Speaking

Speaking

I used to give presentations fairly regularly as part of my academic work, and didn’t bother to list them since it’s assumed that most academics do the same. However, since I also speak on other topics to communities where frequent presentations are not the norm, I thought this page might be helpful for those curious about my speaking experience, venues and topics. It’s not 100% complete but should give a reasonable overview. Some older links may be broken; if you need something that’s currently not available please feel free to email me using terri at toybox dot ca.

2023

  • Vulnerability Scanning for Free (as in puppies)” PyCascades 2023, March 19, 2023. [Video][Slides]
    • Abstract: Secure software supply chains with 0 vulnerabilities sounds like a great idea, but once you start looking through entire dependency chains and large systems, it can be a lot harder to achieve than one might expect. Using the free, open source, CVE Binary Tool vulnerability scanner (written in python!), we’ll show what it looks like to set up vulnerability scanning, what kinds of fun things you find, and how keeping things up to date can mean an ongoing maintenance burden that is more like a free puppy than a free beer. We’ll talk about how naive policies, governmental mandates and capitalism may ruin your day, and what we can do to stay secure and help everyone get past the puppy phase without sending anyone back to the pound.

2021

  • pyKnit: Math Tools for Knitters“, PyCon 2021, May 2021. [Video][Abstract]
    • Abstract: Knitting patterns are effectively code that gives you a physical object if you execute them. Customizing and designing patterns takes a lot of math to get sizing and shapes right, but not all knitters love math, and even those who do don’t want to do it by hand all the time. Every year at PyCon I meet a few more knitters, so I thought maybe this was the year we could put our heads together and build an open source knitting toolkit and maybe make customizing your knitting a little easier for everyone. The pyKnit toolkit will hopefully make it easier for people to adjust garment patterns to fit, for pattern designers to be size inclusive, or for any knitter to adjust patterns to make the most out of a special ball of yarn.

2020

    • Frugal Known Vulnerability Detection.BSidesPDX,
      October 23, 2020. [Slides]
      [Video]
      Notes: reprise of talk from Pycon US, with updated slides for new output modes.
    • Keynote: Algorithms Cheat.
      Keynote at Pycon India, October 3, 2020. [Slides]Dr.
      Terri’s 3 laws of machine learning

      1. Your model is only as good as your data.
      2. Your data is always bad.
      3. Algorithms cheat.

      As machine learning has become easier to learn and more commonly used, many people miss out on hearing the
      hilarious stories and cautionary tales of what happens when things don’t go right. This talk is my attempt to
      bring some of my favourite stories of “algorithmic cheating” out of the ivory tower and in to the world. Learn
      about how sometimes machine learning yields great insights, and sometimes… not so much.

    • Detecting Known Vulnerabilities with Python.Pycon US, 2020. [Abstract] [Video] [Slides]Abstract:
      Detecting known software vulnerabilities is hard to do perfectly, but it’s easy to get part way there. The
      CVE Binary Tool is a tool that detects issues in a few components but has grand ambitions. Learn how it
      works, how to use it & how to improve it so together we can help everyone be more secure.
    • Rock on: Building hardware and software for a MicroPython decibel meter“, PyCasccades 2020, February 2020. [Abstract]
      [Video (I’m at the beginning of day 2.)]

      • Abstract: Ready to turn it up to 11? Pycon US 2019 challenged us to build Python hardware, so let’s learn
        how to build a decibel meter! We’ll start with choosing parts and testing hardware, writing the software
        using MicroPython, then talk about building the custom circuit board using the open source KiCad.

2019

      • Python Security ToolsPyCon 2019, May 4, 2019.
        [Video][PyCon schedule]Abstract: While
        high-level security concepts may transcend languages, each language has its own sets of tools and edge
        cases that are worth knowing. Python is one of many popular languages that is rarely the focus in
        security training, but that doesn’t mean python code is automatically secure (no matter what the
        internet tells you). Learn why people who say “pylint will help you with security” aren’t doing you any
        favours, how to use Bandit for security-focused linting and talk about other options for static
        analysis. Take a deeper look at why scanning for publicly known vulnerabilities is complicated, and how
        to use Pyup Safety to make it easier. We’ll also explore some language myths and best practices.
      • Prickly Pears & Printed Circuit Boards: Designing and Building Your Own Soldering Kits
        ” Portland Mini Maker Faire at the Oregon Museum of Science and Industry (OMSI), Invited talk at the Innovation Stage,
        September 8, 2019.

