This action might not be possible to undo. Are you sure you want to continue?
SURNAME: Beznosov October 20, 2010 FIRST NAME: Konstantin MIDDLE NAME (S): Initials:
DEPARTMENT/SCHOOL: Electrical and Computer Engineering FACULTY: Applied Science PRESENT RANK: Assistant Professor POST-SECONDARY EDUCATION University or Institution Florida International University, Miami, FL, USA Florida International University, Miami, FL, USA Novosibirsk State University, Novosibirsk, Russia Degree 1 Ph.D. M.Sc. B.Sc. Subject Area Computer Science Computer Science Physics Dates Aug / 2000 Aug / 1997 Jun / 1993 SINCE: 01 / Sep / 2003
Special Professional Qualifications • Professional Engineer (P.Eng.) licensed by the Association of Professional Engineers and Geoscientists of British Columbia (APEGBC), license # 33845, since 22 / Sep / 2009.
Continuing Education / Training (attended) • Workshop on “Graduate Student Supervision - Maintaining Momentum,” TAG & FoGS, 08 / Oct / 2009. • 1-on-1 session with TAG faculty members Luisa Canuto and Sarah Moore with detailed analysis of students feedback and EECE 310 course design, 18 / Aug / 2009. • Workshop on Preparing to be a Peer Reviewer, UBC, 11 / Jun / 2007 • Faculty Certificate Program on Teaching and Learning in Higher Education, UBC, Sep / 2003 – May / 2004. This was a year-long program with !-day interactive sessions held weekly. • Teaching and Academic Growth Instructional Skills Workshop, UBC, Oct / 2003 • “Cryptography and Computer Security”, Summer Program, MIT, Aug / 2002; Instructors: Shafi Goldwasser (MIT), Mihir Bellare (UCSD)
EMPLOYMENT RECORD Prior to coming to UBC Rank or Title Security Architect Security Architect Research Associate Information Security Dates Aug / 2001 – Jan / 2003 Aug / 2000 – Aug / 2001 Aug / 1999 – Aug / 2000 May / 1997 – Jul / 2000
University, Company or Organization Quadrasis, Hitachi Computer Products (America), Inc., Waltham, MA, USA Concept Five Technologies, Vienna, VA, USA Florida International University, Miami, FL, USA Baptist Health Systems of South Florida, Miami, FL,
“Engineering Access Control for Distributed Enterprise Applications” (Yi Deng)
USA Florida International University, Miami, FL, USA Florida International University, Miami, FL, USA Budker Institute of Nuclear Physics, Novosibirsk, Russia
Architect System Developer Research Assistant Assistant System Administrator and Analyst May / 1995 – Dec / 1996 Aug / 1994 – Jul / 1999 Sep / 1991 – Jul / 1994
At UBC Dates Sep / 2003
Rank or Title Assistant Professor
(c) 7. 8. (a)
Date of granting of tenure at UBC: To be determined. LEAVES OF ABSENCE TEACHING Briefly describe areas of special interest and accomplishments One term project in my EECE 412 “Introduction to Computer Security” course was further developed by its authors and presented at the EuroSec Workshop on 31 / Mar / 2009. My industrial experience, international learning background, and pedagogical training at UBC TAG (Faculty Certificate Program on Teaching and Learning in Higher Education) have shaped my philosophy of teaching in higher education. The six pillars that I believe are paramount to my students’ ability to become life-time learners and successful engineers are: self-directed learning skills, knowledge of the field’s fundamental principles, critical thinking, creativity, team work, and communication skills. To balance between the learning of fundamental principles, the practicality of the learning outcomes, and the development of self-directed learning skills, I incorporate elements of the problem-based learning (PBL) method into my course design and tie new content into the project-oriented programming assignments submitted by students in the form of packaged distributions of their programs. My students develop critical thinking skills through frequent class and group discussions as well as critiquing designs made by other groups. They practice team work and communication skills by (1) in-class group work, (2) making numerous programming assignments in small groups, (3) presenting their projects at the end of the course, as well as (4) reporting results of the analysis of other systems in the form of written reports.
Courses Taught at UBC Course Number EECE 440 2 EECE 310 EECE 412 Scheduled Hours 3–0–0 3–2–0 3–0–0 Class Size 22 28 38 Total Hours Taught Labs Tutorials 0 0 6 0 0 0
Year/ Term 2003W T2 2004W T1 2004W T1
Lectures 39 20 39
Other 0 0 3
Shared 50% of the course teaching load with Philippe Kruchten.
Ripeanu (50%) K.D. Booth (50%) M. qualifying examination on 2009-11-24. Fahimeh 3 Sun. Jaferian has successfully passed Ph.D.A. 5 Mr.Sc. M. Darwish worked full time in industry throughout his Masters studies. 7 Mr.D. M. Beznosov K. Yazan Song.Sc.D. Yong (James) 5 Darwish. Beznosov K. Ph. Beznosov Co-Supervisor(s) M.A. Ph. Beznosov K. Beznosov (50%) - Mr.Sc. Sun has successfully passed Ph. Arun Kini. Beznosov (50%) V. Sara Boshmaf.Sc.Sc. Pooya Motiee.A. M. Ph.A. 6 Mr. Pranab Sotirakopoulos. Year Start Finish Sep / 2004 Nov / 2009 Sep / 2007 Sep / 2007 Sep / 2007 Sep / 2008 Sep / 2009 Sep / 2003 Nov / 2004 Jan / 2005 May / 2009 Aug / 2005 May / 2006 Aug / 2008 Sep / 2007 Jan / 2008 Sep / 2009 Sep / 2010 Principal Supervisor K. M. M.Page 3/28 Year/ Term 2004W T2 2004W T2 2005W T1 2005W T1 2006W T1 2006W T2 2006W T2 2006W T2 2007W T1 2007W T1 2007W T2 2008W T1 2008W T1 2008W T2 2009W T1 2009W T1 2009W T2 2010W T1 Course Number 2 EECE 310 EECE 512 EECE 412 EECE 310 EECE 310 EECE 310 EECE 412 EECE 512 EECE 310 EECE 412 EECE 512 EECE 310 EECE 412 EECE 310 EECE 310 EECE 412 EECE 320 EECE 412 Scheduled Hours 3–2–0 3–0–0 3–0–0 3–2–0 3–2–0 3–2–0 3–0–0 3–0–0 3–2–0 3–0–0 3–0–0 3–2–0 3–0–0 3–2–0 3–2–0 3–0–0 3–0–0 3–0–0 Class Size 29 14 42 14 35 29 44 4 53 52 10 44 39 33 52 40 22 45 Lectures 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 Total Hours Taught Labs Tutorials 13 0 0 0 0 0 24 0 24 0 24 0 0 1 0 0 24 0 0 0 0 0 24 0 0 0 24 0 24 0 0 0 0 0 0 0 Other 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EECE 310: Software Engineering EECE 320: Discrete Structures and Algorithms EECE 412: Introduction to Computer Security EECE 440: Advanced Object Orientation EECE 512: Topics in Computer Security (c) Graduate Students Supervised at UBC Student Name Wei. Ripeanu (40%) K. Beznosov K. qualifying examination on 2009-07-27. M. San-Tsai 4 Jaferian. Ildar 3 Program Ph.Sc. Qiang Raja.A. Ph. Beznosov K. Beznosov K. Leung (50%) K. Beznosov K.Sc.A.D. Beznosov K. Beznosov (50%) K.D. M.D.Sc.A. Wesam 6 Zeeuwen. Ph. Rodrigo 7 Chebium. Beznosov K. M. Mr. Andreas Muslukhov. Chebium is on parental leave from Jan / 2009 to Dec / 2009.D. 4 .A. Zeeuwen works full-time for Sophos. Beznosov (60%) K. Kyle Werlinger.
