buttonTrust
 

TRUST Seminar Series

The Spring 2008 TRUST Seminar Series talks will be held in The Wozniak Lounge of Soda Hall on the campus of the University of California, Berkeley Thursdays from 1:00 - 2:00 PM.

If you are visiting Soda Hall from off campus, please see the Visitor Information page.

To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.

(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Spring 2008 TRUST Seminar Series

Compressed Sensing Meets Machine Learning -- Classification of Mixture Subspace Models via Sparse Representation
Allen Allen Yang, UC Berkeley

1pm, Thursday, January 31, 2008, Wozniak Lounge, Soda Hall

Abstract
Recent advances in information technologies have led to unprecedented large amounts of high-dimensional data from many emerging applications in the areas of computer vision, pattern recognition, and sensor networks. The need for more advanced techniques to analyze such complex data calls for shifting research paradigms: From fitting data with a single statistical model to estimating a mixture of multiple models; from classifying patterns in low-dimensional data spaces to those in very high-dimensional spaces; and from processing signals from single sensors to fusing the information from a distributed sensor network. In pattern recognition, mixture subspace models have been widely used to represent singular distributions of multimodal, multivariate data in high-dimensional data space. For instance, in face recognition, frontal-face images from multiple human subjects satisfy a mixture subspace model, one subspace model for each subject, and the prior information of the mixture subspaces is typically provided through training examples. However, one major challenge in supervised learning is the coupling of high dimensionality of the data and limited training samples, which negatively affects the performance of traditional classification methods such as nearest-neighbor (NN) and support vector machines (SVMs). Inspired by an emerging theory of compressed sensing, I will present a new recognition framework for classification of mixture subspace models. In this framework, the recognition problem is reformulated via a new perspective of sparse representation: If a test sample belongs to one of K classes, then its sparsest representation w.r.t. all training samples should have nonzero coefficients only associated with the same class. Hence the membership of the sample is encoded in the sparse representation. Efficient solutions exist to recover such sparse representation via L-1 minimization. The performance of the algorithm is demonstrated via an application of image-based face recognition. In the second part of the talk, I will present a recent development extending the above framework to simultaneously segment and classify human actions on a distributed body sensor network. Some major concerns for a distributed recognition system in sensor networks include reduction of communication costs and robustness to the change of available sensors in the network. I will propose a new distributed recognition system that can accurately segment and classify human actions from continuous motion sequences. The local classifiers that can reject potential outliers reduce the sensor-to-server communication to about 50%. One can also choose to activate a subset of the sensor nodes on the fly due to sensor failure or network congestion. The global classifier is able to adaptively update the optimization process and improve the overall classification upon available local measurements.
Bio
Allen Yang is a postdoctoral researcher at the University of California, Berkeley. This work is in collaboration with Prof. Shankar Sastry (sponsor) and Prof. Ruzena Bajcsy at UC Berkeley, Prof. Yi Ma at UIUC, and Prof. Roozbeh Jafari at UT Dallas.
Wu
Davis Social Links: P2P, Online Social Network, and Autonomous Community
Felix Wu, UC Davis

1pm, Thursday, February 7, 2008, Wozniak Lounge, Soda Hall

Abstract
In this talk, we will discuss the impact of Internet architecture design on network security. In the past few years, there have been many attempts to develop solution to protect our networked system against large-scale attacks such as worm, DDoS, and spam. However, it seems to us (and more and more clearly) that most, if not all, of the proposed solutions are not likely to be effective, given the growth of attacks in numbers and depth. Therefore, the network community has been trying to understand the fundamental issues and the root cause for these large-scale network attacks. One possible idea, currently being actively developed at UC Davis, is called DSL (Davis Social Links). Under DSL, we integrate the concepts of P2P, social networks, and trust management into the network layer, while we remove the requirement of global network identity (e.g., IP addresses or even email addresses, for the context of spam). While we are still in a very early stage regarding DSL, we will go through a few examples of DSL as well as technical considerations.
Bio
Felix Wu is part of the Computer Security group at UCDavis . He is interested in security issues related to both networking and networked systems. Currently, he has been working on the following research areas: Unknown vulnerability analysis, IPSec/VPN Policy Management, Routing protocol security, Internet architecture, Mobility, Secure computer architecture, Email Antispam, Information Visualization for Security, Anomaly Analysis and Explanation. Very soon, he realized that he was probably interested in too many things though. Therefore, his latest focus has been on the DSL (Davis Social Links) project.
Song
BitBlaze: a Binary-centric Approach to Computer Security
Dawn Song, UC Berkeley

