Keynote Speakers:
Inaugural Speaker: Ravi Sandhu, University of Texas at San Antonio.
Speaker #1: Moti Yung, Google.
Speaker #2: N. Asokan, Nokia Research Center.
Speaker #3: John Dickson, Denim Group, Ltd.
Inaugural Keynote:
When: 8:30 AM-9:30 AM, Feb 21, 2011 (day 1).
Ravi Sandhu
Executive Director and Lutcher Brown Endowed Chair in Cyber Security
Institute for Cyber Security, University of Texas at San Antonio
Title:
The Challenge of Data and Application Security: Are We Up to It?
Bio:
Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He is Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and founding General Chair of the ACM Conference on Data and Application Security and Privacy. He previously served as founding Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial board for IEEE Internet Computing. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies and chaired their Steering Committees for many years. He has served as General Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 20 security technology patents. At the Institute for Cyber Security he leads multiple teams conducting world-leading research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance and botnet analysis and detection, in collaboration with researchers all across the world. His web site is at www.profsandhu.com.
Keynote #1:
When: 9:30 AM-10:30 AM, Feb 21, 2011 (day 1).
Moti Yung, Reseach Scientist, Google.
Title:
Key Dependent Message Security: Recent Results and Application.
Abstract:
TBD.
Bio:
TBD.
Keynote #2:
When: 8:30 AM-9:30 AM, Feb 22, 2011 (day 2).
N. Asokan, Distinguished Researcher, Nokia Research Center.
Title:
Old, New, Borrowed, Blue -- A perspective on the evolution of mobile platform security architectures.
Abstract:
In the past few years, there has been a dramatic increase in the popularity of the category of mobile phones commonly known as "smartphones." Consequently there is increased interest in the security and privacy research community in "smartphone security". All dominant smartphone platforms, or more generally, mobile phone application platforms, incorporate platform security architectures that are widely deployed. In this talk I will briefly explain the reasons why mobile platform security schemes have seen such widespread deployment and go on to discuss and compare some of them in more detail. Based on this analysis I will point out some open problems and possible future directions. The talk is based on joint work with colleagues at Nokia.
Bio:
N. Asokan is a Distinguished Researcher in security with the Radio Systems Laboratory at Nokia Research Center. His primary research interest has been in applying cryptographic techniques to design secure protocols for distributed systems. Recently, he has also been investigating the use of Trusted Computing technologies for securing endnodes, and ways to make secure systems usable. He received his doctorate in Computer Science from the University of Waterloo. For more information about Asokan's work see his website at http://asokan.org/asokan/.
Keynote #3:
When: 8:30 AM-9:30 AM, Feb 23, 2011 (day 3).
John Dickson, Principal, Denim Group, Ltd.
Title:
Software Security: Is OK good enough?
Abstract:
Widely publicized breaches regularly occur involving insecure software. This is due to the fact that the vast majority of software in use today was not designed to withstand attacks encountered when deployed on hostile networks such as the Internet. What limited vulnerability statistics that exist confirm that most modern software includes coding flaws and design errors that put sensitive customer data at risk. Unfortunately, security officers and software project owners still struggle to justify investment to build secure software. Initial efforts to build justification models have not been embraced beyond the most security conscious organizations. Concepts like the “Rugged Software” are gaining traction, but have yet to make a deep impact. How does an organization – short of a breach – justify expending critical resources to build more secure software? Is it realistic to believe that an industry-driven solution such as the Payment Card Industry’s Data Security Standard (PCI-DSS) can drive secure software investment before headlines prompt government to demand top-down regulation to “fix” the security of software?
This presentation will attempt to characterize the current landscape of software security from the perspective of a practitioner who regularly works with Fortune 500 chief security officers to build business cases for software security initiatives. Given the current status of software security efforts, and the struggles for business justification, industry would be well-served to look further afield to other competing models to identify future justification efforts. There is still much that can be learned from models outside the security and information technology fields. For example, the history of food safety provides lessons that the software security industry can draw from when developing justification models. We can also learn from building code adoption by earthquake-prone communities and draw comparisons to communities that have less rigorous building codes. Finally, we can learn much from certain financial regulations that have or have not improved confidence in our financial system.
Bio:
John Dickson is a principal at Denim Group, Ltd. and a Certified Information Systems Security Professional (CISSP) whose technical background includes hands-on experience with application security, intrusion detection systems and telephony security. He helps Chief Security Officers of Fortune 500 and Federal organizations launch software initiatives and has served as Chief Information Security Officer for a major healthcare organization. John Dickson is a former U.S. Air Force officer who specialized in network defense and command and control while on active duty and Air Force Reserves. He joined Denim Group after holding several leadership positions at SecureLogix Corporation, including Regional Vice President of International Operations and Director of Consulting. Before SecureLogix, John specialized in security architecture development, electronic commerce, corporation information protection, and intrusion detection as a Manager with KPMG's Information Risk Management consulting practice in Dallas. He was a consultant with Trident Data Systems, a Los Angeles-based network security consulting firm, prior to his tenure with KPMG. His experience at Trident included network penetration projects, firewall project management and enterprise security reviews. He also founded and operated one of San Antonio's first Internet Service Providers, Onramp Access, from 1995 to 1997.