Fall 2012
Fabio Maino
September 21, 2012
Speaker: Fabio Maino
Fabio Maino is a Distinguished Engineer at Cisco, where he leads an amazing team of engineers dedicated to a simple task: make Internet better by adding one level of indirection, LISP.
Title
Locator/ID Separation Protocol (LISP): Security Consideration in the Design of a Next Generation Network Architecture
Time/Location
1:00pm
Information Sciences Building, Room 501
Abstract:
The Locator/ID Separation Protocol (LISP) is an open IETF experimental standard that, by introducing a level of indirection, effectively decouples identity from location by using two different IP addresses that belong to two different namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. This talk, after providing an introduction to LISP and describing the use cases to which it applies, will focus on the security considerations that are leading the design of the LISP security architecture.
Biography:
Fabio Maino is a Distinguished Engineer at Cisco, where he leads an amazing team of engineers dedicated to a simple task: make Internet better by adding one level of indirection, LISP. After receiving his PhD in Computer and Network Security from Politecnico di Torino, Italy, Fabio moved to California to join Andiamo System that was later acquired by Cisco. While in Andiamo Fabio designed the security layer of the Fibre Channel architecture, implemented in what became the Cisco MDS 9000 family of storage switches. Fabio is one of the main architects of Cisco Trustsec, and is an active contributor to multiple standardization bodies.
Dr. Surya Nepal
October 19, 2012
Speaker: Dr. Surya Nepal
Dr. Surya Nepal is a Principal Research Scientist at CSIRO ICT Centre, Australia. He is a research team leader of "Distributed Systems" team. His main research interest is in the development and implementation of technologies in the area of service-oriented architectures, web services, cloud computing and social networks.
Title
Social Media and E-Government
Time/Location
12:00pm
Information Sciences Building, Room 501
Abstract:
Over the years, governments have diversified their online services and increased their online engagement with citizens. Increasingly, social media technologies are playing an important role in the way government and citizens interact. In partnership with the Australian Government's Department of Human Services (referred thereafter as DHS), we are trialling specific social media technologies, namely an online community and a social media monitoring tool, to see if it could serve as an effective way to support specific groups of citizens and the service delivery arm of the government. In this seminar, we present the design of these tools and corresponding underlying research problems such as trust model, recommender system, visualisation and bootstrapping and sustainability of the community. We also present the initial results.
Biography:
Dr. Surya Nepal is a Principal Research Scientist at CSIRO ICT Centre, Australia. He is a research team leader of "Distributed Systems" team. His main research interest is in the development and implementation of technologies in the area of service-oriented architectures, web services, cloud computing and social networks. He received his PhD from RMIT University, Australia and MSc from AIT, Thailand. He has published several journal and conference papers in the areas of multimedia databases, web services and service-oriented architectures, and security, privacy and trust in collaborative environment, cloud computing and social networks. In Recent years, Dr. Nepal has been working on the project of delivering citizen centric services. He is also a programme committee member in many international conferences. Dr. Nepal is currently the secretary of service science society, Australia.s
Mudhakar Srivastava
October 26, 2012
Speaker: Mudhakar Srivastava
Dr. Srivatsa is a Research Scientist in Network Technologies Department at IBM Thomas J. Watson Research Center. His research interests primarily include network analytics and secure information flow.
Title
Deanonymizing Mobility Traces: Using Social Networks as a Side-Channel
Time/Location
2:30pm
Information Sciences Building, Room 501
Abstract:
Location-based services, which employ data from smartphones, vehicles, etc., are growing in popularity. To reduce the threat that shared location data poses to a user's privacy, some services anonymize or obfuscate this data. In this paper, we show these methods can be effectively defeated: a set of location traces can be deanonymized given an easily obtained social network graph. The key idea of our approach is that a user may be identified by those she meets: a contact graph identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized users. We demonstrate the effectiveness of our approach using three real world datasets: University of St Andrews mobility trace and social network (27 nodes each), SmallBlue contact trace and Facebook social network (125 nodes), and Infocom 2006 bluetooth contact traces and conference attendees' DBLP social network (78 nodes). Our experiments show that 80% of users are identified precisely, while only 8% are identified incorrectly, with the remainder mapped to a small set of users.
