As a professor and researcher, I continue to teach courses and tutorials in Security and policy. This following links describe some of these activities. Penn State students interested in enrolling in my courses should consult the department resources for information on courses offered in the coming semesters.
Understanding Android's Security Framework
ACM Conference on Computer and Communications Security (CCS)
October 29, 2008
The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components form the basis of the user interface; each screen presented to the user is a different Activity. Service components provide background processing that continues even after its application loses focus. Services also define arbitrary interfaces for communicating with other applications. Content Provider components share information in relational database form. For instance, the system includes an application with a Content Provider devoted to sharing the user's address book upon which other applications can query. Finally, Broadcast Receiver components act as an asynchronous mailbox for messages from the system and other applications. As a whole, this application framework supports a flexible degree of collaboration between applications, where dependencies can be as simple or complex as a situation requires.
In this tutorial, we will overview the mechanisms required to develop secure applications within the Android development framework, indicating how the environment has evolved with recent releases of the SDK. We will begin with the basics of building an Android application; no prior knowledge of Android is required. From this base, we will demonstrate how applications can communicate and provide services to one another. However, these interfaces must be carefully secured to defend against general malfeasance. We show how Android's security model aims to provide mechanisms for requisite protection of applications and critical smartphone functionality and present a number of "best practices" for secure application development within the environment
The Thirteenth International World Wide Web Conferece
New York, New York - May 17th, 2004
Ever wonder what that key at the bottom of the browser means? Or what a firewall is? Have you ever been authenticated, and if not, does it hurt? What is a VPN and do they come in blue? This tutorial will answer these and many other questions related to the security of our digital lives.
Over the course of this one day tutorial, we present an introduction to the methods and pitfalls of Web and Internet security. We explore the types of security being used to support applications and services on the Web with a focus on practical issues. The terminology and use of contemporary security is described, and best practices explained. Topics covered include, but are not restricted to, the basics of cryptography, certificate management, (web) server security, and wireless security and privacy. The tutorial concludes with a brief survey of emerging areas and applications in Web and Internet security.
Network and Information Security Workshop
Jackson State University - March 19-21, 2003
The explosion of information services on the Internet has fundamentally changed the way in which we go about our personal and profession lives. While communicating with our grandmothers via email was once considered an aberration, it is common practice today. Similarly, public and private institutions have reformed the way information flows within and between organizations. However, these new services heighten concerns about personal and organizational security.
This course introduces basic concepts of computer and network security, with an emphasis on the threats and counter-measures relevant to Internet and web services. Topics covered will include the basics of threat models, cryptography, the design and meaning of authentication, specific detection and counter-measure technologies (e.g., intrusion detection, firewalls), and consider emerging trends in information security.