Speaking

I used to give presentations fairly regularly as part of my academic work, and didn’t bother to list them since it’s assumed that most academics do the same. However, since I also speak on other topics to communities where frequent presentations are not the norm, I thought this page might be helpful for those curious about my speaking experience, venues and topics. It’s not 100% complete but should give a reasonable overview. Some older links may be broken; if you need something that’s currently not available please feel free to email me using terri at toybox dot ca.

2023

• “Vulnerability Scanning for Free (as in puppies)” PyCascades 2023, March 19, 2023. [Video][Slides]
  • Abstract: Secure software supply chains with 0 vulnerabilities sounds like a great idea, but once you start looking through entire dependency chains and large systems, it can be a lot harder to achieve than one might expect. Using the free, open source, CVE Binary Tool vulnerability scanner (written in python!), we’ll show what it looks like to set up vulnerability scanning, what kinds of fun things you find, and how keeping things up to date can mean an ongoing maintenance burden that is more like a free puppy than a free beer. We’ll talk about how naive policies, governmental mandates and capitalism may ruin your day, and what we can do to stay secure and help everyone get past the puppy phase without sending anyone back to the pound.

2021

• “pyKnit: Math Tools for Knitters“, PyCon 2021, May 2021. [Video][Abstract]
  • Abstract: Knitting patterns are effectively code that gives you a physical object if you execute them. Customizing and designing patterns takes a lot of math to get sizing and shapes right, but not all knitters love math, and even those who do don’t want to do it by hand all the time. Every year at PyCon I meet a few more knitters, so I thought maybe this was the year we could put our heads together and build an open source knitting toolkit and maybe make customizing your knitting a little easier for everyone. The pyKnit toolkit will hopefully make it easier for people to adjust garment patterns to fit, for pattern designers to be size inclusive, or for any knitter to adjust patterns to make the most out of a special ball of yarn.

2020

• • ” Frugal Known Vulnerability Detection.” BSidesPDX,
    October 23, 2020. [Slides]
    [Video]
    Notes: reprise of talk from Pycon US, with updated slides for new output modes.
  • “Keynote: Algorithms Cheat.”
    Keynote at Pycon India, October 3, 2020. [Slides]Dr.
    Terri’s 3 laws of machine learning
    1. Your model is only as good as your data.
    2. Your data is always bad.
    3. Algorithms cheat.

    As machine learning has become easier to learn and more commonly used, many people miss out on hearing the
    hilarious stories and cautionary tales of what happens when things don’t go right. This talk is my attempt to
    bring some of my favourite stories of “algorithmic cheating” out of the ivory tower and in to the world. Learn
    about how sometimes machine learning yields great insights, and sometimes… not so much.

  • “Detecting Known Vulnerabilities with Python.” Pycon US, 2020. [Abstract] [Video] [Slides]Abstract:
    Detecting known software vulnerabilities is hard to do perfectly, but it’s easy to get part way there. The
    CVE Binary Tool is a tool that detects issues in a few components but has grand ambitions. Learn how it
    works, how to use it & how to improve it so together we can help everyone be more secure.
    
  • “Rock on: Building hardware and software for a MicroPython decibel meter“, PyCasccades 2020, February 2020. [Abstract]
    [Video (I’m at the beginning of day 2.)]
    • Abstract: Ready to turn it up to 11? Pycon US 2019 challenged us to build Python hardware, so let’s learn
      how to build a decibel meter! We’ll start with choosing parts and testing hardware, writing the software
      using MicroPython, then talk about building the custom circuit board using the open source KiCad.

