Tuesday, 16 September 2008

AM Panel: Government Security R&D Investments: Successes,
Failures and the Future
Governments have made significant investments in cybersecurity research. This panel of knowledgeable and experienced government program leaders will review past and current research and development investments, highlighting significant successes and unfortunate failures. Finally, each will identify areas of coming investments. The panel will conclude by taking questions and discussing the role of government in future investments.

We will accept questions from the attendees, but also request that questions be sent ahead of time to with the subject line "RAID Investment Panel Question". This will give the panel time to prepare to answer important and common questions.

Government RDTET Investments - Presentation (ppt)

Rob Cunningham, Assoc. Group Leader, MIT Lincoln Laboratory

Confirmed Panel Members:

Jacques BusJacques Bus, Head of Unit: Security -
ICT Programme European Commission
Jacques Bus studied Mathematics at the University of Amsterdam and obtained his PhD with a thesis in Numerical Mathematics. He worked as a researcher at CWI (Amsterdam) for 15 years. In 1988 he joined the European Commission services in the Unit for Computer Integrated Manufacturing in the Esprit programme. Since then he has been responsible for programme wide operational and organisational affairs in the Esprit and IST programme and for Informatics support in DG Information Society. From June 2000 till March 2004, Jacques was Head of the Unit Software Technologies and Distributed Systems in the IST programme. From March 2004 he has taken responsibilities for the area of Trust and Security in the ICT Programme, which includes Network and Information System Security, Trustworthy Computing and DRM, Biometrics, Identity management and Critical Information Infrastructure Protection. During 2003 and 2004 he was instrumental in the development of the Security Research Programme that started under FP7 in the EU.

Carl LandwehrCarl Landwehr, Program Manager,
Intelligence Advanced Research Projects Activity
Carl Landwehr is Program Leader for National Intelligence Community Information Assurance Research at the Intelligence Advanced Research Projects Activity (IARPA), on assignment from his position as Senior Research Scientist at the University of Maryland's Institute for Systems Research. His IARPA programs aim for dramatic improvements in the overall trustworthiness of National Intelligence Community systems by focusing on accountable information flow, including technologies for privacy protection, and large scale system defense. He also serves as Editor-in-Chief of IEEE Security & Privacy Magazine.

Karl LevittKarl Levitt, Cyber Trust Program Director, National Science Foundation
Karl Levitt is in his third year as a Program Manager for NSF's Cyber Trust Program. He also helps oversee NSF's numerous other programs where security and privacy are a central theme.  NSF's security-related programs have a broad focus, reflecting the many challenges, technical and other, that have to be faced to make progress in this field.  He has been a faculty member in the Department of Computer Science, UC Davis since 1986, where he helped initiate programs in computer security and in formal methods.  He was a staff member in the  Computer Science Laboratory at SRI International from 1965 to 1986, where he was involved in research on computer security, formal methods, fault-tolerant computing, parallel architectures, and software engineering,  He has been on the program committee for numerous conferences and workshops, and is a member of the ACM and the IEEE Computer Society. 

Douglas MaughanDoug Maughan, Program Manager of
Cyber Security R&D, Science and Technology Directorate, Department of Homeland Security
Dr. Douglas Maughan is a Program Manager in the Command Control and Interoperability Division (CCI) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Dr. Maughan has been at DHS since October 2003 and is directing the Cyber Security Research and Development activities at DHS S&T. His research interests and related programs are in the areas of networking and information assurance.

Prior to his appointment at DHS, Dr. Maughan was a Program Manager at the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. His research interests and related programs were in the areas of networking and security.

Prior to his appointment at DARPA, Dr. Maughan worked for the National Security Agency (NSA) as a senior computer scientist and led several national and international research teams performing network security research.

Dr. Maughan received Bachelor’s Degrees in Computer Science and Applied Statistics from Utah State University, a Masters degree in Computer Science from Johns Hopkins University, and a PhD in Computer Science from the University of Maryland, Baltimore County (UMBC).

Wednesday, 17 September 2008

AM Panel: Life After Antivirus – What Does the Future Hold?
The future of current approaches to antivirus seems uncertain given the rapidly increasing amount of malware, the ease of mutation, the effectiveness of polymorphic hiding techniques, and an ever growing attack surface. This panel contains experts from commercial security companies and on current threats including client-side attacks. Initial short presentations will discuss the past success of antivirus, the current threat environment, important research directions, and new approaches that might be able to mitigate current and expected future threats. The panel will then answer and discuss questions on these issues.

We will accept questions from the attendees, but also request that questions be sent ahead of time to with the subject line "RAID Antivirus Panel Question". This will give the panel time to prepare to answer important and common questions.

Martin Fréchette - Presentation (pdf)
John Viega - Presentation (ppt)
Kathy Wang - Presentation (ppt)
Paul Royal - Presentation (pdf)

Richard Lippmann
, Senior Staff, MIT Lincoln Laboratory

Confirmed Panel Members:

Martin FrechetteMartin Fréchette, Senior Principal Engineer within the Advanced Concepts team at Symantec, leads the next generation of whitelist-based security products. During his five years at Symantec, Martin has contributed to multiple security products, including the network gateway security appliance and Symantec next-generation parental control software. Prior to working at Symantec, Martin developed high-performance network security appliances at WatchGuard Technology and was a lead developer for Genuity Managed Security services. Martin graduated in 1994 from École Polytechnique of Montréal with a degree in computer engineering, specialized in networking and telecommunication.

John VegaJohn Viega is Vice President, Chief Security Architect at McAfee, where he is primarily responsible for core technology engineering, such as Anti-Virus, SiteAdvisor and Anti-Spam. Viega has co-authored several books on security, including Building Secure Software and Network Security with OpenSSL. Prior to McAfee, he was the founder and CTO of Secure Software (since acquired by Fortify Software).

Kathy WangKathy Wang is the lead researcher of The Honeyclient Project at The MITRE Corporation. The Honeyclient Project aims to create methods to detect and respond proactively against new client-side application exploits. Past projects of Kathy's include Morph, an OS fingerprint cloaking tool. Prior to working at MITRE, Kathy worked at Counterpane, the University of Michigan's Computer-Aided Engineering Network (CAEN), and DEC. Kathy graduated with a BS and MS in electrical engineering from The University of Michigan, Ann Arbor. She haspresented her past works at numerous conferences internationally, including GFIRST, RSA Conference, DEFCON, AusCERT, ToorCon, and ReCon.

Paul RoyalPaul Royal is Director of Threat Research at Damballa, Inc., an Atlanta-based company whose primary focus is botnet detection and remediation. Paul collaborates with researchers and engineers to design new techniques for and apply ongoing research efforts in the implementation of sandboxes, sensors and analyzers used for the discovery and identification of bot behavior. Paul often focuses on research topics interesting to both academics and industry practitioners, with recent work presented at Black Hat USA 2008 that will also appear in ACM CCS later this year. As a graduate student, Paul studied automated malware processing and transformation at the Georgia Institute of Technology, completing his a Master of Science in Computer Science in 2006.