Speaking
I used to give presentations fairly regularly as part of my academic work, and didn’t bother to list them since it’s assumed that most academics do the same. However, since I also speak on other topics to communities where frequent presentations are not the norm, I thought this page might be helpful for those curious about my speaking experience, venues and topics. It’s not 100% complete but should give a reasonable overview. Some older links may be broken; if you need something that’s currently not available please feel free to email me using terri at toybox dot ca.
2023
- “Vulnerability Scanning for Free (as in puppies)” PyCascades 2023, March 19, 2023. [Video][Slides]
- Abstract: Secure software supply chains with 0 vulnerabilities sounds like a great idea, but once you start looking through entire dependency chains and large systems, it can be a lot harder to achieve than one might expect. Using the free, open source, CVE Binary Tool vulnerability scanner (written in python!), we’ll show what it looks like to set up vulnerability scanning, what kinds of fun things you find, and how keeping things up to date can mean an ongoing maintenance burden that is more like a free puppy than a free beer. We’ll talk about how naive policies, governmental mandates and capitalism may ruin your day, and what we can do to stay secure and help everyone get past the puppy phase without sending anyone back to the pound.
2021
- “pyKnit: Math Tools for Knitters“, PyCon 2021, May 2021. [Video][Abstract]
- Abstract: Knitting patterns are effectively code that gives you a physical object if you execute them. Customizing and designing patterns takes a lot of math to get sizing and shapes right, but not all knitters love math, and even those who do don’t want to do it by hand all the time. Every year at PyCon I meet a few more knitters, so I thought maybe this was the year we could put our heads together and build an open source knitting toolkit and maybe make customizing your knitting a little easier for everyone. The pyKnit toolkit will hopefully make it easier for people to adjust garment patterns to fit, for pattern designers to be size inclusive, or for any knitter to adjust patterns to make the most out of a special ball of yarn.
2020
-
- ” Frugal Known Vulnerability Detection.” BSidesPDX,
October 23, 2020. [Slides]
[Video]
Notes: reprise of talk from Pycon US, with updated slides for new output modes. - “Keynote: Algorithms Cheat.”
Keynote at Pycon India, October 3, 2020. [Slides]Dr.
Terri’s 3 laws of machine learning- Your model is only as good as your data.
- Your data is always bad.
- Algorithms cheat.
As machine learning has become easier to learn and more commonly used, many people miss out on hearing the
hilarious stories and cautionary tales of what happens when things don’t go right. This talk is my attempt to
bring some of my favourite stories of “algorithmic cheating” out of the ivory tower and in to the world. Learn
about how sometimes machine learning yields great insights, and sometimes… not so much. - “Detecting Known Vulnerabilities with Python.” Pycon US, 2020. [Abstract] [Video] [Slides]Abstract:
Detecting known software vulnerabilities is hard to do perfectly, but it’s easy to get part way there. The
CVE Binary Tool is a tool that detects issues in a few components but has grand ambitions. Learn how it
works, how to use it & how to improve it so together we can help everyone be more secure.
- “Rock on: Building hardware and software for a MicroPython decibel meter“, PyCasccades 2020, February 2020. [Abstract]
[Video (I’m at the beginning of day 2.)]- Abstract: Ready to turn it up to 11? Pycon US 2019 challenged us to build Python hardware, so let’s learn
how to build a decibel meter! We’ll start with choosing parts and testing hardware, writing the software
using MicroPython, then talk about building the custom circuit board using the open source KiCad.
- Abstract: Ready to turn it up to 11? Pycon US 2019 challenged us to build Python hardware, so let’s learn
- ” Frugal Known Vulnerability Detection.” BSidesPDX,
2019
-
-
- “Python Security Tools” PyCon 2019, May 4, 2019.
