Colloquium Details
Secure Software Installation, Digital Signatures, and Tofu
| Author: | Paul van Oorschot Carleton University, Ottawa |
|---|---|
| Date: | April 19, 2012 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
| Host: | Kevin Butler |
Abstract
Among the most important elements of computer security is assurance that the software running on your machine is legitimate, trustworthy, and doing nothing other than what you hope it is doing. Thus secure software installation is a key element. And, since the Internet began its climb to popularity, software installation has changed dramatically, from a world of PC's of pre-installed software and upgrades delivered by physical CDs and IT staff, to one-click installation of software from arbitrary web sites, by computer novices. We discuss the implications of this evolution, the security mechanisms available and used (or not used), including digital signatures, and the security models on platforms including Android smartphones, which use a trust-on-first-use (tofu) mechanism.
Biography
Paul C. Van Oorschot is a Professor of Computer Science at Carleton University in Ottawa, where he is Canada Research Chair in Authentication and Computer Security. He is a Fellow of the Royal Society of Canada(FRSC), Canada's national academy. He was Program Chair of USENIX Security 2008, Program co-Chair of NDSS 2001 and 2002, co-author of the Handbook of Applied Cryptography (2001), and is on the editorial board of IEEE TDSC, IEEE TIFS, and previously ACM TISSEC. He is the Scientific Director of NSERC ISSNet, a pan-Canadian strategic research network exploring computer and Internet security. His current research interests include authentication and identity management, security and usability, smartphone security, software security, and generally computer and Internet security.