Program
| Day 0 - Sunday, June 3, 2007 | |||||
| 6:00 - 8:00 pm | Reception and Early Registration | Student Village 10 Buick Street | Stop by the Registration Desk to pick up your badges | ||
| Day 1 - Monday, June 4, 2007 | |||||
| Time | Speaker | Topic | Location | Overview of Presentation | |
| 9:00 am - 5:00 pm | Registration | SMG Atrium | |||
| 10:00 - noon | Christine Nickell, Alice Shaffer, NSA | Closed IASP Meeting | SMG Room 208 |
Mandatory Meeting of CAE IASP PI | |
| noon - 1:00 | Lunch | Warren towers | |||
| 1:00 - 1:15 | Corey Schou, Idaho State University, Member of Board of Directors of The Colloquium http://cob.isu.edu/schou/ | Opening Remarks | SMG Auditorium | ||
| 1:15 - 1:30 | Tanya Zlateva, Boston University http://metcs.bu.edu/%7Ezlateva/index.html | Welcoming Remarks | SMG Auditorium | Welcoming Remarks | |
| 1:30 - 1:45 | David Campbell, Provost, Boston University http://www.bu.edu/provost/meet/index.html | Welcoming Remarks | SMG Auditorium | Welcoming Remarks | |
| 1:45 - 2:45 |
Alessandro Acquisti, Carnegie Mellon University http://www.heinz.cmu.edu/~acquisti/economics-privacy.htmIntroduced by Marshall Van Alstyne, Boston University http://smgnet.bu.edu/mgmt_new/profiles/VanAlstyneMarshall.html
|
Privacy and Information Revelation in Online Social Networks: The Facebook Case | SMG Auditorium | Online social networks such as Friendster, MySpace, or the
Facebook have experienced exponential growth in membership in
recent years. These networks offer attractive means for
interaction and communication, but also raise privacy and
security concerns. In this study we survey a representative
sample of the members of the Facebook (a social network for
colleges and high schools) at a US academic institution, and compare the survey data to information retrieved from the network itself. We look for underlying demographic or behavioral differences between the communities of the network's members and non-members; we analyze the impact of privacy concerns on members' behavior; we compare members' stated attitudes with actual behavior; and we document the changes in behavior subsequent to privacy-related information exposure. We find that an individual's privacy concerns are only a weak predictor of his membership to the network. Also privacy concerned individuals join the network and reveal great amounts of personal information. Some manage their privacy concerns by trusting their ability to control the information they provide and the external access to it. However, we also find evidence of members' misconceptions about the online community's actual size and composition, and about the visibility of members' profiles. |
|
| 2:45 - 3:00 | Afternoon Break | SMG Atrium | |||
| 3:00 -4:00 | David Kotz, (http://www.cs.dartmouth.edu/~dfk/ ), Institute for Security Technology Studies ( http://www.ists.dartmouth.edu/ ), Center for Mobile Computing (http://cmc.cs.dartmouth.edu/), Darthmouth College Introduced by Mark Crovella, Boston University http://www.cs.bu.edu/faculty/crovella/ |
Institute for Security Technology Studies (ISTS) at Dartmouth College—Experiences in IA Research and Curriculum Development | SMG Auditorium | The Institute for Security Technology Studies (ISTS) at Dartmouth College is one of the leading centers for research and education in cyber security and trust. ISTS strengthens homeland security through interdisciplinary research, education and outreach programs that focus on technology critical for cyber security and trust. ISTS nurtures leaders and scholars, educates students and the community, and collaborates with its partners to deploy technology to benefit the community and to better understand technology's impact on security. ISTS research aims at improving our ability to design secure computer systems and protect them from attacks, at enabling people and organizations to form secure trust relationships across networked computing devices, and at addressing social, economic, and policy issues that arise in the development and deployment of such technology. ISTS is a member of the Institute for Information Infrastructure Protection (I3P), a nationwide consortium of leading cyber security research and development organizations including universities, federally funding labs and non-profit organizations. The goals of the I3P (www.thei3P.org) are to address research and policy-related aspects of the vulnerabilities inherent in the information infrastructure, bring experts together to identify and mitigate threats aimed at the U.S. information infrastructure, and promote collaboration and information sharing among academia, industry and government. | |
| 4:00 -5:00 | Marshall Van Alstyne,
Boston University http://smgnet.bu.edu/mgmt_new/profiles/VanAlstyneMarshall.html
Introduced by Steve Homer, Boston University http://www.cs.bu.edu/%7Ehomer/ |