[Video][PyCon schedule]Abstract: While
high-level security concepts may transcend languages, each language has its own sets of tools and edge
cases that are worth knowing. Python is one of many popular languages that is rarely the focus in
security training, but that doesn’t mean python code is automatically secure (no matter what the
internet tells you). Learn why people who say “pylint will help you with security” aren’t doing you any
favours, how to use Bandit for security-focused linting and talk about other options for static
analysis. Take a deeper look at why scanning for publicly known vulnerabilities is complicated, and how
to use Pyup Safety to make it easier. We’ll also explore some language myths and best practices. - “Prickly Pears & Printed Circuit Boards: Designing and Building Your Own Soldering Kits
” Portland Mini Maker Faire at the Oregon Museum of Science and Industry (OMSI), Invited talk at the Innovation Stage,
September 8, 2019.Abstract: Soldering is fun, and there are lots of kits available for people from beginners to experts.
But what if you wanted to design your own? Join Terri Oda as she walks you through the process of
designing, building, testing and kitting out the soldering kits used at Albuquerque Mini Maker Faire.
This will include a mini tutorial on how to use KiCAD, open source design software for building printed
circuit boards.
- “Python Security Tools” PyCon 2019, May 4, 2019.
-
2018
-
-
- “Python Security Tools” Security Conference, Santa Clara, California, June 2018. [Private
event, no slides available]Won best presentation award. - “Python’s Summer of Code Needs YOU” Pycon
2018 Lightning talk, May 2018. [Slides
– please read notes on slides for talk contents]
- “Python Security Tools” Security Conference, Santa Clara, California, June 2018. [Private
-
2017
-
-
- “Effective Presentations Using Applied Logical Fallacies”
Open Source Bridge, June 2017.
[Session link][Slides]Abstract: For many novice speakers, especially technical speakers, the hardest part of presenting is not
figuring out what to put in but what to leave out. But what works for an academic paper doesn’t work in
a 10 minute presentation, and you risk boring your audience long before you manage to convince them of
anything. This talk is intended to be a fun (and perhaps a bit silly) look at the science and the art of
being convincing. I will cover how logical fallacies are used in propaganda, lying, and how you can use
them to get your point across quickly. And don’t worry, we’ll also talk about how to do this
ethically! - “Capturing Tiny Snakes” (Tutorial)
Open Source Bridge, June 2017.
[Session link][Code repository with tutorial materials]Abstract: This is intended as a tutorial session for bringing up MicroPython on a common, and reasonably
easy to obtain, microcontroller platform. From bare bones, to blinking LEDs and beyond. - “Keynote: Is Open Source Software Really More
Secure?” Pycon Pune, February 2017. [Video][Slides]Abstract:
Open source proponents often list security as one of many reasons that users should want to use open
source software, but is it really true? This talk explores why the question “Is open source software
really more secure?” is hard to answer, what it means to be secure, how our metrics could be harming our
actual security, what good security looks like at a community level, and how we can help make things
better.Notes: Video has no sound at beginning, link above starts it at 1:50 when the talk starts - Advanced Secure Code Development, two-day internal course, March 28-29, 2017. (Internal
course, materials not available to general public.)Notes: This is a course developed by others on secure
coding, mostly focusing on issues in C/C++. This iteration was the final step of my “training” and was a
very small and friendly class. I expect to be teaching the course quarterly when there is sufficient demand. - “Choosing More Secure Open Source Packages: Lessons from the Whitelist” Brown Bag, March
21, 2017. (Reprise of SWPC 2016 talk for internal open source audience.)
