CERIAS Weekly Security Seminar - Purdue University
1,160 episodes - English - Latest episode: 20 days ago - ★★★★ - 6 ratingsCERIAS -- the Nation's top-ranked interdisciplinary academic education and research institute -- hosts a weekly cyber security, privacy, resiliency or autonomy speaker, highlighting technical discovery, a case studies or exploring cyber operational approaches; they are not product demonstrations, service sales pitches, or company recruitment presentations. Join us weekly...or explore 25 years of archives for the who's-who in cybersecurity.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Steven Furnell, Cybersecurity Skills – Easy to say, harder to recognise?
April 28, 2021 20:30 - 1 hour - 650 MB VideoThere is no doubt that cybersecurity has risen up the agenda in terms of visibility and importance. Everybody wants it. But do they really know what they want? What does cybersecurity include, and to what extent do qualifications and certifications that claim to cover it actually do so? This talk examines what cybersecurity means in terms of the contributing topics, and in particular how these topics can end up looking substantially different depending upon what source we use as our refere...
Ira Winkler, You Can Stop Stupid: Human Security Engineering
April 21, 2021 20:30 - 1 hour - 511 MB VideoWhile users are responsible for initiating 90%+ of losses, it is not their fault. The entire system is what enables the losses, and the entire system must be designed to prevent them. Drawing lessons from safety science, counterterrorism, and accounting, this presentation details how to expect and stop user initiated loss. About the speaker: Ira Winkler, CISSP, is the President of Secure Mentem and Author of the forthcoming books You Can Stop Stupid and Security Awareness for Dummies. He is c...
Ira Winkler, "You Can Stop Stupid: Human Security Engineering"
April 21, 2021 20:30 - 511 MB VideoWhile users are responsible for initiating 90%+ of losses, it is not their fault. The entire system is what enables the losses, and the entire system must be designed to prevent them. Drawing lessons from safety science, counterterrorism, and accounting, this presentation details how to expect and stop user initiated loss.
Yimin Chen, Delving into differential privacy and anomaly detection: a meta-learning perspective
April 14, 2021 20:30 - 41 minutes - 402 MB VideoIn this talk, we explore security and privacy related to meta-learning, a learning paradigm aiming to learn 'cross-task' knowledge instead of 'single-task' knowledge. For privacy perspective, we conjecture that meta-learning plays an important role in future federated learning and look into federated meta-learning systems with differential privacy design for task privacy protection. For security perspective, we explore anomaly detection for machine learning models. Particularly, we explore po...
Yimin Chen, "Delving into differential privacy and anomaly detection: a meta-learning perspective"
April 14, 2021 20:30 - 402 MB VideoIn this talk, we explore security and privacy related to meta-learning, a learning paradigm aiming to learn 'cross-task' knowledge instead of 'single-task' knowledge. For privacy perspective, we conjecture that meta-learning plays an important role in future federated learning and look into federated meta-learning systems with differential privacy design for task privacy protection. For security perspective, we explore anomaly detection for machine learning models. Particularly, we explore ...
Tawei (David) Wang, The Invisible Risks: An Empirical Analysis on Data Sharing Activities and Systemic Risk among the Data Brokers
April 07, 2021 20:30 - 44 minutes - 360 MB VideoData brokers are the major players in the market of collecting, selling, and sharing online user information. Although their practices have raised tremendous privacy concerns, their data collection and sharing activities are still under the veil. The growth of adverse cybersecurity incidents toward the data brokers has led the regulators, including California and Vermont, to require the data brokers to register and disclose their activities. This paper analyzes the leaked information on the d...
Tawei (David) Wang, "The Invisible Risks: An Empirical Analysis on Data Sharing Activities and Systemic Risk among the Data Brokers"
April 07, 2021 20:30 - 360 MB VideoData brokers are the major players in the market of collecting, selling, and sharing online user information. Although their practices have raised tremendous privacy concerns, their data collection and sharing activities are still under the veil. The growth of adverse cybersecurity incidents toward the data brokers has led the regulators, including California and Vermont, to require the data brokers to register and disclose their activities. This paper analyzes the leaked informatio...
