Brief Bio

Manu Malek is Industry Professor and Director of the Graduate Certificate in CyberSecurity Program at Stevens Institute of Technology. Prior to joining Stevens in October 2001, he was a Distinguished Member of Technical Staff at Lucent Technologies Bell Laboratories. He has more than 20 years of experience in teaching, practicing, and research in telecommunication and computer networks. He has held various academic positions in the US and overseas, as well as technical management positions with Bellcore (now Telcordia Technologies) and AT&T Bell Laboratories. He is the author, co-author, or editor of seven books, and the author or co-author of over fifty published technical papers and numerous internal technical reports in the areas of communication networks, network operations and management, and computer communications. Dr. Malek is a fellow of the IEEE, an IEEE Communications Society Distinguished Lecturer, and the founder and Editor-in-Chief of Journal of Network and Systems Management. . He earned his Ph.D. in EE/CS from University of California, Berkeley.

Abstract:

Organizations increasingly rely on computing and intelligent networking infrastructures as keystones to their operations. Although the use of this technology provides many advantages, the Internet poses a unique set of vulnerabilities. Security attacks, such as worm and virus attacks, identity theft, and espionage, are examples of threats encountered daily by various institutions worldwide.
Against this backdrop, it is clear that security is one of the most important IT concerns today. Security forensics is a discipline to identify the attackers and document their activity with sufficient reliability to justify appropriate technical, business, and legal responses. The discipline involves identification, preservation and analysis of evidence of security attacks. Forensic activity takes place in a complex, legal and social context which must be understood to fully appreciate its power and value.
This talk provides an overview of security forensics and addresses some of the technological and legal issues involved. A brief overview of a particular forensics activity will be presented as an example.

Brief Bio

Jan Jürjens leads the Competence Center for IT-security at the Software & Systems Engineering chair at TU Munich (Germany). Holding a Doctor of Philosophy in Computing from the University of Oxford, he is the author of "Secure Systems Development with UML" (Springer, 2004) a text-book on IT Security under contract with Springer for 2006, and a number of publications on computer security and safety and software engineering. He is the founding chair of the working group on Formal Methods and Software Engineering for Safety and Security within the German Society for Informatics (GI). He is a member of the executive board of the Division of Safety and Security within the GI, the executive boad of the committee on Modeling of the GI, the advisory board of the Bavarian Competence Center for Safety and Security, the working group on e-Security of the Bavarian regional government, and the IFIP Working Group 1.7 "Theoretical Foundations of Security Analysis and Design". Further information at http://www4.in.tum.de/~juerjens .

Abstract:

The current state of the art in security-critical software is far from satisfactory: New security vulnerabilities are discovered on an almost daily basis. To improve this situation, we develop techniques and tools that perform an automated analysis of software artefacts for security requirements (such as secrecy, integrity, and authenticity). These artefacts include specifications in the Unified Modeling Language (UML), annotated source code, and run-time data such as security permissions. The security analysis techniques make use of model-checkers and automated theorem provers for first-order logic. We give examples for security flaws found in industrial software using our tools.