Carl DeSantis Building
Nova Southeastern University, Davie, FL 33314
USA
Join us for our April meeting where we will have two great talks. Please note that the scheduled talks are for 60 minutes each with a small break in between. We will have a networking event after as usual.
Talk 1: Threat Modeling
As we focus on the threats that plaque our organizations we not only need to understand the threat but also understand the steps used by the attackers. Profiling these attacks enables threat modeling allowing yourself and your organization to understand how to successfully position yourself against threat actors and adversaries. In this session I will share some high level attack profiles or patterns and how we should look at them to successfully set your organizational course and security strategy. I will also share some detailed models which he has previously developed to help organizations successfully model for web application threats.
Bio:
James Robinson is Head of Security Architecture and a Strategy Officer at Websense. His key responsibilities are internal security strategy development, innovation, and Websense Strategy. James brings more than a decade of both IT and product engineering security leadership to Websense. He has previously held senior positions with Fortune 150 and Fortune 100 companies including: Emerson Electric, Anheuser- Busch and State Farm Insurance and holds more than 10 industry certifications. Throughout his career James has delivered solutions for network architecture and application security, penetration testing, incident response, security and risk assessment, forensics and investigations and product security.
Talk 2: Adding Security to BPEL Workflows of Web Services
BPEL (Business Process Enterprise Language) is a language for web services composition and several implementations of it exist. For BPEL to be effective, it is necessary that it provides more support for security. BPEL doesn’t present any means to specify security constraints for workflows. BPEL through its activities tries to provide specific functional aspects and any non-functional aspects are expected to be addressed by other (lower-level) specifications. We present here a way to specify security requirements in BPEL. Since BPEL describes workflows, we present its activities using UML activity diagrams, where we apply a threat enumeration approach to determine the required security mechanisms to stop these threats. Our approach goes beyond BPEL and can be applied to BPMN and other business flow languages.
Bio:
Ola Ajaj is a PhD candidate in the Dept. of Computer and Electrical Engineering and Computer Science at Florida Atlantic University, Boca Raton, Florida. His current interests include secure systems, web services, cloud computing, and mobile platforms. He holds a MS degree in Computer Engineering from Florida Atlantic University. While completing his education, he worked for Motorola, BlackBerry (RIM before) and IBM. He has published papers on patterns for web services standards, and he continues his PhD dissertation under Dr. Eduardo B. Fernandez supervision.
