Stevens CS, Columbia University and IBM Research hold third bi-annual Security and Privacy Day

Stevens Institute of Technology Department of Computer Science, Columbia University and IBM Research held the third bi-annual Security and Privacy Day Friday on Friday, June 1, this time at Columbia University. The all-day meeting brought together about seventy researchers and practitioners in government, academia and industry, to discuss problems and possible solutions in cyber security, both for e-commerce and homeland security. A particular emphasis of the meeting is to bring together those interested in communications security and end-to-end security.

The keynote talk was delivered by Jonathan M. Smith who is the Olga and Alberico Pompa Professor of Engineering and Applied Science in the department of Computer and Information Science at the University of Pennsylvania and was for several years a Program Manager at the Defense Advanced Research Projects Agency.

A common theme throughout the day was that security properties and proofs are only as strong as the assumptions that underly them. For example, a system might be designed assuming that an attacker cannot measure the power consumption of the system. This might be justified for the original deployment scenario, say on office workstations to which attackers do not have physical access. Later the system might be deployed on small portable devices, however, and the assumption violated when a device is stolen. Different speakers stressed that security tools have improved to the point that it is now possible to make more realistic assumptions in some cases, but also that an ideal solution will need assumptions and security properties that evolve over time.

David Naumann, an Associate Professor of Computer Science at Stevens, spoke about a new technology for specifying confidentiality and integrity policies and enforcing them. It addresses the need to declassify secrets and endorse untrusted inputs under controlled circumstances. Automated software engineering tools can enforce the policies with high assurance, given strong assumptions about the underlying operating platform. The talk emphasized the complementary role of other technologies to justify such assumptions.

In addition to the technical talks, the event also featured research posters presented by students.

The first Stevens/Columbia/IBM Research Security and Privacy Day was held at Stevens Institute of Technology, and the second at IBM Research. The next Security and Privacy Day will again be at Stevens. The organizing committee members include, from Stevens Department of Computer Science, Professors Adriana Compagnoni, Dominic Duggan, David Naumann, Susanne Wetzel and Rebecca Wright; Vugranam Sreedhar and Ray Valdez (IBM Research) and Angelos Keromytis (Columbia University). For more information, please contact Susanne Wetzel.