Joint CMU-QU Seminar on Computer Science

2006-07 Series

Date Speaker Location Click on links for details

06 May 2007: Khaled M. Khan CMU-Q

29 April 2007: Brett Browning QU

08 April 2007: Uvais Qidwai CMU-Q

18 March 2007: Iliano Cervesato QU

Date	Speaker	Location	Click on links for details
06 May 2007:	Khaled M. Khan	CMU-Q
29 April 2007:	Brett Browning	QU
08 April 2007:	Uvais Qidwai	CMU-Q
18 March 2007:	Iliano Cervesato	QU

Sun 6 May

Speaker:   Khaled Md Khan

Title:   Security-Aware Software Composition: A Framework

Time:   13:00 (06/05/2007)

Location:   Carnegie Mellon University, Weill Cornell Medical College, Lecture Hall 1

Abstract:
This seminar addresses the issue "composing security-aware systems from the ground up". The development paradigm of coupling and decoupling of software components promises maximum benefits of software reusability. Despite these promises, the security concerns of third party software components are paramount. The typical approach of 'bolted-in' security to the system at the end of the development process creates a problem ofdevelopment duality between developing a functional system, and also creating a secure system. In this seminar, I am not going to introduce another new security architecture or cryptographic technique; rather I make an attempt to introduce a security characterization framework that would enable systems composers to know a priori the underlying security properties of a third-part components. Software composers--the frontline component consumers are very much concerned about the security impact of 'foreign' components on their application systems. The indiscriminate 'plug & play' with third-party components introduces liability on software composers in a sense that the candidate components may pose serious threats to the application system. In the existing component framework, software composers cannot test a priori the security impact of one component on another. Driven by all these concerns, we are motivated to develop a security-aware compositional framework. The framework addresses how to characterize the security properties of individual components, how to analyze the published security properties of a system comprising several atomic components, and how to make these characterized properties available to the composers at run time. In this particular presentation, I will give a brief introduction on these issues related to security-aware software composition.

Speaker's Bio:
Dr. Khaled Khan is an assistant professor in computer science and engineering at Qatar University. Prior to this, Dr Khan served the School of Computing and IT as a senior lecturer and the Head of postgraduate programs at the University of Western Sydney, Australia from 2000 to 2006. He also taught computer science courses at various universities in Asia, Europe, and Africa. His research interests include security aware software development, software components, software architecture, software metrics, and forensics computing. He has extensive course development experience, especially he contributed significantly to the joint IEEE Computer Society/ACM Task Force on the "Model Curricula for Computing" as an external reviewer and a committee member. He received a BS and an Ms in computer science from the University of Trondheim, Norway, and a a PhD from Monash University, Australia. He has published more than 40 refereed papers.

Sun 29 Apr.

Speaker:   Brett Browning

Computer Science Deparment, Qatar campus and the Robotics Institute
Carnegie Mellon University

Title:   Autonomous Vision-Based Robots for Team Tasks

Time:   13:00 (29/04/2007)

Location:   Qatar University, Room 180, Corridor 9, Buildings of Science, (Men Buildings)

Abstract:
In this talk, I will overview the work my students and I have been conducting towards developing autonomous robots to operate in human environments. In particular, the focus of our work is on developing robots to participate in human-robot and robot-robot teams for performing tasks in predominantly indoor settings. This talk will focus on three areas of our research; real-time vision-based perception, effective learning techniques for robot control policies, and multi-robot and human robot coordination. In all of these areas, our approach has been to exploit the latest developments in the fields of machine vision, machine learning, and agent-based research to develop algorithms that are suitable for a real-time robot system. Throughout the talk I will refer to two robot platforms that we have validated our algorithms on; the Segway RMP, and the Evolution Robotics ER1 platform. We have applied these two robot systems in two different adversarial domain settings - human-robot soccer and treasure hunts.