- “Effective Presentations Using Applied Logical Fallacies”
-
2016
-
-
- “Choosing More Secure Open Source Packages: Lessons from the Whitelist” Software
Professionals Conference (SWPC), October 19, 2016. (Internal company conference, slides and video not
available to general public.)Notes: This talk used examples from many open source projects to help software
professionals gain an understanding of how to differentiate sketchy, unmaintained or dangerous open source
projects from well-maintained and reasonably secure projects. - “Taking no for an answer” Open Source Bridge,
June 22, 2016. [full proposal] [slides]Abstract:
Open source (like many fields) rewards people who are confident and even a bit pushy. So we give talks
encouraging folk to get over imposter syndrome, lean in, say yes to more things. But self-improvement
shouldn’t focus only on our most vulnerable members, but also our most powerful. So let’s talk not about
saying yes, but about hearing no. Learning to take no for an answer can transform efforts such as
security, diversity and mentoring where we have few experts or volunteers and great need. Let’s talk
about accepting “defeat” with grace, and how to take “no” for an answer while still moving
forwards. - “Sparkle Security” Open Source Bridge, June 21,
2016. [full proposal] [slides]Abstract:
“Agent Sparkle, you have been recruited as a security expert to use your skills to protect the kingdom
of Project Rainbow. You might not feel qualified yet, but Project Rainbow has great faith in your
ability to learn.” Web security is perhaps one of most fun types of computer security to master:
exploits can be constructed quickly and without many tools. But sadly, while there are many tutorials,
they simply don’t have enough rainbows and sparkles and the practice exploits tend to focus on the
basics without flourishes. Project Sparkle is a set of “training missions” designed to make learning web
security more kid-friendly, but we think the audience of Open Source Bridge will also enjoy exploiting
the web to add more rainbows and sparkles!
- “Choosing More Secure Open Source Packages: Lessons from the Whitelist” Software
-
2015
-
-
- “Securing Open Source Software” Panel discussion with Valerie Fenwick, Leigh Honeywell and
Terri Oda. Moderator, Sarah Beck. Grace Hopper Celebration of Women in Computing, October 2015Abstract:
Heartbleed, FREAK, POODLE – you’ve heard about them: vulnerabilities in critical parts of the internet’s
infrastructure. If you work in Security, IT, or development, these names and cheesy logos have given you
nightmares. The tech world depends on FOSS (Free and Open Source Software), and it needs to be secure.
Learn about how individuals and corporations can work to ensure FOSS is safe and improves over time. Our
panelists discuss their efforts and how you can help. - “Bringing Security to Your Open Source Project” Open
Source Bridge, June 25, 2015. [full
proposal] [slides]
[video]Abstract: With high profile breaches in
open source projects, the issue of security has become one of great import to many people. But many
projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will
discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No
PhDs in security required!Notes: The slides for this were designed to stand somewhat on their own,
but the slide deck does include notes on what I intended to say to flesh out the information on the slides.
The presentation video is also available from the conference. - “Internet of Things Militia: Paramilitary Training for your IoT devices” Open Source Bridge, June 25, 2015. [full proposal] [slides]
[video]Abstract: Security folk generally talk
about how the Internet of Things is bad for security, and indeed it is true that infrequently updated
devices given access to a “trusted” home network can potential result in problems. But what about the
other side? Can you train your internet light bulbs as guard dogs? Can you send your internet fridge to
search and destroy invaders and that dude whose wifi signal interferes with yours? Can your thermostat
help you figure out whether a network access is legitimate or not? The internet of things brings new
sensors and connected devices that could co-operate in new and interesting ways, some of which may be
very different from the manufacturer’s initial intent.Notes: This was intended to be a light,
somewhat irreverant talk about IoT. The meta-goal was to get people to think about interoperability and IoT
in different ways, but mostly it was meant to be fun. The slides are very image-heavy and not intended to
stand on their own without presenter. Rough notes are included in the slide set to give you some idea of
what verbal presentation went with. The presentation video is also available from the conference. - “Skynet is Open Source: How automated software repair can use mutations to fix your bugs and
possibly destroy mankind” Open Source Technology Summit, April 2015. (Invite-only conference,
slides and video not publicly available at this time.)Notes: This was a presentation to explain genprog and
my postdoctoral
research at UNM to an audience of colleagues who would be unlikely to encounter
such work in the course of their usual jobs. It covered many key ideas from
the artificial life based automated system repair program, discussion of the
issues and challenges of that space, as well as thoughts on open source,
academia and industry. Slides may be available at a later date if I seek
approval from my manager.
