Security & Privacy Symposium
February 28 - March 2, 2013

Sponsored by
Prabhu Goel Research Centre For
Computer & Internet Security
Indian Institute of Technology Kanpur
Research-I Foundation
Department of Computer Science and Engineering
Indian Institute of Technology Kanpur
Abstract and bio of speakers
Professor Matt Bishop

Title: "Secure" Programming
Abstract: The poor quality of most software is apparent to anyone who uses a computer. The notion of "secure" programs, which are written to handle unexpected inputs and other (malicious or erroneous) errors, is gaining currency as a way to improve software quality. It emphasizes specific attributes of robustness and conformance to requirements. This talk discusses secure programming, placing it in the context of robust programming, discusses how to look for non-robust features in programs and how to make them robust, and provides suggestions for improving the way programming is taught in academia.

Bio: Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He is on the faculty at the Department of Computer Science at the University of California at Davis, California, USA. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. Currently, he has research projects involving data sanitization, modeling election processes, and examining metrics for evaluating network attack detection mechanisms; he is also looking at the "insider" problem. He has been active in the area of UNIX security since 1979, and has presented tutorials at SANS, USENIX, and other conferences. He also has done work on electronic voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified for use in the State of California, USA. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.


Professor Ravi Sandhu

Title: The Future of Access Control: Attributes, Automation and Adaptation
Abstract: Access control has been and will always be one of the center pieces of cyber security. This talk will focus on three necessary characteristics of access control in future systems: attributes, automation and adaptation. Future access control policies will be built around attributes, which are properties of relevant entities, so they can apply to large numbers of entities while being fine-grained at the same time. This transition to attribute-based access control has been in process for about two decades and is approaching a major inflection point. Automation and adaptation, however, are newer concepts. Automation seeks to break away from requiring human users to configure access control policies, by delegating more of the routine tasks to smart software. Adaptation recognizes that access control must adjust as circumstances change. This talk will speculate on a future built around these three synergistic elements, and on the research and technology challenges in making this vision a reality.

Bio: Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He is Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and founding General Chair of the ACM Conference on Data and Application Security and Privacy. He previously served as founding Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial board for IEEE Internet Computing. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies and chaired their Steering Committees for many years. He has served as General Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 28 security technology patents. At the Institute for Cyber Security he leads multiple teams conducting research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance and botnet analysis and detection, in collaboration with researchers all across the world. His web site is at www.profsandhu.com.

Mr. Arvind Benegal

Title: Emerging Security & Privacy Challenges in a disruptive technology environment
Abstract: In lock-step with the pervasive disruption of information technology globally, this session will explore the myriad challenges in the Security & Privacy arena, separate reality from hype, and zero in on where the puck will be, so that we can collectively skate to it. The goal is to make sure that we are making the appropriate technology decisions when engaging with, and mapping to a whole new paradigm of business problems.

Bio: Arvind Benegal (Benny) joined Persistent Systems Limited in April 2012 as Vice-President, Technology Practices. His charter is to build and nurture the Security Practice across Cloud, Social, Big Data/Analytics and Mobility platforms within the Technology Consulting Group; institutionalize leadership. culture and competence-learning across different levels of the organization and innovate/incubate technology solutions within the CTO office. Benny has over two decades of experience in the System and Information Security space; in both products as well as services. He started the Security Practice at Mindtree in Bangalore, as General Manager, after having been in the US for 21 years. Prior to MindTree, he was in Atlanta, GA where he played roles that included Business Development and Product Management at IBM. Before that, he was the Information Security Officer at Sun Trust Banks, Senior Security Consultant at HP, had his own boutique network security consulting firm, and also worked in start-ups such as Brickstream and Secureware. Benny has done Graduate study in Ohio, USA and his undergraduate in Computer Engineering from Pune. Beyond the realm of Security, Benny is passionate about Isha Yoga, tennis, golf, film, music & art promotion, and revels in business and social networking.

Dr. Deepak Gupta

Title: Wireless Vulnerabilities in the Wild: View from the Trenches
Abstract: We briefly describe the most common threat scenarios arising out of the widespread proliferation of wi-fi devices. We present empirical results from a real-life study that show that many of these threats are widely prevalent at most enterprises today. We also demonstrate that some of these apparently harmless threat scenarios can lead to serious security breaches.