An Economic Response to Unsolicited Communication | SMG Auditorium | This talk will investigate ways to improve total communications value in the context of spam. We analyze best-in-class solutions from law, technology, and economics. Comparison leads to several useful conclusions. First, economic mechanisms designed to promote valuable communication can outperform those designed to block wasteful communication. The best mechanism can, on occasion, outperform even a ``perfect filter.'' Second, it is advantageous to shift focus from message content to senders' private knowledge. Information revelation mechanisms can then force people who knowingly misuse communication to drop out or incur higher costs. Third, giving recipients rights in their own attention can improve willingness to signal their preferences, which facilitates efficient sender targeting. | |
| 5:00- 7:00 | Reception | SMG Trustee Ballroom | |||
| 8:00-midnight | Hospitality suite | 18th Floor Meeting Room, Student Village 10 Buick Street | |||
| Day 2- Tuesday, June 5, 2007 | |||||
| Time | Speaker | Topic | Location | Overview of Presentation | |
| 7:30 - 5:00 | Registration | SMG Atrium | |||
| 7:30 - 8:30 | Breakfast Coffee/Refreshment | SMG Atrium | |||
| 8:30-9:30 |
Virgil D. Gligor, University of Maryland http://www.ece.umd.edu/~gligor/ Yannis Paschalidis, Boston University http://ionia.bu.edu/index.html Center for Information and Systems Engineering (http://www.bu.edu/systems/) and Sensor Network Consortium (http://www.bu.edu/systems/industry/consortium/index.html), Boston University |
Plenary: Security and Wireless Sensor Networks
On the Evolution of Adversary Models in Security Protocols - from the Beginning to Sensor Networks Statistical Anomaly Detection in Internet Traffic and Sensor Network Topography |
SMG Auditorium |
Invariably, new technologies introduce new vulnerabilities which often enable new attacks by increasingly potent adversaries. Yet new systems are more adept at handling well-known attacks by old adversaries than anticipating new ones. Our adversary models seem to be perpetually out of date: often they do not capture adversary attacks and sometimes they address attacks rendered impractical by new technologies. In this talk, Dr. Gligor provides a brief overview of adversary models beginning with those required by program and data sharing technologies ('60-'70s), continuing with those required by computer communication and networking technologies ('70s-'90s), and ending with those required by and sensor network technologies ('00s ->). Dr. Glogir argues that sensor, ad-hoc, and mesh networks require new models, different from those in common use, namely those of the Dolev-Yao and Byzantine adversaries. This is illustrated through adversaries that attack perfectly sensible and otherwise correct protocols of sensor networks. These attacks cannot be countered with traditional security protocols using end-to-end design arguments and require emergent security properties as countermeasures. |
|
| 9:30 -10:30 | Panelists: Dennis McLain, SUN Microsystems Anoop Mathur, Senior Technology Manager, Embedded Controls and Wireless Technology, Honeywell Automation and Controls Rosalie M. McQuaid, Lead Information Security Engineer, The MITRE Corporation Robert Welsh, Director of Networking and Communications, Advanced Solutions Center, Textron Systems Moderator, Christos Cassandras, Boston University http://vita.bu.edu/cgc/ |
Panel: Security and Wireless Sensor Networking: Industry Opportunities and Challenges |
SMG Auditorium | Panel sponsored by the Center for Information and Systems Engineering (http://www.bu.edu/systems/) and Sensor Network Consortium (http://www.bu.edu/systems/industry/consortium/index.html), Boston University | |
| 10:30-10:45 | Morning Break | SMG Atrium | |||
| 10:45 -11:30 | Rodney
Petersen, Government Relations Officer and Security Task
Force Coordinator EDUCAUSE
Peter Siegel,
Vice Provost for Information and Educational Technology and Chief Information officer, University of California, Davis Introduced by Anatoly Temkin, Boston University http://csmet.bu.edu/People/CS_People_Fulltime.htm |
Connecting the Academic Experience to the Operational Security Needs of Higher Education | SMG Auditorium | of the criteria for becoming a National Center of Academic Excellence in Information Assurance Education is for "the academic program to demonstrate how the university encourages the practice of IA, not merely that IA is taught." There is a pressing need for institutions of higher education to secure their computer systems, campus networks, and protect information assets. The EDUCAUSE/Internet2 Computer and Network Security Task Force has identified several areas where students and faculty could gain valuable experience while at the same time performing a valuable service to the campus community. This session will challenge IA students, faculty, and administrators to leverage partnerships and collaborations with their college and university IT operations where practical insights can supplement the academic experience. | |
| 11:35 - 12:35 | Paper sessions: The
CISSE is pleased to
provide a venue for the
presentation of
individual and
collaborative research
and curriculum
development efforts. The
papers will be presented
in three parallel tracks
on 5 and 6 June. The
papers were selected
using a blind review
process that resulted in
selecting the top papers
that best reflect the
emerging concepts in
information assurance
education and awareness
activities.
