EECE 412: Guest Lectures and Case Studies

September 25, 18:00-18:50

Speaker: Prof. Ian Blake, UBC

Title: Applications of cryptography to online auctions and games

Abstract:

Speaker Biography: Ian Blake received his undergraduate education at Queen's University in Kingston, Ontario and his Ph.D. at Princeton University in New Jersey. From 1967 to 1969 he was a Research Associate with the Jet Propulsion Laboratories in Pasadena, California. From 1969 to 1996 he was with the Department of Electrical and Computer Engineering at the University of Waterloo where he was Chairman from 1978 to 1984. He has spent sabbatical leaves with the IBM Thomas J. Watson Research Center, the IBM Research Laboratories in Switzerland and M/A-Com Linkabit in San Diego, California. From 1996-1999 he was with the Hewlett-Packard Labs in Palo Alto, California. He is a Fellow of the IEEE, a Fellow of the Institute for Combinatorics and its Applications and a member of the Association of Professional Engineers of Ontario.

Spetember 27, 18:45-20:00

Notes:

1. Note different time and location: 18:45-20:00
2. Location: Room 282/284 , BCIT Downtown Campus (555 Seymour Street - NW corner of Seymour and Dunsmuir)
3. Welcome time starts 6:00 PM.
4. Register and find location and direction to the lecture venue here.

Speaker: Kai Axford, Microsoft

Title: Identifying Computer Attacks: Tips, Tricks and Tools

Abstract: Identifying Computer Attacks: Tips, Tricks and Tools - It couldn't happen to you. You've been to all the classes. You've read through the volumes of security guidance. No way is this morning's newspaper headline correct. You have that sick feeling in your stomach: "My network has been hacked. My boss wants answers. What do I do now?" Check out this informative and entertaining session as Kai Axford demos the how and why attacks occur. He'll also show you the tools you need to properly identify an attack and gather forensic evidence. You will learn how to detect and trace network intrusions and see some of the popular forensics tools that can help you gain valuable information about the attack.

Speaker Biography: Kai Axford (CISSP, MCSE-Security) is a Senior Security Strategist with Microsoft's Security Technology Unit and has been with Microsoft for 7 years. His initial position was as a Support Engineer on the Windows Server Support Team. In 2000, Kai joined the Microsoft Sales organization and began working exclusively with the IT Pro community as a TechNet Events presenter. In 2003, Kai took the role of TechNet Security Lead and helped launch Microsoft's Security Mobilization Initiative. During that time, Kai presented with Microsoft CEO, Steve Ballmer, at the Security Summit in Toronto. In 2004, Kai received a Microsoft Circle of Excellence Award for personally speaking to more than 28,000 IT Pros about information security. Kai is a frequent speaker at security summits, TechNet events, and college campuses in the U.S. and Canada. In addition, Kai is an active Technical Editor with Microsoft's Security Content Review Board, which evaluates all Microsoft security guidance and publications. He is especially interested in digital forensics and incident response. He is pursuing an MBA in Information Assurance from the University of Dallas. Kai is a member of the North Texas chapter of the Information Systems Security Association (ISSA) and the recipient of the 2006 "Rising Star" award from the Information Security Executive council. Prior to Microsoft, Kai served as a Weapons Squad Leader with the U.S. Army's elite 75th Ranger Regiment and was a primary leader in several real-world security related operations. Originally from Wisconsin, Kai is a huge Green Bay Packers fan. When he is not configuring his intrusion detection system, Kai is a goaltender for the Microsoft Texas ice hockey team. He is based in Dallas, Texas (where he finds the heat overwhelming).

October 4, 18:00-18:50

Speaker: Gordon Ross

Title: Biometric Authentication

Abstract: The talk goes over the brief history of the biometric technology, the various type that are being used today, both commercially and privately and then the talk gets into some of the issues around the technology. While it may be used for access control, there are various issues one has to take into consideration when adopting this technology. It is now being offered in various notebooks and other parts of society but there are many concerns one should be aware of before jumping into this.

The talk discusses the main types that are currently available and gaining use in society today and some of the issues around them:

• Fingerprint,
• Retinal/Iris Scanning
• Voice
• Facial
• Signature
• Keystroke Dynamics.

Speaker Biography: Mr. Ross created, developed and designed the first filtering software for the internet and led the development of additional Internet and Biometric security products.  He established a solid market and brand leadership, beginning with the industry's first filtering product - Net Nanny® and also the world’s first commercially available “pure” software biometric product called “BioPassword®.  Since then, he has expanded the development of Filtering and Biometric and other security technology to perpetuate his vision and mission of providing powerful tools that allow users options and flexibility in protecting their Digital Information, Intellectual Property, and Privacy.

Prior to Net Nanny Software International Inc., Mr. Ross developed expertise in information flow, securing telecommunication systems, routing, access control and network management while working as a traffic engineer and manager at TELUS (formerly BC Tel.), the largest Verizon operating company in Canada.
As the Network Systems Manager, he was responsible for overseeing the development of the company's multi-million dollar NICS (Networking Information and Communications System).  During his 14-year tenure at BC TEL, he also served in Beijing, China, instructing on Network Systems and computers and their uses within the North American telecommunications network to Post and Telecommunication Staff in Beijing.