2019

• • • “Python Security Tools” PyCon 2019, May 4, 2019.
      [Video][PyCon schedule]Abstract: While
      high-level security concepts may transcend languages, each language has its own sets of tools and edge
      cases that are worth knowing. Python is one of many popular languages that is rarely the focus in
      security training, but that doesn’t mean python code is automatically secure (no matter what the
      internet tells you). Learn why people who say “pylint will help you with security” aren’t doing you any
      favours, how to use Bandit for security-focused linting and talk about other options for static
      analysis. Take a deeper look at why scanning for publicly known vulnerabilities is complicated, and how
      to use Pyup Safety to make it easier. We’ll also explore some language myths and best practices.
    • “Prickly Pears & Printed Circuit Boards: Designing and Building Your Own Soldering Kits
      ” Portland Mini Maker Faire at the Oregon Museum of Science and Industry (OMSI), Invited talk at the Innovation Stage,
      September 8, 2019.

      Abstract: Soldering is fun, and there are lots of kits available for people from beginners to experts.
      But what if you wanted to design your own? Join Terri Oda as she walks you through the process of
      designing, building, testing and kitting out the soldering kits used at Albuquerque Mini Maker Faire.
      This will include a mini tutorial on how to use KiCAD, open source design software for building printed
      circuit boards.

2018

• • • “Python Security Tools” Security Conference, Santa Clara, California, June 2018. [Private
      event, no slides available]Won best presentation award.
    • “Python’s Summer of Code Needs YOU” Pycon
      2018 Lightning talk, May 2018. [Slides
      – please read notes on slides for talk contents]

2017

• • • “Effective Presentations Using Applied Logical Fallacies”
      Open Source Bridge, June 2017.
      [Session link][Slides]

      Abstract: For many novice speakers, especially technical speakers, the hardest part of presenting is not
      figuring out what to put in but what to leave out. But what works for an academic paper doesn’t work in
      a 10 minute presentation, and you risk boring your audience long before you manage to convince them of
      anything. This talk is intended to be a fun (and perhaps a bit silly) look at the science and the art of
      being convincing. I will cover how logical fallacies are used in propaganda, lying, and how you can use
      them to get your point across quickly. And don’t worry, we’ll also talk about how to do this
      ethically!

    • “Capturing Tiny Snakes” (Tutorial)
      Open Source Bridge, June 2017.
      [Session link][Code repository with tutorial materials]

      Abstract: This is intended as a tutorial session for bringing up MicroPython on a common, and reasonably
      easy to obtain, microcontroller platform. From bare bones, to blinking LEDs and beyond.

    • “Keynote: Is Open Source Software Really More
      Secure?” Pycon Pune, February 2017. [Video][Slides]Abstract:
      Open source proponents often list security as one of many reasons that users should want to use open
      source software, but is it really true? This talk explores why the question “Is open source software
      really more secure?” is hard to answer, what it means to be secure, how our metrics could be harming our
      actual security, what good security looks like at a community level, and how we can help make things
      better.Notes: Video has no sound at beginning, link above starts it at 1:50 when the talk starts
    • Advanced Secure Code Development, two-day internal course, March 28-29, 2017. (Internal
      course, materials not available to general public.)Notes: This is a course developed by others on secure
      coding, mostly focusing on issues in C/C++. This iteration was the final step of my “training” and was a
      very small and friendly class. I expect to be teaching the course quarterly when there is sufficient demand.
    • “Choosing More Secure Open Source Packages: Lessons from the Whitelist” Brown Bag, March
      21, 2017. (Reprise of SWPC 2016 talk for internal open source audience.)