1pm, Thursday, February 14, 2008, Wozniak Lounge, Soda Hall

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. In this talk, I will present the BitBlaze project, a binary-centric approach to computer security: how we can address a wide-spectrum of different security problems by analyzing program binaries and automatically extracting security related properties from them. In particular, I will describe the two central research directions of BitBlaze: (1) the design and development of the underlying BitBlaze Binary Analysis Platform, and (2) applying the BitBlaze Binary Analysis Platform to addressing real-world security problems, including automatic vulnerability signature generation, a unified framework for malware analysis, and automatic deviation detection.
Dawn Song is an Assistant Professor at University of California, Berkeley. She obtained her PhD in Computer Science from UC Berkeley (2002). Her research interest lies in security and privacy issues in computer systems and networks. She is the author of more than 60 research papers in areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards and grants including the NSF CAREER Award, the IBM Faculty Award, the George Tallman Ladd Research Award, the Sloan Award, and the Best Paper Award in USENIX Security Symposium.
Herold
The anatomy of a Privacy Breach
Rebecca Herold

1pm, Thursday, February 21, 2008, Wozniak Lounge, Soda Hall

Abstract
Privacy breaches can have devastating impact upon organizations if they do not respond to them well.  There are also at least 40 U.S. state level breach notification laws (including the District of Columbia) that organizations must understand and follow.  Within this presentation I will discuss: • Why there are more privacy breaches than ever before • The many different types of breaches • How to plan for – and respond to - a breach • What the update to SB 1386 (California's privacy breach notice law) means to businesses
Bio
Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI . Rebecca is an information privacy, security and compliance consultant, author and instructor with her own company since mid-2004, Rebecca Herold, LLC. Rebecca has over 17 years of privacy and information security experience, and assists organizations in all industries throughout the world with all aspects of their information privacy, security and regulatory compliance programs. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.  In October 2007 Rebecca was named one of the “Best Privacy Advisers” in two of three categories by Computerworld magazine. Rebecca was also named one of the "Top 59 Influencers in IT Security" for 2007 by IT Security magazine.  Rebecca is an Adjunct Professor for the Norwich University Master of Science in Information Assurance (MSIA) program.   Rebecca has authored many books and is currently authoring her 11th. Some of them include The Privacy Papers (Auerbach) in 2001, co-authored The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach) in 2003, Managing an Information Security and Privacy Awareness and Training Program (Auerbach) in 2005, the Privacy Management Toolkit (Information Shield) in 2006 and co-authored Say What You Do in 2007. Rebecca is the creator, editor and primary contributing author for the “Protecting Information” quarterly subscription security and privacy awareness multi-media publication (Information Shield). Rebecca has also authored chapters for dozens of books along with over one hundred other published articles. She has been writing a monthly information privacy column for the CSI Alert newsletter since 2001 and regularly contributes articles to other publications. Rebecca has a B.S. in Math and Computer Science and an M.A. in Computer Science and Education.   Contact Information Tel:  +1 (515)491-1564 E-mail:  rebeccaherold@rebeccaherold.com Website: www.privacyguidance.com Blog: www.realtime-itcompliance.com
Managing Multiple Perspectives on Trust
Clifford Neuman, University of Southern California, Information Sciences Institute