Full Proceedings is available at: http://www.cisse.info/colloquia/cisse11/proceedings11/start.pdf
Authors will have 20 minutes to present and field questions. paper 1: 11:35-11:55 paper 2: 11:55-12:15 paper 3: 12:15-12:35 |
SMG Room 220
Session Chair: N. Paul Schembari 11:35-11:55
11:55-12:15
12:15-12:35
|
An Information Security
Course: A Possible
Antidote to Clueless
Students (abstract)
Hands-On Crypto:
Experiential Learning in
Cryptography
(abstract)
Teaching Information Security With Skepticism and Critical Thinking (abstract) Barry S. Fagin, Leemon C. Baird, Jeffrey W. Humphries, Mike Collins |
||
|
SMG Room 228
Session Chair: Vojislav Stojkovic 11:35-11:55
11:55-12:15
12:15-12:35
|
Strengthening the
Security Workforce: A
Competency and
Functional Framework for
Information Technology
Security Professionals
(abstract)
Combining Theory with
Practice in Information
Security Education
(abstract)
Information Assurance Education: The way ahead in a network-centric environment (abstract) W. Vic Maconachy, Corey Schou |
||||
|
SMG Room 240
Session Chair: Vijay Kanabar 11:35-11:55
11:55-12:15
12:15-12:35 |
Alignment of Information
Security Assessment Best
Practices
(abstract)
Computer Forensics at
the 2006 Alaska Summer
Research Academy
(abstract)
Creating an Internet Portal for INFOSEC Professionals (abstract) John Collins |
||||
|
12:35 - 1:35 |
Lunch | Warren Towers | |||
| 1:40 - 2:30 |
Jonathan Katz, University of Maryland http://www.cs.umd.edu/~jkatz/ Agnes Chan, Northeastern University http://www.ccs.neu.edu/home/ahchan/ Victor Shoup, New York University, Courant Institute http://www.shoup.net/ Sarah Spence Adams, Franklin W. Olin, College of Engineering http://faculty.olin.edu/~sadams/ Moderator, Leonid Reyzin, Boston University http://www.cs.bu.edu/fac/reyzin |
Panel: How to Teach Cryptology? | SMG Auditorium | ||
| 2:30 - 3:15 |
Joan Ruhl, Deputy Information Assurance Director, NSA Marianne Swanson, Senior Advisor for IT Security Management, National Institute of Standards and Technology (NIST) Dickie George, IAD Technical Director, NSA Moderator, Vic Maconachy, National Security Agency |
Government Prospective on IA Research and Education: Status, Needs & Funding | SMG Auditorium | ||
| 3:15 - 3:30 | Afternoon Break | SMG Atrium | |||
| 3:30 - 4:15 | Gregory Garcia, Asst. Secretary Cybersecurity and Communications, DHS.