        Abstract: Soldering is fun, and there are lots of kits available for people from beginners to experts.
        But what if you wanted to design your own? Join Terri Oda as she walks you through the process of
        designing, building, testing and kitting out the soldering kits used at Albuquerque Mini Maker Faire.
        This will include a mini tutorial on how to use KiCAD, open source design software for building printed
        circuit boards.

2018

2017

      • Effective Presentations Using Applied Logical Fallacies
        Open Source Bridge, June 2017.
        [Session link][Slides]

        Abstract: For many novice speakers, especially technical speakers, the hardest part of presenting is not
        figuring out what to put in but what to leave out. But what works for an academic paper doesn’t work in
        a 10 minute presentation, and you risk boring your audience long before you manage to convince them of
        anything. This talk is intended to be a fun (and perhaps a bit silly) look at the science and the art of
        being convincing. I will cover how logical fallacies are used in propaganda, lying, and how you can use
        them to get your point across quickly. And don’t worry, we’ll also talk about how to do this
        ethically!

      • Capturing Tiny Snakes” (Tutorial)
        Open Source Bridge, June 2017.
        [Session link][Code repository with tutorial materials]

        Abstract: This is intended as a tutorial session for bringing up MicroPython on a common, and reasonably
        easy to obtain, microcontroller platform. From bare bones, to blinking LEDs and beyond.

      • Keynote: Is Open Source Software Really More
        Secure?
        Pycon Pune, February 2017. [Video][Slides]Abstract:
        Open source proponents often list security as one of many reasons that users should want to use open
        source software, but is it really true? This talk explores why the question “Is open source software
        really more secure?” is hard to answer, what it means to be secure, how our metrics could be harming our
        actual security, what good security looks like at a community level, and how we can help make things
        better.
        Notes: Video has no sound at beginning, link above starts it at 1:50 when the talk starts
      • Advanced Secure Code Development, two-day internal course, March 28-29, 2017. (Internal
        course, materials not available to general public.)Notes: This is a course developed by others on secure
        coding, mostly focusing on issues in C/C++. This iteration was the final step of my “training” and was a
        very small and friendly class. I expect to be teaching the course quarterly when there is sufficient demand.
      • Choosing More Secure Open Source Packages: Lessons from the Whitelist” Brown Bag, March
        21, 2017. (Reprise of SWPC 2016 talk for internal open source audience.)

2016

      • Choosing More Secure Open Source Packages: Lessons from the Whitelist” Software
        Professionals Conference (SWPC), October 19, 2016. (Internal company conference, slides and video not
        available to general public.)Notes: This talk used examples from many open source projects to help software
        professionals gain an understanding of how to differentiate sketchy, unmaintained or dangerous open source
        projects from well-maintained and reasonably secure projects.
      • Taking no for an answerOpen Source Bridge,
        June 22, 2016. [full proposal] [slides]Abstract:
        Open source (like many fields) rewards people who are confident and even a bit pushy. So we give talks
        encouraging folk to get over imposter syndrome, lean in, say yes to more things. But self-improvement
        shouldn’t focus only on our most vulnerable members, but also our most powerful. So let’s talk not about
        saying yes, but about hearing no. Learning to take no for an answer can transform efforts such as
        security, diversity and mentoring where we have few experts or volunteers and great need. Let’s talk
        about accepting “defeat” with grace, and how to take “no” for an answer while still moving
        forwards.
      • Sparkle SecurityOpen Source Bridge, June 21,
        2016. [full proposal] [slides]Abstract:
        “Agent Sparkle, you have been recruited as a security expert to use your skills to protect the kingdom
        of Project Rainbow. You might not feel qualified yet, but Project Rainbow has great faith in your
        ability to learn.” Web security is perhaps one of most fun types of computer security to master:
        exploits can be constructed quickly and without many tools. But sadly, while there are many tutorials,
        they simply don’t have enough rainbows and sparkles and the practice exploits tend to focus on the
        basics without flourishes. Project Sparkle is a set of “training missions” designed to make learning web
        security more kid-friendly, but we think the audience of Open Source Bridge will also enjoy exploiting
        the web to add more rainbows and sparkles!