Mr.Eng. Department of Computer Science. Xu works full time for Electronic Arts.” 28 / Feb / 2004 – 05 / Mar / 2004. delivered peerled workshop: “Assessment of Student Learning” Oct / 1998. UBC Certificate Program on Teaching and Learning in Higher Education. Fischer. Kohler was an exchange student from the University of Applied Sciences in Offenburg. Kai 8 M. Mathias 10 Program Masters Year Start Finish Mar / 2005 Oct / 2005 Principal Supervisor K. Johnson 9 Xu. Fischer. Zanero. Department of Electrical and Computer Engineering. He came to UBC for 6 months to do his thesis research with me. Center for Advanced Distributed Systems Engineering (CADSE). Upon Mr. ON. 12 http://secappdev. Kohler’s defense. 12 08 / Mar / 2000. Ottawa. lecture in graduate course “Topics in Concurrent and Distributed Systems”. Beznosov - Non-UBC Graduate Students Supervised at UBC Student Name Kohler. McMaster University 28 / Jan / 2003. Kartik Tsai. University of Applied Sciences. Dalhousie University • (e) • • • 8 9 Mr. Dr. Politecnico di Milano (50%) (d) • Continuing Education Activities (provided) 21 / Nov / 2003. Gave five lectures for course “Secure Application Development”. S. 10 Mr. Belgium. Beznosov (90%) Co-Supervisor(s) D. Katholieke Universiteit Leuven. Monticelli was an exchange student from the Politecnico di Milano in Italy.Page 4/28 Markandan. Florida International University. Germany (10%) K.Eng. presentation: “Computer and Distributed Security: Introductory Overview for Researchers” Visiting Lecturer (indicate university/organization and dates) • 06 / Aug /2009 ISSNet Summer School in Computer Security. 11 Fabrizio Masters Jan / 2008 Nov / 2008 Dr.” 11 Mr. Solvay Business School. M. M. "Security Engineering for Large Scale Distributed Applications. Jan / 2004 Sep / 2004 Sep / 2007 Nov / 2008 May / 2006 K. I offered him the topic for his thesis and supervised his research and writing. Offenburg.Eng. his supervisor in Germany. Katholieke Universiteit Leuven. Faculty of Computer Science. Beznosov (50%) Monticelli. Beznosov K. Germany.org/ . Beznosov K. Gave a lecture on “Access Control. He came to UBC for 6 months to do his thesis research with me. Department of Computing and Software. wrote to me on 2005-09-27 that he has “never seen such a professional and well structured thesis in the field of research. Markandan was a part-time student at UBC due to his disability status. Brussels." seminar given at: o o o o 19 / Jun / 2003. Belgium 07 / Mar / 2003. UBC 25 / Feb / 2003. Lecture entitled “Overview of CORBA Security”.
Tyler Mitchell and Nikolay Nikiforov. Andrew Chun Ning Lee.4.5. May – Aug / 2004 Other Presentation • 9. “Software Engineering at ECE”.). Department of Computer Science. Mar / 11 / 2004. Department of Computer Science. Philadelphia (f) Other EECE 496 Projects Supervised • Implementation of an Alternative Interface for Windows Vista Personal Firewall.3.Page 5/28 • “Architectural Separation of Authorization and Application Logic in Distributed Systems. Jan – Apr / 2004 Co-op Students Supervised • • • • Wenjia Pan (Convedia). May – Aug / 2007 • Federated Directory Search System. Erik Jonsson School of Engineering and Computer Science. Jan – Apr / 2005 • 6 students (An Evaluation of the Security of Online Credit Card Transactions). May – Aug / 2007 • ECE Graduate Program Application Management System. Clement Kai-Le Wang and Steven Hsu. Miguel Antonio D. Adrian Yu. Henry Ng. May – Aug / 2010 • Functional Improvements to CERN’s CDS Invenio digital library. Tim Kinisky. Temple University.6. May – Aug / 2006 • iBib: Personal Online Bibliography v1. University of Western Ontario 29 / May / 2000. Kevin Wong. Guanlao and Benjamin Wai. May – Aug / 2008 • iBib: Personal Online Bibliography v1. Jan – Apr / 2006 • Federated Directory Search System. Sonny Ty. Rüeschlikon. University of Texas at Dallas 11 / Apr / 2000.ubc. Shang Cai.0 Personal Content Sharing Application. Jan – Apr / 2008 • iBib: Personal Online Bibliography v1. Jan – Apr / 2009 • Requirements analysis for new version of www. Ryan Kennedy (Communications Security Establishment (CSE). May – Aug / 2006 • Federated Directory Search System. Ngong Daniel Kur. Abbas Mehdi. May – Aug / 2010 • Implementation of Alternative Web SSO Protocol. Jan – Apr / 2009 • iBib: Personal Online Bibliography v1.ca. May – Aug / 2005 Alexei Koulikov (RSA Security Inc. Tik Ning Cheung. Karl Campbell. Jan – Apr / 2007 • iBib: Personal Online Bibliography v1. Switzerland 01 / May / 2000. SCHOLARLY AND PROFESSIONAL ACTIVITIES . Manmeet Dhaliwal (3DM Devices Inc. May – Aug / 2010 • Implementation of Web 2. Jan – Apr / 2006 EECE 285 Projects Supervised • 6 students (Secure Socket Layer).ece. Hao Min and Xin Huang. York University 22 / May / 2000. IBM Zurich Research Laboratory. Derek Gourlay and Myles Archer. Alex Tse. Sep – Dec / 2004 Rita Chiu and Gary Fung both at HSBC. presentation to UBC ECE Advisory Council Meeting.2. Vinayak Morada (Sierra Wireless). Jan – Apr / 2010 • iBib: Personal Online Bibliography v1. Middlesex College. Sep – Dec / 2005 Gurpreet Dosanjh (HP Canada). Alice Ho Yu Au-Yeung. Jan – Apr / 2006 • 6 students (Security in Bluetooth). May – Aug / 2010 • Online Social Crawler & Analyzer. Imraj Pasricha (MDA MacDonald Dettwiler Associates). Computer and Information Sciences Department.” seminar given at: o o o o o 30 / May / 2000.7.).
. 17. while maintaining a deep and broad overview of the organization. I received funding from NSERC (see Section 9(b)) for three year long Strategic Research project “HOT Admin” on developing evaluation methodologies and design techniques for effective IT security administrative tools.Page 6/28 (a) Briefly describe areas of special interest and accomplishments My prior experience in industry—as a system administrator. Human.c. We also found that SPs have to balance security with usability in a fast-paced and complex environment and manage diverse distributed tasks.6].b. Some of the technical design elements in RAD (such as Decision Combinators) were later applied to the design of the Extensible Access Control Markup Language (XACML) v.b. Then. 1. 13 Usability. and developer—has shaped my overall research philosophy.500 results.18]. To attain this goal.14].2].1. which increases the overall complexity they have to contend with [1. I participated in the by-invitation-only Workshop on Usable Security & 13 References in this text are cited according to the (sub)section numbers and letters in the Publications part (page # 21) of this CV.1 refers to item #1 in Books/Authored section.a. security mechanism architectures.28. we found that IT security is managed by loosely-connected teams of IT professionals who consider security as a secondary concern and are coordinated by “security champions.a. my work has been in the design and study of web services [3. and applying necessary techniques and methods. access control models. with Google Scholar returning about 4. designer.b. large-scale. better models and architectures for security mechanisms are of no value unless they are supported by better means of managing the corresponding mechanisms.16]. In July of 2009.1] to which I contributed while working in industry.2.9].22] and its distributed version [1.1 standard [1. I have chosen to work in the following three key complementary research directions. reference 3. 1. in its loose sense. books [3. I have been actively collaborating with a broad spectrum of experts. Together with three co-investigators. information security architect. 3. Its essence is in addressing relevant and important problems by learning. it is essential for lowering the ownership costs of secure applications and making them more adequate for real-world security requirements.a. and other qualitative research methods for studying IT security practitioners (SPs) and their work place. including the interplay between human.a. use of publish-subscribe models [1.26] and security policy engines [1.a.11.” that are not necessarily formal managers of the team members [1. software development methodologies. the dissemination of the knowledge on the subject took the form of (co-)authoring book chapters [3. 3.c. and Social Factors of Computer Security Work in this direction began in the fall of 2005.2]. 1.1. First.27].d). secondary and approximate authorization model (SAAM) [1. distributed applications that will lower the ownership costs of the applications and make them more suitable for real-world security requirements. We have completed the field study that employed ethnography. 1. which defines my second research direction. I also have been serving as a co-chair of Interactive and In-depth Sessions for SOUPS ‘08 and ‘09.a. XACML has become widely referenced standard not only in industry but also in academia.b. organizational. Although success in these directions is not necessarily sufficient for wide adoption of secure systems.b. Models and Architectures for Security Mechanisms of Distributed Applications Under this direction. See [2. and was a panelists on usable security at 2006 USENIX Security Symposium and the chair of the panel on the usability of access control [2.b. and usable security. The broad goal of my research is to investigate new techniques and methods for developing and managing secure. security consultant.2] at ACM SACMAT. As a result.b. developing.7] for a brief overview of the project.b.12] analysis of CORBA and EJB access control architectures and their support for role-based access control (RBAC). and giving invited talks (see Section 9. I contributed my expertise in access control for distributed applications to the work on Resource Access Decision (RAD) facility standardized by the Object Management Group in 2000.b. For example.b. and technical factors [1. Additionally. 3.a.b. as of August 2009. I served on the program committee for the Symposium on Usable Privacy and Security (SOUPS) from 2005 to 2007.b.1.8]. we studied challenges to the practice of IT security within organizations. We also investigated when and how SPs interact with other stakeholders and the tools used for interactions [1. have organized first in its kind SOUPS Workshop on the Usability of IT Security Management in 2007 and 2008. To help develop the new research community. I have also been exploring more general topics of human and social factors in computer security [1.a. on diverse research projects including network security protocols.c. Tending to be more complex.