- “Securing Open Source Software” Panel discussion with Valerie Fenwick, Leigh Honeywell and
-
2014
-
-
- “When Many Eyes Fail You: Tales from Security Standards and Open Source” Open Source
Bridge, June 24, 2014. [full proposal]Abstract:
It’s often said that “given many eyes, all bugs are shallow” and open source proponents love to list
this as a reason that open source is more secure than its closed-source relatives. While that makes a
nice sound bite, the reality of security with many eyeballs doesn’t fit so nicely into a tweet. This
talk will explore some of the things that surprised me in going from academic security research to
industry security research in open source and open standards. - Crosswalk on Tizen update, Tizen Security F2F, Vannes, France, September 2014.
- Crosswalk security, Tizen Security F2F, Warsaw, Poland, July 2014.
- “When Many Eyes Fail You: Tales from Security Standards and Open Source” Open Source
-
2013
-
-
- “Web Security and Automated Software Hardening” Job talk at industry research group, April
2013.
- “Web Security and Automated Software Hardening” Job talk at industry research group, April
-
2012
-
-
- “First Experiences in Open Source Software: How to get involved” Panel Discussion, Grace
Hopper Celebration 2012. - Router bugs, Upcoming research presentation for DARPA site visit, February 2012.
- “First Experiences in Open Source Software: How to get involved” Panel Discussion, Grace
-
2011
-
-
- “Security Attacks, Countermeasures and Protecting Yourself Online!” Grace Hopper
Celebration 2011. - “Open Source Needs You: Find Your Community and Change the World.” Panel discussion, Grace
Hopper Celebration, November 2011. - “Simple security policy for the web.” PhD Thesis Defense, Carleton University, October
2011. - “Web Security for the Masses.” Job talk, Univeristy of New Mexico, May 2011.Abstract:
If web security were a siege, the attackers would be winning through
attrition: it is relatively easy to compromise a site, but it takes
significant resources for a defender to ensure that it is even moderately secure. There is a need for
security policy languages to improve control over the behaviour of web pages, but security policy can be
overwhelming and confusing to web designers who may have backgrounds in art, not security. As such, I
have developed Security Style Sheets, a language rooted in existing web standards and visual design that
allows designers to mitigate common attacks such as cross-site scripting without requiring extensive
page rewrites. This alleviates some of the barriers to better web security, but the language could be
even more powerful combined with adaptive techniques for inferring policy, giving web users the ability
to browse more safely even when an expert is not available.Notes: As is apparently typical for a job talk, this also included more information about me, my
background and previous research. - “Using Facebook for Evil (and other bad things that happen online).” CU-WISE Celebration of
Women in Computing, Carleton University, Ottawa, ON, April 6, 2011Notes: A general-level talk intended
for the public as well as students and staff.Abstract: People like to share. Photos, links,
stories, feelings, or even what you had for dinner might end up online… it all seems harmless, but is
it really? Learn here about some of the crafty things a mean person might do using your information, and
how you can try to avoid getting burned. - “Enhancing Web Page Security with Security Style Sheets” Research Day, Carleton University,
March 25, 2011Brief talk description (25-40 words):
The web is dangerously insecure, but solutions are often so prohibitively time consuming that they are
not implemented. Security Style Sheets, a policy language based in existing web standards, unites
disparate techniques to make security mitigation more straightforward for busy developers.Talk abstract (150-200 words):
Although the web security community now has a variety of techniques that could help web developers to
defend against common attacks such as cross-site scripting and cross-site request forgery, this work is
not in a form suitable for general use. What is needed is a web standard that unites these techniques
using syntax and semantics that are easy for web developers to learn and straightforward for browser
makers to implement. Here we propose such a standard, Security Style Sheets, a browser-enforced policy
language modelled on Cascading Style Sheets. Security Style Sheets provides an extensible policy
framework that allows for policy to be separated from content and to be specified at both coarse and
fine levels of granularity. In this paper we present the syntax and semantics of Security Style Sheets,
explain its relationship with past web security proposals and CSS, and give examples of how it could be
used to protect mainstream websites such as Facebook. Also in the model of CSS and the Acid3 tests, we
present a conformance suite for Security Style Sheets.