2015

      • Securing Open Source Software” Panel discussion with Valerie Fenwick, Leigh Honeywell and
        Terri Oda. Moderator, Sarah Beck. Grace Hopper Celebration of Women in Computing, October 2015Abstract:
        Heartbleed, FREAK, POODLE – you’ve heard about them: vulnerabilities in critical parts of the internet’s
        infrastructure. If you work in Security, IT, or development, these names and cheesy logos have given you
        nightmares. The tech world depends on FOSS (Free and Open Source Software), and it needs to be secure.
        Learn about how individuals and corporations can work to ensure FOSS is safe and improves over time. Our
        panelists discuss their efforts and how you can help.
      • Bringing Security to Your Open Source ProjectOpen
        Source Bridge
        , June 25, 2015. [full
        proposal
        ] [slides]
        [video]Abstract: With high profile breaches in
        open source projects, the issue of security has become one of great import to many people. But many
        projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will
        discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No
        PhDs in security required!
        Notes: The slides for this were designed to stand somewhat on their own,
        but the slide deck does include notes on what I intended to say to flesh out the information on the slides.
        The presentation video is also available from the conference.
      • Internet of Things Militia: Paramilitary Training for your IoT devicesOpen Source Bridge, June 25, 2015. [full proposal] [slides]
        [video]Abstract: Security folk generally talk
        about how the Internet of Things is bad for security, and indeed it is true that infrequently updated
        devices given access to a “trusted” home network can potential result in problems. But what about the
        other side? Can you train your internet light bulbs as guard dogs? Can you send your internet fridge to
        search and destroy invaders and that dude whose wifi signal interferes with yours? Can your thermostat
        help you figure out whether a network access is legitimate or not? The internet of things brings new
        sensors and connected devices that could co-operate in new and interesting ways, some of which may be
        very different from the manufacturer’s initial intent.
        Notes: This was intended to be a light,
        somewhat irreverant talk about IoT. The meta-goal was to get people to think about interoperability and IoT
        in different ways, but mostly it was meant to be fun. The slides are very image-heavy and not intended to
        stand on their own without presenter. Rough notes are included in the slide set to give you some idea of
        what verbal presentation went with. The presentation video is also available from the conference.
      • Skynet is Open Source: How automated software repair can use mutations to fix your bugs and
        possibly destroy mankind
        ” Open Source Technology Summit, April 2015. (Invite-only conference,
        slides and video not publicly available at this time.)Notes: This was a presentation to explain genprog and
        my postdoctoral
        research at UNM to an audience of colleagues who would be unlikely to encounter
        such work in the course of their usual jobs. It covered many key ideas from
        the artificial life based automated system repair program, discussion of the
        issues and challenges of that space, as well as thoughts on open source,
        academia and industry. Slides may be available at a later date if I seek
        approval from my manager.

2014

      • When Many Eyes Fail You: Tales from Security Standards and Open Source” Open Source
        Bridge, June 24, 2014. [full proposal]Abstract:
        It’s often said that “given many eyes, all bugs are shallow” and open source proponents love to list
        this as a reason that open source is more secure than its closed-source relatives. While that makes a
        nice sound bite, the reality of security with many eyeballs doesn’t fit so nicely into a tweet. This
        talk will explore some of the things that surprised me in going from academic security research to
        industry security research in open source and open standards.
      • Crosswalk on Tizen update, Tizen Security F2F, Vannes, France, September 2014.
      • Crosswalk security, Tizen Security F2F, Warsaw, Poland, July 2014.

2013

      • Web Security and Automated Software Hardening” Job talk at industry research group, April
        2013.

2012

      • First Experiences in Open Source Software: How to get involved” Panel Discussion, Grace
        Hopper Celebration 2012.
      • Router bugs, Upcoming research presentation for DARPA site visit, February 2012.

2011

      • Security Attacks, Countermeasures and Protecting Yourself Online!” Grace Hopper
        Celebration 2011.
      • Open Source Needs You: Find Your Community and Change the World.” Panel discussion, Grace
        Hopper Celebration, November 2011.
      • Simple security policy for the web.” PhD Thesis Defense, Carleton University, October
        2011.
      • Web Security for the Masses.” Job talk, Univeristy of New Mexico, May 2011.Abstract:
        If web security were a siege, the attackers would be winning through
        attrition: it is relatively easy to compromise a site, but it takes
        significant resources for a defender to ensure that it is even moderately secure. There is a need for
        security policy languages to improve control over the behaviour of web pages, but security policy can be
        overwhelming and confusing to web designers who may have backgrounds in art, not security. As such, I
        have developed Security Style Sheets, a language rooted in existing web standards and visual design that
        allows designers to mitigate common attacks such as cross-site scripting without requiring extensive
        page rewrites. This alleviates some of the barriers to better web security, but the language could be
        even more powerful combined with adaptive techniques for inferring policy, giving web users the ability
        to browse more safely even when an expert is not available.