000 2005 – 2008 K.000 2006 – 2008 V. Booth J.900 2006 – 2007 V.b.29]. Joyce P.3]. and Processes for Developing Secure Commercial Software Together with my Ph. student San-Tsai Sun.3].b. Nasiopoulos NC $60.1.1]. Beznosov (80%) C $27.D.b. Poole R. Ventura C. with whom we examined the suitability of conventional security assurance techniques for employing them in software development projects that utilize Agile Methods and identified points of conflict between the two and avenues for resolving the conflict [1. Marti K. Munzner G. Brian Chess. we have been developing methods for retrofitting existing web applications with protection against SQL injection attacks [1. I have been serving as an associated editor of the International Journal of Secure Software Engineering (IJSSE).Page 7/28 Privacy organized by the US National Academy of Science for the purpose of identifying areas of research funding by the National Science Foundation and NIST. Methods.E. Beznosov (30%) P. Beznosov (6. and Technology Centred Improvement of the IT Security Administration Hands-on Interactive Learning in Computer Networks and Distributed Systems Provisioning and Management of IPbased Multimedia C $153. 2.7. Techniques.000 $22. Fels B. Chief Scientist with Fortify Software. Organization. I served as a guest co-editor for the IEEE Software Magazine special issue on “Security for the Rest of Us: An Industry Perspective on the Secure Software Challenge” [2.700 14 Granting Agency ECE NSERC (Discovery) NSERC/PSEPC (Joint Infrastructure Interdependencie s Research Program (JIIRP)) Years 2003 2004 – 2009 2005 – 2008 Principal Investigator K. Beznosov K. Wong H.a. Iverson NSERC (Strategic) UBC (Teaching and Learning Enhancement Fund (TLEF)) TELUS (Industry Research Grant) HOT Admin: Human.a. Jaskevitch J. .6%) K. Together with Dr. In investigating processes for developing secure software. Leung 14 18% above average amount granted to first time applicants across committee #330 in 2003. I collaborated with my UBC colleague Philippe Kruchten. Woo S. and investigating approaches to controlled sharing of user content on the Web [1. 2. Leung K. a year before. Beznosov (20%) V.b. (b) Research or equivalent grants (indicate under COMP whether grants were obtained competitively (C) or non-competitively (NC)) Subject Startup Fund Security Engineering for Large-Scale Distributed Software Applications Decision Coordination for Critical Linkages in a National Network of Infrastructures COMP NC C $ Per Year $60.000 J. Since 2009. Beznosov Co-Investigator(s) - C $410. Rosenberg KD Srivastava C. Fisher L. Kruchten T. Alnuweiri K.
Zincir-Heywod - CA Canada (Industry Research Grant) TELUS (Industry Research Grant) NSERC (Discovery) HOT Id: Human. Beznosov - 15 16 Project lead for one of the 9 projects Average grant awarded by the committee (#330) in that round was $26. (Grant-in-Aid) Mobility Services over Heterogeneous Broadband Wireless Networks Provisioning and Management of IPbased Multimedia Mobility Services over Heterogeneous Broadband Wireless Networks Secure.000 16 2009 – 2014 K.Page 8/28 NSERC (Collaborative Research and Development) Ministry of Labour and Citizens’ Services.000 2009 – 2010 V. Leung K. Lie J. and Usable Authentication C $73. Beznosov (6%) R. Williamson N. Beznosov NC $60. Beznosov - NSERC (Strategic Network Grants Program) The Internetworked Systems Security Network (ISSNet) C $1. and Technology Centered Improvements of CA Identity Manager Provisioning and Management of IPbased Multimedia Mobility Services over Heterogeneous Broadband Wireless Networks Security Engineering for Large-Scale Distributed Software Applications NC $40. Aycock 15 K. Biddle J. van Oorschot W. Fong S.000 2007 – 2008 K.000 2007 – 2012 P. McHugh S. Fernandez P. Beznosov (15%) P. Beznosov (30%) P. Organization. B. Ripeanu C $30.000.000 2007 – 2009 V. Nasiopoulos NC $20. Somayaji C. Knight D. Aiello J.000 2008 – 2011 K. Leung K. Neville K.985.C. Practical. Nasiopoulos M. Inpken A. .
FL Organization HL7 SIG Secure Date 26 / Jan / 1999 (d) “Upcoming OMG HealthCare Resource Access Control Facility” "Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Service" “Preview of Mastering Web Services Security” Hawthorne. Katholieke Universiteit Leuven Entrust Inc. Ontario Ottawa. Ontario 18 / Oct / 2004 “Security Engineering for Large Scale Distributed Applications” “Improving Practical Security Engineering: Overview of the Ongoing Research” “HOT Admin: Human. Switzerland Computer Science Department. J.Page 9/28 NCE GRAND -. Belgium Ottawa. Ontario Carleton University. Organization. and Technology Centred Improvement of the IT Security Administration Usability” "Towards Agile Security Assurance" Amsterdam Department of 17 / Dec / 2004 Computer Science. Beznosov (65%) (c) Research or equivalent contracts (indicate under COMP whether grants were obtained competitively (C) or non-competitively (NC). Invited Presentations Title Conference or Event HL7 SIG Secure Meeting Location Orlando. Watson Research Center 14 / Feb / 2000 Rüeschlikon. Ontario 27 / Apr / 2005 . Vrije University Department of 20 / Dec / 2004 Computer Science. IBM Research Laboratory University of Waterloo.000 2010 – 2014 R. New York IBM T. School of Computer Science 26 / Apr /2005 “Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM)” Workshop on New Challenges for Access Control Ottawa. 25 / Apr / 2005 Heverlee.Usable Privacy and Security for New Media Environments C $60. School of Computer Science 16 / Sep / 2002 "Towards Agile Security Assurance" Waterloo. Biddle K.
and Technology Centred Improvement of the IT Security Administration" "Employing Secondary and Approximate Authorizations to Improve Access Control Systems" “Employing Secondary and Approximate Authorizations to Improve Access Control Systems” "HOT Admin Research Project: Overview and Results to Date” CIPS Vancouver Security SIG Meeting Vancouver. NS Faculty of 12 / Oct / 2006 Computer Science. QC Quantitative Security Metrics) Coast to Coast Seminar Series Vancouver. California Information 06 / Feb / 2006 Sciences Institute. Security SIG 08 / Mar / 2006 "HOT Admin: Human. Florida International University Date 09 / Jun / 2005 15 / Aug / 2005 “Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies” Los Angeles. University of Southern California CIPS. BC École Polytechnique de Montréal 21 / Feb / 2008 “A Broad Empirical Study of IT Security Practitioners” “A Broad Empirical Study of IT Security Practitioners” “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” 18 / Mar / 2008 New York.Page 10/28 Title "An Overview of The Ongoing Research at LERSSE” "JAMES: Junk Authorizations for Massive-scale Enterprise Services” Conference or Event Location Stockholm. Switzerland 05 / Jun / 2008 . Russia 02 / Jun / 2008 “Secondary and Approximate Authorization Model and Its Applications to BLP and RBAC Policies” Rüeschlikon. Florida Organization Royal Institute of Technology at Stockholm School of Computing and Information Sciences. BC Halifax. Petersburg. Viterbi School of Engineering. Sweden Miami. Organization. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences Computer Science Department. NY Columbia University St. IBM Research Laboratory 15 / Apr / 2008 St. Dalhousie University IONA Aug / 08 / 2007 Waltham. MA GONDWANA (Towards Montreal.