2016

• • • “Choosing More Secure Open Source Packages: Lessons from the Whitelist” Software
      Professionals Conference (SWPC), October 19, 2016. (Internal company conference, slides and video not
      available to general public.)Notes: This talk used examples from many open source projects to help software
      professionals gain an understanding of how to differentiate sketchy, unmaintained or dangerous open source
      projects from well-maintained and reasonably secure projects.
    • “Taking no for an answer” Open Source Bridge,
      June 22, 2016. [full proposal] [slides]Abstract:
      Open source (like many fields) rewards people who are confident and even a bit pushy. So we give talks
      encouraging folk to get over imposter syndrome, lean in, say yes to more things. But self-improvement
      shouldn’t focus only on our most vulnerable members, but also our most powerful. So let’s talk not about
      saying yes, but about hearing no. Learning to take no for an answer can transform efforts such as
      security, diversity and mentoring where we have few experts or volunteers and great need. Let’s talk
      about accepting “defeat” with grace, and how to take “no” for an answer while still moving
      forwards.
    • “Sparkle Security” Open Source Bridge, June 21,
      2016. [full proposal] [slides]Abstract:
      “Agent Sparkle, you have been recruited as a security expert to use your skills to protect the kingdom
      of Project Rainbow. You might not feel qualified yet, but Project Rainbow has great faith in your
      ability to learn.” Web security is perhaps one of most fun types of computer security to master:
      exploits can be constructed quickly and without many tools. But sadly, while there are many tutorials,
      they simply don’t have enough rainbows and sparkles and the practice exploits tend to focus on the
      basics without flourishes. Project Sparkle is a set of “training missions” designed to make learning web
      security more kid-friendly, but we think the audience of Open Source Bridge will also enjoy exploiting
      the web to add more rainbows and sparkles!

2015

• • • “Securing Open Source Software” Panel discussion with Valerie Fenwick, Leigh Honeywell and
      Terri Oda. Moderator, Sarah Beck. Grace Hopper Celebration of Women in Computing, October 2015Abstract:
      Heartbleed, FREAK, POODLE – you’ve heard about them: vulnerabilities in critical parts of the internet’s
      infrastructure. If you work in Security, IT, or development, these names and cheesy logos have given you
      nightmares. The tech world depends on FOSS (Free and Open Source Software), and it needs to be secure.
      Learn about how individuals and corporations can work to ensure FOSS is safe and improves over time. Our
      panelists discuss their efforts and how you can help.
    • “Bringing Security to Your Open Source Project” Open
      Source Bridge, June 25, 2015. [full
      proposal] [slides]
      [video]Abstract: With high profile breaches in
      open source projects, the issue of security has become one of great import to many people. But many
      projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will
      discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No
      PhDs in security required!Notes: The slides for this were designed to stand somewhat on their own,
      but the slide deck does include notes on what I intended to say to flesh out the information on the slides.
      The presentation video is also available from the conference.
    • “Internet of Things Militia: Paramilitary Training for your IoT devices” Open Source Bridge, June 25, 2015. [full proposal] [slides]
      [video]Abstract: Security folk generally talk
      about how the Internet of Things is bad for security, and indeed it is true that infrequently updated
      devices given access to a “trusted” home network can potential result in problems. But what about the
      other side? Can you train your internet light bulbs as guard dogs? Can you send your internet fridge to
      search and destroy invaders and that dude whose wifi signal interferes with yours? Can your thermostat
      help you figure out whether a network access is legitimate or not? The internet of things brings new
      sensors and connected devices that could co-operate in new and interesting ways, some of which may be
      very different from the manufacturer’s initial intent.Notes: This was intended to be a light,
      somewhat irreverant talk about IoT. The meta-goal was to get people to think about interoperability and IoT
      in different ways, but mostly it was meant to be fun. The slides are very image-heavy and not intended to
      stand on their own without presenter. Rough notes are included in the slide set to give you some idea of
      what verbal presentation went with. The presentation video is also available from the conference.
    • “Skynet is Open Source: How automated software repair can use mutations to fix your bugs and
      possibly destroy mankind” Open Source Technology Summit, April 2015. (Invite-only conference,
      slides and video not publicly available at this time.)Notes: This was a presentation to explain genprog and
      my postdoctoral
      research at UNM to an audience of colleagues who would be unlikely to encounter
      such work in the course of their usual jobs. It covered many key ideas from
      the artificial life based automated system repair program, discussion of the
      issues and challenges of that space, as well as thoughts on open source,
      academia and industry. Slides may be available at a later date if I seek
      approval from my manager.