Bio: Deepak Gupta is the Chief Architect of AirTight Networks, the global leader in secure wi-fi solutions. Based in Pune, Deepak leads the AirTight team of software design experts that ensures that the AirTight products are robust, scalable, and meet customer expectations. Deepak has a unique mix of hands-on, in-the-trenches software development experience and a long academic research experience in Computer Science. He holds BTech and PhD degrees in Computer Science, both from the Indian Institute of Technology (IIT), Kanpur. Prior to joining AirTight, he was an Associate Professor in the Computer Science & Engineering Department at his alma mater where he researched and taught topics in Operating Systems and Computer Security for close to a decade. He has published several articles in international journals and conferences in these areas of expertise.

Mr. Alwyn Roshan Pais

Title: Split Personality Malware Detection and Defeating in Popular Virtual Machines
Abstract: Virtual Machines have gained immense popularity amongst the security researchers and Malware analysts, due to their pertinent design to analyze malware without risking permanent infection to the actual system carrying out the tests. This is because during analysis, even if a malware infects and destabilizes the guest OS, the analyst can simply load in a fresh image thus avoiding any damage to the actual machine. But the malware writers have once again raised their stakes by creating a new kind of malware which can detect the presence of virtual machine. Once it detects that it is running on a virtual machine, it either terminates execution immediately or simply hides its malicious intent and continues to execute in a benign manner thus evading its own detection. This category of malware has been termed as “Split Personality” malware or “Analysis Aware” malware. In this talk, I will be discussing the technique for detecting and defeating the split personality malware in popular virtual machine environments.

Bio: Alwyn Roshan Pais received the B.Tech degree in Computer Engineering from Mangalore University, Karnataka and M. Tech Degree in Computer Science and Engineering from IIT Bombay. He is currently pursuing the Ph.D. degree at NITK, Surathkal. He is an Assistant Professor in the Department of Computer Science and Engineering at NITK-Surathkal , Mangalore, India. His research interests include Information Security, Network Security, Cryptography and Computer Vision. He has 8 International Journal Publications (Peer reviewed) and around 40 International Conference Publications to his credit. He has also edited one LNCS volume. He is the Chief investigator of ISEA Project at NITK, Surathkal.

Mr. Gaurav Gupta

Title: Information security challenges faced by a large financial services firm
Abstract: In this session Mr. Gaurav will share the major information security challenges currently faced by large financial services firms and what financial industry is attempting to do to overcome those challenges.

Bio: Mr. Gaurav currently serves as the Vice President of Technology risk for Goldman Sachs. Mr. Gaurav is a seasoned security specialist having spent time in almost all risk domains of technology risk management. With an extensive fourteen years of security and technology experience, he has personally lead and managed security risk management platform development, vulnerability assessment, penetration testing programs and risk advisory engagements for Fortune 100 firms.

Dr. Geetanjali Sampemane

Title: Security and Privacy at Scale
Abstract: The security and privacy landscape has changed quite a bit in recent years. Traditional approaches to securing personal data are often not as useful for present-day applications and user expectations. This talk describes the challenges in securing data that lives "in the cloud" and some approaches to solving these problems.

Bio: Geetanjali Sampemane has worked on infrastructure security and privacy projects at Google since 2005. Before that, she worked on Project ERNET at the National Centre for Software Technology in Bombay to bring the Internet to India, and at the United Nations Development Programme in New York on projects to help spread the Internet to developing countries. She received a B.Tech from IIT Bombay and an M.S. and Ph.D. from the University of Illinois at Urbana-Champaign.

Mr. Raghu Iyer

Title: Network Management and Security Challenges faced by organizations adopting BYOD (Bring Your Own Device)
Abstract: Rapidly changing software and electronic technology have made it possible for all manner of devices and appliances to adopt a computer as its primary engine - be it home appliances, industrial equipment or consumer gadgets or office equipment. All manner of devices now generate and consume rich content communicating over ubiquitous IP networks riding over a variety of wired and wireless media. Prices have fallen dramatically in recent years to the point where a Janitor and Maid and a Security Guard are carrying pocket sized devices to connect to rich information content. Organizations are realizing t hat they stand to benefit in the long run by enabling such users to access the information using the organization's info-highway infrastructure. Organizations are also realizing that they can reduce their capital costs by allowing users to bring their own personal devices to conduct business on premises and off premises. Finally organizations are realizing they have new management challenges by deploying such practices. This presentation highlights a few of the network (user/device/infrastructure) management and security challenges in deploying such practices.