12 / Dec / 2000 “A Design of An Authorization Service.” presented at ORBOS. Apr – Dec / 2002 “Update on Security Domain Membership RFP Proposal. Technical University of Dortmund (e) • Other Presentations “Human Factors in Security Administration” presented at BCNET Advanced Networks Conference.” presentation given to the OMG joint SecSIGCORBAmed session. Sep / 2003 – Feb / 2005 Eight technical talks at Quadrasis’ Security Readings Seminar. Germany Faculty of 27 / Apr / 2009 Computer Science. Virginia Date 22 / Oct / 1998 – • • • • • (f) (g) Note: ACM Workshop on Role-Based . with second and third-tier conferences having acceptance rates between 20% and 40%. etc. Keynote Speaker. 08 / Jul / 2008 Campus-based Engineering Center Dortmund. As a result. OMG Technical Committee meeting. and top tier conferences with acceptance rates in 8%-20%. BC. Conference or Event Role(s) Panelist: "Requirements for Location Fairfax. Germany SAP Research. service on Technical Program Committees requires significant effort in reviewing (and some times shepherding) submissions. each 10-15 page long.) The fields of computer security and distributed systems are highly oriented towards conferences.Page 11/28 Title Conference or Event Location Organization Date “Toward Understanding the Workplace of IT Security Practitioners” “Management of IT Security in Organizations: What Makes It Hard?” “Toward Improving Availability and Performance of Enterprise Authorization Services” London. 27 / Apr / 2004 Three research talks at ECE’s Software Engineering Exploration and Discussions Seminar (SEEDS). College University of London 04 / Jul / 2008 Karlsruhe.” presentation given at the Center for Advanced Distributed Systems Engineering (CADSE). UK Computer Science Department. 12 / Feb / 1999 “Resource Names for Resource Access Decision (Facility). Vancouver. 22 / Mar / 1999 Other Conference Participation (Organizer.
Virginia Member Panelist: “What Does Research Need to Do to Help with Business Driven Security?” First ACM Workshop on Business Driven Security Engineering (BizSec) • • 31 / Oct / 2003 ACM SACMAT 2004 Publicity Chair. Switzerland 12 / Jul / 1999 – 15 / Jul / 1999 4 / Apr / 2000 – 7 / Apr / 2000 28 / Mar / 2001 18 / Mar / 2002 17 / Sep / 2002 04 / Jun / 2003 Tutorial Chair. USA Tutorial Instructor: “Principles of Designing Secure Systems” • • Panelist: “Agile Security and Secure Agility” Tutorial Instructor: “Access Control Architectures: COM+ vs. MA Annapolis. Maryland Boston. Publicity Chair Como. EJB” Tutorial Instructor: “Middleware and Web Services Security” Vancouver. Italy Technical Program Committee Member Tutorial: “Access Control Mechanisms in Commercial Middleware” Technical Program Committee Fairfax. Arizona 19 / Mar / 2005 – 22 / Mar / 2005 01 / Jun / 2005 – 03 / Jun / 2005 Webmaster Stockholm. Architectures and Technologies” 17 http://www. Sweden Technical Program Committee Member Panel Moderator: “Future Directions of Access Control Models. Yorktown Heights.javapolis.NET Web Services Security” Tutorial: “Enterprise Security With XML and Web Services” • • • Location Date 23 / Oct / 1998 Baltimore.Page 12/28 Conference or Event Access Control OMG DOCSec workshop OMG DOCSec workshop OMG DOCSec workshop Distributed Object and Component Security (DOCSec) Workshop IEEE Enterprise Distributed Object Computing (EDOC) Conference ACM Symposium on Access Control Models and Technologies (SACMAT) Role(s) Access Control: US Healthcare Domain" Technical Program Committee Member Session Chair Technical Program Committee Member Tutorial: “. BC Antwerp.com/confluence/display/JP08/Home . Sensing and Control (ICNSC) 2005 ACM SACMAT Technical Program Committee Member • • • Tucson. Technical Program IBM Thomas J Watson Committee Member Research Center. Maryland Baltimore. Maryland Lausanne. Belgium 02 / Jun / 2004 – 04 / Jun / 2004 22 / Nov / 2004 14 / Dec / 2004 – 16 / Dec / 2004 West Coast Security Forum Javapolis Conference 17 • IEEE International Conference on Networking.
Pittsburgh. BC Schloss Dagstuhl. 18% acceptance rate) Technical Program Committee Member (reviewed 3 submsns) Technical Program Committee Member (reviewed 6 submsns) Technical Program Committee San-Diego. Pittsburgh. 32% acceptance rate) • • NSPW Publicity Chair New Hampshire. Pittsburgh. Usability of PA End-user Security” Technical Program Committee Member Lake Arrowhead. California Carnegie Mellon Univ. CA Estes Park. PA 18 / Jul / 2007 18 / Jul / 2007 – 20 / Jul / 2007 18 / Sep / 2007 – 21 / Sep / 2007 26 / Sep / 2007 – 27 / Sep / 2007 08 / Feb / 2008 – 11 / Feb / 2008 Technical Program Committee Member (reviewed 6 submsns. California Arizona.. Belgium Oakland. Colorado 20 / May / 2008 – 22 / May / 2008 22 / May / 2008 11 / Jun / 2008 – . Pittsburgh. USA Catholic University of Leuven. CA 3 International OWASP Symposium on Web Application Security IEEE Workshop on Web 2. Administration vs.Page 13/28 Conference or Event Symposium on Usable Privacy and Security (SOUPS) • Role(s) Location Date 06 / Jul / 2005 – 08 / Jul / 2005 • New Security Paradigms Workshop (NSPW) Annual Computer Security Applications Conference (ACSAC) Open Web Application Security Project (OWASP) AppSec Europe 2006 Conference ACM SACMAT 2006 SOUPS USENIX Security Symposium NSPW ACSAC 2006 Organizer and moderator of Carnegie Mellon the panel “Usability of Security University. PA Carnegie Mellon University.0 Security and Privacy ACM SACMAT 2008 rd Brussels. Germany Technical Program Committee Member Technical Program Committee Member Technical Program Committee Member Technical Program Committee Member Technical Program Committee Member Panelist: “Usable Security: Quo Vadis?” Technical Program Committee Junior Co-Chair • • 20 / Sep / 2005 – 23 / Sep / 2005 05 / Dec / 2005 – 09 / Dec / 2005 30 / May / 2006 – 31 / May / 2006 07 / Jun / 2006 – 09 / Jun / 2006 12 / Jul / 2006 – 14 / Jun / 2006 31 / Jul / 2006 – 02 / Aug / 2006 19 / Sep / 2006 – 22 / Sep / 2006 11 / Dec / 2006 – 15 / Dec / 2006 Best Paper Selection Miami Beach. USA Technical Program Committee Senior Co-Chair Dresden. PA Vancouver. Belgium Lake Tahoe. Germany First International Workshop on Run Time Enforcement for Mobile and Distributed Systems Symposium on Network and Distributed Systems Security (NDSS) Technical Program Committee Member (reviewed 1 submsn) Technical Program Committee Member (reviewed 16 submsns. France 20 / Jun / 2007 – 22 / Jun / 2007 Carnegie Mellon University. FL Committee Member Technical Program Committee Member ACM SACMAT 2007 Workshop on Usable IT Security Management SOUPS Technical Program Committee Member Organizer and general co-chair Sophia Antipolis.
