Events and Seminars

calendar imageAll seminars start at noon ET and are held in the CIC building in Pittsburgh, PA. Seminars are open to faculty, students, staff and general public. Webinars are provided for CyLab partners only, accessible live in the Partners Portal, and afterward via the Seminar Archive.
Research talks are informal sessions held for faculty and students. These talks are not webcast, nor recorded, due to informal nature and topic relevance.
CERT and SEI Training schedules, as well as other related events can also be found on this list.

2014

July 22 - July 24:  CERT Training
Secure Coding in C and C++
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.
July 22 - July 24:  CERT Training
Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis. The course builds on core forensic topics to provide a process for conducting more complete incident response and forensic analysis investigations. 
July 14 - July 18:  CERT Training
Fundamentals of Incident Handling
This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. 
July 9 - July 11:  Symposium
Symposium on Usable Privacy and Security (SOUPS) 2014
The tenth Symposium on Usable Privacy and Security (SOUPS) will be held July 9-11, 2014 at Facebook Headquarters in Menlo Park, California. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. Visit the SOUPS 2014 website for details.
June 27:  Workshop
Workshop on the Future of Privacy Notice and Choice
In this workshop we will explore the future of privacy notice and choice, examining the needs of end users, how technology can be used to better meet user needs, and relevant public policy space. The workshop will include invited speakers; panels focussing on users, technology, and public policy; and a research poster session.
June 9:  CERT Training
Creating a Computer Security Incident Response Team
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.
May 19 - May 21:  CERT Training
Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.
May 12 - May 16:  CERT Training
Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.
May 9:  Alumnus Book Signing
Core Software Security: Security at the Source
Speaker: Anmol Misra
Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. Whatever development method is employed, software must be secured at the source.
May 1:  Research Talk
SocioPhone - Mobile interaction sensing system and its applications
Speaker: Youngki Lee, Assistant Professor, Singapore Management University
In this talk, I will first introduce SocioPhone, a mobile system for face-to-face interaction monitoring. Then, I will introduce a novel Sociophone application, TalkBetter, in more detail. TalkBetter is a mobile in-situ intervention service for everyday clinical care for children with language delay, which is firmly grounded on extensive collaboration with speech-language pathologists.
April 28:  Seminar
Converses for Information Theoretic Cryptography
Speaker: Himanshu Tyagi, Postdoctoral Fellow at the Information Theory and Applications Center, UCSD
In this talk, we will review some simple schemes (based on error correcting codes and efficient hashing) for accomplishing the central cryptographic goals of secret key generation and secure computing.
April 21:  Seminar
Measuring and Defending Against Search-Result Poisoning
Speaker: Nicolas Christin
Search-result poisoning---the technique of fraudulently manipulating web search results---has become over the past few years a primary means of advertisement for operators of questionable websites.
April 14:  Seminar
Social Cybersecurity
Speaker: Jason Hong
There has been a tremendous amount of past work demonstrating many powerful and subtle ways of how social factors can influence people's behaviors and inclination to adopt innovations. However, little of this work has been adapted for cybersecurity. In this talk, I will discuss some of our team's work in progress here. 
April 7:  Seminar
SafeSlinger: Easy-to-Use and Secure Public-Key Exchange
Speaker: Michael Farb
SafeSlinger is the result of research into several protocols, designed to subvert the bane of public-key cryptography, the man-in-the-middle attack.  This solution easily bootstraps secure communication in-person with a device most people already own - their phone. SafeSlinger is designed to allow users to securely exchange any data, such as a public key, for later use.
March 31:  Seminar
Analytic Modernization for the National Security Agency and the Intelligence Community
Speaker: Dr. Patrick Dowd, Chief Technical Officer and Chief Architect, NSA/CSS
How can we create an environment that is still operate-able while under attack?  How can we be certain our data is used according to our legal authorities? This talk will outline a shift in our analytic operating model that was motivated by the desire to improve our analytic product and the security of our environment.
March 24:  Seminar
The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value
Speaker: Michelle Dennedy, VP, Chief Privacy Officer, McAfee
This talk will address a cross functional view on How we got to where we are in the world of taglines like "Big Data" "The Information Age" "Quantified Self" and "IoT".
March 17:  Seminar
Do Search Engines Influence Media Piracy? Evidence from a Randomized Field Study
Speaker: Rahul Telang
The goal of this study is to use a randomized field study to analyze whether search results can influence consumers choices for piracy versus legal consumption channels.
March 3:  Seminar
Verifying Networking Protocols Using Declarative Networking
Speaker: Limin Jia
In this talk, I will present our work on leveraging NDlog, a declarative networking language, to build a unified framework for implementing, formally verifying, and empirically evaluating network protocols.
February 24:  Seminar
Designing Secure and Reliable Wireless Sensor Networks
Speaker: Osman Yagan
In this talk, we will present our approach that addresses this problem by considering WSNs that employ a randomized key predistribution scheme and deriving conditions to ensure the k-connectivity of the resulting network.
February 17:  Seminar
Privacy through Accountability
Speaker: Anupam Datta
Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled audit and accountability mechanisms with provable properties that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame and punishing violators. 
February 10:  Seminar
Senior Online Safety - An Imperative
Speaker: Christopher Burgess, CEO, Prevendra, Inc.
The imperative comes with a push to make senior online safety a reality, bring long term health care facilities into the fold with defined security awareness program; implementation strategies for senior citizen protected network solutions, solutions with family engagement and moderation.
February 3:  Seminar
Toward Self-Managing, Context-Aware Networked Systems
Speaker: Patrick Tague
In this talk we'll describe how this deeply integrated context-awareness can be applied to robust wireless communication, efficient mobile/cellular networking, privacy-preserving sensing in smart environments, and adversarial settings.
January 20:  Seminar
The Password That Never Was
Speaker: Ari Juels, roving chief scientist specializing in computer security
Honeywords are decoys designed to be indistinguishable from legitimate passwords. When seeded in a password database, honeywords offer protection against an adversary that compromises the database and cracks its hashed passwords. 
January 13:  Seminar
The SAFE Machine: An Architecture for Pervasive Information Flow
Speaker: Benjamin Pierce, Professor, University of Pennsylvania
The CRASH/SAFE project is building a network host that is highly resiliant to cyber-attack. At the lowest level, the SAFE hardware offers fine-grained tagging and efficient support for propagating and combining tags on each instruction dispatch. 