Frederick Scholl, Cybercrime: A Proposed Solution
March 31, 2021 20:30 - 56 minutes - 620 MB VideoModern cybercrimes are responsible for $400B dollars of losses on an annual basis. Headlines appear regularly announcing major breaches. Yet few people and businesses understand what happened in such incidents and how to avoid being a victim themselves. The security industry does provide analyses of breach statistics, but effective preventative measures can be lost in the numbers. Virtually all breaches result from technology failure combined with people failure.This presentation will look ...
Frederick Scholl, "Cybercrime: A Proposed Solution"
March 31, 2021 20:30 - 620 MB VideoModern cybercrimes are responsible for $400B dollars of losses on an annual basis. Headlines appear regularly announcing major breaches. Yet few people and businesses understand what happened in such incidents and how to avoid being a victim themselves. The security industry does provide analyses of breach statistics, but effective preventative measures can be lost in the numbers. Virtually all breaches result from technology failure combined with people failure. This presentation wi...
Jack Daniel, The Shoulders of InfoSec
March 24, 2021 20:30 - 56 minutes - 456 MB VideoThe nature of cybersecurity and modern life is such that we feel pressured to run just to keep up, this leaves us no time to look back and reflect on how we got where we are as an industry and field of study, nor to learn about the people who led the way.In this presentation we will dig into the stories of some of the people who were foundational in the field we know call cybersecurity, some well-known, others obscure. About the speaker: Jack Daniel is the Community Advocate for Tenable, is a...
Jack Daniel, "The Shoulders of InfoSec"
March 24, 2021 20:30 - 456 MB VideoThe nature of cybersecurity and modern life is such that we feel pressured to run just to keep up, this leaves us no time to look back and reflect on how we got where we are as an industry and field of study, nor to learn about the people who led the way. In this presentation we will dig into the stories of some of the people who were foundational in the field we know call cybersecurity, some well-known, others obscure.
Santiago Torres-Arias, "Practical software Supply Chain Security and Transparency"
March 17, 2021 20:30 - 350 MB VideoThe software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to prot...
Santiago Torres-Arias, Practical software Supply Chain Security and Transparency
March 17, 2021 20:30 - 40 minutes - 350 MB VideoThe software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect mill...
Greg Akers, "SDN/NFV in the ICS, SCADA and Manufacturing World as a Cyber Security Tool"
March 10, 2021 21:30 - 364 MB VideoA discussion about where we are in the commercial SDN/NFV world today and where we are headed. What are the next generation threats beyond where we are today and how software definability may be a asset in the defender’s toolkit. Also looking at the intersection point between SDN/NFV and AI/ML. How this changes the defense calculus and alters the attack surface. What capabilities we need to develop in the practitioner, consumer and defender worlds.
Greg Akers, SDN/NFV in the ICS, SCADA and Manufacturing World as a Cyber Security Tool
March 10, 2021 21:30 - 43 minutes - 364 MB VideoA discussion about where we are in the commercial SDN/NFV world today and where we are headed. What are the next generation threats beyond where we are today and how software definability may be a asset in the defender's toolkit. Also looking at the intersection point between SDN/NFV and AI/ML. How this changes the defense calculus and alters the attack surface. What capabilities we need to develop in the practitioner, consumer and defender worlds. About the speaker: Greg Akers was the Senio...
Randall Brooks, Cyber Supply Chain Risk Management (SCRM) and its impact on information and Operational Technology (IT/OT)
March 03, 2021 21:30 - 56 minutes - 547 MB VideoIn a growing interdependent market place,it is nearly impossible to develop every part or component in house. Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality. Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget. Cyber aspects focus on the trustworthiness of the product that was delivered....
Randall Brooks, "Cyber Supply Chain Risk Management (SCRM) and its impact on information and Operational Technology (IT/OT)"
March 03, 2021 21:30 - 547 MB VideoIn a growing interdependent market place,it is nearly impossible to develop every part or component in house. Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality. Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget. Cyber aspects focus on the trustworthiness of the product that was de...
Caroline Wong, Security Industry Context
February 24, 2021 21:30 - 46 minutes - 229 MB VideoJoin Caroline Wong, Cobalt.io's head of Security and People, for a unique perspective on the role of humans in cybersecurity. About the speaker: Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong's close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager and day-to-day leadership roles at eBay and Zynga. She teaches cybersecurity courses on LinkedIn Learning and is a member of the Forbes Technology Council. ...
Caroline Wong, "Security Industry Context"
February 24, 2021 21:30 - 229 MB VideoJoin Caroline Wong, Cobalt.io's head of Security and People, for a unique perspective on the role of humans in cybersecurity.