Pittsburgh. UK Baltimore. CA Technical Program Committee Member (reviewed 6 submsns) Brussels. PA 23 / Jul / 2008 22 / Sep / 2008 – 25 / Sep / 2008 Publicity Chair Lake Tahoe. 25% acceptance rate) Location Date 13 / Jun / 2008 Workshop on Usable IT Security Management NSPW Organizer and general co-chair • • CMU. 18% acceptance rate) Session Chair Technical Program Committee Honolulu.0 Security and Privacy ACM SACMAT Oakland. Organizing Committee Member Technical Program Committee Member (reviewed 4 submsns) Technical Program Committee Member (reviewed 16 submsns. 12% acceptance rate) Technical Program Committee Member (reviewed 4 submsns) • Panels Chair • Technical Program Committee Member (reviewed 7 submsns. 24% acceptance rate) Interactive and In-Depth Sessions Co-Chair. 36% acceptance rate) • Panel Organizer and Moderator: “Usability Meets Access Control: Challenges and Research Opportunities” Interactive and In-Depth Sessions Co-Chair • • Publicity Chair Steering Committee Member 02 / Dec / 2008 08 / Dec / 2008 – 12 / Dec / 2008 SOUPS CMU. 20% acceptance rate) Session Chair 07 / Dec / 2009 – 11 / Dec / 2009 • . IL Member (reviewed 15 submsns. CA Oxford. Italy 21 / May / 2009 03 / Jun / 2009 – 05 / Jun / 2009 SOUPS NSPW ACM CHIMIT ACM Computer and Communications Security Conference (CCS) Mountain View. Pittsburgh. MD 15 / Jul / 2009 – 17 / Jul / 2009 8-11 / Sep / 2009 7-8 / Nov / 2009 9-13 / Nov / 2009 Technical Program Committee Member (reviewed 4 submsns) • • ACSAC • Technical Program Committee Chicago. CA IEEE Workshop on Web 2. Belgium 1 International Workshop on Middleware Security (MidSec) ACSAC st Technical Program Committee Member (reviewed 3 submsns) Technical Program Committee Member (reviewed 12 submsns. CA Stresa.Page 14/28 Conference or Event Role(s) Member (reviewed 7 submsns. PA 23 / Jul / 2008 – 25 / Jul / 2008 14 / Nov / 2008 – 15 / Nov / 2008 8-11 / Feb / 2009 ACM Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT) NDSS San-Diego. CA San-Diego. Hawaii Member (reviewed 14 submsns.
(a) SERVICE TO THE UNIVERSITY Memberships in committees. PA Technical Program Committee Member Technical Program Committee Member Technical Program Committee Member (reviewed 5 submsns. USA St. 24% acceptance rate) Poster Session Co-Chair • • Publications Chair Steering Committee Member May / 2010 20 / May / 2010 Jun / 2010 SOUPS NSPW International Conference Mathematical Methods. Models. Petersburg 14 / Jul / 2010 – 16 / Jul / 2010 21-23 / Sep / 2010 8-11 / Sep / 2010 Technical Program Committee Member PC co-chair Technical Program Committee Member (reviewed 14 submsns) Technical Program Committee Member (reviewed 15 submsns. acceptance rate 16%) Session Chair Cape Town. PA 20-22 / Jul / 2011 10. CA Member (reviewed 12 submsns.0 Security and Privacy ACM SACMAT Technical Program Committee San-Diego.Page 15/28 Conference or Event NDSS • Role(s) Location Date 28 / Feb / 2010 – 3 / Mar / 2010 • International Workshop on Software Engineering for Secure Systems (SESS) IEEE Workshop on Web 2. 20 pages limit) Technical Program Committee Member San Jose. MA. CA Austin. CA 7-8 / Nov / 2010 06 / Dec / 2010 – 10 / Dec / 2010 6-9 / Feb / 2011 SOUPS Pittsburgh. South Africa Oakland. Host ECE ECE / ICICS Spring 2005 20 / Apr / 2007 Spring 2005 25 / Jun / 2007 . Texas San-Diego. 20% acceptance rate. WA Concord. including offices held and dates Committee Name Software Engineering Exploration and Discussion Seminar (SEEDS) Role Start Co-founder and Coordinator Sep / 2003 Jun / 2004 Dates End Apr / 2004 Dec / 2005 Department UBC UBC Leading Edge Endowment Fund (LEEF) BC Expert Advisor Leadership Chair in Information Communication Security Technology Departmental Retreat Technical Talks Coordinator Organizer. CA Pittsburgh. and Architectures for Computer Networks Security (MMM-ACNS) ACM CHIMIT ACSAC NDSS Redmond.
Ph. including dates Role Department ECE ECE ECE Computer Science ECE ECE Computer Science ECE ECE ECE ECE ECE ECE ECE ECE ECE ECE ECE Student David Tompkins Mandana Sotoodeh Xiang Cao Peng Peng Maryam Razavi Ashley Gadd Jan Hannemann Xiang Cao Majid Khabbazian Yew Lam Jun Wang Ali Al Shidhani Larix Lee Armin Bahramshahry Ali Bakhoda Tony Tang Amir Valizadeh Ali Al Shidhani Degree Ph. 21 / Aug / 2009 19 / Oct / 2009 23 / Nov / 2009 05 / Feb / 2010 11.D.Page 16/28 Department ECE UBC ECE ECE Committee Name Role Start Member Peer Reviewer Chair Member 2007 Jun / 2007 Feb / 2009 Feb / 2010 Dates End 2008 Jun / 2007 Present May / 2010 Curriculum Committee Tenure case of Annette Berndt Community Connections and Communications Task Force (C3TF) Recruitment Committee for the position in Software Engineering (b) Other service. M. 22 / Apr / 2005 M. Ph. including offices held and dates . Ph.D.D.D.A.A.D. 24 / Jan / 2006 M.A.Sc. Ph. Ph.D. (a) SERVICE TO THE COMMUNITY Memberships in scholarly societies.A.Sc.Sc.D. 26 / Jun / 2008 M.D.D.Sc. Ph.D. Ph. 17 / Aug / 2009 Ph.D. Date 17 / Dec / 2003 15 / Jul / 2004 30 / Aug / 2004 Aug / 2004 22 / Apr / 2005 Nov / 2005 20 / Feb / 2006 08 / Jan / 2007 19 / Jan / 2007 01 / Jun / 2007 Qualifying Exam Committee Member Qualifying Exam Committee Member Qualifying Exam Committee Member Second Reader of Thesis Qualifying Exam Committee Member Thesis Defense Committee Member Thesis Defense Examiner Thesis Defense Committee Member Qualifying Exam Committee Member Departmental Examination Committee Member Qualifying Exam Committee Member Qualifying Exam Committee Member Thesis Defense Committee Member Thesis Defense Chair and Head’s Nominee Qualifying Exam Head’s Nominee Qualifying Exam Head’s Nominee Qualifying Exam Head’s Nominee Departmental Examination Committee Member M. Ph. Ph.D. Ph.Sc.D. Ph.
Page 17/28 Scholarly Society ACM IEEE IEEE Computer Society ACM Special Interest Group on Security. including offices held and dates Memberships in other committees. agency. including dates) . including offices held and dates Other Societies Role Start Dates End Present Nov / 2003 Vancouver Security Special Interest Group of Member Canadian Information Processing Society (CIPS) (c) (d) Memberships in scholarly committees. Audit and Control (SIGSAC) ICICS IEEE Technical Committee on Security and Privacy Role Start Member Member Member Member Member Member 1997 1998 1998 2000 2003 Dates End Present Present Present Present Present Present May / 2005 (b) Memberships in other societies. etc. including offices held and dates Other Committees Role Start Member Member Co-Chair eXtensible Access Control Markup Language (XACML) Technical Committee Member Member 1997 1998 Sep / 1998 Mar / 2002 Dates End 1999 1999 Nov / 1999 Feb / 2003 Object Management Group (OMG) Healthcare Domain Task Force (DTF) CORBA Security Revision Task Force (RTF) OMG Security Special Interest Group (SecSIG) Organization for the Advancement of Structured Information Standards (OASIS) BCNET Applications Security Working Group Mar / 2006 May / 2007 (e) Editorships (list journal and dates) Journal Name Role (Nature of Duties) Dates Start Jan / 2008 End Jan /2008 IEEE Software Magazing Special Issue: “Security for the Rest Guest Co-Editor of US: an Industry Perspective on the Secure Software Challenge” International Journal of Secure Software Engineering (IJSSE) Associate Editor Mar / 2009 present (f) Reviewer (journal.
