CERIAS Security Seminar Series

, "Rick Clark, Ontario Systems"

Arjan Durresi, "Security for the Next Internet over Heterogeneous Environments"

The networking research community is working to design the Next ...

The networking research community is working to design the Next Generation Internet, which will meet the needs of the twenty-first century. The first requirement for the Next Generation Internet is security. Furthermore, the Internet will include heteroge

Jeremy Rasmussen, "The Best Defense is Information"

In the course of doing security vulnerability testing for government ...

In the course of doing security vulnerability testing for government and commercial clients over the past 10 years, our Information Security Solutions team at Sypris Electronics has seen a lot of interesting things�perhaps none more so than a recent attac

Mummoorthy Murugesan, "Providing Privacy through Plausibly Deniable Search"

Query-based web search is becoming an integral part of many ...

Query-based web search is becoming an integral part of many people's daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K

Charles Killian, "Mace: Systems and Language Support for Building Correct, High-Performance Networked Services"

Building distributed systems is particularly difficult because of the asynchronous, ...

Building distributed systems is particularly difficult because of the asynchronous, heterogeneous, and failure-prone environment where these systems must run. This asynchrony makes verifying the correctness of systems implementations even more challenging

Mehmet Sahinoglu, "Quantitative Risk Assessment of Software Security and Privacy, and Risk Management with Game Theory"

The need for information security is undeniable and self-evident. The ...

The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and input

Cassio Goldschmidt, "The dark side of software engineering and how to defend against it"

If you create an application that runs on one or ...

If you create an application that runs on one or more computers connected to a network such as the internet, your code will be attacked. Consequences of compromised systems often include loss of trust, reputation and revenue. Software will always have def

Ryan Riley, "An Alternate Memory Architecture for Code Injection Prevention"

Code injection attacks, in their various forms, have been in ...

Code injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and transf

Paul Kidwell, "A Rules Based Statistical Algorithm for Keystroke Detection"

A rules-based statistical algorithm (RBSA) identifies packets in any TCP ...

A rules-based statistical algorithm (RBSA) identifies packets in any TCP connection that are client keystrokes of an ssh login. The input data of the algorithm are the packet arrival times and TCP/IP headers of the connection packets at a point along the

Chris Clifton, "Measuring Privacy: A Risk-Based Approach"

There have been significant research developments in technology to protect ...

There have been significant research developments in technology to protect privacy. Unfortunately, few of these have made the transition to practice. A large part of the problem is the lack of an accepted way to measure privacy. Legal and regulatory terms