- “Security Attacks, Countermeasures and Protecting Yourself Online!” Grace Hopper
-
2010
-
-
- “Getting Started in Free and Open Source Software.” Grace Hopper Celebration of Women in Computing, Atlanta, GA,
September 30, 2010.Session Description: Are you interested in contributing to a Free or Open Source
software project, but you’re not sure how to get started? Wondering about some of the social aspects of
participating in the community, as well as the technical details? During this panel discussion, key
contributors to several Free and Open Source Software projects will discuss tips for successfully
engaging with the project of your choice. Panelists will share their own experiences getting started in
Free and Open Source development. They will also share best practices with audience members, helping
newcomers understand the basics of contributing to Open Source so their initial foray is most
effective.Notes: I was part of a panel discussing this topic as part of the new open source track at Grace
Hopper. I also helped out with the Codeathon that followed our session. - “GNU Mailman 3: Mailing lists of the future.” LinuxCon, Boston, MA, August 12,
2010.Abstract: GNU Mailman forms the backbone of many online communities, including many open source
projects. It provides free software for managing electronic mail discussion and e-newsletter lists which
are often used to coordinate development, communities and events. Mailman 3, currently in alpha, is an
extensive rewrite to use modern architecture, address user issues, and bring new ideas into the way we
use mailing lists. Learn about what the upcoming Mailman 3 will offer to end users and communities, and
hear a little bit about what is changing under the hood. Audience members can expect to learn about new
features and changes in Mailman 3, both for users and for list/community administrators. Only basic
understanding of email and mailing lists will be required.Notes:
A talk on the upcoming features of Mailman 3 (in alpha at the time of the talk). As it turned out, my
audience was largely composed of system administrators with significant experience using Mailman 2.1 on
a large scale.Notice how this was two days after the HotSec presentation, and in a different city. It was a busy
week! - “Visual Security Policy for the Web.” USENIX Hot Topics in Security (HotSec 2010),
Washington, DC, August 10, 2010.Abstract: Many web security vulnerabilities allow parts of a page to
interact when they should be isolated. Such vulnerabilities can be mitigated by implementing protection
boundaries between web page elements. Several methods exist for creating such boundaries, but existing
methods require relatively sophisticated knowledge of web technologies. To make protection mechanisms
available to a wider audience, we propose a simple web page security policy language, ViSP, modelled on
mechanisms for specifying page layout. Here we characterise ViSP and describe a simple Firefox-based
prototype that allows interactive, graphical specification of per-page security policies. We also show
how these tools can be used to protect against cross-site scripting (XSS) attacks on common web
applications. - “Visual Security Policy for the Web.” CCSL Meeting, August 4, 2010Notes: Complete trial
run for HotSec - “Web security for regular folk” COMP1001 class, June 7, 2010.Notes: I was invited to
give a general-level talk on web security for an intro-level computer science course. This version of
the talk included an intro to web security, a small overview of my research, and tips for staying safe
online. - “No Website
Left Behind: Are We Making Web Security Only For the Elite?” Web 2.0
Security and Privacy, Oakland, CA, May 20, 2010.Abstract: The web is riddled with flaws that
make it unsafe. Protection methods exist, but current web security solutions are often designed to be
deployed by programmers and security experts. Unfortunately, programmers and web security experts are
not always available: many sites are created by graphic designers with more artistic backgrounds, and
others involve web applications installed by non-programmers who want a website to fit a targeted need.