        Notes: As is apparently typical for a job talk, this also included more information about me, my
        background and previous research.

      • Using Facebook for Evil (and other bad things that happen online).” CU-WISE Celebration of
        Women in Computing, Carleton University, Ottawa, ON, April 6, 2011Notes: A general-level talk intended
        for the public as well as students and staff.
        Abstract: People like to share. Photos, links,
        stories, feelings, or even what you had for dinner might end up online… it all seems harmless, but is
        it really? Learn here about some of the crafty things a mean person might do using your information, and
        how you can try to avoid getting burned.
      • Enhancing Web Page Security with Security Style Sheets” Research Day, Carleton University,
        March 25, 2011Brief talk description (25-40 words):
        The web is dangerously insecure, but solutions are often so prohibitively time consuming that they are
        not implemented. Security Style Sheets, a policy language based in existing web standards, unites
        disparate techniques to make security mitigation more straightforward for busy developers.

        Talk abstract (150-200 words):
        Although the web security community now has a variety of techniques that could help web developers to
        defend against common attacks such as cross-site scripting and cross-site request forgery, this work is
        not in a form suitable for general use. What is needed is a web standard that unites these techniques
        using syntax and semantics that are easy for web developers to learn and straightforward for browser
        makers to implement. Here we propose such a standard, Security Style Sheets, a browser-enforced policy
        language modelled on Cascading Style Sheets. Security Style Sheets provides an extensible policy
        framework that allows for policy to be separated from content and to be specified at both coarse and
        fine levels of granularity. In this paper we present the syntax and semantics of Security Style Sheets,
        explain its relationship with past web security proposals and CSS, and give examples of how it could be
        used to protect mainstream websites such as Facebook. Also in the model of CSS and the Acid3 tests, we
        present a conformance suite for Security Style Sheets.

2010

      • Getting Started in Free and Open Source Software.Grace Hopper Celebration of Women in Computing, Atlanta, GA,
        September 30, 2010.Session Description: Are you interested in contributing to a Free or Open Source
        software project, but you’re not sure how to get started? Wondering about some of the social aspects of
        participating in the community, as well as the technical details? During this panel discussion, key
        contributors to several Free and Open Source Software projects will discuss tips for successfully
        engaging with the project of your choice. Panelists will share their own experiences getting started in
        Free and Open Source development. They will also share best practices with audience members, helping
        newcomers understand the basics of contributing to Open Source so their initial foray is most
        effective.
        Notes: I was part of a panel discussing this topic as part of the new open source track at Grace
        Hopper. I also helped out with the Codeathon that followed our session.
      • GNU Mailman 3: Mailing lists of the future.LinuxCon, Boston, MA, August 12,
        2010.Abstract: GNU Mailman forms the backbone of many online communities, including many open source
        projects. It provides free software for managing electronic mail discussion and e-newsletter lists which
        are often used to coordinate development, communities and events. Mailman 3, currently in alpha, is an
        extensive rewrite to use modern architecture, address user issues, and bring new ideas into the way we
        use mailing lists. Learn about what the upcoming Mailman 3 will offer to end users and communities, and
        hear a little bit about what is changing under the hood. Audience members can expect to learn about new
        features and changes in Mailman 3, both for users and for list/community administrators. Only basic
        understanding of email and mailing lists will be required.
        Notes:
        A talk on the upcoming features of Mailman 3 (in alpha at the time of the talk). As it turned out, my
        audience was largely composed of system administrators with significant experience using Mailman 2.1 on
        a large scale.

        Notice how this was two days after the HotSec presentation, and in a different city. It was a busy
        week!