Introduced by Richard H.L. Marshall, National Security Agency |
SMG Auditorium | |||
| 4:15 - 5:15 | Richard A. Clarke,
Chairman, Good Harbor Consulting LLC, http://www.goodharbor.net/about.html Introduced by Richard H.L. Marshall, National Security Agency |
SMG Auditorium | |||
| 5:30-6:30 | Richard A. Clarke: Book Signing
|
GSU Metcalf Hall | |||
|
5:30-6:30 |
Dinner and Ceremonies |
Reception & Cash Bar | GSU Metcalf Hall | ||
| 6:30-7:15 | CNSS Awards |
||||
| 7:15-8:00 | Dinner | ||||
| 8:00-8:15 | Ceremony to Designate New & Re-Designate National Centers of Academic Excellence in IA Education | ||||
| 9:00-midnight | Hospitality suite | 18th Floor Meeting Room, Student Village 10 Buick Street | |||
| Day 3 - Wednesday, June 6, 2007 | |||||
| Time | Speaker | Topic | Location | Overview of Presentation | |
| 7:30 - 5:00 | Registration | SMG Atrium | |||
| 7:30 - 8:50 | Breakfast Coffee/Refreshment | SMG Atrium | |||
| 9:00 - 10:00 | Silvio Micali, Massachusetts Institute of Technology http://www.csail.mit.edu/biographies/PI/bioprint.php?PeopleID=36
Introduced by Leonid Reyzin, Boston University |
Cryptology Plenary | SMG Auditorium | ||
| 10:00 -10:45 | F. Lynn McNulty (http://cisse.info/colloquia/cisse11/McNulty.htm), Director of Government Affairs (ISC)2 Introduced by Corey Schou, Idaho State University, Member of Board of Directors of The Colloquium http://cob.isu.edu/schou/
|
Keynote | SMG Auditorium | ||
| 10:45 -11:00 | Morning Break | SMG Atrium | |||
| 11:00 -12:00 |
Panelists: Moderator, Barbara Belon |
Panel: The Community College Experience in IA Education | SMG Auditorium | Representatives from NSF-grant sponsored IA Security Centers will talk about their respective programs and outreach activities. | |
|
12:00 - 1:00 |
Lunch | Warren Towers | |||
| 1:00 - 1:50 |
Azer Bestavros, Boston University http://www.cs.bu.edu/~best Mark Crovella, Boston
University |
Network Security is a Systems Challenge | SMG Auditorium | In this talk, we will present an overview of network security research in the Computer Science Department at Boston University. In keeping with department traditions, this research has taken a system-wide view of network security and from that starting point has applied strong theoretical insights. We will describe how a system-wide view of network security changes the network security questions that are asked and improves the quality of the answers that are obtained. In particular, we will describe how an understanding of the network as a dynamic system driven by user activity leads to a new appreciation of network vulnerabilities. Further, we will describe how taking a system-wide view of the network can lead to a more precise separation between normal and unusual traffic conditions, leading to better detection of malicious behavior. | |
| 1:50 -2:20 |
Geoff Elliott, London South Bank University http://www.phonebook.lsbu.ac.uk/php4/ curriculumvitae.php?id=2591&template=bcim Ali Abdallah, London South Bank University http://myweb.lsbu.ac.uk/~abdallae/ Introduced by Daniel Shoemaker, Center for Assurance Studies (http://business.udmercy.edu/center_assurance.php), University at Detroit Mercy
| Towards Developing a Collaborative EU/US Educational Programs in Information Assurance | SMG Auditorium | We present the initial outline for a new Master degree in Information Assurance at London South Bank University. The proposed curriculum is modular and is intended to provide possible ingredients for the establishment of collaborative IA programs with interested US universities. The design of such a program is timely and particularly attractive because of recently emerged prospects of joint US/EU financial support for collaborative educational programs. What should be taught? What training should be provided? How such a program should be structured? What is the best way to deliver it? What are the pitfalls that should be avoided? How do we ensure that we are developing the right skills? | |
| 2:25 - 3:25 | Paper sessions: The
CISSE is pleased to
provide a venue for the
presentation of
individual and
collaborative research
and curriculum
development efforts. The
papers will be presented
in parallel tracks* on 5
and 6 June. The papers
were selected using a
blind review process
that resulted in
selecting the top papers
that best reflect the
emerging concepts in
information assurance
education and awareness
activities.