Cory Doctorow, Technology, Self-Determination, and the Future of the Future
February 17, 2021 21:30 - 1 hour - 1 MB VideoSelf-determination is the key to human thriving; it's also the enemy of both dictatorships and monopolies. It's no coincidence that commercial imperatives of tech monopolies create the infrastructure for political oppression. The public-private-partnership from hell looks like this: companies install surveillance and other system of control to extract higher rents from their customers and ward off competitors. Then states seize that surveillance and control apparatus to gain and consolidate p...
Cory Doctorow, "Technology, Self-Determination, and the Future of the Future"
February 17, 2021 21:30 - 1 MB VideoSelf-determination is the key to human thriving; it's also the enemy of both dictatorships and monopolies. It's no coincidence that commercial imperatives of tech monopolies create the infrastructure for political oppression. The public-private-partnership from hell looks like this: companies install surveillance and other system of control to extract higher rents from their customers and ward off competitors. Then states seize that surveillance and control apparatus to gain and consolidate...
Levi Lloyd, Securing the Software Supply Chain
February 10, 2021 21:30 - 51 minutes - 248 MB VideoIn December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system. The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain. At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in their envi...
Levi Lloyd, "Securing the Software Supply Chain"
February 10, 2021 21:30 - 248 MB VideoIn December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system. The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain. At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in ...
Steve Lipner, "Lessons Learned – Fifty Years of Mistakes in Cybersecurity"
February 03, 2021 21:30 - 461 MB VideoOver fifty years, I’ve led a lot of security projects that I thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were some common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off.
Steve Lipner, Lessons Learned – Fifty Years of Mistakes in Cybersecurity
February 03, 2021 21:30 - 51 minutes - 461 MB VideoOver fifty years, I've led a lot of security projects that I thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were some common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off. About the speaker: Steve Lipner is the executive director of SAFECode, a nonprofit focused on soft...
Scott Shackelford, "The Internet of Things: What Everyone Needs to Know"
January 27, 2021 21:30 - 257 MB VideoThe Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 25 billion in coming years. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should...
Scott Shackelford, The Internet of Things: What Everyone Needs to Know
January 27, 2021 21:30 - 53 minutes - 257 MB VideoThe Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 25 billion in coming years. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should go about ...
Adwait Nadkarni, Building Practical Security Systems for the Post-App Smart Home
January 20, 2021 21:30 - 1 hour - 384 MB VideoModern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or apps. Thus, for the last decade, designing security systems to analyze apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well into th...
Adwait Nadkarni, "Building Practical Security Systems for the Post-App Smart Home"
January 20, 2021 21:30 - 384 MB VideoModern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or apps. Thus, for the last decade, designing security systems to analyze apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well...
Lorrie Cranor, Security and Privacy for Humans
December 09, 2020 21:30 - 57 minutes - 583 MB VideoTraditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usabi...
Lorrie Cranor, "Security and Privacy for Humans"
December 09, 2020 21:30 - 583 MB VideoTraditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usa...
Kimberly Ferguson-Walter, "Maximizing Cyber Deception to Improve Security: An Empirical Analysis"
December 02, 2020 21:30 - 657 MB VideoThe threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques that leverage the defender’s “home field advantage". We designed the Tularosa Study to understand how defensive deception, both cyber and psychological, affects cyber attackers. Over 130 professional red teamers participated in a network penetration test over two days in which both the presence of and explicit mention of deceptive defensive techni...
Kimberly Ferguson-Walter, Maximizing Cyber Deception to Improve Security: An Empirical Analysis
December 02, 2020 21:30 - 54 minutes - 657 MB VideoThe threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques that leverage the defender's "home field advantage". We designed the Tularosa Study to understand how defensive deception, both cyber and psychological, affects cyber attackers. Over 130 professional red teamers participated in a network penetration test over two days in which both the presence of and explicit mention of deceptive defensive techniques wer...
Sivaram Ramanathan, "Improving the Accuracy of Blocklists by Aggregation and Address Reuse Detection"
November 18, 2020 21:30 - 265 MB VideoIP address blocklists are a useful source of information about repeat attackers. Such information can be used to prioritize which traffic to divert for deeper inspection (e.g., repeat offender traffic), or which traffic to serve first (e.g., traffic from sources that are not blocklisted). But blocklists also suffer from overspecialization -- each list is geared towards a specific purpose -- and they may be inaccurate due to misclassification or stale information. We propose BLAG, a system t...