These non-expert page creators may find web security solutions confusing and difficult to implement
because they assume significant technical expertise. While solutions designed for experts are valuable,
solutions for non-experts are needed to make the web safer. - “No Website
Left Behind: Are We Making Web Security Only For the Elite?” ABA meeting, May 12, 2010.Notes:
Complete trial run for W2SP - “No Website
Left Behind: Are We Making Web Security Only For the Elite?” ISSNet
Annual Workshop, May 27-30, 2010.Notes: Shortened Sneak Preview of my W2SP talk - “Visual Security Policies for Web Pages.” Thesis proposal defence, April 9, 2010.Notes:
Yes, I passed. - “Web security for regular folk.” Carleton Celebration of Women in
Science and Engineering, April 8, 2010.The web is not a safe place: little flaws found in a
large number of web pages can be exploited by attackers to do harm, from installing viruses to stealing
passwords to infecting all your friends. There are new attacks showing up all the time. Being safe on
Facebook is not limited to “don’t share your password,” but many people are unaware of the risks. And
unfortunately, even the people who make websites may not understand how to make them safe! This talk
will describe some of the modern safety concerns on the web, as well as my own research to make the web
safer. If part of the problem is that web designers are artists, not security experts, can we make it so
that art provides security? How can we make the web safer, but still usable?Notes: A
general-level talk on my web security research. - “How
does biology explain the low numbers of women in computer science? Hint: it doesn’t.” Carleton Celebration of Women in
Science and Engineering, April 8, 2010.A snarky but mathematically informed look at one of the
common myths of ability regarding women in technical fields. Simple, short, back-of-the-napkin style
presentation. This was prepared and put online in November 2009, and parts of it have been used
by others, but this was my first live “performance” of the presentation. - Joint with Gail Carmichael. Interview with CBC Ottawa
Morning. Aired April 8, 2010. - “Visual Web Security Policies.” Carleton Computer
Security Laboratory, January 28, 2010.Notes: Precursor to a potential poster.
- “Getting Started in Free and Open Source Software.” Grace Hopper Celebration of Women in Computing, Atlanta, GA,
-
2009 (Highlights)
-
-
- “Computer Security.” Outreach presentation for careers class at Lisgar Collegiate Institute, December 1,
2009. - “Using Layout Information to Enhance Security on the Web.” Grace
Hopper Celebration of Women in Computing, September 30 – October 3, 2009. - “Attracting women to open source” Birds of a Feather session, Linux
Symposium, Montreal, July 13-17, 2009.In 2006, GNOME put out the call for students to
participate in the Google Summer of Code project, where students get paid to work on open source
projects. They received 181 applicants — and not a single one from a woman. Seeking to attract a female
applicants, they did a Women’s Summer Outreach Programme, and got 100 applicants. There are capable
women out there, but how can we attract them to open source projects? Do women need an invitation? What
makes an open source project attractive to women? What drives otherwise talented people away from a
project? The goal of this BOF is to talk about some of the issues, and brainstorm ways to increase
involvement. (And yes, the BOF is open to both women and men.) - “Mitigating Cross Site Scripting
Using Web Page Layout” ISSNet Annual Workshop, June 15 – 18, 2009.Web security lies primarily in the hands of those who create the pages.
Unfortunately many people and organizations who run web sites do not
have the time, security knowledge, or motivation to produce secure
sites. As a result, users are exposed to insecure pages daily. This talk
investigates ways to protect users by leveraging existing information
from the page layout to produce good security policy without requiring
an expert. - “Mitigating Cross Site Scripting
Using Web Page Layout” MITACS annual conference, June, 2009. - “Web Security” Private government meeting, February, 2009.
- “SOMA: Mutual Approval for Included Content in Web Pages”, Ottawa-Carleton Institute for Computer Science
Seminar Series (OCICS), January 9, 2009.
- “Computer Security.” Outreach presentation for careers class at Lisgar Collegiate Institute, December 1,
-
2008 (Highlights)
-
-
- Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
for Included Content in Web Pages” ACM Computer and
Communications Security (CCS’08), October 27-31, 2008. Pages 89-98.Notes: [Associated Paper] [SOMA Mozilla Firefox Add-On] - Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
for Included Content in Web Pages“, Carleton Computer Security
Laboratory, October 21, 2009.Notes: Trial run for CCS presentation - Joint presentation with Anil Somayaji. “The Ottawa Linux Symposium: Update on the world of Linux.” Carleton Computer Security Laboratory, July 29, 2008.We will
present an overview of the Ottawa Linux Symposium: its
history, who attends, and what it is about. We’ll give some
highlights of the symposium, discussing issues such as SELinux,
virtualization, and issues with P2P distribution of free software.
We’ll then discuss security research problems that seem to be relevant
to the OLS audience.Notes: Bringing some highlights of OLS back to our research group.
