The CIPS Vancouver Security Special Interest Group (Security SIG) is a group of information system security professionals dedicated to promoting awareness of issues and to furthering professional development in information systems.
March 2009 Meeting
Submitted by Dale on Mon Mar 2, 2009 - 15:15
When: Friday, March 13, 2009 2:00pm
Konstantin Beznosov will be arranging the "best of" his computer security course student presentations. Topics will include a simple way to break into accounts of the pay-by-phone parking system used in Vancouver, vulnerabilities in the update mechanisms for Sophos AV, and an attack on Windows Live messenger that allows impersonation of IM users.
PLEASE NOTE THAT THE MEETING DATE HAS BEEN CHANGED FOR THIS MONTH TO A
FRIDAY (NOT THE USUAL WEDNESDAY).
AGENDA:
2:00pm - 3:00pm
Topic: See abstracts and presentation details below
Presenter = Konstantin (Kosta) Beznosov, Assistant Professor, UBC
Abstract:
Kosta will share his 5-year-long experience of teaching a 4th-year
undergraduate course in computer security -
http://courses.ece.ubc.ca/412/about.html )
at the Department of Electrical and Computer Engineering, UBC.
Samples of the projects to be presented are as follows:
(1) Finding a simple way to break into web accounts of pay-by-phone parking system used in Vancouver;
(2) Discovering vulnerabilities in the update mechanisms for Sophos AV;
(3) Finding ways to impersonate users of Windows Live messenger.
Bio -
Konstantin (Kosta) Beznosov is an Assistant Professor at the Department of
Electrical and Computer Engineering, the University of British Columbia,
where he directs the Laboratory for Education and Research in Secure Systems
Engineering. His research interests are distributed systems security, usable
security, secure software engineering, and access control. Prior UBC, he was
a Security Architect at Hitachi Computer Products (America) and Concept
Five. Besides many academic papers on security engineering in distributed
systems, he is also a co-author of "Enterprise Security with EJB and
CORBA" and "Mastering Web Services Security" books, as well as XACML and
several CORBA security specifications.
3:00pm - 3:15pm = Break
3:15pm - 4:00pm
Presentation 1: Guidelines for Designing IT Security Management Tools
Presenter: Pooya Jaferian, Ph.D. student, UBC
Abstract:
An important factor that impacts the effectiveness of security systems
within an organization is the usability of security management tools. In
this paper, we present a survey of design guidelines for such tools. We
gathered guidelines and recommendations related to IT security management
tools from the literature as well as from our own prior studies of IT
security management. We categorized and combined these into a set of high
level guidelines and identified the relationships between the guidelines
and challenges in IT security management. We also illustrated the need for
the guidelines, where possible, with quotes from additional interviews with
five security practitioners. Our framework of guidelines can be used by
those developing IT security tools, as well as by practitioners and managers
evaluating tools.
Bio -
Will be provided during presentation.
Presentation 2: Personal Firewalls
Presenter: Dr. Kirstie Hawkey, Postdoctoral Fellow, UBC
Abstract:
Windows Vista's personal firewall provides its diverse users with a
basic interface that hides many operational details. However, our study of
this interface revealed that concealing the impact of network context on the
security state of the firewall results in mental models that are unclear
about the protection provided by the firewall resulting in an inaccurate
understanding of the firewall configuration. We developed a prototype to
support more contextually complete mental models through inclusion of
network context information. Results from our initial evaluation of the
prototype support our approach of improving user understanding of underlying
system states by revealing hidden context, while considering the
tension between complexity of the interface and security of the system.
Bio -
Kirstie Hawkey is a Postdoctoral Research Fellow in the Departments of
Computer Science and Electrical & Computer Engineering at UBC. She is
working on the HOT Admin and Identity Management projects in the Laboratory
for Education and Research in Secure Systems Engineering. She received her
PhD in Computer Science from Dalhousie University in 2007. Her research
interests include personal information management and usable privacy and
security, particularly within the context of group work.
--------------------------------------------------------------------------------
Note:
Information discussed at CIPS Vancouver Security SIG meetings is
confidential and is shared for the purpose of education. Please make sure
you sign the attendance/confidentiality agreement sheet for our records and
to claim your professional development credit hours.
As a courtesy, please be punctual for the meeting, and please switch off
your cell phone during the meeting.
