Brown Bag Seminar Series

The CISE Brown Bag Seminar series features CSE faculty and guest speakers on a variety of topics of particular interest to the computing community.

Upcoming Brown Bag Seminars

Date: Friday, October 24, 2008
Time: 10:00am - 11:00am
Location: J-381
Speaker: Dr. Orlando Karam and Dr. Svetlana Peltsverger
Title: Database Security: A Buffet of Topics

Abstract: In this talk we will provide pointers to discussions of several topics, including the pros and cons of prepared SQL statements and its implications for SQL injection attacks; second-order SQL injection attacks, stored procedures and their implications for SQL injection attacks, and the applications of security typing for databases.

For further information, please contact Dr. Andy Wang.

 

Date: Friday, November 7, 2008
Time: 11:00am - 12:00 noon
Location: J-381
Speaker: Mr. Nanlin Xiao
Title: IPlatform: Advanced Computing Paradigm and R&D Vision from CyberObject (to be finalized)

Abstract: To be posted soon.

For further information, please contact Dr. Andy Wang.

 

Past Brown Bag Seminars

Date: Tuesday, September 16, 2008
Time: 2:00pm - 3:00pm
Location: J-381
Speaker: Dr. Jingshan Huang, Benedict College, SC
Title: Ontology and Semantic Integration Techniques

Abstract: Ontologies are formal, declarative knowledge representation models. They form a semantic foundation for many domains, such as Web services, E-commerce, and service-oriented computing. However, because their designers have different conceptual views of the world, the resultant ontologies are heterogeneous, which can lead to misunderstandings. Therefore, ontologies from different partners need to be related and to reuse each other’s concepts. Three systems are described in this seminar, Puzzle, Compatibility Vector System (CVS), and Similar Ontology Concept ClustERing (SOCCER), with the focus on the last one. These semantic integration techniques aim to reconcile the heterogeneity from distributed ontologies. Finally, direction on future research, i.e., to integrate semantic integration techniques into component-based software engineering, is briefly discussed.

Bio Sketch of Speaker: Dr. Jingshan Huang earned his Ph.D. degree in Computer Science and Engineering in 2007 from Computer Science and Engineering Department at the University of South Carolina, and is an Assistant Professor in Mathematics and Computer Science Department at Benedict College. Dr. Huang is a member of Sigma Xi, IEEE, AAAI, SIAM, and a review board member of Journal of Open Research on Information Systems (JORIS). He has published 20 peer review papers, and has served as a program committee member for 16 international conferences and is a technical paper reviewer for 13 journals and conferences. Dr. Huang’s research interests include ontology matching/aligning, ontology quality, semantic integration, Web services, and service-oriented computing. He can be reached at huangj@benedict.edu.

For further information, please contact Dr. Andy Wang.

 

Date: Friday, August 29, 2008
Time: 10:30am - 11:30am
Location: J-381
Speaker: Dr. Kai Qian
Title: SQL Injection Attacks and Web Services Security

Abstract: Recently SQL Injection Attack (SIA) has become a major threat to Web applications. The REST web services is a web service architecture replacing SOAP-based web services in SOA. The SIA vulnerabilities are major security issue in REST web services as well. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This seminar talk describes the security holes in REST web services and proposes the strategies for protecting the REST web services.

If time allows, the speaker will also discuss various options for maintaining states in web services. We will look at JAX-WS web services in particular to demonstrate the methods in order to compare and contrast them according to their strengths and weakness.

Here are the PPT slides for this Brown Bag discussion:

Kai_SQL_Injection_8-29-2008.pdf and
Kai_WS_Security_8-29-2008.pdf

For further information, please contact Dr. Andy Wang.

Date: Friday, August 15, 2008
Time: 10:30am - 11:30am
Location: J-381
Speaker: Dr. Andy Wang & Dr. Frank Tsui
Title: Secure Software Development

Abstract: Software security is a key element for information security. Software vulnerabilities jeopardize software products, software applications, and information assets in general. For commerial-off-the-shelf (COTS) component users, it is essential to make sure that the component does not contain any Trojan horses before purchase it. For software component vendors, it is important to build security in every stage of software life cycle rather than add security on a released product as patches or revisions. Current software development process does not work well for generating secure software. This seminar will focus on how to enhance the development life cycle to produce secure software.

Here are the PPT slides used during discussion: Andy_8-15-2008.pdf, and Frank_8-15-2008.pdf

For further information, please contact Dr. Andy Wang.

Date: Friday, July 18, 2008
Time: 10:00am - 11:00am
Location: J-390
Speaker: Dr. Andy Wang and Mr. Neil Bhadsavle
Title: Research Issues in Cell Phone Forensics

Abstract: This seminar reports our on-going research project in the area of cell phone forensics. The main difference between cell phone forensics and computer forensics is that in cell phone forensics, one has to deal with multiple different "operating system" software standards, which makes creating a universal standard tool near to impossible. Since the software is embedded and more special purpose than computers, solutions for obtaining data are non-standardized thus causing a need for vast solutions. With the advent of new phones coming into the market at an exponential rate, as well as new companies coming into the market using a whole different blend of proprietary software, the problem has been even more compounded as time progresses. The purpose of a cell phone forensic tool is to obtain data from a cell phone without modifying the data. The tool should provide critical updates in time to keep pace of the rapid changes of cell phone hardware and software. The tools can be either forensic or non-forensic, which each of them providing different challenges as well as allowing for different solutions. Forensic tools are tools that are designed primarily for uncovering data from cell phones, while non-forensic tools are not designed for uncovering data but can be manipulated for that purpose. Two different methodologies have been used to address this situation, either reduce the latency period between the introduction of the phone and the time the cell phone forensic software is available for that phone or create a baseline to determine the effectiveness of a tool on a certain device. We will discuss our progress using these two methods in this seminar discussion.

For further information, please contact Dr. Andy Wang.

Comments and suggestions: Please contact 678-915-4292 or jwang@spsu.edu.