- “Women in Open Source.” Birds of a Feather session, Ottawa Linux
Symposium, Ottawa, July 23rd – 26, 2008. - “SSP, SOMA, and Web Security” Carleton Computer Security Laboratory,
July 8, 2008.Notes: A short presentation to stimulate discussion on the design of SSP (which later
became Mozilla’s CSP) and how it compared with SOMA. - “SOMA: Mutual Approval for Included Content In Web Pages” Private industry meeting, June, 2008.
- “Content Provider Conflict on the Modern
Web” Symposium on Information
Assurance (New
York State Cyber Security Conference), Albany, NY, June 4-5, 2008.Today many web pages include externally sourced content. Advertisements,
video, blog “trackbacks,” search—these and other features of the
modern web are provided by third-party servers. Such external content is
so popular that content is often incorporated from more than one
source. In this paper we argue that such multiple inclusions are a
significant security risk because of the potential for conflict between
included elements. In particular, the use of JavaScript to provide
external content means that providers can observe and interfere with
each other. Financial incentives and competitive advantage provide
motivation for such conflicts, both for criminals and for legitimate
enterprises. To prevent users and web content providers from becoming
collateral damage, we must develop and deploy techniques for isolating
externally provided web content.Notes: [Associated Paper], [HTML
version] - “When Elephants Dance, Mice Must be Careful: Content Provider
Conflict on the Modern Web” Carleton Computer Security Laboratory,
March 18, 2008.Notes: Trial run for Albany presentation
- Joint presentation with Glenn Wurster. “SOMA: Mutual Approval
-
2007 (Highlights)
-
-
- “The Same Origin
Mutual Approval
Policy” MITACS research group meeting, December 7, 2007. - “Upsides and downsides of the Tahoma sandboxed browser model” Carleton
Computer Security Laboratory, September 27, 2007.This talk discusses the 2006 paper “A
Safety-Oriented Platform for Web
Applications” by Cox et al, which proposes a “Browser Operating System”
called Tahoma. The idea is to use virtual machine sandboxes to contain
separate web applications — protecting the computer from them, and them
from each other. I will be covering some of the interesting ideas in
their approach, and I hope to inspire discussion about the parts of this
approach that lead themselves to exploitation or confusion on the part
of the user.Notes: This marked some early discussion into related work for SOMA.
- “Sharks in the Sandbox: Security and Privacy on the Modern Web” Private industry meeting, May 7, 2007.
- “Sharks in the Sandbox: Security and Privacy on the Modern Web” Carleton
Computer Security Laboratory, April 17, 2007.Notes: Trial run for the industry presentation - Discussion on JavaScript Security. IDS discussion group, Carleton Univeristy, January 22, 2007.
- “The Same Origin
-
2006 (Highlights)
I was finishing coursework and studying for my comprehensive exams this year. I almost certainly did
presentations, but I don’t remember the details. Sorry!
2005 (Highlights)
-
-
- “Immunity from spam: an analysis of an artificial immune system for junk email detection” Artificial Immune
Systems: 4th International Conference, ICARIS 2005, Banff, AB, Canada, August 14-17,
2005.Notes: [Associated Paper]
- “Immunity from spam: an analysis of an artificial immune system for junk email detection” Artificial Immune
-
2004 (Highlights)
-
-
- “A Spam-Detecting Artificial Immune System.” Master’s thesis defence, December 2004.Notes: [Master’s Thesis]
-
2003 (Highlights)
-
- “Developing an Immunity to Spam.”
Genetic and
Evolutionary Computation – GECCO 2003.
Genetic and Evolutionary Computation Conference, Chicago, IL, USA,
July 12-16, 2003.Notes: [Associated paper]
- “Revisiting Elitism in Ant Colony Search.”
Genetic and
Evolutionary Computation – GECCO 2003.
Genetic and Evolutionary Computation Conference, Chicago, IL, USA,
July 12-16, 200a.3Notes: [Associated paper]
- “Developing an Immunity to Spam.”