| Date | Speaker | Title | |
| 1. | October 26 |
Bill Claycomb Senior Member of Technical Staff, Software Engineering Institute, Carnegie Mellon University Research Scientist for the CERT Enterprise Threat and Vulnerability Management team |
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks |
| 2. | October 28 |
Gabriel Ghinita Assistant Professor, Department of Computer Science, University of Massachusetts |
Geometric and Cryptographic Transformations for Private Matching of Spatial Datasets
Jointly with Telecom |
| 3. | November 11 |
Calton Pu Professor and John P. Imlay, Jr. Chair in Software School of Computer Science, Georgia Institute of Technology |
Automated N-Tier System Management through Experimental Measurements
Jointly with Telecom |
|
October 26, 2011 LERSAIS Seminar Speaker Bill Claycomb
Senior Member of Technical Staff Title Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Time/Venue 2:30pm |
Abstract:
Since 2001, the CERT Insider Threat Center has collected and analyzed over 700 actual cases of insider crimes involving fraud, IT sabotage, theft of intellectual property, and national security espionage. Using data-driven empirical analysis of socio-technical insider activity, CERT has developed system dynamics based models to describe interactions between insiders and their environment. This talk will detail CERT's research on insider threats, explain the models we have developed, and explore difficult issues such as measuring the impact of insider crime. This talk will also include demonstrations of insider activity as well as a discussion of technical controls that could be implemented to prevent or detect such activity.
Biography:
Bill Claycomb is a Senior Member of Technical Staff at Carnegie Mellon University's Software Engineering Institute, where he is the Lead Research Scientist for the CERT Enterprise Threat and Vulnerability Management team. His primary research interests focus on insider threats, specifically prediction, detection, and mitigation. He also works across teams exploring cloud computing, incident response, systems modeling, and vulnerability analysis. Prior to joining SEI in 2011, Bill was a Member of Technical Staff at Sandia National Laboratories, where he focused on enterprise systems management and security research, including insider threats, malware detection, and data protection. Bill received a B.S. in Computer Science from the University of New Mexico in 1999, and an M.S. (2005) and Ph.D. in Computer Science from New Mexico Tech.
|
October 28, 2011 Joint LERSAIS and Telecom Seminar Speaker Gabriel Ghinita
Assistant Professor Title Geometric and Cryptographic Transformations for Private Matching of Spatial Datasets Time/Venue 12:00pm |
Abstract:
Private matching (or join) of spatial datasets is crucial for applications where
distinct parties wish to share information about nearby geo-tagged data items.
To protect each party's data, only joining pairs of points should be revealed,
and no additional information about non-matching items should be disclosed. Previous
research efforts focused on private matching for relational data, and rely either on
space- embedding or on SMC techniques. Space-embedding transforms data points to hide
their exact attribute values before matching is performed, whereas SMC protocols
simulate complex digital circuits that evaluate the matching condition without
revealing anything else other than the matching outcome.
However, existing solutions have at least one of the following drawbacks: (i) they
fail to protect against adversaries with background knowledge on data distribution,
(ii) they require a non-colluding third party to assist in the matching, (iii) they
compromise privacy by returning false positives and (iv) they rely on complex and
expensive SMC protocols. In this talk, I will introduce two approaches to perform
private matching on spatial datasets. First, I will discuss a geometric transformation
that still requires a non- colluding third party, but it is efficient and it is not
vulnerable to background knowledge attacks. Next, I will present a two-party protocol
based on homomorphic encryption that eliminates the need for a third party, and
provides strong privacy guarantees in the semi-honest model.
Biography:
Dr. Gabriel Ghinita is an Assistant Professor with the Department of Computer Science, University of Massachusetts, Boston. His research interests lie in the area of data security and privacy, with focus on privacy-preserving transformation of microdata, private queries in location based services and privacy- preserving sharing of sensitive datasets. Prior to joining University of Massachusetts, Dr. Ghinita was a research associate with the Cyber Center at Purdue University, and a member of the Center for Education and Research in Information Assurance and Security (CERIAS). He also held visiting researcher appointments with the National University of Singapore, Chinese University of Hong Kong and Hong Kong University. Dr. Ghinita served as reviewer for top journals and conferences such as IEEE TPDS, IEEE TKDE, IEEE TMC, VLDBJ, VLDB, WWW, ICDE and ACM SIGSPATIAL GIS.
|
November 11, 2011 LERSAIS Seminar Speaker Calton Pu
Professor and John P. Imlay, Jr. Chair in Software Title Automated N-Tier System Management through Experimental Measurements Time/Venue 12:00pm |
Abstract:
Large N-Tier applications running in data centers and cloud environments have complex deployment requirements and dependencies that change frequently. The increasing complexity and scalability requirements of such applications demand automated configuration design, testing, deployment and monitoring of applications. In the Elba project, we have automated the n-tier application deployment, monitoring, and analysis phases through automated generation of benchmark scripts. Elba software tools include the Mulini generator, which creates deployment and monitoring scripts for several benchmarks such as RUBiS and RUBBoS. The scripts run the benchmark through many different configurations (from 3-tier to 5-tier, and several software packages such as MySQL and PostgreSQL), producing detailed data on many system resource metrics (e.g., CPU and network utilization). Statistical analysis of these metrics identifies the resource bottlenecks automatically, leading to automated adaptation. We will show detailed analyses of our data and discuss new research topics that can use the benchmark data accumulated and apply these techniques to other quality of service dimensions such as availability and power consumption. Concrete applications of this data include configuration planning and autonomic adaptation of N-tier applications.
Biography:
Calton Pu was born in Taiwan and grew up in Brazil. He received his PhD from University of Washington in 1986 and served on the faculty of Columbia University and Oregon Graduate Institute. Currently, he is holding the position of Professor and John P. Imlay, Jr. Chair in Software at the College of Computing, Georgia Institute of Technology. He has worked on several projects in systems and database research. His contributions to systems research include program specialization and software feedback. His contributions to database research include extended transaction models and their implementation. His recent research has focused on automated system management in clouds (Elba project) and document quality, including spam processing. He has collaborated extensively with scientists and industry researchers. He has published more than 70 journal papers and book chapters, 200 conference and refereed workshop papers. He served on more than 120 program committees, including the co-PC chairs of SRDS'95, ICDE'99, COOPIS'02, SRDS'03, DOA'07, DEBS'09, ICWS'10, CollaborateCom'11, and co-general chair of ICDE'97, CIKM'01, ICDE'06, DEPSA'07, CEAS'07, SCC'08, CollaborateCom'08, and World Service Congress'11.