This is a past event. Follow this link to see photos from the IA Day 2012 event.

The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the fifth annual Information Assurance Day on November 1, 2012, from 9:00 a.m.- 4:00 p.m., at the Delaware Room in the HUB at IUP.

Schedule of Speakers

  • 9:00-9:10 a.m. Opening Remarks
    Dr. Waleed Farag, Director, Institute for Information Assurance at IUP
  • 9:10-9:20 a.m. Welcome Message
    Dr. William Oblitey, Chair, Department of Computer Science at IUP
  • 9:20-10:35 a.m. "Electronic Voting: A Retrospective"
    Dr. Patrick McDaniel, Professor of Computer Science and Engineering at ºÚÁϳԹÏÍø State University
  • 10:35-10:45 a.m. Brief break
  • 10:45 a.m.-Noon "Improved Privacy Through Exposure Control"
    Dr. Adam Lee, Assistant Professor of Computer Science at the University of Pittsburgh
  • Noon-1:00 p.m. Lunch break
  • 1:00-2:15 p.m. "Computer Crime Investigation: A Case Study"
    Cpl. John Roche, Coordinator, Southwest Computer Crime Task Force, ºÚÁϳԹÏÍø State Police, Bureau of Criminal Investigation
  • 2:15-2:30 p.m. Brief break
  • 2:30-3:45 p.m. "Mobile Device Security Guidelines: From Idea to Implementation"
    IT Services Staff at ºÚÁϳԹÏÍø
  • 3:45-4:00 p.m. Conclusion

Biographical Information

Dr. Patrick McDaniel

Patrick McDaniel is a professor in the Computer Science and Engineering Department at ºÚÁϳԹÏÍø State University and codirector of the Systems and Internet Infrastructure Security Laboratory. Patrick's research efforts centrally focus on network, telecommunications, and systems security, language-based security, and technical public policy. Patrick is editor-in-chief of the ACM journal Transactions on Internet Technology, and serves as associate editor of the journals ACM Transactions on Information and System Security and IEEE Transactions on Computers, and stepped down from the associate editor of IEEE Transactions on Software Engineering position in 2012. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security, including the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.

Dr. Adam J. Lee

Dr. Adam J. Lee is currently an assistant professor of computer science at the University of Pittsburgh. He received the M.S. and Ph.D. degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his B.S. in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. His recent research has been funded by the National Science Foundation and DARPA.

Corporal John Roche

ºÚÁϳԹÏÍø State Police

  • Bureau of Criminal Investigation
  • Special Investigation Service
  • Computer Crime Unit
  • Southwest Computer Crime Task Force Coordinator
  • Cpl. John Roche's Resume

Abstracts

Dr. Patrick McDaniel - ºÚÁϳԹÏÍø State University

  • Topic: Electronic Voting: A Retrospective
    • Abstract:
      In the winter of 2007, the Ohio Secretary of State, Jennifer Brunner, initiated the "Evaluation & Validation of Election-Related Equipment, Standards and Testing (EVEREST)" study. Largely in response to growing public concerns, the study participants where charged to analyze technical and procedural issues associated with electronic voting systems used in Ohio. In this talk, Penn State Professor Patrick McDaniel discusses his experiences as the lead of the EVEREST study, and highlights the key findings of the report. A description of the physical and technical processes of running an election will be given, and the study participants and scientific methods detailed. Summary findings will be overviewed and demonstrated via examples of security vulnerabilities present in the voting systems currently used in Ohio. Particular attention will be given to the ways that these vulnerabilities can be exploited to affect the integrity and voter privacy of national and local elections. The speaker will conclude by presenting the research team's views on critical challenges facing election officials in Ohio, and frankly comment on the ability of voting system to provide for the integrity of the upcoming presidential election and beyond.

Dr. Adam Lee - University of Pittsburgh

  • Topic: Improved Privacy Through Exposure Control
    • Abstract:
      With the advent of pocket-computing devices such as smartphones, an increasing number of people are sharing or broadcasting personal contextual information using social-networking services such as Facebook and Twitter. For example, people are now sharing not only their location, but also geo-tagged photographs, activity information (e.g., "walking", "running", or "dancing") as deduced from onboard sensors such as accelerometers, and fitness information. In the near future, it is expected that additional sensors will even enable remote health monitoring to aid, for example, medical personnel or family members caring for the elderly.

      A large body of research has focused on disclosure policies for personal information (i.e., Who should see my information?), but has neglected to characterize what we call a user's exposure (i.e., Who is accessing my information and to what extent?). Existing work on disclosure policies allows, e.g., Alice to specify that her co-workers are permitted to access her physical location during the work week. While such policies may provide Alice with some baseline notion of exposure control, they do not provide Alice with feedback about her queriers. Would Alice still feel in control if she learned that Bob was accessing her location every 5 minutes? Or if every member of her project team checked her location while she was visiting a medical specialist? In addition to specifying who has access to personal information, users need a way to quantify, interpret, and control the extent to which this data is accessed, cross-correlated, and disseminated.

      In this talk, we will discuss the results of an ongoing research collaboration between the University of Pittsburgh and Indiana University at Bloomington that is addressing many facets of the exposure problem. Our primary focus will be on the necessity of an exposure control loop in which sharing preferences are specified, exposure is quantified and visualized, and users react by revising their information sharing habits and preferences. This research is sponsored by the National Science Foundation under awards CNS-1017229 (Pitt) and CNS-1016603 (IU).

Corporal John Roche - ºÚÁϳԹÏÍø State Police

  • Topic: Computer Crime Investigation: A Case Study
    • Abstract:
      The presentation will include a case study on a recent investigation that included many different aspects of computer crime investigation and computer forensic examination methods and techniques. Also a live demonstration of a forensic examination will be conducted. A question and answer session will complete the presentation.

IUP Services Staff - ºÚÁϳԹÏÍø

  • Topic: Mobile Device Security Guidelines: From Idea to Implementation
    • Abstract:
      The astounding explosion of mobile device usage is creating unprecedented challenges for information technology organizations. Connectivity, authentication, updates, sensitive data storage, the incredibly rapid speed at which one platform is abandoned in favor of another and the numerous implications of the "bring your own device" (BYOD) reality are just a few of these issues.
      ºÚÁϳԹÏÍø (IUP) is developing a variety of strategies, tactics, and operational techniques aimed at meeting this evolving trend. This presentation will focus on IUP's Mobile Device Security Guidelineswhich have been recognized as a model within the ºÚÁϳԹÏÍø State System of Higher Education (PASSHE). The methods used by IT Services leadership to first determine that guidelines were necessary will be discussed, along with the steps used to configure the guidelines and an exploration of the guidelines themselves. The critical issue of merging industry-standard best practices into the local business culturesuch as how preexisting related policies and practices influenced the guidelineswill also be reviewed.

For more information about Information Assurance Day, please contact Waleed Farag, director, Institute for Information Assurance, at farag@iup.edu, 724-357-7995.

Directions to IA day venue