CERIAS Security Seminar Podcast

As information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that ...

Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security: It is not enough to develop a comprehensive cyber security program that exists in isolation from the world beyond the cloud and the cables. We have to understand the ...

Information security professionals increasingly need to be familiar with developments in cyberlaw to ensure they comport their actions with the contours of the law. Unfortunately, with technology changing far faster than the statutes, judges are ...

From security architecture to implementation details... what matters when a customer faces a project to implement a global J2EE application? This presentation will cover some of the more pertinent concepts and details involved from real world experiences ...

Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard ...

As increasing amounts of valuable information are produced and persistdigitally, the ability to determine the origin of data becomesimportant. In science, medicine, commerce, and government, dataprovenance tracking is essential for rights protection, ...

Mix networks, originally proposed in 1981, provide a way for Internetusers to send messages--such as email, blog posts, or tweets--withoutautomatically revealing their identities or their locations. In thistalk, we will describe Sphinx, a cryptographic ...

This Software Assurance (SwA) is a slightly different spin on the SwA presentation and discussion. The need for measurable SwA, for the purposes of presenting and assurance "case" and explained with a practitioner's point of view. Current pursuits and ...

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50-75% of security incidents originate from within an organization. ...

Over the last years it has become apparent that privacy issues become moreand more important when accessing data sources either on the Web or bydatabase management systems. That is, the user does not only want to hidethe query, but also the result of ...

In the past six years, 44 states in the United States have embraced a new form of privacy and identity theft regulation – mandatory disclosure of data breach information. Information disclosure regulation is a form of legislation considered ...

The networking research community is working to design the Next Generation Internet, which will meet the needs of the twenty-first century. The first requirement for the Next Generation Internet is security. Furthermore, the Internet will include ...

In the course of doing security vulnerability testing for government and commercial clients over the past 10 years, our Information Security Solutions team at Sypris Electronics has seen a lot of interesting things—perhaps none more so than a recent ...

Query-based web search is becoming an integral part of many people's daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some ...

Building distributed systems is particularly difficult because of theasynchronous, heterogeneous, and failure-prone environment where thesesystems must run. This asynchrony makes verifying the correctness ofsystems implementations even more challenging. ...

The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and ...

If you create an application that runs on one or more computersconnected to a network such as the internet, your code will be attacked.Consequences of compromised systems often include loss of trust,reputation and revenue. Software will always have ...

Code injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and ...