2014

• • • “When Many Eyes Fail You: Tales from Security Standards and Open Source” Open Source
      Bridge, June 24, 2014. [full proposal]Abstract:
      It’s often said that “given many eyes, all bugs are shallow” and open source proponents love to list
      this as a reason that open source is more secure than its closed-source relatives. While that makes a
      nice sound bite, the reality of security with many eyeballs doesn’t fit so nicely into a tweet. This
      talk will explore some of the things that surprised me in going from academic security research to
      industry security research in open source and open standards.
    • Crosswalk on Tizen update, Tizen Security F2F, Vannes, France, September 2014.
    • Crosswalk security, Tizen Security F2F, Warsaw, Poland, July 2014.

2013

• • • “Web Security and Automated Software Hardening” Job talk at industry research group, April
      2013.

2012

• • • “First Experiences in Open Source Software: How to get involved” Panel Discussion, Grace
      Hopper Celebration 2012.
    • Router bugs, Upcoming research presentation for DARPA site visit, February 2012.

2011

• • • “Security Attacks, Countermeasures and Protecting Yourself Online!” Grace Hopper
      Celebration 2011.
    • “Open Source Needs You: Find Your Community and Change the World.” Panel discussion, Grace
      Hopper Celebration, November 2011.
    • “Simple security policy for the web.” PhD Thesis Defense, Carleton University, October
      2011.
    • “Web Security for the Masses.” Job talk, Univeristy of New Mexico, May 2011.Abstract:
      If web security were a siege, the attackers would be winning through
      attrition: it is relatively easy to compromise a site, but it takes
      significant resources for a defender to ensure that it is even moderately secure. There is a need for
      security policy languages to improve control over the behaviour of web pages, but security policy can be
      overwhelming and confusing to web designers who may have backgrounds in art, not security. As such, I
      have developed Security Style Sheets, a language rooted in existing web standards and visual design that
      allows designers to mitigate common attacks such as cross-site scripting without requiring extensive
      page rewrites. This alleviates some of the barriers to better web security, but the language could be
      even more powerful combined with adaptive techniques for inferring policy, giving web users the ability
      to browse more safely even when an expert is not available.

      Notes: As is apparently typical for a job talk, this also included more information about me, my
      background and previous research.

    • “Using Facebook for Evil (and other bad things that happen online).” CU-WISE Celebration of
      Women in Computing, Carleton University, Ottawa, ON, April 6, 2011Notes: A general-level talk intended
      for the public as well as students and staff.Abstract: People like to share. Photos, links,
      stories, feelings, or even what you had for dinner might end up online… it all seems harmless, but is
      it really? Learn here about some of the crafty things a mean person might do using your information, and
      how you can try to avoid getting burned.
    • “Enhancing Web Page Security with Security Style Sheets” Research Day, Carleton University,
      March 25, 2011Brief talk description (25-40 words):
      The web is dangerously insecure, but solutions are often so prohibitively time consuming that they are
      not implemented. Security Style Sheets, a policy language based in existing web standards, unites
      disparate techniques to make security mitigation more straightforward for busy developers.

      Talk abstract (150-200 words):
      Although the web security community now has a variety of techniques that could help web developers to
      defend against common attacks such as cross-site scripting and cross-site request forgery, this work is
      not in a form suitable for general use. What is needed is a web standard that unites these techniques
      using syntax and semantics that are easy for web developers to learn and straightforward for browser
      makers to implement. Here we propose such a standard, Security Style Sheets, a browser-enforced policy
      language modelled on Cascading Style Sheets. Security Style Sheets provides an extensible policy
      framework that allows for policy to be separated from content and to be specified at both coarse and
      fine levels of granularity. In this paper we present the syntax and semantics of Security Style Sheets,
      explain its relationship with past web security proposals and CSS, and give examples of how it could be
      used to protect mainstream websites such as Facebook. Also in the model of CSS and the Acid3 tests, we
      present a conformance suite for Security Style Sheets.