1pm, Thursday, February 28, 2008, Wozniak Lounge, Soda Hall

Abstract
Trusted computing provides methods for software components to establish confidence in the code with which they communicate. Such technologies are often used to support digital rights management and other mechanisms that protect service providers and owners of content. The same underlying mechanisms, however, can be used to protect the users from untrustworthy service providers. Providing strong security for future systems requires a clearer understanding of the protection boundaries to be enforced. While trusted Computing can help enforce such boundaries, little work has been done to help us understand the structure of such boundaries. This talk discusses ongoing work to develop trusted computing architectures that support multiple perspectives on trust. For users, the most trusted components are their own systems; the software from service providers is less trusted. Information providers place greater confidence in vetted code that runs on designated trusted computing hardware. The trusted computing reference monitor mediates requirements and obligations for each software component providing mutual protection to all involved.
Bio
Clifford Neuman is director of the Center for Computer Systems Security at the Information Sciences Institute (ISI) of the University of Southern California (USC), and a faculty member in the Computer Science Department at USC. Dr. Neuman earned a Bachelor's degree at the Massachusetts Institute of Technology and subsequently worked at Project Athena. He received M.S. and Ph.D. degrees from the University of Washington. Dr. Neuman has conducted research in distributed systems, computer security, and electronic commerce. He is the the principal designer of the Kerberos authentication system and architected its use as a basis for distributed authorization. The Kerberos system has served as the basis for many commercial computer security products. Dr. Neuman also developed the NetCheque® and NetCash systems, and the Prospero Resource Manager and Directory Service. The NetCheque® and NetCash systems provide secure distributed on-line payment particularly suited for managing resources consumption in distributed systems. Dr. Neuman's current research is focused on security policy and the structure of protection boundaries in distributed systems that span organizations with conflicting security goals.
Security with Privacy: Respectful Cameras and Actuator Networks
Ken Goldberg (IEOR and EECS and iSchool) and Jeremy Schiff (EECS), UC Berkeley

1pm, Thursday, March 6, 2008, Wozniak Lounge, Soda Hall

Abstract
An emerging class of digital video cameras provides unprecedented ability to zoom in and capture high-resolution video images. This capability is desirable in many applications from security to public relations, but such high-resolution scrutiny raise significant privacy concerns. We're investigating a new approach to providing a measure of visual privacy by masking an individual's identity while allowing observation of his or her physical actions and other motion in the scene. We'll also describe a new approach we're exploring: Actuator Networks. The idea is to enhance sensor networks with distributed actuation, such as emitting different amplitudes and wavelengths of light or sound, to creating potential fields that can affect motion in an environment. More information: http://www.cs.berkeley.edu/~jschiff/
Bio
Ken Goldberg and his students work in two areas: Geometric Algorithms for Automation, and Networked Robots. In the first category, he develops algorithms for feeding, sorting, and fixturing industrial parts, with an emphasis on mathematically rigorous solutions that require a minimum of sensing and actuation so as to reduce costs and increase reliability. In the area of Networked Robots, Goldberg and colleagues developed the first robot publically operable via the Internet (in 1994). He has published over 100 research papers and edited four books. In 2004, Goldberg co-founded the IEEE Transactions on Automation Science and Engineering and is Founding Chair of its Advisory Board. Goldberg was named National Science Foundation Young Investigator in 1994 and NSF Presidential Faculty Fellow in 1995. He is the recipient of the Joseph Engelberger Award (2000), the IEEE Major Educational Innovation Award (2001) and was elected IEEE Fellow in 2005. Goldberg lives in Mill Valley with his daughter and wife, filmmaker and Webby Awards founder Tiffany Shlain. More information on Goldberg's research and teaching: http://goldberg.berkeley.edu More information on Goldberg's artwork: http://www.ken.goldberg.net goldberg@berkeley.edu
Hongxia
Broadcast Encryption and Traitor Tracing for Content Protection
Hongxia Jin, IBM