Aug / 2004 Jun / 2004. and top tier conferences with acceptance rates in 8%-20%. Feb / 2010 Dec / 2005 Apr / 2006 Oct / 2006 Dec / 2006 May / 2008 Feb / 2009 Feb / 2009. service on Technical Program Committees requires significant effort in reviewing (and some times shepherding) submissions. 2004 Feb / 2003 Jan / 2005 2005 Mar / 2007 May / 2007 Journal of Network and Systems Management International Journal of Cooperative Information Systems IEEE Transactions on Wireless Communications IEEE Transactions on Dependable and Secure Computing The International Journal on Very Large Data Bases. Jun / 2005. Aug / 2001 Feb / 2002. Networking and Communications Professional Magazine IEEE IEEE IFIP IEEE USENIX IEEE Organization # Reviewed / Refereed 1 3 2 1 1 1 1 1 1 1 1 1 1 2 1 1 1 1 Organization # Reviewed / Refereed Date(s) . See also Section 9 (g) for services on PCs. As a result. 2003. and Cybernetics USENIX Security Symposium 3rd IEEE International Conference on Wireless and Mobile Computing. each 10-15 page long.Page 18/28 Note: The fields of computer security and distributed systems are highly oriented towards conferences. Telecommunications and Computer Networks IEEE International Workshop on Policies for Distributed Systems and Networks IEEE International Conference on Web Services IFIP Networking Conference 2005 IEEE Conference on Systems. Feb / 2010 Feb / 2010 Apr / 2010 Aug / 2010 Oct / 2010 Date(s) Jul / 2000. with second and third-tier conferences having acceptance rates between 20% and 40%. special issue on PrivacyPreserving Data Management EURASIP Journal on Wireless Communications and Networking Journal of Computers Software: Practice and Experience IEEE Transactions on Mobile Computing Journal of Systems and Software Computers & Security IEEE Transactions on Dependable and Secure Computing ACM Transactions on Information and System Security (TISSec) International Journal of Critical Computer-Based Systems (IJCCBS) IEEE Internet Computing Conference International Conference on Software. Jul / 2009. Journal # Reviewed / Refereed 1 1 2 4 Date(s) Dec / 2002 Jul / 2003 Apr / 2004. Man.
entitled “Safety and Security for All. Jan / 2010 Date(s) Oct / 2006 May / 2010 Organization / Agency Manning Innovation Awards Type of Grant Netherlands Organization for Scientific Research FOCUS Program (Research) MITACS Network of Centres of Excellence NSERC NSERC Strategic Project Discovery 2 2 Book Proposal (Topic) Wireless Internet security Computer security textbook • • Publisher Cambridge University Press Cambridge University Press # Reviewed / Refereed 1 1 External Reviewer for a tenure case.Page 19/28 IEEE Software IEEE Security & Privacy IEEE Internet Computing IEEE IEEE IEEE 4 3 2 Oct / 2005. Oct / 2005 (g) External examiner (indicate universities and dates) University Degree Ph.D. Jun / 2005. Ottawa (h) (i) • Consultant (indicate organization and dates) Other service to the community Editor. Apr / 2010 Oct / 2007 Oct / 2010 # Reviewed / Refereed 1 1 3 Date(s) Feb / 2005 Apr / 2005 Jan / 2007.Sc. Student Bart de Win Nima Kaviani Sonia Chiasson Date 02 / Mar / 2004 16 / Jul / 2007 17 / Dec / 2008 Katholieke Universiteit Leuven. CORBA Security FAQ. Belgium Simon Fraser University Carleton University.D. Ph.” for Strategic Project Grants Program. Feb / 2008. M. Jan / 2008 Jan / 2008. Feb / 2008 Advised NSERC in identifying specific research topics that would form one of the strategic target areas. Dec / 2009. 1997 – 1999 . Feb / 2010 Jan / 2007. Oct / 2007 Feb / 2007. Carleton University.
awarding organizations. awarding organizations. awarding organizations.Page 20/28 • • Moderator. Annual Science Fair for 8 grade students of Point Grey Mini School. Vancouver. 29 / Jan / 2009 AWARDS AND DISTINCTIONS Awards for Teaching (indicate name of award. CORBA Security mailing list. 1998 – 2000 Judge. (a) (b) • (c) (d) 13. 23 / Feb / 2006. and date) th 12. and date) Other Awards OTHER RELEVANT INFORMATION (Maximum One Page) . Jan / 2000 – Aug / 2000 Awards for Service (indicate name of award. Florida International University Presidential Fellowship. and date) Awards for Scholarship (indicate name of award.
D. no. Beznosov. Beznosov. 4-19. Beznosov.2009.1016/j. 11. (*) R. Date: 20-Oct-10 Those publications considered to be of primary importance are indicated by an asterisk (*).doi.7. Hawkey. K. . W. and Technology Challenges in IT Security Management. 5. Organizational. Main author name is in bold.” accepted 2009-12-03 for publication in ACM Transactions on Information and System Security (TISSEC). K. “Cooperative Secondary Authorization Recycling” IEEE Transactions on Parallel and Distributed Systems. Emerald. vol. DOI= http://dx. Beznosov.org/10. vol. Werlinger. Muldner. K. M. Emerald. February 2009. M. vol. "Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports. 1. J. K. “On the Imbalance of the Security Problem Space and its Expected Consequences. Wei. no. Hawkey. pp. DOI= http://dx. January 2010. pp.beznosov. vol. K. Botta. Martí. Elsevier. 2009. Technology & Work on 16 / Aug / 2010.1016/j.” IEEE Internet Computing.80 10. pp. and K. 3. Rahman. Werlinger. K. no. Beznosov.002. 20-40. September 2007. Hawkey.org/10.ijhcs. Beznosov. A. 15 no. Wei. Muldner. Beznosov. January 2010.2008.” International Journal of Human Computer Studies. vol. Botta. K. Sun and K. 4.csi. Hawkey. B. “Security practitioners in context: Their activities and interactions with other stakeholders within organizations. Beznosov.5. K. K. IGI Global. pp. 18 pages.2009.12. R. “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms. January 2009.1109/TPDS.” Journal of Information Management & Computer Security. Electronic copies of the listed publications can be found at http://konstantin.” accepted for publication to the International Journal of Cognition.6. K. R. K.5. 12. Crampton.” International Journal of Secure Software Engineering (IJSSE). Werlinger. pp. 6. No. 2.” in Computer Standards & Interfaces. K. S. Beznosov. Darwish. “Examining Diagnostic Work Practices during Security Incident Response” to appear in the Journal of Information Management & Computer Security. May/June 2008. Beznosova. 2. K.03. DOI: 10.001. Presenter name is in italics. D. vol. 20.” Journal of Information Management & Computer Security. Emerald. Hawkey. pp. 17.doi. “Authorization Recycling in Hierarchical RBAC Systems. “Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks.org/10. “Analysis of ANSI RBAC Support in COM+. (*) Q. 220-244. Beznosov. R.doi. Beznosov and O. “An Integrated View of Human.420-431. 32 pages. 7. K. Muldner.3. (*) Q. (Co)supervised student or postdoctoral fellow name is underlined. 275-288. J. Elsevier. K. DOI: http://dx. K. 22-30. Ripeanu. Ripeanu. (a) REFEREED PUBLICATIONS Journals 1. 3.1108/09685220910944722 9. H. pp.Page 21/28 THE UNIVERSITY OF BRITISH COLUMBIA Publications Record SURNAME: Beznosov FIRST NAME: Konstantin MIDDLE NAME (S): Initials: K. 8. K. 584-606. “Searching for the Right Fit: A case study of IT Security Management Models.net/professional/ 1." International Journal of Critical Infrastructure Systems. no. March 2009.
