Apr 8: Gary McGraw @ Swarthmore

Attack Trends or Why Software Security

Gary McGraw, Cigital
Friday, April 8, 4:30pm
Science Center, Room 199, Swarthmore College

In some sense, software is the lifeblood of most modern complex systems. Software can fail, but worse yet, software can be intentionally made to fail by attackers. Instead of defending our
systems by isolating them from the network (an impossible task), we must build security in from the beginning. Both social networking and mobile device security provide important security lessons that can inform a reasoned approach. Modern malicious code, including the Zeus Trojan, Stuxnet, and other persistent web threats, is as sophisticated as it is insidious. And future trends in attacks are even more alarming, leveraging rootkits, multi-core attacks, and hard-to-diagnose timing issues. Our sole recourse is software security. The good news is that we actually know what to do to build security in.

BIO

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area. He is a recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).

Mar 23: Jennifer Neville at Bryn Mawr

The Computer Science Department at Bryn Mawr College invites you to a special event: Invited Talk on Machine Learning

Modeling and Mining Social Networks
Jennifer Neville, Assistant Professor, Purdue University
Wednesday, March 23, 2011 from 4:00-5:00 pm
Park 243 (Physics Lecture Hall), Bryn Mawr College

Abstract:
In the past decade, we have witnessed an explosive growth in the use of the Web and online communities. This has lead to increased interest in mining the resulting social network data, both to advance understanding of human behavior and to exploit the underlying social processes for decision-making. In complex network domains (e.g., communication, friendship, and organizational networks), the relationships are a critical source of information that identify potential statistical dependencies among individuals. These dependencies among linked entities present an opportunity to improve predictions about the properties of individuals, as birds of a feather do indeed flock together. For example, when deciding how to market a product to people in Facebook or LinkedIn, it may be helpful to consider whether a person's friends are likely to purchase/adopt the product.

In this talk, to give an overview of the types of statistical learning and inference challenges in network domains, I will present work from three different, yet related, areas of social network mining. First, I will discuss the issue of how to sample a representative subgraph from a large complex network in order to efficiently study domain characteristics and support development of network systems. Next, I will describe a machine learning method to automatically infer relationship strength (e.g., strong vs. weak) from social activity patterns in online social networks, where the goal is to identify influential relationships and prune away spurious links. Finally, I will discuss how to differentiate the behavioral effects of social influence and homophily in networks changing over time and outline a novel statistical test to determine which effects are significant.

Bio:
Jennifer Neville is an assistant professor at Purdue University with a joint appointment in the Departments of Computer Science and Statistics. She received her PhD from the University of Massachusetts Amherst in 2006. She received a DARPA IPTO Young Investigator Award in 2003 and was selected as a member of the DARPA Computer Science Study Group in 2007. In 2008, she was chosen by IEEE as one of "AI's 10 to watch." Her research focuses on developing data mining and machine learning techniques for relational domains, including citation analysis, fraud detection, and social network analysis.

Hal Berghel at Bryn Mawr

Talk: Secure Credentialing
Speaker: Hal Berghel, UNLV
Date: Friday, January 21, 2011, 3:00pm
Location: Park Science Building, Bryn Mawr College

We discuss several new methods for the creation of secure credentials, including some of those for which the speaker holds patents. These methods include those that work with conventional identification media (mag stripe cards, smart cards, RFID cards, etc.) as well as newer applications that use digital displays (e.g., on iPhones and PDAs). These methods will be presented in the context of a variety of business, government, law enforcement and military applications. Our methods integrate biometrics (fingerprint, iris scan, bone scan, capillary/palm scan, photographic images, etc.) to provide at least four points of authentication. Industry standard encryption (e.g., AES and Blowfish) is added in a variety of ways to provide security. The result is a self-validating credential that operates on a mobile platform with equipment that may be found in most office equipment retail stores. One of our systems, CardSleuth, will be demonstrated. Although CardSleuth takes advantage with elecrical power and network access, it requires neither for full functionality. The software runs on any Windows computer, PDA, phone, etc. for both the generation and recognition, as well as authentication and validation of IDs. The robustness of these methods are compared with recent government efforts such as RealID and the WHTI Pass Card.

Hal Berghel is currently Professor and Director of the School of Informatics at the University of Nevada, Las Vegas where he has previously served as Director of the School of Computer Science and Associate Dean of the College of Engineering. He is also the founding Director of both the Center for CyberSecurity Research, and the Identity Theft and Financial Fraud Research and Operations Center. His research interests are both catholic and eclectic, ranging from logic programming and expert systems, relational database design, algorithms for non-resolution based inferencing, approximate string matching, digital watermarking and steganography, and digital security (including both computer and network forensics), For the past decade he has applied his work in digital security to law enforcement, particularly with respect to digital crime, cyberterrorism, and information warfare. His research has been supported by both industry and government for over thirty years. His current in secure credentialling technology is funded by the Department of Justice. In addition to his academic positions, Berghel is also a popular columnist, author, frequent, talk show guest, inventor, and keynote speaker. For nearly fifteen years he wrote the popular Digital Village column for the Communications of the ACM.

Berghel is a Fellow of both the Institute for Electrical and Electronics Engineers and the Association for Computing Machinery, and serves both societies as a Distinguished Lecturer. He has received the ACM Outstanding Lecturer of the Year Award four times and was recognized for Lifetime Achievement in 2004. He has also received both the ACM Outstanding Contribution and Distinguished Service awards. He is also the founder and owner of Berghel.Net, a consultancy serving business and industry, and co-owner of BC Innovations Management, a startup company in IP and DRM.