Sivaram Ramanathan, Improving the Accuracy of Blocklists by Aggregation and Address Reuse Detection
November 18, 2020 21:30 - 43 minutes - 265 MB VideoIP address blocklists are a useful source of information about repeat attackers. Such information can be used to prioritize which traffic to divert for deeper inspection (e.g., repeat offender traffic), or which traffic to serve first (e.g., traffic from sources that are not blocklisted). But blocklists also suffer from overspecialization -- each list is geared towards a specific purpose -- and they may be inaccurate due to misclassification or stale information. We propose BLAG, a system tha...
Abhilasha Bhargav-Spantzel, Fearless Computing
November 11, 2020 21:30 - 50 minutes - 1 MB Video"Wouldn't it be great if we could download anything, explore anything and build anything without the annoying feeling that you are going to get hacked?" This was a question from my kids, who are currently in elementary school. Have you experienced similar questions from kids and adults alike? Computing is becoming such an integral part of our lives, wouldn't it be great to use compute resources fully for all aspects of our lives. This includes work, education, healthcare and finance; be crea...
Abhilasha Bhargav-Spantzel, "Fearless Computing"
November 11, 2020 21:30 - 1 MB Video“Wouldn’t it be great if we could download anything, explore anything and build anything without the annoying feeling that you are going to get hacked?” This was a question from my kids, who are currently in elementary school. Have you experienced similar questions from kids and adults alike? Computing is becoming such an integral part of our lives, wouldn’t it be great to use compute resources fully for all aspects of our lives. This includes work, education, h...
Kelley Misata, "Results from the Field: Cybersecurity in Nonprofits and Why it Matters"
November 04, 2020 21:30 - 692 MB VideoThe last time you gave to a favorite charity, did you think about their cybersecurity? Do you sit on the board of a nonprofit? Are nonprofits using your cybersecurity solutions? The “wild” of the Internet and continually evolving threat landscape force nonprofits to defend themselves against intrusion and cyber-attacks. Breaking down the myths and assumptions about nonprofits' cybersecurity, this session spotlights approaches and exciting results from local nonprofit organizations o...
Kelley Misata, Results from the Field: Cybersecurity in Nonprofits and Why it Matters
November 04, 2020 21:30 - 55 minutes - 692 MB VideoThe last time you gave to a favorite charity, did you think about their cybersecurity? Do you sit on the board of a nonprofit? Are nonprofits using your cybersecurity solutions? The "wild" of the Internet and continually evolving threat landscape force nonprofits to defend themselves against intrusion and cyber-attacks. Breaking down the myths and assumptions about nonprofits' cybersecurity, this session spotlights approaches and exciting results from local nonprofit organizations of all size...
Yoon Auh, "NUTS: eNcrypted Userdata Transit & Storage; Viewing Data as an Endpoint™ (DaaE) using Structured Cryptography"
October 28, 2020 20:30 - 291 MB VideoCan objects be truly secured independently without resorting to a massive central reference monitor? It's a great question and we will discuss a solution to it called NUTS. During this talk, we’ll take data structures, message protocols and applied cryptography and toss them into the cauldron of reality, sprinkle in some DNA and data management to brew up some Security at the Data Perimeter towards crafting Data as the Endpoint. It sounds like a bad witch’s brew of epic proportions but on...
Yoon Auh, NUTS: eNcrypted Userdata Transit & Storage; Viewing Data as an Endpoint™ (DaaE) using Structured Cryptography
October 28, 2020 20:30 - 51 minutes - 291 MB VideoCan objects be truly secured independently without resorting to a massive central reference monitor? It's a great question and we will discuss a solution to it called NUTS. During this talk, we'll take data structures, message protocols and applied cryptography and toss them into the cauldron of reality, sprinkle in some DNA and data management to brew up some Security at the Data Perimeter towards crafting Data as the Endpoint. It sounds like a bad witch's brew of epic proportions but once w...
Jeff Man, Why Attack When You Can Defend
October 21, 2020 20:30 - 1 hour - 2 MB VideoMITRE ATT&CK® seems to be the"next big thing". Every time I hear about it I can't help but wonder, "how doyou prevent all these attacks in the first place? Shouldn't that be the endgame?" To that end, I set out to map all the recommended "Mitigations" for allthe "Techniques" detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprising...