Full Proceedings is available at: http://www.cisse.info/colloquia/cisse11/proceedings11/start.pdf
Authors will have 20 minutes to present and field questions. paper 1: 2:25-2:45 paper 2: 2:45-3:05 paper 3: 3:05-3:25 * two sessions will have only two papers |
SMG Room 212
Session Chair: Chris Hecker
2:45-3:05
3:05-3:25
|
Sequential and
Parallel/Concurrent
Actor-Oriented Solutions
of the Dominator Problem
(abstract)
A Visual Approach to
Teaching Formal Models
in Security
(abstract)
Understanding Bot Behaviors in a Risk-Aware Networkcentric Attack Detection and Prevention Framework (abstract) Napoleon C. Paxton, Gail-Joon Ahn, Richard Kelly, Kevin Pearson, Bei-Tseng Chu |
||
|
SMG Room 220
Session Chair: Pat Logan 2:25-2:45 2:45-3:05
3:05-3:25
|
Using Security
Checklists and
Scorecards in CS
Curriculum
(abstract)
Approaches for
Integrating Trustworthy
Computing in the
Curricula
(abstract)
Information Assurance Concentration Programs: Integrating Information Assurance in Existing Computer Science Curricula (abstract) Stephen Yau, Zhaoji Chen |
||||
|
SMG Room 228
Session Chair: Eric Braude 2:25-2:45
2:45-3:05
|
Can Software Engineers Be Both Agile and Secure? (abstract) Richard Epstein
William H. Murray, Corey Schou, W. Vic Maconachy |
||||
|
SMG Room 240
Session Chair: Robert Schudy 2:25-2:45
2:45-3:05
|
What Are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing? (abstract) Jeffrey Livermore
The National Collegiate Cyber Defense Competition: What are the next steps? (abstract) Greg White, Ronald C. Dodge |
||||
| 3:30 - 3:45 | Afternoon Break | SMG Atrium | |||
| 3:45 - 5:00 |
Lee Warren, Corporate Director of Information Systems Security, United Technologies; Michael Daly, Director Enterprise Security Services, Raytheon; James Burrell, Supervisor Cyber Squad, FBI Boston Office; Michael Hickey, Vice President Government Affairs-National Security Policy, Verizon (corporate), Washington, DC; Bret Hartman, CTO the Security Division of EMC, RSA; William Oates, Chief Information Officer for the City of Boston, Massachusetts; Mary Ann Davidson, Chief Security Officer, Oracle Moderator, Lou Chitkushev, Boston University http://csmet.bu.edu/People/CS_People_Fulltime.htm
|
Industry Panel | SMG Auditorium | ||
| 5:00 -5:10 | Ron Dodge, MC | Presentation of "Best Paper" Award | |||
| 6:00 -9:00 | Sign-Up small group events lead by BU faculty | ||||
| 7:00-midnight | Hospitality suite | 18th Floor Meeting Room, Student Village 10 Buick Street | |||
| Day 4 - Thursday, June 7,2007: Bootcamp | |||||
| Time | Speaker | Topic | Location | Overview of Presentation | |
| 7:30 - 8:45 | Breakfast | SHA & MET | |||
| 8:00 - 11:30 | John Minotti, Senior Instructor, Access Data | AccessData Technology Bootcamp | Computer Labs, MET CS | Computer forensics involves acquiring, analyzing, decrypting and reporting the stored or recorded digital information for use as evidence in civil, criminal or administrative cases. Law enforcement, network administrators, attorneys and private investigators rely on automated computer forensic software to aid in their investigations. AccessData Technology enables organizations worldwide to analyze and search electronic evidence in computer-related crimes including, terrorism, intellectual property and personal identity theft, corporate fraud, child exploitation, illegal commerce and company policy violations.In this session attendees will be exposed to imaging, analysis and decryption software offered by AccessData Corporation. | |
| 9:00- 12:00 | Bob Du Charme, Education Training Manager, Cisco Systems, Inc. | Cisco Technical Security Bootcamp | Computer Labs, SHA | The Technical Bootcamp is an overview of information that is presented in the 4-day CISCO Security Bootcamp for Professors. General security information is presented, followed by an afternoon of hands-on labs. These are the same labs that professors and faculty will accomplish each day during the 4-day class. Only faculty that has not attended one of the previously delivered 4-day Bootcamps should attend this class. The first 40 qualified attendees will be permitted into this 1-day class. | |
| 9:00 - 11:30 | Town Meeting
9:00-10:00 |
Christopher Reuter and Robert Bennington, the Anti-Tamper Software Protection Initiative Technology Office, Sensors Directorate, Air Force Research Laboratory, Wright Patterson AFB Ohio |