      • Visual Security Policy for the Web.USENIX Hot Topics in Security (HotSec 2010),
        Washington, DC, August 10, 2010.Abstract: Many web security vulnerabilities allow parts of a page to
        interact when they should be isolated. Such vulnerabilities can be mitigated by implementing protection
        boundaries between web page elements. Several methods exist for creating such boundaries, but existing
        methods require relatively sophisticated knowledge of web technologies. To make protection mechanisms
        available to a wider audience, we propose a simple web page security policy language, ViSP, modelled on
        mechanisms for specifying page layout. Here we characterise ViSP and describe a simple Firefox-based
        prototype that allows interactive, graphical specification of per-page security policies. We also show
        how these tools can be used to protect against cross-site scripting (XSS) attacks on common web
        applications.
      • Visual Security Policy for the Web.” CCSL Meeting, August 4, 2010Notes: Complete trial
        run for HotSec
      • Web security for regular folk” COMP1001 class, June 7, 2010.Notes: I was invited to
        give a general-level talk on web security for an intro-level computer science course. This version of
        the talk included an intro to web security, a small overview of my research, and tips for staying safe
        online.
      • No Website
        Left Behind: Are We Making Web Security Only For the Elite?
        Web 2.0
        Security and Privacy
        , Oakland, CA, May 20, 2010.Abstract: The web is riddled with flaws that
        make it unsafe. Protection methods exist, but current web security solutions are often designed to be
        deployed by programmers and security experts. Unfortunately, programmers and web security experts are
        not always available: many sites are created by graphic designers with more artistic backgrounds, and
        others involve web applications installed by non-programmers who want a website to fit a targeted need.
        These non-expert page creators may find web security solutions confusing and difficult to implement
        because they assume significant technical expertise. While solutions designed for experts are valuable,
        solutions for non-experts are needed to make the web safer.
      • No Website
        Left Behind: Are We Making Web Security Only For the Elite?
        ” ABA meeting, May 12, 2010.Notes:
        Complete trial run for W2SP
      • No Website
        Left Behind: Are We Making Web Security Only For the Elite?
        ISSNet
        Annual Workshop, May 27-30, 2010.Notes: Shortened Sneak Preview of my W2SP talk
      • Visual Security Policies for Web Pages.” Thesis proposal defence, April 9, 2010.Notes:
        Yes, I passed.
      • Web security for regular folk.Carleton Celebration of Women in
        Science and Engineering
        , April 8, 2010.The web is not a safe place: little flaws found in a
        large number of web pages can be exploited by attackers to do harm, from installing viruses to stealing
        passwords to infecting all your friends. There are new attacks showing up all the time. Being safe on
        Facebook is not limited to “don’t share your password,” but many people are unaware of the risks. And
        unfortunately, even the people who make websites may not understand how to make them safe! This talk
        will describe some of the modern safety concerns on the web, as well as my own research to make the web
        safer. If part of the problem is that web designers are artists, not security experts, can we make it so
        that art provides security? How can we make the web safer, but still usable?
        Notes: A
        general-level talk on my web security research.
      • How
        does biology explain the low numbers of women in computer science? Hint: it doesn’t.
        Carleton Celebration of Women in
        Science and Engineering
        , April 8, 2010.A snarky but mathematically informed look at one of the
        common myths of ability regarding women in technical fields. Simple, short, back-of-the-napkin style
        presentation.
        This was prepared and put online in November 2009, and parts of it have been used
        by others, but this was my first live “performance” of the presentation.
      • Joint with Gail Carmichael. Interview with CBC Ottawa
        Morning
        . Aired April 8, 2010.
      • Visual Web Security Policies.Carleton Computer
        Security Laboratory
        , January 28, 2010.Notes: Precursor to a potential poster.

2009 (Highlights)

      • “Computer Security.” Outreach presentation for careers class at Lisgar Collegiate Institute, December 1,
        2009.
      • “Using Layout Information to Enhance Security on the Web.” Grace
        Hopper Celebration of Women in Computing
        , September 30 – October 3, 2009.
      • “Attracting women to open source” Birds of a Feather session, Linux
        Symposium
        , Montreal, July 13-17, 2009.In 2006, GNOME put out the call for students to
        participate in the Google Summer of Code project, where students get paid to work on open source
        projects. They received 181 applicants — and not a single one from a woman. Seeking to attract a female
        applicants, they did a Women’s Summer Outreach Programme, and got 100 applicants. There are capable
        women out there, but how can we attract them to open source projects? Do women need an invitation? What
        makes an open source project attractive to women? What drives otherwise talented people away from a
        project? The goal of this BOF is to talk about some of the issues, and brainstorm ways to increase
        involvement. (And yes, the BOF is open to both women and men.)
      • “Mitigating Cross Site Scripting
        Using Web Page Layout” ISSNet Annual Workshop, June 15 – 18, 2009.

        Web security lies primarily in the hands of those who create the pages.
        Unfortunately many people and organizations who run web sites do not
        have the time, security knowledge, or motivation to produce secure
        sites. As a result, users are exposed to insecure pages daily. This talk
        investigates ways to protect users by leveraging existing information
        from the page layout to produce good security policy without requiring
        an expert.