Speaker's Bio:
Brett Browning, is a faculty member in the School of Computer Science at Carnegie Mellon University. He divides his time between the Computer Science Department at the Qatar campus, and the Robotics Institute located in Pittsburgh. His prime interest is in developing autonomous robots that are able to operate in human environments. In particular, his research focuses on developing techniques for real-time vision-based perception, practical machine learning techniques for robot systems, and techniques for effective multi-robot and human-robot coordination. Browning has been a faculty member at Carnegie Mellon University since 2002. Prior to that he was a postdoctoral fellow at Carnegie Mellon, and was advised by Manuela Veloso. He received his PhD from the Computer Science and Electrical Engineering Department at the University of Queensland, Australia in 2000. He received his Bachelor of Electrical Engineering, and Bachelor of Science (Mathematics) from the same institution in 1996.

Sun 8 Apr.

Speaker:   Uvais Qidwai

Title:   Fuzzy expert system for Defect Identification and Classification for Non-Destructive Evaluation (NDE) of Gas/Petroleum Pipes

Time:   13:00 (08/04/2007)

Location:   Carnegie Mellon University, Weill Cornell Medical College, Lecture Hall 1

Abstract:
In this seminar, an expert system will be presented that is being used to classify the defects in metallic gas/petroleum pipelines using acoustic techniques with non-destructive evaluation (NDE) protocols. The system maps the human experts' decision making behavior through a novel perception-based kernel. The kernel has its roots in multidimensional fuzzy set theory to map the relative weights given to various features; mathematical or heuristic, and is then mapped to the decision surface to deduce the existence of the defect. The system has a centralized database that holds the defect information in the form of known and calculated features. The known features and their quantitative representations have been used to initialize the database. Then experiments have been conducted on known defects and calculating the features using statistical and parametric modeling techniques. The collected experimental data is also modeled using state of the art deconvolution algorithms developed by the presenter previously, such as H-infinity deconvolution, HOS-based modeling, etc... In addition to these features, human expert heuristics are also translated into relative weighted memberships transforming the human heuristics into quantitative representations. With each feature set, a classifier tag is associated that assigns a class number to that defect. The classifier tag is then used to classify any new data using the Fuzzy classifier. In the event that the classification fails, the system decides it to be a new defect type and would require user intervention using a MATLAB interface to update the database with this new feature set.

Speaker's Bio:
Uvais Qidwai received his Ph.D. from University of Massachusetts-Dartmouth in 2001 from the Electrical and Computer Engineering Department. He worked at the Electrical Engineering and Computer Science Department at Tulane University in New Orleans, USA as Assistant Professor, and in-charge of the Robotics lab from June 2001 till June 2005. He joined the Computer Science and Engineering Department at Qatar University in Fall 2005 as Assistant Professor. His present interests in research include Image Enhancement & understanding for Machine Vision applications, Fuzzy computations, Signal Processing and Interfacing, Expert System for testing pipelines, and intelligent algorithms for Medical Informatics. He has participated in several Government and Industry funded projects in USA, Saudi Arabia, and Pakistan and has published over 50 papers in reputable Journals and Conferences.

Sun 18 Mar.

Speaker:   Iliano Cervesato

Title:   Breaking and Fixing Public-Key Kerberos    [slides]

Time:   13:00 (18/03/2007)

Location:   Qatar University, Room 180, Corridor 9, Buildings of Science, (Men Buildings)

Abstract:
We report on a man-in-the-middle attack against PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF, the standards body overseeing Kerberos, to change the specification of PKINIT. It also led Microsoft to release an immediate security update for all recent Windows operating systems. We discovered this attack as part of an ongoing systematic formal analysis of the Kerberos protocol suite, and we have formally verified several fixes to PKINIT that prevent our attack.

Speaker's Bio:
Dr. Cervesato is an associate professor at Carnegie Mellon University in Qatar. Prior to this, he had teaching and research appointments at Carnegie Mellon University in Pittsburgh, Stanford University, the US Naval Research Laboratory, Princeton University, Tulane University and George Mason University. He is the Founder and Chief Research Scientist of Deductive Solutions. He has performed his doctoral work at Carnegie Mellon University.
Dr. Cervesato has 8 years of research and development experience in various aspects of computer security, notably cryptographic protocol analysis, attacker models, representation of cryptographic communications and their security goals, foundations of computer security, and more. Dr. Cervesato has also 15 years of experience in various aspects of programming languages and computational logic, including representation models, linear logic, type theory and concurrency. His expertise and contributions are internationally recognized. He has published over 90 articles on the above topics. He has been the program chair or general chair of five international scientific events.