2010

• • • “Getting Started in Free and Open Source Software.” Grace Hopper Celebration of Women in Computing, Atlanta, GA,
      September 30, 2010.Session Description: Are you interested in contributing to a Free or Open Source
      software project, but you’re not sure how to get started? Wondering about some of the social aspects of
      participating in the community, as well as the technical details? During this panel discussion, key
      contributors to several Free and Open Source Software projects will discuss tips for successfully
      engaging with the project of your choice. Panelists will share their own experiences getting started in
      Free and Open Source development. They will also share best practices with audience members, helping
      newcomers understand the basics of contributing to Open Source so their initial foray is most
      effective.Notes: I was part of a panel discussing this topic as part of the new open source track at Grace
      Hopper. I also helped out with the Codeathon that followed our session.
    • “GNU Mailman 3: Mailing lists of the future.” LinuxCon, Boston, MA, August 12,
      2010.Abstract: GNU Mailman forms the backbone of many online communities, including many open source
      projects. It provides free software for managing electronic mail discussion and e-newsletter lists which
      are often used to coordinate development, communities and events. Mailman 3, currently in alpha, is an
      extensive rewrite to use modern architecture, address user issues, and bring new ideas into the way we
      use mailing lists. Learn about what the upcoming Mailman 3 will offer to end users and communities, and
      hear a little bit about what is changing under the hood. Audience members can expect to learn about new
      features and changes in Mailman 3, both for users and for list/community administrators. Only basic
      understanding of email and mailing lists will be required.Notes:
      A talk on the upcoming features of Mailman 3 (in alpha at the time of the talk). As it turned out, my
      audience was largely composed of system administrators with significant experience using Mailman 2.1 on
      a large scale.

      Notice how this was two days after the HotSec presentation, and in a different city. It was a busy
      week!

    • “Visual Security Policy for the Web.” USENIX Hot Topics in Security (HotSec 2010),
      Washington, DC, August 10, 2010.Abstract: Many web security vulnerabilities allow parts of a page to
      interact when they should be isolated. Such vulnerabilities can be mitigated by implementing protection
      boundaries between web page elements. Several methods exist for creating such boundaries, but existing
      methods require relatively sophisticated knowledge of web technologies. To make protection mechanisms
      available to a wider audience, we propose a simple web page security policy language, ViSP, modelled on
      mechanisms for specifying page layout. Here we characterise ViSP and describe a simple Firefox-based
      prototype that allows interactive, graphical specification of per-page security policies. We also show
      how these tools can be used to protect against cross-site scripting (XSS) attacks on common web
      applications.
    • “Visual Security Policy for the Web.” CCSL Meeting, August 4, 2010Notes: Complete trial
      run for HotSec
    • “Web security for regular folk” COMP1001 class, June 7, 2010.Notes: I was invited to
      give a general-level talk on web security for an intro-level computer science course. This version of
      the talk included an intro to web security, a small overview of my research, and tips for staying safe
      online.
    • “No Website
      Left Behind: Are We Making Web Security Only For the Elite?” Web 2.0
      Security and Privacy, Oakland, CA, May 20, 2010.Abstract: The web is riddled with flaws that
      make it unsafe. Protection methods exist, but current web security solutions are often designed to be
      deployed by programmers and security experts. Unfortunately, programmers and web security experts are
      not always available: many sites are created by graphic designers with more artistic backgrounds, and
      others involve web applications installed by non-programmers who want a website to fit a targeted need.
      These non-expert page creators may find web security solutions confusing and difficult to implement
      because they assume significant technical expertise. While solutions designed for experts are valuable,
      solutions for non-experts are needed to make the web safer.
    • “No Website
      Left Behind: Are We Making Web Security Only For the Elite?” ABA meeting, May 12, 2010.Notes:
      Complete trial run for W2SP
    • “No Website
      Left Behind: Are We Making Web Security Only For the Elite?” ISSNet
      Annual Workshop, May 27-30, 2010.Notes: Shortened Sneak Preview of my W2SP talk
    • “Visual Security Policies for Web Pages.” Thesis proposal defence, April 9, 2010.Notes:
      Yes, I passed.
    • “Web security for regular folk.” Carleton Celebration of Women in
      Science and Engineering, April 8, 2010.The web is not a safe place: little flaws found in a
      large number of web pages can be exploited by attackers to do harm, from installing viruses to stealing
      passwords to infecting all your friends. There are new attacks showing up all the time. Being safe on
      Facebook is not limited to “don’t share your password,” but many people are unaware of the risks. And
      unfortunately, even the people who make websites may not understand how to make them safe! This talk
      will describe some of the modern safety concerns on the web, as well as my own research to make the web
      safer. If part of the problem is that web designers are artists, not security experts, can we make it so
      that art provides security? How can we make the web safer, but still usable?Notes: A
      general-level talk on my web security research.
    • “How
      does biology explain the low numbers of women in computer science? Hint: it doesn’t.” Carleton Celebration of Women in
      Science and Engineering, April 8, 2010.A snarky but mathematically informed look at one of the
      common myths of ability regarding women in technical fields. Simple, short, back-of-the-napkin style
      presentation. This was prepared and put online in November 2009, and parts of it have been used
      by others, but this was my first live “performance” of the presentation.
    • Joint with Gail Carmichael. Interview with CBC Ottawa
      Morning. Aired April 8, 2010.
    • “Visual Web Security Policies.” Carleton Computer
      Security Laboratory, January 28, 2010.Notes: Precursor to a potential poster.