vol. and K..” to appear in the Proceedings of the New Security Paradigms Workshop (NSPW). “Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communication” to appear in Proceedings of the IEEE International Communications Conference (ICC). K. Beznosov. 53-62. J.” In Proceedings of the Third ACM Workshop on Assurable & Usable Security Configuration (SafeConfig). M. Hawkey. "An Approach for Modeling and Analysis of Security System Architectures. and K. pp.0 Content Sharing Beyond Walled Gardens” to appear in Proceedings of Annual Computer Security Applications Conference (ACSAC). USA. F. 15-17 July 2009. 23-27 May 2010. P. pp. Hawkey. 53-62. “Guidelines for design of IT Security Management Tools” in Proceedings of the ACM Computer Human Interaction for Management of Information Technology (CHIMIT) Symposium. Beznosov. D. P. M. (33% acceptance rate) 7. South Africa. S. K. Concord. Q. “It's Too Complicated. Raja. 2. pp. 409-418. 49-58. Nuremberg. 9-15. but Few Locks: The Crisis of Web Single Sign-On. 2006. 10. San Diego. Article ID 85495. 25-26 June 2010. K. S. Wang. Beznosov. and K. V. Beznosov. Y. 4 October 2010.C. USA. S. Raja. Ripeanu. “Mobile Applications for Public Sector: Balancing Usability and Security” in the Collaboration and the Knowledge Economy: Issues. and Misconceptions of Personal Firewalls. Botta. Song. (20% acceptance rate) 8. “A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization. Redmond. Deng. 6. “Multiple Channel Security Model and Its Implementation over SSL. K. K. Chicago.M. Beznosov. Raja. 31 March 2009. Ripeanu. 14-16 July 2010. “Application-Based TCP Hijacking” in Proceedings of the European Workshop on System Security (EuroSec). K. Leung. USA. 5. (30% acceptance rate) 9. J. November 2009. 12 pages. K. Motiee. Werlinger. September/October 2003. 13. Beznosov. Xiong.” EURASIP Journal on Wireless Communications and Networking. pp. 14 pages. Paul . and Beznosov. J. J. K. Zheng. “Secure Web 2. IL. Muldner. K. 11. S. 2008. K. K. Tsai. and K. K. Case Studies. So I Turned It Off! Expectations. CA. no. Booth. R. and K. S.Beznosov. 20-22 September 2010. Natchetoi. Hawkey. Applications. 1095-1115. K. Botta. K.Sun. Hawkey. Beznosov.” in Proceedings of the ACM Computer Human Interaction for Management of Information Technology (CHIMIT) Symposium. Poon. (b) Conference Proceedings 1. K. P. 6 pages. 12 pages. D. F. Hawkey. Wei. “Authorization Using the Publish-Subscribe Model. (25% acceptance rate). Microsoft. “Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents” in Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA). Cape Town. Beznosov. WA. 10 pages. pp. K. 5. Sun. K. December 10-12.. Beznosov. Perceptions. 8 October 2010. “Revealing Hidden Context: Improving Mental Models of Personal Firewall Users” in Proceedings of the Symposium on Usable Privacy and Security (SOUPS). K. Hawkey. Sydney. V. Sun. Beznosov. K. v. 7-11 December 2009.. Kaufman. pp. Y." IEEE Transactions on Knowledge and Data Engineering. Germany. 3. H. “A Billion Keys.” in the Proceedings of the IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA).. Hawkey. Hawkey. (36% acceptance rate) 13. 15. article 1. Beznosov. Beznosov. 4. Hawkey. Y. “Investigating User Account Control Practices” in Proceedings of the Symposium on Usable Privacy and Security (SOUPS). July 2006. Jaferian. K.” in Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM). November 2008.Page 22/28 12. “OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. K. O. Jaferian. (29% acceptance rate) 12. Australia. Y. (*) F. P. MA. Beznosov. pp. Boshmaf. Jaferian. 119-132.
Leung. 10 July 2007. University of Plymouth. 17. 14. 20. “Cooperative Secondary and Approximate Authorization Recycling. M. “Identifying Differences Between Security and Other IT Practitioners: a Qualitative Analysis. K. CA.24 October 2008. 2005. pp. Repanu. Sweden. Stockholm. K. M. pp. Werlinger. paper #10. L. K. Crampton. J. (35% acceptance rate) 26. 67-72. Botta. “Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP. B. A. Facolta' di Ingegneria. 23-25 July 2008. 111-120.” in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). “Authorization Recycling in RBAC Systems” in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). (22% acceptance rate) 18. Fels. P. Beznosov. 35–48. Hawkey.” in Proceedings of the Symposium on Usable Privacy and Security (SOUPS). Beznosov. Monterey Bay.” in Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA). 6 pages. 27-29 June 2007. 337-352. “Human. S. Estes Park. 128-140. G. J. 19-21 July 2007. Fisher. K. Kruchten. Bodén. O. Gagné. Beznosov. Ph.Page 23/28 Cunningham and Miriam Cunningham (Eds). 21. 15-21 May 2005. 8-10 July 2008. University of Plymouth. K. Iverson. K. pp. K. K. Shanghai. 2006. Q.63-72. “The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies. Jaferian.” in Proceedings of the Eighth International SIGSOFT Symposium on Component-based Software Engineering (CBSE 2005). 100-111. Lake Tahoe. 20-23 September 2005. USA. pp. Carnegie Mellon University. 8-10 July 2008. M. Q. pp. UK. Pittsburgh. 65-74. 20-21 May 2006. Werlinger. 22 . Carnegie Mellon University. K. pp.” in Proceedings of the IEEE International Symposium on High-Performance Distributed Computing (HPDC). Louis. 15. K. Tsang and K. Beznosov. (25% acceptance rate) . article #117. Ripeanu. Muldner. USA. PA. UK. 885-892. J. 22.11-17. Rahman. Italy. Colorado. Wei. pp. California. UK. USA. K. IOS Press. USA. Beznosova. “SPAPI: A Security and Protection Architecture for Physical Infrastructures and its Deployment Strategy Using Sensor Networks” in Proceedings of 10th IEEE International Conference on Emerging Technologies and Factory Automation. Beznosov. 24. “A Security Analysis of the Precise Time Protocol (Short Paper)” in Proceedings of the Eighth International Conference on Information and Communications Security (ICICS '06). “Extending eXtreme Programming to Support Security Requirements Engineering” Proceedings of the Workshop on Software Engineering for Secure Systems (SESS). 2008 Amsterdam. K. K. pp.” in Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA). Pittsburgh. K. Crampton. Catania. “On the Imbalance of the Security Problem Space and its Expected Consequences. Muldner. pp. R. “Towards Understanding IT Security Professionals and Their Tools. Beznosov. Hawkey. Organizational and Technological Challenges of Implementing IT Security in Organizations. “Flooding and Recycling Authorizations” in Proceedings of New Security Paradigms Workshop (NSPW). Missouri. CA.50-59. Gagné. Werlinger. 25.NET Web Services. J. 12 pages. Wei. 7-9 June. K. USA. Beznosov “The Challenges of Using an Intrusion Detection System: Is It Worth the Effort?” in Proceedings of the Symposium on Usable Privacy and Security (SOUPS). 11-13 June 2008. USA. (32% acceptance rate) 19. (20% acceptance rate). D. Beznosov. Beznosov. 2006. 16. (best paper award) R. University of Plymouth. St. Wäyrynen. R. pp. H. A. Lake Arrowhead. ISBN 978–1–58603–924-0. Beznosov. Beznosov. Boström. 19-22 September 2005. Raleigh. (30% acceptance rate) 23. 69–80. pp. North Carolina. December 4-7. Beznosov. W. Beznosov. K. (26% acceptance rate). pp.” in Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA). PA.