Last modified: Sat Oct 25, 08

Iliano Cervesato

Sun 6 May	Speaker: Khaled Md Khan Title: Security-Aware Software Composition: A Framework Time: 13:00 (06/05/2007) Location: Carnegie Mellon University, Weill Cornell Medical College, Lecture Hall 1 Abstract: This seminar addresses the issue "composing security-aware systems from the ground up". The development paradigm of coupling and decoupling of software components promises maximum benefits of software reusability. Despite these promises, the security concerns of third party software components are paramount. The typical approach of 'bolted-in' security to the system at the end of the development process creates a problem ofdevelopment duality between developing a functional system, and also creating a secure system. In this seminar, I am not going to introduce another new security architecture or cryptographic technique; rather I make an attempt to introduce a security characterization framework that would enable systems composers to know a priori the underlying security properties of a third-part components. Software composers--the frontline component consumers are very much concerned about the security impact of 'foreign' components on their application systems. The indiscriminate 'plug & play' with third-party components introduces liability on software composers in a sense that the candidate components may pose serious threats to the application system. In the existing component framework, software composers cannot test a priori the security impact of one component on another. Driven by all these concerns, we are motivated to develop a security-aware compositional framework. The framework addresses how to characterize the security properties of individual components, how to analyze the published security properties of a system comprising several atomic components, and how to make these characterized properties available to the composers at run time. In this particular presentation, I will give a brief introduction on these issues related to security-aware software composition. Speaker's Bio: Dr. Khaled Khan is an assistant professor in computer science and engineering at Qatar University. Prior to this, Dr Khan served the School of Computing and IT as a senior lecturer and the Head of postgraduate programs at the University of Western Sydney, Australia from 2000 to 2006. He also taught computer science courses at various universities in Asia, Europe, and Africa. His research interests include security aware software development, software components, software architecture, software metrics, and forensics computing. He has extensive course development experience, especially he contributed significantly to the joint IEEE Computer Society/ACM Task Force on the "Model Curricula for Computing" as an external reviewer and a committee member. He received a BS and an Ms in computer science from the University of Trondheim, Norway, and a a PhD from Monash University, Australia. He has published more than 40 refereed papers.
Sun 29 Apr.	Speaker: Brett Browning Computer Science Deparment, Qatar campus and the Robotics Institute Carnegie Mellon University Title: Autonomous Vision-Based Robots for Team Tasks Time: 13:00 (29/04/2007) Location: Qatar University, Room 180, Corridor 9, Buildings of Science, (Men Buildings) Abstract: In this talk, I will overview the work my students and I have been conducting towards developing autonomous robots to operate in human environments. In particular, the focus of our work is on developing robots to participate in human-robot and robot-robot teams for performing tasks in predominantly indoor settings. This talk will focus on three areas of our research; real-time vision-based perception, effective learning techniques for robot control policies, and multi-robot and human robot coordination. In all of these areas, our approach has been to exploit the latest developments in the fields of machine vision, machine learning, and agent-based research to develop algorithms that are suitable for a real-time robot system. Throughout the talk I will refer to two robot platforms that we have validated our algorithms on; the Segway RMP, and the Evolution Robotics ER1 platform. We have applied these two robot systems in two different adversarial domain settings - human-robot soccer and treasure hunts. Speaker's Bio: Brett Browning, is a faculty member in the School of Computer Science at Carnegie Mellon University. He divides his time between the Computer Science Department at the Qatar campus, and the Robotics Institute located in Pittsburgh. His prime interest is in developing autonomous robots that are able to operate in human environments. In particular, his research focuses on developing techniques for real-time vision-based perception, practical machine learning techniques for robot systems, and techniques for effective multi-robot and human-robot coordination. Browning has been a faculty member at Carnegie Mellon University since 2002. Prior to that he was a postdoctoral fellow at Carnegie Mellon, and was advised by Manuela Veloso. He received his PhD from the Computer Science and Electrical Engineering Department at the University of Queensland, Australia in 2000. He received his Bachelor of Electrical Engineering, and Bachelor of Science (Mathematics) from the same institution in 1996.