2009 (Highlights)

• • • “Computer Security.” Outreach presentation for careers class at Lisgar Collegiate Institute, December 1,
      2009.
    • “Using Layout Information to Enhance Security on the Web.” Grace
      Hopper Celebration of Women in Computing, September 30 – October 3, 2009.
    • “Attracting women to open source” Birds of a Feather session, Linux
      Symposium, Montreal, July 13-17, 2009.In 2006, GNOME put out the call for students to
      participate in the Google Summer of Code project, where students get paid to work on open source
      projects. They received 181 applicants — and not a single one from a woman. Seeking to attract a female
      applicants, they did a Women’s Summer Outreach Programme, and got 100 applicants. There are capable
      women out there, but how can we attract them to open source projects? Do women need an invitation? What
      makes an open source project attractive to women? What drives otherwise talented people away from a
      project? The goal of this BOF is to talk about some of the issues, and brainstorm ways to increase
      involvement. (And yes, the BOF is open to both women and men.)
    • “Mitigating Cross Site Scripting
      Using Web Page Layout” ISSNet Annual Workshop, June 15 – 18, 2009.

      Web security lies primarily in the hands of those who create the pages.
      Unfortunately many people and organizations who run web sites do not
      have the time, security knowledge, or motivation to produce secure
      sites. As a result, users are exposed to insecure pages daily. This talk
      investigates ways to protect users by leveraging existing information
      from the page layout to produce good security policy without requiring
      an expert.

    • “Mitigating Cross Site Scripting
      Using Web Page Layout” MITACS annual conference, June, 2009.
    • “Web Security” Private government meeting, February, 2009.
    • “SOMA: Mutual Approval for Included Content in Web Pages”, Ottawa-Carleton Institute for Computer Science
      Seminar Series (OCICS), January 9, 2009.

2008 (Highlights)

• • • Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
      for Included Content in Web Pages” ACM Computer and
      Communications Security (CCS’08), October 27-31, 2008. Pages 89-98.Notes: [Associated Paper] [SOMA Mozilla Firefox Add-On]
    • Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
      for Included Content in Web Pages“, Carleton Computer Security
      Laboratory, October 21, 2009.Notes: Trial run for CCS presentation
    • Joint presentation with Anil Somayaji. “The Ottawa Linux Symposium: Update on the world of Linux.” Carleton Computer Security Laboratory, July 29, 2008.We will
      present an overview of the Ottawa Linux Symposium: its
      history, who attends, and what it is about. We’ll give some
      highlights of the symposium, discussing issues such as SELinux,
      virtualization, and issues with P2P distribution of free software.
      We’ll then discuss security research problems that seem to be relevant
      to the OLS audience.