Bio: Raghu Iyer, is currently the Chief Technology Officer at Nevis Networks – a LAN Security Specialist. A keen technology researcher, he has over 25 years of experience, which includes senior management and leadership positions in engineering and business development. Raghu possesses expertise in embedded system development (hardware and firmware), networking, and ASIC architecture and verification. Prior to Nevis Networks, he was the Engineering Director and Head of India office for Kuokoa Networks, a startup in Storage Solutions. Before Kuokoa, he was the Engineering Director at SwitchOn Networks Inc. At SwitchOn, he was responsible for Networking ASIC architec ture and verification. His career experience includes various positions PMC Sierra Inc., Geometric Software, and Godrej and Boyce Manufacturing Co. Ltd. in Bombay. Raghu graduated with an M.Tech in Computer Science and a B.Tech in Electrical Engineering from IIT Mumbai.

Professor Anupam Joshi

Title: A Semantically Rich approach to Cybersecurity
Abstract: To be updated...

Bio: Anupam Joshi is the Oros Family Professor of Computer Science and Electrical Engineering at UMBC, and the Director of UMBC's Cybersecurity Center. He obtained a B. Tech from IIT-Delhi, and a PhD from Purdue University. His research interests in cybersecurity are around policy based, situationally aware, and semantically rich approaches to security, privacy, and trust. In particular, he has worked on security / privacy issues in mobile systems and wireless networks, situationally aware intrusion detection, and policy based approaches to information access and privacy. He has published over 175 papers, and his work has been funded by both Federal (NSF, DoD, NIST, AFOSR, DARPA, ....) and Industrial (IBM, Microsoft, Northrop Gruman, Lockheed Martin, Qualcom, ...) sources. At UMBC, Joshi teaches courses on Operating Systems, Security, Mobile Computing, and an Honors College seminar on security and privacy issues in social media / mobile systems. He also holds visiting / adjunct positions in IBM Research, IIIT-Delhi, and IIT-Delhi.

Professor Chittaranjan Hota

Title: Security trends, challenges, and solutions in the peer-to-peer networks
Abstract: With the proliferation of P2P systems, it is critical to consider the impact of these systems on the security of an Internet environment that is already struggling from several security issues. Recent empirical studies indicate that P2P and Web traffic together dominate today's Internet traffic. Currently, the P2P traffic control is achieved by either throttling the P2P bandwidth or allowing P2P traffic at certain times. In this talk, we will discuss various security risks in P2P networks, the impact of P2P traffic on perimeter security appliances, and different approaches to counter their impact.

Bio: Chittaranjan Hota did his PhD in Computer Science and Engineering from Birla Institute of Technology & Science, Pilani. He was the founding head at BITS Hyderabad and currently he is the Faculty In-charge of Information Processing Center. He has been a visiting researcher and visiting professor at several universities abroad over past few years. He has current research funding from organizations like UGC, DIT, Intel, and TCS. He has guided PhD students and currently guiding PhD students in the area of P2P Overlays, Information Security, Wireless Networks, and Distributed Scheduling. He is a member of IEEE, ACM, IE, and ISTE.

Professor V. Radha

Title: Evolution of Security Practices in Indian Banking Industry


Mr. Nandkumar Saravade

Title: The people problem in security of financial transactions in India
Abstract: Much attention is bestowed on the technology aspect of security, perhaps as it is the easiest to standardise and mass produce. Process improvements are attempted through certain approaches like CMM. However, the people aspect remains the most neglected one. It becomes all the more complicated in India, where diversity is the norm, making it difficult to have a very blunt approach to things. This talk tries to outline the problem in the context of banking in India.