      • “Mitigating Cross Site Scripting
        Using Web Page Layout” MITACS annual conference, June, 2009.
      • “Web Security” Private government meeting, February, 2009.
      • “SOMA: Mutual Approval for Included Content in Web Pages”, Ottawa-Carleton Institute for Computer Science
        Seminar Series (OCICS), January 9, 2009.

2008 (Highlights)

      • Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
        for Included Content in Web Pages
        ACM Computer and
        Communications Security (CCS’08)
        , October 27-31, 2008. Pages 89-98.Notes: [Associated Paper] [SOMA Mozilla Firefox Add-On]
      • Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
        for Included Content in Web Pages
        “, Carleton Computer Security
        Laboratory
        , October 21, 2009.Notes: Trial run for CCS presentation
      • Joint presentation with Anil Somayaji. “The Ottawa Linux Symposium: Update on the world of Linux.” Carleton Computer Security Laboratory, July 29, 2008.We will
        present an overview of the Ottawa Linux Symposium: its
        history, who attends, and what it is about. We’ll give some
        highlights of the symposium, discussing issues such as SELinux,
        virtualization, and issues with P2P distribution of free software.
        We’ll then discuss security research problems that seem to be relevant
        to the OLS audience.

        Notes: Bringing some highlights of OLS back to our research group.

      • “Women in Open Source.” Birds of a Feather session, Ottawa Linux
        Symposium
        , Ottawa, July 23rd – 26, 2008.
      • “SSP, SOMA, and Web Security” Carleton Computer Security Laboratory,
        July 8, 2008.Notes: A short presentation to stimulate discussion on the design of SSP (which later
        became Mozilla’s CSP) and how it compared with SOMA.
      • “SOMA: Mutual Approval for Included Content In Web Pages” Private industry meeting, June, 2008.
      • Content Provider Conflict on the Modern
        Web
        Symposium on Information
        Assurance
        (New
        York State Cyber Security Conference
        ), Albany, NY, June 4-5, 2008.

        Today many web pages include externally sourced content. Advertisements,
        video, blog “trackbacks,” search—these and other features of the
        modern web are provided by third-party servers. Such external content is
        so popular that content is often incorporated from more than one
        source. In this paper we argue that such multiple inclusions are a
        significant security risk because of the potential for conflict between
        included elements. In particular, the use of JavaScript to provide
        external content means that providers can observe and interfere with
        each other. Financial incentives and competitive advantage provide
        motivation for such conflicts, both for criminals and for legitimate
        enterprises. To prevent users and web content providers from becoming
        collateral damage, we must develop and deploy techniques for isolating
        externally provided web content.

        Notes: [Associated Paper], [HTML
        version
        ]

      • “When Elephants Dance, Mice Must be Careful: Content Provider
        Conflict on the Modern Web” Carleton Computer Security Laboratory,
        March 18, 2008.

        Notes: Trial run for Albany presentation

2007 (Highlights)

      • “The Same Origin
        Mutual Approval
        Policy” MITACS research group meeting, December 7, 2007.
      • “Upsides and downsides of the Tahoma sandboxed browser model” Carleton
        Computer Security Laboratory
        , September 27, 2007.This talk discusses the 2006 paper “A
        Safety-Oriented Platform for Web
        Applications” by Cox et al, which proposes a “Browser Operating System”
        called Tahoma. The idea is to use virtual machine sandboxes to contain
        separate web applications — protecting the computer from them, and them
        from each other. I will be covering some of the interesting ideas in
        their approach, and I hope to inspire discussion about the parts of this
        approach that lead themselves to exploitation or confusion on the part
        of the user.

        Notes: This marked some early discussion into related work for SOMA.

      • “Sharks in the Sandbox: Security and Privacy on the Modern Web” Private industry meeting, May 7, 2007.
      • “Sharks in the Sandbox: Security and Privacy on the Modern Web” Carleton
        Computer Security Laboratory
        , April 17, 2007.Notes: Trial run for the industry presentation
      • Discussion on JavaScript Security. IDS discussion group, Carleton Univeristy, January 22, 2007.

2006 (Highlights)

I was finishing coursework and studying for my comprehensive exams this year. I almost certainly did
presentations, but I don’t remember the details. Sorry!

2005 (Highlights)

2004 (Highlights)

      • “A Spam-Detecting Artificial Immune System.” Master’s thesis defence, December 2004.Notes: [Master’s Thesis]

2003 (Highlights)