Cormac Herley, Microsoft Research

TITLE: Justifying Security Measures - a Position Paper

ABSTRACT: There is a problem with the way we reason about problems in security. The justifications that we offer for many security measures reduce to unfalsifiable claims or circular statements. This position paper argues that reliance on less-than-solid arguments acts as a brake on progress in security.

BIO: Cormac Herley is a Principal Researcher at Microsoft Research. His main current interests are authentication, statistics, data mining and machine learning for fraud and abuse, and the economics of information security. He has published widely in signal processing, information theory, multimedia, and security.  He is inventor of 70 or so US patents and has shipped technologies used by hundreds of millions of users. His research is a frequent subject of media coverage. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland.

Paul Syverson, U.S. Naval Research Laboratory

TITLE: The Once and Future Onion

ABSTRACT: Onionsites are Internet  sites accessed via protocols offering security protections beyond those provided by the usual protocols and in- frastructure of the Internet, such as confidentiality of address lookup, and that significantly strengthen commonly offered protections; for example, their  self-authenticating  addresses preclude the kinds of certificate hi- jacks that  have occurred against registered domain names. I will sketch the properties and design of onion services, including early history as well as recent developments. I will also describe the integration of onionsites much more fully into conventional Internet sites in ways that promote their general wide scale adoption.

BIO: Paul Syversonis - inventor of onion routing, creator of Tor, author of one book and over one hundred refereed papers, chair of many security and privacy conferences, recent novice lunicycle rider---holds multiple advanced degrees in philosophy and mathematics. Paul is an EFF Pioneer, an ACM Fellow, and a founder of both the Privacy Enhancing Technologies Symposium and the ACM Workshop on Privacy in the Electronic Society. During his decades as Mathematician at the U.S. Naval Research Laboratory, he has also been a visiting scholar at institutions in the U.S. and Europe.  More at the dilapidated but lovingly handcrafted http://www.syverson.org/

Sandro Etalle, Eindhoven University of Technology, University of Twente, and SecurityMatters BV 

TITLE: From Intrusion Detection to Software Design

ABSTRACT: I believe the single most important reason why we are so helpless against cyber-attackers is that present  systems are not supervisable. This opinion is developed in years spent working on network intrusion detection, both as academic and entrepreneur. I believe we need to start writing  software and systems that are supervisable by design; in particular,  we should do this for embedded devices. In this paper, I present a personal view of the field of intrusion detection and conclude with some consideration on software design.

BIO: Sandro Etalle is a full professor and head of the Security group at the Eindhoven University of Technology and at the University of Twente. He holds an MSc in mathematics from the University of Padova and a PhD in computer science from the University of Amsterdam. Etalle is a co-founder of the spin-off Security Matters, where he served 4,5 years as CEO and is now chairman of the board.