Bio: Mr. Nandkumar Saravade currently works as head of Security, Investigation and Vigilance, South Asia, Citibank. He worked as General Manager, Financial Crime Prevention Group, ICICI Bank till July 2011, where he looked after fraud risk assessment and controls reviews, application screening and vendor due diligence, transaction monitoring, investigations and regulatory reporting and compliance. Till 2008, Mr. Saravade served with the Indian Police Service (IPS). His last assignment in the IPS was Director, Cyber Security and Compliance, NASSCOM, which involved policy formulation on cyber security and privacy, capacity building for law enforcement, advising NASSCOM members on incident response management and organising mass awareness campaigns on cyber security. He also set up NASSCOM’s latest initiative, Data Security Council of India. Mr. Saravade served in the Central Bureau of Investigation (CBI) for seven years. His work involved enforcement of the Prevention of Corruption Act, investigation of bank frauds and economic offences. Mr Saravade has been awarded the Prime Minister’s Baton and Revolver for being the Best All-round Probationer of the 1987 batch of the IPS and also the Indian Police Medal for Distinguished Services. He was invited by the US Government in 2007 under the International Visitors Leadership Program for the three-week tour on the theme of homeland security and cyber crimes. He was a member of the High Level Group on Electronic Banking Controls Governance and Technology Risk Management Standards set up by the Reserve Bank of India (RBI). He was the Chairman, India Payment Risk Council (IPRC), a body of fraud risk professionals in Indian banks during 2008-2011. He is amember of the Technical Advisory Committee of Maharashtra Police. He holds a Bachelor’s degree in Engineering from Government College of Engineering, Aurangabad as well as a Masters’ degree from Indian Institute of Technology, Bombay.

Dr. Ponnurangam Kumaraguru ("PK")

Title: Privacy and Security in Online Social Media
Abstract: With increase in usage of the Internet, there has been an exponential increase in the use of online social media on the Internet. Websites like Facebook, YouTube, Orkut, Twitter and Flickr have changed the way Internet is being used. There is a dire need to investigate, study and characterize privacy and security of online social media from various perspectives (computational, cultural, psychological). Real world scalable systems need to be built to detect and defend security and privacy issues on online social media. The main goals of the talk are to highlight and discuss latest issues, trends, and cutting-edge research approaches in security and privacy in online social media. Some of the prominent problems on which our group is working on are spam and phishing detection, credibility assessment, privacy leakage and fake profiles identification on online social media.

Bio: Ponnurangam Kumaraguru (PK) is an Assistant Professor at the Indraprastha Institute of Information Technology (IIIT), Delhi, India. He received his Ph.D. from the School of Computer Science at Carnegie Mellon University (CMU). His research interests include developing technological and inter-disciplinary solutions to detect and prevent computer crime, information security, and human computer interaction. PK has won a research grant from Department of IT. Of late, PK has been working on Open Source Intelligence and analyzing online user-generated content to detect cyber crime. He is serving as a PC member in WWW 2013, AsiaCCS 2013 and he is also serving as a reviewer for International Journal of Information Security and ACM's Transactions on Internet Technology (TOIT). PK’s Ph.D. thesis work on anti-phishing research at Carnegie Mellon University has contributed in creating a successful start-up company, Wombat Security Technologies. PK co-ordinates PreCog, precog.iiitd.edu.in a research group at IIIT-Delhi. PK can be reached at pk@iiitd.ac.in.

Professor Rajat Moona

Title: Software Certification and Attestation
Bio: Prof. Rajat Moona received his BTech degree in Electrical Engineering from IIT Kanpur in 1985 and a PhD degree in Computer Science and Automation from IISc Bangalore in 1990. He worked for about one year as Scientific Officer in IISc Bangalore and then joined as a faculty member of IIT Kanpur in 1991 where he is a full Professor in the department of CSE.In recognition of his research, Prof. Rajat Moona was offered the prestigious Poonam andPrabhu Goel Chair Professorship by IIT Kanpur in 2008 and he has been a recipient ofIndo-US Science and Technology Fellowship, He had also been a senior EngineeringManager in Mentor Graphics India during 2002-04 where he led a team to develop a tool for embedded system design that is now a product from Mentor Graphics. He has taught a number of courses at IIT Kanpur, both at undergraduate and postgraduate levels. He has also supervised about 85 postgraduate theses. He along with his students and colleagues, has authored 7 patents, about 35 research papers and 2 books. Prof. Moona along with his students and National Informatics Centre has defined the KeyManagement System and layout of the data in smart card used by various government departments. He is involved in defining the RFID applications in areas such as electronic toll collection. The research area of Rajat Moona spans over embedded computing, computer security, VLSI design Operating Systems and High Performance Computing.Currently, he heads the Centre for Development of Advanced Computing (C-DAC) incapacity of Director General and leads C-DAC's initiatives in the areas of High Performance Computing, Multimedia Computing, Professional Electronics, Free and Open SourceSoftware, Cyber security & cyber forensics, Health Informatics, e-Governance and Education & Training.