Jeff Man, "Why Attack When You Can Defend"
October 21, 2020 20:30 - 2 MB VideoMITRE ATT&CK® seems to be the“next big thing”. Every time I hear about it I can’t help but wonder, “how doyou prevent all these attacks in the first place? Shouldn’t that be the endgame?” To that end, I set out to map all the recommended “Mitigations” for allthe “Techniques” detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprisi...
Courtney Falk, "The Pod People Campaign: Driving User Traffic via Social Networks"
October 14, 2020 20:30 - 687 MB VideoUsers of social networks are having their accounts subverted. Threat actors are gaining unauthorized access to large numbers of accounts and inserting links to suspicious websites. Shared command-and-control infrastructure is used across 70+ different social networks, suggesting a coordinated campaign to drive user traffic. The actors behind this campaign, and the end goal for driving user traffic, remains uncertain. The campaign remains active with changing indicators. The fact that ...
Courtney Falk, The Pod People Campaign: Driving User Traffic via Social Networks
October 14, 2020 20:30 - 59 minutes - 687 MB VideoUsers of social networks are having their accounts subverted. Threat actors are gaining unauthorized access to large numbers of accounts and inserting links to suspicious websites. Shared command-and-control infrastructure is used across 70+ different social networks, suggesting a coordinated campaign to drive user traffic. The actors behind this campaign, and the end goal for driving user traffic, remains uncertain. The campaign remains active with changing indicators. The fact that this cam...
Michael Clark, From Machine Learning Threats to Machine Learning Protection Requirements
October 07, 2020 20:30 - 52 minutes - 393 MB VideoResearchers from academia and industry have identifiedinteresting threat vectors against machine learning systems. These threatsexploit intrinsic vulnerabilities in the system, or vulnerabilities that arisenaturally from how the system works rather than being the result of a specificimplementation flaw. In this talk, I present recent results in threats tomachine learning systems from academia and industry, including some of our ownresearch at Riverside Research. Knowing about these threats is...
Michael Clark, "From Machine Learning Threats to Machine Learning Protection Requirements"
October 07, 2020 20:30 - 393 MB VideoResearchers from academia and industry have identifiedinteresting threat vectors against machine learning systems. These threatsexploit intrinsic vulnerabilities in the system, or vulnerabilities that arisenaturally from how the system works rather than being the result of a specificimplementation flaw. In this talk, I present recent results in threats tomachine learning systems from academia and industry, including some of our ownresearch at Riverside Research. Knowing about these threats ...
, "Global Challenges in Security and Privacy Policy: elections, pandemics, and biometric technologies"
September 30, 2020 20:30 - 825 MB VideoCERIAS 2020 Annual Security Symposium Virtual Event https://ceri.as/symp Closing Keynote Panel Discussion - “Global Challenges in Security and Privacy Policy:elections, pandemics, and biometric technologies” Panelists: - Michel Beaudouin-Lafon, Vice Chair, ACM Technology Policy Council; Member, ACM Europe Council, Professor of Computer Science, Université Paris-Sud - James Hendler, Chair, US Technology Policy Committee, Professor of Computer, Web and Cognitive Sciences, Rensselaer...
, Global Challenges in Security and Privacy Policy: elections, pandemics, and biometric technologies
September 30, 2020 20:30 - 56 minutes - 825 MB VideoCERIAS 2020 Annual Security Symposium Virtual Event https://ceri.as/sympClosing Keynote Panel Discussion - "Global Challenges in Security and Privacy Policy:elections, pandemics, and biometric technologies"Panelists:- Michel Beaudouin-Lafon, Vice Chair, ACM Technology Policy Council; Member, ACM Europe Council, Professor of Computer Science, Université Paris-Sud- James Hendler, Chair, US Technology Policy Committee, Professor of Computer, Web and Cognitive Sciences, Rensselaer Polytechnic I...
Osman Ismael, "TCB: From Assumption to Assurance"
September 23, 2020 20:30 - 231 MB VideoThe TCB has been very precisely defined since 1979, but in practice its implementation and application in today modern software stack is very blurry. This talk describes a very common application and how to consider its associated TCB, after explosive the problems it will propose an alternative to better release and execute software with unbreakable guarantee.