Biography:
Dr. Srivatsa is a Research Scientist in Network Technologies Department at IBM Thomas J. Watson Research Center. He received his PhD in Computer Science from Georgia Tech. His research interests primarily include network analytics and secure information flow. He serves as a technical area leader for Secure Hybrid Network research in US/UK International Technology Alliance in Network and Information Sciences and as a principal investigator for Information Network Research in Network Science Collaborative Technology Alliance where he is working on adversarial analysis of co-evolving networks (social, information, and communication).
Alexander Clemm
November 8, 2012
Speaker: Alexander Clemm
Dr. Alexander Clemm is a Principal Engineer at Cisco.
Title
On the Road Towards Network-embedded Management
Time/Location
10:30am
Information Sciences Building, Room 405
Abstract:
Traditional management architectures, in which smart management applications outside the network manage "dumb" devices inside the network, are rapidly evolving. Increasingly, management tasks are becoming embedded inside the network itself. This is driven by factors such as the need to reduce total cost of ownership, to increase network resilience and independence of outside components, and to reduce complexity for network operators. While the first wave targeted mainly the automation of management functions at individual devices one node at a time, the focus of attention is increasingly beginning to shift towards holistic management tasks that concern the network as a whole. This presentation examines those trends in more detail and presents two examples of research projects in decentralized network-embedded management that were conducted in cooperation between Cisco and University researchers. The first project (with KTH/Sweden) concerns an algorithm and protocol to support Network Threshold Crossing Alerts to monitor aggregated status information that transcends individual network devices, such as the average link utilization across the whole network exceeding a certain threshold. The second project (with UFRGS/Brazil) concerns a system that uses a peer-to-peer algorithm to automatically place measurement probes in a network such that the number of detected service level violation across the network is maximized.
Biography:
Dr. Alexander Clemm is a Principal Engineer at Cisco. As a member of the Network Operating Systems Group's Technology Architecture team, he provides technical direction and leadership for technology that relates to manageability of Cisco networking products from original conception to delivery to the customer. This includes management instrumentation, management and programming interfaces for management applications, and networking capabilities aimed at facilitating operational tasks. He has several dozen publications and patents in this area and is author and/or editor of several books, including "Network Management Fundamentals" and, very recently, "Network-Embedded Management and Applications". Alex is General Co-chair of the 2013 IFIP/IEEE International Symposium on Integrated Management (IM 2013); in the past he was co-chair of Manweek (now CNSM) 2007, DSOM 2007, and the TPC of IM 2005.
Tanvir Ahmed
November 30, 2012
Speaker: Tanvir Ahmed
Tanvir Ahmed is a Principal Member of Technical Staff with the Database Security Group, Oracle, CA.
Title
Access Control on Data through SQL Transformation
Time/Location
2:00PM
Information Sciences Building, Room 404
Abstract:
In rdbms, object privileges protect actions on an object. For example, select on a table or a view. A limitation of object privilege is that it cannot define fine-grained privileges, such as, a select privilege on a subset of the rows of a table. To enforce fine-grained access control, primarily "views" are used. In addition, a functionality of rdbms is to manage data for all forms of applications. This requires that access control policy on data is expressed in terms of application-level operations. The main obstacle to enforce such application-level operational and fine grained privileges is performance. In this talk, we discuss how SQL transformation techniques are used for efficient enforcement of application-level access control policies on data.
Biography:
Tanvir Ahmed is a Principal Member of Technical Staff with the Database Security Group, Oracle, CA. He is working on Oracle Real Application Security (RAS), Oracle 12c. Oracle RAS is a database authorization solution for end-to-end application security. He received the B.S. degree in computer science from the University of Mississippi, Oxford, and the M.S. and Ph.D. degrees in computer science from the University of Minnesota, Twin Cities. His research areas include access control, system security, distributed systems, and software development methodologies.