2013

November 18:  Seminar
Virtual Realpolitik and Cyber Detente
Speaker: Keith Rhodes, Chief Technology Officer, QinetiQ N.A.
November 11:  Seminar
Application-Sensitive Access Control Evaluation
Speaker: Adam Lee, Assistant Professor, University of Pittsburgh
November 6:  Research Talk
New Security Extensions for the Intel Processor
Speaker: Carlos Rozas, Senior Security Researcher, Intel Labs
October 28:  Seminar
PlaceRaider: Virtual Theft in Physical Spaces with Smartphones
Speaker: Apu Kapadia, Assistant Professor, Indiana University Bloomington
October 1 - October 2:  Conference
Carnegie Mellon CyLab Partners Conference
September 23:  Seminar
Holistic Privacy: from Location Privacy to Genome Privacy
Speaker: Jean-Pierre Hubaux, Professor at École Polytechnique Fédérale de Lausanne
September 17 - September 18:  CERT Training
Insider Threat Workshop
The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. We have compiled a database containing hundreds of actual insider threat cases. Our insider threat research focuses on both technical and behavioral aspects of actual compromises; our goal is to raise awareness of the risks of insider threat and to help identify the factors influencing an insider's decision to act, the indicators and precursors of malicious acts, and the countermeasures that will improve the survivability and resiliency of the organization. 
September 16:  Seminar
Operation Olympic Games: History and Future Impact
Speaker: Rick Howard, CISO, TASC
September 9:  Celebration
CyLab's 10th Anniversary
CMU CyLab marks its first ten years of leadership in cybersecurity research and education in 2013. The event will include a special faculty panel on "CyLab and the next ten years," followed by a poster session and reception. The panelists will include Virgil Gligor, Nicolas Christin, Lorrie Cranor, and Anupam Datta. This special event is not open to the public and attendance is by invitation only. For details, please contact Nichole Dwyer at nichole@cmu.edu.
July 8 - July 12:  CERT Training
Information Security for Technical Staff
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations.
June 11 - June 13:  CERT Training
Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and interdependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise.
May 20 - May 24:  CERT Training
Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience
May 13 - May 17:  CERT Training
Fundamentals of Incident Handling
This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work.
April 29:  Seminar
Addressing Intractable Optimization and Verification Problems in Access Control
Speaker: Mahesh Tripunitara, Assistant Professor, University of Waterloo
April 8:  Seminar
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment
Speaker: Vyas Sekar, Assistant Professor, Stony Brook University
March 25:  Seminar
CANCELLED
Speaker: Douglas Maughan, Cyber Security Division Director, Department of Homeland Security
March 18:  Seminar
Can You Trust Your Cars? Security and Privacy Vulnerabilities of In-Car Wireless Sensor Networks
Speaker: Wenyuan Xu, Asst. Professor, Dept. Computer Science and Engineering, University of South Carolina
March 4 - March 8:  CERT Training
Information Security for Technical Staff
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. 
February 25:  Seminar
DGA-based Botnets: Discovery, Classification, and Tracking
Speaker: Robert Perdisci, Assistant Professor at the University of Georgia
February 11:  Seminar
The need for science and engineering disciplines to move the information protection field forward
Speaker: Fred Cohen, President of California Sciences Institute and CEO of a Federal contractor and a private consulting company
February 4:  Seminar
Chasing Telephony Security: Where the Wild Things... Are?
Speaker: Patrick Traynor, Assistant Professor, Georgia Institute of Technology
January 28:  Seminar
A Decoy Substrate for Information Security
Speaker: Angelos Keromytis, Associate Professor of Computer Science, Director of the Network Security Lab at Columbia University
January 14:  Seminar
Exploring System Security and Dependability through Big Data Techniques
Speaker: Tudor Dumitras, Symantec Research Labs