K. 31. October 28 . Arizona. 246-253. pp. Beznosov. “Here’s Your Lego! Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need. V. USA. Gao. Virginia. Security Domain Membership Management Service. H.” in Proceedings of The 3rd Workshop on Reflective and Adaptive Middleware. Alberta. 36. USA. Fairfax. USA. Blakley. "Towards Agile Security Assurance. November 2000. Beznosov. Beznosov. USA. K. 31 October 2003. Beznosov. ON. Virginia. "A Resource Access Decision Service for CORBA-based Distributed Systems. Fairfax. Uppal. 693-710. 19 October 2004. Deng. pp. . Beznosov and P. 29. Austria." in Proceedings of The New Security Paradigms Workshop. K. July 11 2001. 34. 32.M. Y. 310-319. Toulouse. document number formal/2001-04-01. K. Object Management Group. "Supporting Relationships in Access Control Using Role Based Access Control. pp. "Object Security Attributes: Enabling Application-specific Access Control in Middleware.November 1 2002. 25-28 August 2004. OASIS XACMLTC. Yu. VA. pp. August 2001. France. Beznosov. Resource Access Decision Facility. pp. 38. "A Framework for Implementing Role-based Access Control Using CORBA Security Service. Canada. K.C. 28. Y. "Supporting End-to-end security Across Proxies with Multiplechannel SSL. Y. California. Beznosov. Contributor. and Y. 183188. Leung. K. Linz. 20-23 September 2004. Barkley." in Proceedings of the Sixteenth International Conference on Software Engineering and Knowledge Engineering (SEKE'04)." in Proceedings of 4th International Symposium on Distributed Objects & Applications (DOA). Las Vegas. 55-65. Barkley. Fairfax. Setúbal. M.0. Co-author. 3-18." in Proceedings of Annual Computer Security Applications Conference. Y. Object Management Group. pp. Kruchten. 360-365. Portugal. 47-54.Page 24/28 27. C. L. June 20-24. Irvine." in Proceedings of Fourth ACM Role-based Access Control Workshop. Leung. Song. Song. K. Canada. "Applying Aspect-Orientation in Designing Security Systems: A Case Study. White Point Beach Resort. Cooper. document number orbos/2001-07-20. February 18 2003. Toronto. Deng. 33. October 1999. 23-26 August 2004. V." in Proceedings of the First ACM Workshop on Business Driven Security Engineering. Beznosov. K. December 1999. Burt." in Proceedings of Fourth ACM Workshop on Role-Based Access Control. 2. Final Submission. Beznosov and Y. Beznosov. 35." in Proceedings of the 19th IFIP International Information Security Conference. C. Nova Scotia. Espinal. Deng. TBD. Banff. October 1999. Beznosov. K. K. J. 3. OASIS eXtensible Access Control Markup Language (XACML) version 1. USA. Nevada.” in Proceedings of Software Engineering and Middleware (SEM) Workshop. 30. "Performance Considerations for CORBA-based Application Authorization Service. Editor. He. (c) Other International Standards 1. pp. pp. S. B. 2004. pp." in Proceedings of Fourth IASTED International Conference Software Engineering and Applications. K. USA. 20-21 September 2004.” in Proceedings of the 1st International Conference on E-business and Telecommunication Networks. "Extreme Security Engineering: On Employing XP Practices to Achieve 'Good Enough Security' without Defining It. “On the Benefits of Decomposing Policy Engines into Components. Deng. X. Phoenix. 19-30. K. and J. pp. K. 37. Beznosov. and J. “Implementing Multiple Channels over SSL. pp. 323— 337.
4. CMU. October 1998. A. 2. K. Beznosov. and R. K." Panel Position paper. . Sun. 11 pages. (b) Conference Proceedings 1. D. Beznosov. PA. 8.25. E. K. 3. Alexandria. Canada. K. S. L. The International Institute for Critical Infrastructures. K. Pittsburgh. "Architecting a Computerized Patient Record with Distributed Objects. Switzerland. K. (a) NON-REFEREED PUBLICATIONS Journals 1. April 4-9. B. USA. E. Beznosov. A. Fisher. Inglesant. Zurko. K. 37-51. K. R. K. Butler. 149-158. Gagné. 28 April 2007. Botta. Romano. 73-74. “Design guidelines for IT security management tools. K. Italy. Hawkey. Hawkey. pp. Navarro. Fels. Italy. USA. A. June 3-5. Sun. Beznosov. and Technological Factors of IT Security” presented at Research Landscape session of the ACM SIG CHI conference. pp. R. K. A.Page 25/28 2. April 5-10. Jaferian. Beznosov. 2008. 2006. Urzais. February 1998. “Security for the Rest of Us: An Industry Perspective on the Secure-Software Challenge. Chess. M. “Open Problems in Users' Content Sharing in Web 2. R. vol . June 22-27. S. “Usability Meets Access Control: Challenges and Research Opportunities” panel in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). Lobo. April 5-10. K. Italy. P. MA. Bramblett. E. P. K. 1. Hawkey. Florence. Tortolini-Taylor. 29 / Aug / 2009. Raja. “Revealing Hidden Context: Improving Mental Models of Personal Firewall Users” presented at Work in Progress poster session of the ACM SIG CHI conference. CA.” presented at Workshop on Security and Privacy in Online Social Networking. Beznosov. 2008. "Requirements for access control: US healthcare domain. Jan / 2008. 12. Botta. A.0. Wreder. Canada. Fairfax. Iverson. 2008. 7. H. “Studying IT Security Professionals: Research Design and Lessons Learned. p. Botta. K.” position paper at the CHI Workshop on Security User studies: Methodologies and Best Practices. K. 6. Stresa. no. Zurich. R. Florence. Beznosov “Human. Muldner. Ventura. R. Hawkey. R. J. (30% acceptance rate) 9." in Proceedings of Health Information Systems Society Conference. San Francisco. 24-27 September. 2008. K. 2009. D'Empaire. Beznosov “Security practitioners in context: Their activities and collaborative interactions” presented at Work in Progress poster session of the ACM SIG CHI conference. Hawkey. 23-24 April 2009. 2009. Gagné.” IEEE Software. Beznosov. S. Werlinger. Vancouver. D. Beznosov. July 23.” presented at the Workshop on Open Research Problems in Network Security (iNetSec). B. K. Vancouver. Beznosov. In Proceedings of the Third ACM Workshop on Role-Based Access Control. Werlinger. Hernandez. USA.43. Werlinger. K. Reeder. Martí. K. K. K." In Proceedings of the Third International Conference on Critical Infrastructures. Hawkey. D. VA. Werlinger. Boston. E. “Responding to Security Incidents: Are Security Tools Everything th You Need?” presented at the 20 Conference of the Forum of Incident Response and Security Teams (FIRST). A. 10-12. F. M. Beznosov. pp. (50% acceptance rate) 5. J. 10. Virginia. 11. pp. Beznosov. “Towards Enabling Web 2.” presented at the Workshop on Usable IT Security Management. 4 pages. Organizational. "Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports. Rahman.0 Content Sharing Beyond Walled Gardens.
Baltimore. Miami. Miami. John Wiley & Sons. Kawamoto. Periorellis. Deng. Beznosov." in Handbook of Software Engineering And Knowledge Engineering. Angelos D. "Issues in the Security Architecture of the Computerized Patient Record Enterprise. Beznosov. Beznosov. 2005.Florida International University. November 1997. 2001. "CORBAmed Security White Paper. Beznosov. technical report. Beznosov. Flinn.” in Securing Web Services: Practical Usage of Standards and Specifications.Page 26/28 13." Baptist Health Systems of South Florida. pp. Inc. Beznosov." Object Management Group. and Y. and K. “Introduction to Web Services And Their Security. "Applicability of CORBA Security to the Healthcare Problem Domain. "CPR Security CORBA-based Security and Intranet Services Object Technology Group Position Paper. "Taxonomy of CPR enterprise security concerns at Baptist Health Systems of South Florida. Beznosov. 5. Beznosov. Hartman." School of Computer Science. Beznosov. K. Proceedings of New Security Paradigms Workshop. Beznosov." Second Workshop on Distributed Object Computing Security. 364. vol. 2008." Baptist Health Systems of South Florida. S. New York. 2002. Inc. K. John Wiley & Sons. ISBN: 978-1-60558-080-7. 1. pp.. (b) Edited 1. Miami. K. Hartman. "Information Enterprise Architectures: Problems and Perspectives." Center for Advanced Distributed Systems Engineering (CADSE) . W.. New York. L. September 1997. Kawamoto. USA. Beznosov and Y. ISBN: 978-1-59904639-6. K. "Engineering Application-level Access Control in Distributed Systems. technical report 2000-06. 102 pages. ACM Press. technical report 2000-01. K. K. 2007.NET Web Services. Miami. S. P. K. . Florida International University. May 1998. 206-227. Flinn. Deng..” Information Security Technical Report (ISTR). Flinn. D. Editors: Konstantin (Kosta) Beznosov. pp. the Information Security Group. "Design and Implementation of Resource Access Decision Server. (c) Other 1. Ed. June 2000. pp. 1st ed. D. Hossain Heydari. D. technical report. Royal Holloway. and B. January 2000. 2. B. and S. Hartman. Ed. 1997. Chang. 1997. K. 2. 3. Hershey PA. document number corbamed/97-09-11. B. K. “Protecting ASP. document number corbamed/97-11-03. Wilson and K. Enterprise Security With EJB and CORBA. (c) Chapters 1." Object Management Group. Beznosov. (a) BOOKS Authored 1. 7. World Scientific Publishing. Maryland. 2. Mastering Web Services Security. K. 4. Espinal. 10 no. 69-90. technical report. Keromytis. 2003. University of London and Elsevier publishers. pp 2-14. Idea Group Inc. K. M.. 3. 6.. 436.
PERFORMANCES. 6.Page 27/28 4. DESIGNS OTHER WORKS . 7. 5. PATENTS SPECIAL COPYRIGHTS ARTISTIC WORKS.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.