Mr. Ross is a graduate from California State Polytechnic University, holds a Bachelor of Science Degree in Electronics Engineering, and is a registered Professional Engineer. He is a former member of the Board of Directors of "The Society For The Policing Of Cyberspace" and is often speaks at their Annual Conferences and Quarterly Meetings In regards to Biometrics, Ethics, Privacy and Data protection, and other Security related issues.
He is a Veteran of the US Army, where he was trained as a communications specialist.  He attended AT&T's Network Management School in New Jersey and has taken numerous management courses from Verizon (formerly GTE).  Mr. Ross is also an Alumnus of the Banff School of Advanced Management.
He was born in Vancouver B.C. is a 3rd. generation “Vancouverite” and a graduate of Magee High School in Vancouver.

October 9, 18:00-18:50

Speaker: Jitu Panesar, Canaccord Capital

Title: Authentication technologies for remote and wireless access for mobile workforce

Abstract:

Speaker Biography: Jitu is a Senior Security Analyst at a financial investment company, Canaccord Capital, in Vancouver. His experience in Information Security spans the design and implementation of Technical Controls, as well as audit and consulting of Operational Processes and Physical Security Controls in highly regulated jurisdictions around the world. Specific areas he has focused on include Enterprise Security Architecture, Network Infrastructure Design, Penetration Testing, Cryptography, Wireless Security, and Network Appliance / Operating System Hardening. Jitu holds a Bachelors degree in Computer Engineering from the University of Victoria. He has previous experience with Integrated Circuit design and software development, and outside of work he enjoys golfing, snowboarding, and electronic hobbies.

October 18, 18:00-18:50

Speaker: Allan Alton, WorksafeBC

Title: Layer 2 Security – No Longer Ignored: Security Possibilities at Layer 2

Abstract: Traditional security controls have been placed at OSI layers 3 and 4. In the world of IP these layers would be the IP address and the TCP or UDP port respectively. Modern network control devices are looking even deeper into the packets to control access at the application layer 7. Yet controls at layer 2 have been sadly lacking. Layer 2 frames have been able to pass between layer 2 devices without any control device to intervene. This lack of control has created an opportunity for the development of exploits at the data link layer 2.

This presentation will review some of the layer 2 exploits and how the intelligence being designed into modern switches can be used to prevent these exploits or reduce their impact. While the presentation will be from the perspective of Cisco Systems hardware, the principles will be generic enough to apply to other switch manufacturers. Attendees should have a basic understanding of the OSI Reference Model and how the Internet Protocol (IP) functions at the various OSI layers although a very brief review will be included.

Speaker Biography: Allan Alton has a BSc in Computer Science and maintains the CISA, CISSP, and NetAnalyst certifications. His involvement with computer systems controls dates back over the past 23 years. He has worked in both IS Security and Audit with Sears. Allan started the IS Security group at WorkSafeBC in 1988. In 1995 Allan changed careers by moving into the network group to follow a much more technical role. Yet as it turned out, the network was where all the hot security issues would be so he was never far from his old life. Allan’s passion in security has been to help educate the public about Internet security issues. His vision is to see security professionals throughout the world offering public education as a free community service.

October 25, 18:00-18:50

Speaker: Robert Slade

Title: 20 Years of Malware Risks

Abstract: A history of major events in regard to viruses and malware. (This year the media has been "celebrating" the 20th anniversary of viruses, given the "copyright" date of 1986 in the Brain virus. Some of the material in this presentation predates that.) Examples are used to indicate the changes in technology, both in malware and the computing environment, and the changing levels and types of risks.

Speaker Biography: Rob Slade is a security specialist, malware researcher, author, and initially physics major. Published "Robert Slade's Guide to Computer Viruses," co- authored "Viruses Revealed." Prepared the world's first course on forensic programming and wrote "Software Forensics." Maintained a glossary of security terms, now published as "Dictionary of Information Security."

October 30 , 18:00-18:50

Speaker: Dr. Kirstie Hawkey, UBC

Title: Usable Security, Part I

Abstract: While a system may be theoretically secure, the level of security achieved in practice is often reduced due to various factors. Usable security addresses one factor that may reduce security - ease of use of the system. We will present and discuss several Human-Computer Interaction usability principles that can be applied to help improve the usability of security systems.

Speaker Biography: Kirstie Hawkey received her Ph.D from the department of Computer Science at Dalhousie University in 2007. She is currently working as a Post-doctoral Fellow in the departments of ECE and CS at UBC. Her research interests include Human-Computer Interaction, Privacy, and Computer Supported Collaborative Work.

November 1, 17:30-18:50

Speaker: Dr. Kasia Muldner

Title: Usable Security, Part II

Abstract: We will begin with a general overview of key research areas in usable security. We will then discuss in more detail several applications and/or projects, relying on the Human-Computer-Interaction principles presented in Part I to discuss the pertinent usability issues, as well as any proposed solutions.

Speaker Biography: Kasia Muldner defended her Ph.D. in the department of Computer Science at the University of British Columbia in 2007, and is currently working as a Post-doctoral Fellow. Her research interests include Human-Computer-Interaction, Artificial Intelligence and Cognitive Science.

November 13, 18:00-18:50

Speaker: Joost Houwen, Accenture

Title: Current Trends and Technologies in the IT Security Industry

Abstract: This session will start with a quick overview of the IT Security field and its history. We will then delve into what business challenges organizations are facing and review some surprising security issues that are still not "solved". Then we will explore security technologies currently being considered and/or implemented by most organizations. The session will end with a discussion on where to get credible information to assist businesses and individuals in decision making.

Speaker Biography: Joost Houwen is an experienced IT Security Manager with over 13 years of Infosec experience in the ISP, University, Utility, and IT Outsourcing sectors. Joost is the IT Security lead for Accenture Business Services, a major North American business process outsourcing company. He is a CISSP, CISA, holds a graduate diploma in business administration, and has taught and presented for over nine years on a variety of security topics.