: Wireless security, intrusion detection, threat assessment, radio frequency fingerprinting, mobility profiling.

 

Ashraf Matrawy amatrawy@sce.carleton.ca

 

 

 

 

Rene Struik RStruik@certicom.com

 

Securing adhoc wireless sensor networks
 
Communications between static and moving devices in these networks is based on radio transmissions, typically operating in unlicensed frequency bands, e.g., 868/915 MHz and 2.4 GHz, and might involve single-hop or multi-hop message routing. From a security perspective, wireless ad-hoc networks are no other than 802.11 WLAN or any other wireless network, in that these are vulnerable to passive eavesdropping attacks. The very nature of ad-hoc networks and cost objectives for these impose additional security constraints, however, which perhaps make these networks the most difficult environments to secure: devices are low-cost devices with limited capabilities, in terms of computing power, available storage, and power-drain, and cannot be assumed to have a trusted computing base aboard, nor a high quality random number generator; communications cannot rely on the online availability of a fixed infrastructure and might involve short-term relationships between devices that may never have met before – so-called promiscuous behavior. These constraints might severely limit the choice of cryptographic algorithms and protocols and would influence the design of the security architecture, since the establishment and maintenance of trust relationships between devices needs to be addressed with care. In addition, battery lifetime and cost constraints put severe limits on the security overhead these networks can tolerate, something that is of far less concern with higher bandwidth networks, such as 802.11 WLAN.