Check out the new USENIX Web site.
Security '09 Banner


Tech Sessions: Wednesday, August 12 | Thursday, August 13 | Friday, August 14 | Invited Talk Speakers

Steven M. Bellovin, Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes
Steven M. Bellovin is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don't get along. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 USENIX Lifetime Achievement Award (The Flame). He is a member of the National Academy of Engineering and is serving on the Department of Homeland Security's Science and Technology Advisory Committee; he has also received the 2007 NIST/NSA National Computer Systems Security Award.

Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996–2002; he was co-director of the Security Area of the IETF from 2002 through 2004.

Rich Cannings, Android: Securing a Mobile Platform from the Ground Up
Rich is the Android Security Lead at Google. His research includes mobile and Web security, with a special interest in Flash security. He co-authored Hacking Exposed: Web 2.0 Security Secrets and Solutions.

Brian Chess, The Building Security in Maturity Model (BSIMM)
Brian Chess is a founder of Fortify Software and serves as Fortify's Chief Scientist, where his work focuses on practical methods for creating secure systems. His book, Secure Programming with Static Analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian holds a Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service.

David Dagon, DNS Security: Lessons Learned and The Road Ahead

Jeremiah Grossman, Top Ten Web Hacking Techniques of 2008: "What's possible, not probable"
Jeremiah Grossman is the founder and CTO of WhiteHat Security.  He is considered a world-renowned expert in Web security, is a co-founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events and universities around the globe. He has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of XSS Attacks. Grossman is often quoted in the the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

Shai Halevi, Hash Functions and Their Many Uses in Cryptography
Shai Halevi has a PhD in Computer Science from MIT (1997), and he is a research staff member in the Cryptography group at IBM T.J. Watson Research Center. Shai's research covers most aspects of cryptography: from public-key to symmetric cryptography, both constructions and cryptanalysis, ranging from the very abstract to the very applied. Shai is a board member of the International Association for Cryptologic Research and an editor in ACM TISSEC. He served as a program chair for CRYPTO 2009, a co-chair for TCC 2006, and as program committee member for many other conferences in cryptography. In his spare time, Shai wrote and maintains an open source Web application for submissions and review of papers to conferences.

Eric Lawrence, Designing Trustworthy User Agents for a Hostile Web
Eric Lawrence is a Senior Program Manager on the Internet Explorer security team. He recently spoke at Mix2009, Hack in the Box 2008, and O'Reilly's Velocity conference.  Prior to his current role, Eric was responsible for networking and HTTPS improvements in IE7, and worked on a number of popular Web sites. Outside of Microsoft, Eric is best-known as the developer of the Fiddler Web debugging platform, used by security and Web professionals worldwide.

Gary McGraw, The Building Security in Maturity Model (BSIMM)
Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.

Deirdre K. Mulligan, Toward a New Legal Framework for Cybersecurity
Deirdre K. Mulligan is an assistant professor at the School of Information at UC Berkeley. Prior to joining the I School she was a clinical professor of law and the Director of the Samuelson Law, Technology & Public Policy Clinic at the UC Berkeley School of Law (Boalt Hall). She served previously as staff counsel at the Center for Democracy & Technology in Washington.

Mulligan is known for her interdisciplinary research and work, including legal representation, with computer scientists. For example, Mulligan was a member of the team led by David Wagner and Matt Bishop charged with by the California Secretary of State with conducting a top-to-bottom review of voting systems; she's provided advice and representation during rulemaking proceedings to computer scientists researching digital rights management technologies, participated in standard setting bodies about the same; an analysis of the privacy and security issues in demand response energy architectures; and, she recently completed a multidisciplinary review of a surveillance camera system in San Francisco. Professor Mulligan's current research agenda focuses on information privacy and security. Projects include qualitative interviews to understand the institutionalization and management of privacy and computer security within corporate America; privacy and security issues in sensor networks and visual surveillance systems; and alternative legal strategies to advance network security.

Mulligan is currently participating in a multi-stakeholder initiative, the Global Network Initiative, to advance and preserve freedom of expression and privacy through collaborative efforts aimed to resist government efforts that seek to enlist companies in acts of censorship and surveillance in violation of international human rights standards. She is currently a member of the California Office of Privacy Protection's Advisory Council and a co-chair of Microsoft's Trustworthy Computing Academic Advisory Board. She serves on the board of the California Voter Foundation and on the advisory board of the Electronic Frontier Foundation.

Vern Paxson, How the Pursuit of Truth Led Me to Selling Viagra
Vern Paxson is an Associate Professor in Electrical Engineering and Computer Sciences at the University of California, Berkeley, and also has affiliations with the International Computer Science Institute and the Lawrence Berkeley National Laboratory. His main active research projects are network intrusion detection in the context of Bro, a high-performance network intrusion detection system he developed; network measurement and analysis; and the threat of botnets and the underground economy that they fuel. He is an ACM Fellow and recipient of the 2008 ACM Grace Murray Hopper Award for his work on Internet measurement.

Alexander Sotirov, Modern Exploitation and Memory Protection Bypasses
Alexander Sotirov is an independent security researcher with more than ten years of experience with vulnerability research, reverse engineering, and advanced exploitation. His most recent work includes using chosen prefix MD5 collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista, and developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a security researcher at VMware and Determina. Currently he is working as an independent security consultant in New York.

He is a regular speaker at applied security conferences around the world, including CanSecWest, BlackHat, and Recon. Alexander is a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.

?Need help? Use our Contacts page.

Last changed: 8 Aug. 2009 ch