Sun 8 Apr.	Speaker: Uvais Qidwai Title: Fuzzy expert system for Defect Identification and Classification for Non-Destructive Evaluation (NDE) of Gas/Petroleum Pipes Time: 13:00 (08/04/2007) Location: Carnegie Mellon University, Weill Cornell Medical College, Lecture Hall 1 Abstract: In this seminar, an expert system will be presented that is being used to classify the defects in metallic gas/petroleum pipelines using acoustic techniques with non-destructive evaluation (NDE) protocols. The system maps the human experts' decision making behavior through a novel perception-based kernel. The kernel has its roots in multidimensional fuzzy set theory to map the relative weights given to various features; mathematical or heuristic, and is then mapped to the decision surface to deduce the existence of the defect. The system has a centralized database that holds the defect information in the form of known and calculated features. The known features and their quantitative representations have been used to initialize the database. Then experiments have been conducted on known defects and calculating the features using statistical and parametric modeling techniques. The collected experimental data is also modeled using state of the art deconvolution algorithms developed by the presenter previously, such as H-infinity deconvolution, HOS-based modeling, etc... In addition to these features, human expert heuristics are also translated into relative weighted memberships transforming the human heuristics into quantitative representations. With each feature set, a classifier tag is associated that assigns a class number to that defect. The classifier tag is then used to classify any new data using the Fuzzy classifier. In the event that the classification fails, the system decides it to be a new defect type and would require user intervention using a MATLAB interface to update the database with this new feature set. Speaker's Bio: Uvais Qidwai received his Ph.D. from University of Massachusetts-Dartmouth in 2001 from the Electrical and Computer Engineering Department. He worked at the Electrical Engineering and Computer Science Department at Tulane University in New Orleans, USA as Assistant Professor, and in-charge of the Robotics lab from June 2001 till June 2005. He joined the Computer Science and Engineering Department at Qatar University in Fall 2005 as Assistant Professor. His present interests in research include Image Enhancement & understanding for Machine Vision applications, Fuzzy computations, Signal Processing and Interfacing, Expert System for testing pipelines, and intelligent algorithms for Medical Informatics. He has participated in several Government and Industry funded projects in USA, Saudi Arabia, and Pakistan and has published over 50 papers in reputable Journals and Conferences.
Sun 18 Mar.	Speaker: Iliano Cervesato Title: Breaking and Fixing Public-Key Kerberos [slides] Time: 13:00 (18/03/2007) Location: Qatar University, Room 180, Corridor 9, Buildings of Science, (Men Buildings) Abstract: We report on a man-in-the-middle attack against PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF, the standards body overseeing Kerberos, to change the specification of PKINIT. It also led Microsoft to release an immediate security update for all recent Windows operating systems. We discovered this attack as part of an ongoing systematic formal analysis of the Kerberos protocol suite, and we have formally verified several fixes to PKINIT that prevent our attack. Speaker's Bio: Dr. Cervesato is an associate professor at Carnegie Mellon University in Qatar. Prior to this, he had teaching and research appointments at Carnegie Mellon University in Pittsburgh, Stanford University, the US Naval Research Laboratory, Princeton University, Tulane University and George Mason University. He is the Founder and Chief Research Scientist of Deductive Solutions. He has performed his doctoral work at Carnegie Mellon University. Dr. Cervesato has 8 years of research and development experience in various aspects of computer security, notably cryptographic protocol analysis, attacker models, representation of cryptographic communications and their security goals, foundations of computer security, and more. Dr. Cervesato has also 15 years of experience in various aspects of programming languages and computational logic, including representation models, linear logic, type theory and concurrency. His expertise and contributions are internationally recognized. He has published over 90 articles on the above topics. He has been the program chair or general chair of five international scientific events.