1pm, Thursday, March 13, 2008, Wozniak Lounge, Soda Hall

Abstract
Broadcast encryption and traitor tracing are two active problems in cryptography community. In this talk I will give an overview on how broadcast encryption and traitor tracing can be used for content protection. For example, tracing traitors for anonymous re-broadcasting attack is a way to trace the source of unauthorized copies when the system is broadcasted. I will give the talk in the context of AACS, the new industry content protection standards for next generation high definition DVDs, It is the first large-scale commercial deployment of a traitor tracing approach as well as the tree-based broadcast encryption scheme. Along the way we have had to solve both practical and theoretical problems that had not been apparent in the literature to date. In this talk I will focus on discussing some of those problems and point out new research directions. The talk will also include the recent incidence of AACS "break".
Bio
Hongxia Jin is a currently Research Staff Member in IBM Almaden Research Center. She is the leading researcher in the Content Protection group, conducting advanced research in broadcast encryption and traitor tracing. She has filed more than dozen patents in the area. Her work was adopted as core technologies for various industry standards including the content protection standard for the next generation high definition DVDs. She obtained her B.S degree in Computer Science from University of Science and Technology of China, and her Ph.D degree in Computer Science from the Johns Hopkins University in 1999. She then became a Research Staff Member at IBM T.J. Watson Research Center where she primarily focused on software security and dependability research. After she transferred to IBM Almaden Research Center's content protection group, her primary research interest is on key management scheme, forensic tracing technologies, multimedia security, Web 2.0 security, software security, intrusion detection, as well as security measurement. She is interested in information security in general.
One Laptop per Child: Bringing to the children of the world an innovative and secure educational tool
Andriani Andriani Ferti, One Laptop Per Child Foundation

1pm, Thursday, March 20, 2008, Wozniak Lounge, Soda Hall

Abstract
The mission of One Laptop per Child is to develop a low-cost laptop to revolutionize how we educate the world’s children. In particular, OLPC intends to provide an eminently malleable platform, allowing the children to modify, customize, or "hack", their own machines any way they see fit. As a result, its goal is to ship and enable by default a stringent security policy that's appropriate even for the youngest user, and which delivers the strongest available protections. However, the system should allow simultaneously the user to tailor the security level to match her interest in hacking her machine. In Norse mythology, Bifröst is the bridge which keeps mortals, inhabitants of the realm of Midgard, from venturing into Asgard, the realm of the gods. In effect, Bifröst is a powerful security system designed to keep out unwanted intruders. Bitfrost is the security platform for the OLPC XO laptops, based on the principles compliant with its policy to provide to children a functional tool to learn learning through independent interaction and exploration. The MIT Technology Review magazine recognized Ivan Krstic, Bitfröst's main architect, as one of the world's top innovators under the age of 35 for his work on the system.
Bio
Andriani Ferti is a Legal Intern at the One Laptop per Child Association, where she assists the organization in negotiating intellectual property rights and licenses and in better evaluating its open source and free content policy, focusing on both national and international legislation and regulations. She has received her LL.M. degree from the Boalt Hall School of Law of the University of California at Berkeley and her J.D. from the School of Law of the University of Athens, Greece.
IGoldberg
Improving the Robustness of Private Information Retrieval
Ian Goldberg, University of Waterloo

1pm, Thursday, April 10, 2008, Wozniak Lounge, Soda Hall

Abstract
Suppose you want to look up a specific patent from an online patent database, but you don't want the operator of the database to learn *which* patent you're interested in. A trivial solution is for the database operator to send you the whole database; can we do better? Private Information Retrieval (PIR) is the field that examines these kinds of problems. There are a wide variety of PIR protocols; some protect the privacy of the query through encryption, while others protect it information-theoretically by splitting the query across multiple database servers. In the latter case, an important consideration is robustness: how do we deal with servers that may maliciously return incorrect results, collude for an adversarial purpose, or simply fail. In this talk, we present a new PIR protocol that information-theoretically protects queries from a group of servers, some of which may respond incorrectly or not at all. Our new protocol increases the maximum privacy level (the number of servers which need to collude in order to determine your query) by a factor of 3 over the previous work. It also allows more servers to reply maliciously, while still maintaining your ability to determine the correct response to your query and to identify bad actors. We then extend this protocol to produce one which provides hybrid privacy protection: information-theoretic protection if a limited number of servers collude; cryptographic protection if they all do. We will conclude with some recent results further improving the effeciency of these protocols.
Bio
Ian Goldberg is an Assistant Professor of Computer Science at the University of Waterloo, where he is part of the Cryptography, Security, and Privacy (CrySP) research group. He holds a Ph.D. from the University of California, Berkeley, where he co-founded that university's Internet Security, Applications, Authentication and Cryptography group. From 1999 to 2006, he was Chief Scientist of Radialpoint (formerly known as Zero-Knowledge Systems), a company offering security and privacy technologies for Internet users.
Hoofnagle
Measuring Identity Theft at Top Banks (Version 1.5)
Chris Hoofnagle, University of California, Berkeley