The software Protection Initiative | SHA - Room 110 |
The Software Protection Initiative (SPI) is an undertaking of the Department of Defense (DoD) to develop and deploy technologies to secure special purpose computer programs containing information critical to DoD weapon programs. SPI is a novel approach to protecting high value computer programs. The SPI approach, called CT-centric security (CT – Critical Technologies), complements existing information assurance technologies for operating system protections and network security by adding a trusted out-of-band element that protects the critical technology. The primary focus of the program is to prevent the piracy, reverse engineering, and malicious alteration of critical national security software and data. Having demonstrated the technical feasibility of software protection, the current objectives of the program involve wide scale adoption of SPI technologies. In order to achieve this, SPI is focusing on developing adoptable CT-centric security solutions based on out-of band security trusted components. This presentation will overview the SPI mission and technologies, highlight the findings and achievements of the program, and describe the new direction of the program into autonomic trusted sensor systems. A primary objective of this presentation is to present the CT-centric security model to the academic community and investigate opportunities for information sharing, education, and collaboration. |
| 10:00-10:15 |
|
Morning Break |
SHA-Lobby MET Foyer |
| |
| 10:15-10:45 | Nanette S. Poulios, Walsh College http://www.walshcollege.edu/pages/322.asp?item=293 | IA Business Challenge | SHA - Room 110 |
In partnership with Ernst & Young, Walsh College held a 24 hour IA Challenge focusing on a business problem as it relates to IA. Teams were composed of graduate and undergraduate students form information assurance, information systems, general business, MBA, and accounting programs. The “Consulting Challenge” was a simulation designed to give students a peek at the world of security consulting. Students were given the business case to analyze, along with other resources to use in order to develop their solutions. Each team had 24 hours to formulate their solutions and present their findings. The competition gave participants an opportunity to gain expertise and hands-on experience in consulting and help them understand how consultants work with clients. Our challenge focused on a web application for a credit union. Ernst & Young provided the VMware network with the application. They also provided an educational session for the non-technical members of the teams. The challenge goals were: 1) Identify the technical vulnerabilities; 2) Determine the business risk of these vulnerabilities; 3) Propose a solution; 4) Prepare a Proposal and a Presentation to the judges Feedback from the challenge was very positive. The IA and IS students learned how to calculate financial risk from the business students while the business students learned about IA vulnerabilities from our IA students. The audit students also gained insight to the technical controls necessary for financial security. All of the students hope to participate again this year. The ability to work in cross-discipline teams was cited as the most beneficial and educational experience by the team members. |
|
| 10:45-11:30 | Panel Discussion: Strengthening CAE curriculum and research through collaboration | SHA - Room 110 | What are your immediate and longer term needs? Is curriculum sharing beneficial and/or practical? Which new research directions would you like to introduce next in the classroom? What would you like to see at next year CISSE-- new directions, topics, or formats | ||
| 11:30 - 11:45 | Close of Colloquium: Corey Schou | SHA - Room 110 | |||
| 11:45- 1:00 | Lunch | Warren Towers | |||
| 12:30 - 2:00 | John Minotti, Senior Instructor, Access Data | AccessData Technology Bootcamp | Computer Labs, MET CS | Access Data bootcamp, continued - afternoon session | |
| 1:00 - 3:00 | Bob Du Charme, Education Training Manager, Cisco Systems, Inc. | Cisco Technical Security Bootcamp | Computer Labs, SHA | CISCO Bootcamp, continued - afternoon session. | |