University of Oregon

Secure Software Installation, Digital Signatures, and Tofu

A Computer and Information Science Colloquium
Who Should Come: 
This event is only open to the UO Community
Thursday, April 19, 2012 - 3:30pm - 5:00pm
220 Deschutes Hall
1420 E 13th Avenue

Among the most important elements of computer security is assurance that the software running on your machine is legitimate, trustworthy, and doing nothing other than what you hope it is doing. Thus secure software installation is a key element. And, since the Internet began its climb to popularity, software installation has changed dramatically, from a world of PC's of pre-installed software and upgrades delivered by physical CDs and IT staff, to one-click installation of software from arbitrary web sites, by computer novices. We discuss the implications of this evolution, the security mechanisms available and used (or not used), including digital signatures, and the security models on platforms including Android smartphones, which use a trust-on-first-use (tofu) mechanism.

About Paul C. Van OorschotPaul C. Van Oorschot
Paul C. Van Oorschot is a Professor of Computer Science at Carleton University in Ottawa, where he is Canada Research Chair in Authentication and Computer Security. He is a Fellow of the Royal Society of Canada(FRSC), Canada's national academy. He was Program Chair of USENIX Security 2008, Program co-Chair of NDSS 2001 and 2002, co-author of the Handbook of Applied Cryptography (2001), and is on the editorial board of IEEE TDSC, IEEE TIFS, and previously ACM TISSEC. He is the Scientific Director of NSERC ISSNet, a pan-Canadian strategic research network exploring computer and Internet security. His current research interests include authentication and identity management, security and usability, smartphone security, software security, and generally computer and Internet security.