Presentations of Term Projects in the Security Course
In my undergraduate course on security, we are holding a mini-conferenceon December 4, where each team of 3-4 students will present their term project. Project topics are diverse and practical. The mini-conference is open to public. See its schedule for location information and presentation times. The projects will be evaluated by the representatives of the high-tech industry.
Speculative authorization and its sibling ideas
Performance overhead due to the authorization delays can be reduced if the access control decisions are pre-computed beforehand and placed into the cache of the policy enforcement point (PEP). LERSSE alumni Pranab Kini has explored the design space for speculative authorizations. A journal version of his thesis has been recently published IEEE Transactions on Parallel and Distributed Systems. This was instantiation of […]
Independent Panel on Internet Voting in British Columbia
I’ve been invited to serve on the independent panel on Internet voting appointed by Elections B.C.. Other members of the panel are Keith Archer (chair), Chief electoral officer; Lee-Ann Crane, chief administrative officer for the East Kootenay Regional District; Valerie King, professor in the department of computer science at the University of Victoria; and George Morfitt, former auditor general of B.C.
The Devil is in (Implementation) Details
It’s hard to get a security protocol right. It seems even harder to get its implementations right, even more so when millions use it on daily basis. LERSSE’s Sun-Tsai will present at ACM CCSthis October several critical vulnerabilities he has uncovered in implementation of OAuth 2.0, used by Facebook, Microsoft, Google, and many other identity providers and relying parties. These […]
Systematically breaking and fixing OpenID security
Do you use OpenID? I bet you do, even if you don’t know this. OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. Well, the security of this protocol is clearly critical! Yet, its security analysis has only been done so […]