Extra Apr 29: Shafi Goldwasser @ Drexel

Drexel University will be hosting a symposium in honor of Shafi Goldwasser who is this year's recipient of the Franklin Institute Award in Computer and Cognitive Science (www.fi.edu/franklinawards). The theme of the symposium will be theoretical CS with applications to cryptography (Shafi is the co-inventor of zero knowledge proofs and the complexity class IP along with many other significant results in crypto and complexity theory). The symposium will be held on Thur. April 29 from 10-2 and will feature, in addition to Shafi talks by Silvio Micali and Avi Wigderson, two of her collaborators and major contributors to the field themselves.

More information about this event is available at www.cs.drexel.edu/node/15292

I hope you will be able to attend, but in the case that you are unable to attend, we will be recording the lectures. Please invite your colleagues who might be interested in the symposium.

April 19, 2010: Susan Rodger of Duke University

Computer Science Concepts Come Alive

Susan Rodger
Department of Computer Science
Duke University

Monday, April 19, 2010
4:30 pm (Tea at 4 pm in KINSC H208)
Koshland INSC H109
Directions and Map

Abstract

We describe how to make computer science concepts come alive through visualization and interaction in several computer science courses from introductory computer science to theoretical computer science. We discuss three software tools. JAWAA, a scripting language, aids in creating animations of algorithms and data structures. JFLAP, a tool for automata and grammars, allows for experimentation with theoretical concepts. Alice, a virtual worlds programming environment, visualizes programming concepts in 3D that are accessible for students as young as middle school. We provide examples of how such tools aid students in understanding concepts.

Biography

Susan Rodger is a Professor of the Practice in the Computer Science Department at Duke University. She received her PhD in computer science from Purdue University. Rodger's research interests include interactive and visual software and computer science education. She developed JFLAP, a tool for experimenting with automata theory. JFLAP is used around the world in automata theory courses, compiler courses, and discrete math courses. Rodger developed JAWAA, a scripting language for algorithm animation over the web. She has taught Alice to students from college level to middle school level, and has run Alice workshops for K-12 teachers. She was a finalist in the 2007 NEEDS Premier Award for Excellence in Engineering Education Courseware (for JFLAP) and received an ACM Distinguished Educator award in 2006.

Mar 18: David Clark at Swarthmore

Computer Science as Social Science: The future of the Internet

David Clark, EECS, MIT

Thursday, March 18
4:15pm in SCI 101
Swarthmore College | Map and Directions

Abstract
A lesson I have learned in my 35 years of working on the Internet is that the technologists are not in charge, and have not been in charge for at least the last 15 or 20 of those years. The forces that will shape the future of the Internet primarily derive from the deep social, economic and cultural embedding of the Internet. Technology will be successful if it is responsive to these pressures. This fact is both exciting and perhaps alarming--it is exciting to be working on a system that has had so much impact on the world, but Computer Scientists are not normally trained to think about these issues, and to derive from these issues what technical problems we should address. I will give some examples, both past and future, that suggest methods and models we can use to link what we as technologists do to the forces in the larger world that will interact with that technology.

Bio
David Clark is a Senior Research Scientist at the MIT Computer Science and Artificial Intelligence Laboratory, where he has worked since receiving his Ph.D. there in 1973. Since the mid 70s, Dr. Clark has been leading the development of the Internet; from 1981-1989 he acted as Chief Protocol Architect in this development, and chaired the Internet Activities Board. His current research looks at re-definition of the architectural underpinnings of the Internet, and the relation of technology and architecture to economic, societal and policy considerations. He is helping the U.S. National Science foundation organize their Future Internet Design program. Dr. Clark is past chairman of the Computer Science and Telecommunications Board of the National Academies, and has contributed to a number of studies on the societal and policy impact of computer communications. He is co-director of the MIT Communications Futures Program, a project for industry collaboration and coordination along the communications value chain.

Feb 25, 2010: Judith Bishop of Microsoft

The Hot under the Cool - Patterns, Programming and Performance

A Colloquium by

Judith Bishop
Director of Computer Science in External Research, Microsoft Research

Thursday, February 25, 4:00-5:00pm (Tea at 3:30pm) in Room 243 Park Science Building, Bryn Mawr College

Abstract:

So much of what computer science produces is labeled as cool, that it is easy for the public to miss the real hard science that goes into getting the graphics, the communications or the devices out there into the consumer space. Yet it is the hot topics under the cool that attract the best students and the biggest grants and should be as visible to the public and to policy makers. This talk looks at research underneath user interfaces and in the quest for performance in the past decade as seen through my years as in academia, but more recently in Microsoft. Patterns and abstraction are not evident to the naked eye, but they drive reusable, safe and cost-effective software. I will examine the progress that has been made, the current research that is ongoing, and the steps that will need to be taken - technical and social - to meet the massive estimated needs of computer specialists in the future.

Bio:

Judith Bishop is Director of Computer Science in External Research at Microsoft Research, based in Redmond, USA. Her goal is to foster strong links between Microsoft's research groups and top computer science departments globally, through encouraging projects, supporting courseware and conferences, and engaging directly in research. Professor Bishop has a distinguished background in academia, having been a professor most recently at the University of Pretoria, South Africa. She has had visiting positions in the UK, Germany, Canada, Italy and the USA. Her expertise is in programming languages and distributed systems, with a strong practical bias and an interest in compilers and design patterns. She has over 90 publications including 15 books on programming languages that are available in six languages and read worldwide. Professor Bishop serves frequently on international editorial, program and award committees, and has received numerous awards and distinctions, in particular the IFIP Outstanding Service Award in 2009 for service to the worldwide computer science community.