Date/Time
Date(s) - 3 May 2012
1:10 PM - 2:00 PM
Location
3043 ECpE Building Addition
Title: Challenges in Making Security More Accessible: Results From Two Security Projects
Speaker: Larry Koved, Senior Research Staff Member, Information Security Group, IBM T.J. Watson Research Center
Abstract: Talk 1: Making Security Accessible to Programmers
Creating secure software systems remains a challenge for most developers, even for those who are conscientious about following security best practices. Software development has evolved to incorporate complex software frameworks, middleware and components developed by multiple parties. We have seen the rise of tools for testing the security of applications, including so called “black box” testing and “white box” testing. Some of these include static analysis technologies, and run-time testing to verify specific security properties, as well as conformance to “best practices” The lack of integration of these security tools creates a significant burden on most developers, many of whom lack formal training in secure software development and deployment practices. They are often less motivated to secure their software than security professionals.
To address the challenges of creating secure Java applications we created a tool that integrates a suite of security analysis tools into the Java Development Tool in the Eclipse Integrated Development Environment. SWORD4J greatly simplifies many complex and time consuming tasks required to develop secure software components. thus significantly reducing the time to perform security analysis tasks.
Talk 2: Usability Challenges in the Use of Biometric Authentication with Mobile Devices
We explore the use of biometric authentication techniques on mobile devices from the users’ point of view. This talk describes findings of a laboratory study that examines three biometric authentication modalities – voice, face and gesture – as well as password entry, under six conditions, to get a baseline measure for usability of the authentication techniques in terms of user effort, error and task disruption. The study examined time to provide an authentication sample, sample acquisition error rates (Failure To Acquire), impact on user performance in a memory recall task, and user reaction to the authentication method.
Speaker Bio: Larry Koved is a senior Research Staff Member in the Information Security Group at the IBM T.J. Watson Research Center in New York. Larry was an early key contributor to the design Java security, including Java Authentication and Authorization Services (JAAS), and Java 2 Enterprise Edition security. His research has included scalable static program analysis algorithms to address security, scalability, performance and correctness issues in very large scale Java applications and systems. More recently, he chaired the OpenAjax security task force that resulted in the design and implementation of a browser-based mechanism for secure Web 2.0 mashups. Current security research interests include mobile security, fraud detection, and usable security.
Prior to his work in security, Larry worked in the areas of mobile computing, multi-user collaborative systems, Virtual Reality, distributed systems, and hypertext. His graduate work was in Human-Computer Interaction at the University of Maryland, College Park. Larry is an ACM Senior Member and IEEE Senior Member.