1pm, Thursday, April 17, 2008, Wozniak Lounge, Soda Hall

Abstract
At the beginning of the automobile safety debate of the 1960s, a "blame the driver" mentality stood in the way of a nuanced understanding of the auto accidents, and consumers lacked reliable measures for comparing cars on safety. We are in similar posture today with respect to identity theft. Identity theft is a problem, like automobile accidents, that will never be completely solved. Individuals, inexperienced as they are with technology and new methods of payment, will undoubtedly continue to contribute facilitate some identity theft. A lack of information about fraud incidents at banks prevents a consumer market for bank safety from emerging. As part of a multiple strategy approach to obtaining more actionable data on identity theft, the Freedom of Information Act was used to obtain complaint data submitted by victims in 2006 to the Federal Trade Commission. This complaint data identifies the institution where impostors established fraudulent accounts or affected existing accounts in the name of the victim. The data were aggregated and used to create comparative fraud ranks at leading banks, in an attempt to empower consumers, regulators, and businesses by creating a market for bank safety.
Bio
Chris Hoofnagle is a privacy expert and lawyer admitted to practice in California and DC. He serves as senior staff attorney to the Samuelson Law, Technology and Public Policy Clinic and senior fellow to the Berkeley Center for Law and Technology at the University of California-Berkeley Boalt Hall School of Law. Prior to joining Boalt, Chris was senior counsel to the Electronic Privacy Information Center, where he ran the organization's West Coast Office. In 2005, Chris was a non-residential fellow at Stanford University's Center for Internet and Society. Over the years, Chris has testified before Congress, the California Legislature, and before the Judicial Conference of the United States on various privacy issues. Chris has commentated in over 1,000 news stories in national print and broadcast media. Chris' academic articles on the First Amendment and privacy are online at SSRN.
Maxion
In Pursuit of the Last "9". Reliability in Keystroke Forensics
Roy Maxion, Carnegie Mellon University

1pm, Thursday, April 24, 2008, Wozniak Lounge, Soda Hall

Abstract
Keystroke dynamics is the process of identifying individual users on the basis of their idiosyncratic typing rhythms, which are in turn derived from the timestamps of key-press and key-release events in the keyboard. A user's typing rhythm could be used in two-factor authentication, continuous re-authentication, and access-control systems. Typing rhythms could also be used in detecting the nefarious activities of insiders, or in related forensic investigations. In these security-sensitive and mission-critical applications, a determination of whether or not someone typed a passcode or a snippet of text needs to be reliable (especially if it is used as evidence in legal proceedings). Dependability experts often talk about achieving reliability at the level of 99.9999999%, or what is called nine 9s of reliability. Although keystroke-based access-control systems typically require only five 9s, even this level of reliability has not been achieved in over a quarter century of research. Why not? Is there something different about pursuing five nines (99.999%) of keystroke reliability than about pursuing, say, two nines (99%)? This talk explores some factors that might explain such slow progress in keystroke research, and suggests an alternative paradigm that may offer more promise, and that has already produced some surprising outcomes. We present a baseline testbed and a series of keystroke experiments designed to elicit results that come as close to that last 9 as possible. As might be expected, careful measurement is at the root of both the problem and the solution.
Bio
Roy Maxion is director of the CMU Dependable Systems Laboratory, and Principal Systems Scientist in the Computer Science, Machine Learning and ECE Departments at Carnegie Mellon University. His general research interest is rooted in system dependability and reliability, recently turning toward information assurance and selected aspects of computer security. He has been program chair of the International Conference on Dependable Systems and Networks, member of the executive board of the IEEE Technical Committee on Fault Tolerance, member of the United States Defense Science Board, and various professional organizations. He has consulted for the US Department of State as well as for numerous industry and government bodies. He is on the editorial boards of the IEEE Transactions on Dependable and Secure Computing, the IEEE Transactions on Information Forensics and Security, and the International Journal of Security and Networks. Dr. Maxion is a Fellow of the IEEE.
Katz
Predicate Encryption: A New Paradigm for Public-Key Encryption
Jonathan Katz, University of Maryland