      Notes: Bringing some highlights of OLS back to our research group.

    • “Women in Open Source.” Birds of a Feather session, Ottawa Linux
      Symposium, Ottawa, July 23rd – 26, 2008.
    • “SSP, SOMA, and Web Security” Carleton Computer Security Laboratory,
      July 8, 2008.Notes: A short presentation to stimulate discussion on the design of SSP (which later
      became Mozilla’s CSP) and how it compared with SOMA.
    • “SOMA: Mutual Approval for Included Content In Web Pages” Private industry meeting, June, 2008.
    • “Content Provider Conflict on the Modern
      Web” Symposium on Information
      Assurance (New
      York State Cyber Security Conference), Albany, NY, June 4-5, 2008.

      Today many web pages include externally sourced content. Advertisements,
      video, blog “trackbacks,” search—these and other features of the
      modern web are provided by third-party servers. Such external content is
      so popular that content is often incorporated from more than one
      source. In this paper we argue that such multiple inclusions are a
      significant security risk because of the potential for conflict between
      included elements. In particular, the use of JavaScript to provide
      external content means that providers can observe and interfere with
      each other. Financial incentives and competitive advantage provide
      motivation for such conflicts, both for criminals and for legitimate
      enterprises. To prevent users and web content providers from becoming
      collateral damage, we must develop and deploy techniques for isolating
      externally provided web content.

      Notes: [Associated Paper], [HTML
      version]

    • “When Elephants Dance, Mice Must be Careful: Content Provider
      Conflict on the Modern Web” Carleton Computer Security Laboratory,
      March 18, 2008.

      Notes: Trial run for Albany presentation

2007 (Highlights)

• • • “The Same Origin
      Mutual Approval
      Policy” MITACS research group meeting, December 7, 2007.
    • “Upsides and downsides of the Tahoma sandboxed browser model” Carleton
      Computer Security Laboratory, September 27, 2007.This talk discusses the 2006 paper “A
      Safety-Oriented Platform for Web
      Applications” by Cox et al, which proposes a “Browser Operating System”
      called Tahoma. The idea is to use virtual machine sandboxes to contain
      separate web applications — protecting the computer from them, and them
      from each other. I will be covering some of the interesting ideas in
      their approach, and I hope to inspire discussion about the parts of this
      approach that lead themselves to exploitation or confusion on the part
      of the user.

      Notes: This marked some early discussion into related work for SOMA.

    • “Sharks in the Sandbox: Security and Privacy on the Modern Web” Private industry meeting, May 7, 2007.
    • “Sharks in the Sandbox: Security and Privacy on the Modern Web” Carleton
      Computer Security Laboratory, April 17, 2007.Notes: Trial run for the industry presentation
    • Discussion on JavaScript Security. IDS discussion group, Carleton Univeristy, January 22, 2007.

2006 (Highlights)

I was finishing coursework and studying for my comprehensive exams this year. I almost certainly did
presentations, but I don’t remember the details. Sorry!

2005 (Highlights)

• • • “Immunity from spam: an analysis of an artificial immune system for junk email detection” Artificial Immune
      Systems: 4th International Conference, ICARIS 2005, Banff, AB, Canada, August 14-17,
      2005.Notes: [Associated Paper]

2004 (Highlights)

• • • “A Spam-Detecting Artificial Immune System.” Master’s thesis defence, December 2004.Notes: [Master’s Thesis]

2003 (Highlights)

• • “Developing an Immunity to Spam.”
    Genetic and
    Evolutionary Computation – GECCO 2003.
    Genetic and Evolutionary Computation Conference, Chicago, IL, USA,
    July 12-16, 2003.

    Notes: [Associated paper]

  • “Revisiting Elitism in Ant Colony Search.”
    Genetic and
    Evolutionary Computation – GECCO 2003.
    Genetic and Evolutionary Computation Conference, Chicago, IL, USA,
    July 12-16, 200a.3

    Notes: [Associated paper]