UofO Research Day: Security

1
UofO Research Day Security Privacy

• Carlisle Adams
• February 6, 2007

2
The State of the World

• The Internet is a big, bad, scary place
• Malicious software, DoS, phishing, credit card
  theft, id theft
• Other electronic networks are not much better
• Voice/data networks (e.g., cell phone, wireless
  ad hoc nets)
• Text networks (e.g., Instant Messaging (IM))
• Social networks (e.g., Facebook, mySpace)
• How can we create environments in which it is
  safe for people to work and play?

3
Security Privacy Research Area

• At University of Ottawa, Security Privacy is a
  very active research area, both within the
  Faculty of Engineering and in other Departments
  across campus (e.g., Law, Criminology, Math)
• At SITE we have a number of researchers looking
  at various aspects of security and privacy
• Gregor Bochmann
• Azzedine Boukerche
• Amy Felty
• Guy-Vincent Jourdan
• Stan Matwin
• Ali Miri
• Liam Peyton
• Tet Yeap
• Carlisle Adams

4
Gregor Bochmann

• Modeling trust for e-commerce transactions
• A trust model with statistical foundation,
  including the use of online recommendations
• Trust-based access control for ubiquitous
  e-services
• Authentication infrastructures
• Authentication for mobile communication services
  over the Internet
• See http//www.site.uottawa.ca/bochmann/

5
Azzedine Boukerche

• Security for wireless ad hoc and sensor networks
• Part of the emergency preparedness and response
  project
• How to achieve anonymity in such networks?
• How to ensure data protection in such a
  harsh/hostile environment?
• Intrusion detection models for computer networks
  and mobile phone systems
• Use of a biologically-inspired approach (human
  immune system)
• See http//paradise.site.uottawa.ca/

6
Amy Felty

• Privacy properties of data mining software
• users express their privacy policy as logical
  constraints, and developers of data mining
  software provide proofs that their software
  respects these user-specified permissions
• Proof-carrying code
• a mechanism for insuring that a host (code
  consumer) can safely run code delivered by a code
  producer
• the host specifies a safety policy as a set of
  axioms and inference rules. In addition to a
  compiled program, the code producer delivers a
  formal proof of safety expressed in terms of
  those rules that can be easily checked
• See http//www.site.uottawa.ca/afelty/scas.html

7
Guy-Vincent Jourdan

• Security of software applications
• Software engineering practices and tools that
  help software engineers produce more secure
  software
• E.g., architectures that help to prevent command
  injection (unwanted interactions between
  components)
• E.g., session management tools and techniques to
  reduce / prevent the possibility of web session
  abuse (such as cross-site scripting)
• See http//www.site.uottawa.ca/gvj/

8
Stan Matwin

• Privacy-preserving data mining
• designing DM algorithms that guarantee, in some
  sense, that the DM process will not divulge data
  about individuals beyond the intended parties
• Privacy Enhancing Technologies (PET)
• E.g., privacy compliance enforcement in e-mail
• See http//www.site.uottawa.ca/stan/contents/res
  earch.html

9
Ali Miri

• Secure sensor and ad hoc networks
• Intrusion / anomaly detection anonymous
  communication
• Biometric-based cryptosystems
• Fuzzy vault biometric systems identity-based
  biometric ciphers
• Cryptography for resource-constrained devices
• Efficient elliptic / hyper-elliptic cryptosystems
• side-channel attack resistant multi-processor
  designs
• See http//www.site.uottawa.ca/samiri/

10
Liam Peyton

• Liberty Alliance Project federated identity
  management
• Extending the basic LAP architecture to support
  privacy preferences, privacy seal, audit trail
• Evolving e-health business processes
• Requirements engineering framework for managing
  compliance with privacy legislation (e.g.,
  Personal Health Information Protection Act
  (PHIPA))
• See http//www.site.uottawa.ca/lpeyton/

11
Tet Yeap

• Session Initiation Protocol (SIP)-based real-time
  comm. apps.
• E.g., VoIP, video conferencing, IM
• Need to protect and secure the data transmitted
• Approaches for applying AAA (Authentication,
  Authorization, Audit) features to SIP-based
  communications
• See http//www.site.uottawa.ca/yeap/

12
Carlisle Adams

• Privacy technologies
• Protocols and techniques for precisely
  controlling the personal information that is
  revealed to another party (digital credentials)
• Steganography fair e-voting measuring anonymity
  in MIX networks
• Cryptography
• Effectiveness of algebraic attacks formal
  notions of security
• Access control
• Architectures policies delegation models
• See http//www.site.uottawa.ca/cadams/

13
UofO for SP Research

• Ottawa is the best place in Canada to study
  Security Privacy
• Active researchers at University of Ottawa
• This talk was just a little sampling of all the
  work going on
• Active researchers at Carleton University
• Courses and co-supervision available through
  Institutes
• Significant industry players (research
  development)
• Nortel, Alcatel, Entrust, Third Brigade,
  Cloakware, many others
• Significant provincial and federal government
  interest
• CSIS, CSE, DND, OPC, several other branches
• Center for conferences, workshops, symposia every
  year
• This conjunction of benefits is not available
  anywhere else in Canada.
• We look forward to seeing you here!

14
Questions?