1pm, Thursday, May 1, 2008, Wozniak Lounge, Soda Hall

Abstract
Predicate encryption is a strong generalization of public-key encryption that is better suited for protecting information flow in complex organizations. Roughly speaking, in a predicate encryption scheme the secret keys correspond to "capabilities" and ciphertexts are associated with "attributes"; a secret key enables decryption of a given ciphertext only if the attribute satisfies the relevant capability. Identity-based encryption and forward-secure encryption will be shown to be special cases of this paradigm, and other more recent (and more complex) examples will also be discussed.
Bio
Jonathan Katz is an assistant professor at the University of Maryland whose research focuses on security, cryptography, and theoretical computer science. He holds a PhD in computer science from Columbia University and an undergraduate degree in mathematics from MIT. He was granted an NSF CAREER award in 2005, and his textbook "Introduction to Modern Cryptography" was published in 2007.
Charles
Building a Safer Web: Web Tripwires and a New Browser Architecture
Charles Reis, University of Washington

1pm, Thursday, May 8, 2008, Wozniak Lounge, Soda Hall

Abstract
Web content has shifted from simple documents to active programs, but web protocols and browsers have not evolved adequately to support them. As a result, safety problems in web sites and web browsers now regularly make headlines, from browser exploits to ISPs that modify web pages. In this talk, I will discuss my research into improving the security and reliability of web content and browsers. For most of this talk, I will focus on one particular problem: the ability for intermediaries to modify web content in-flight. Our recent measurement study shows that many clients now receive web pages that have been altered before reaching the browser. The changes range from injected advertisements to popup blocking code to malware, often affecting the user's privacy and security. Some of these changes introduce bugs and even vulnerabilities into the pages they modify. Most sites are unwilling to switch to SSL for reasons of cost and performance, so I will show how web servers can use "web tripwires" to detect in-flight page changes with inexpensive JavaScript code. After this, I will talk more broadly about my research on web browser security, focusing on the deficiencies of today's web as an application platform. Starting from my prior work on BrowserShield, I will show how we need a safer architecture for running programs within the browser. Like an operating system, this new architecture will need effective mechanisms to define, isolate, and enforce policies on these web programs.
Bio
Charles Reis is a PhD student in the Department of Computer Science & Engineering at the University of Washington, studying with Steve Gribble and Hank Levy. His current research focuses on improving the security and reliability of web content and web browsers. In the past, he has also worked on models of wireless interference with David Wetherall. Charles received a B.A. and an M.S. in Computer Science from Rice University, where he worked with Corky Cartwright and Peter Druschel. At Rice, Charles was the second lead developer for DrJava, a widely used educational programming environment.
Livshits
Spectator: detection and containment of JavaScript worms
Ben Livshits, Microsoft Research

POSTPONED. Ben Livshits will be our first speaker when the TRUST seminar resumes in the FALL

Abstract
Recent popularity of interactive AJAX-based Web 2.0 applications has given rise to a new breed of security threats: JavaScript worms. We propose Spectator, the first automatic detection and containment solution for JavaScript worms. Spectator performs distributed data tainting by observing and tagging the traffic between the browser and the Web application. When a piece of data propagates too far, a worm is reported. To prevent worm propagation, subsequent upload attempts performed by the same worm are blocked. Spectator is able to detect fast and slow moving, monomorphic and polymorphic worms with a low rate of false positives. In addition to our detection and containment solution, we propose a range of deployment models for Spectator, ranging from simple intranet-wide deployments to a scalable load-balancing scheme appropriate for large Web sites. We demonstrate the effectiveness and efficiency of Spectator through both large-scale simulations as well as a case study that observes the behavior of a real-life JavaScript worm propagating across a social networking site. Spectator is able to detect all JavaScript worms released to date while maintaining a low detection overhead for a range of workloads.
Bio
Ben Livshits is a researcher at Microsoft Research in Redmond, WA. He received a B.A. from Cornell University in 1999, and his M.S. and Ph.D. from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. He is known for his work on software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. Lately he has been focused on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?

If you are interested in presenting, or have a question about our seminar please contact Alvaro A. Cárdenas.

You are not logged in
© 2005-2008 Trust