2017 IEEE Conference on
Dependable and Secure Computing

Taipei • Taiwan | August 7—10, 2017

Keynote Talk #1

9:20—10:20, August 8
B1 Metro Suite, Shangri-La's Far Eastern Plaza Hotel

Attribute-Based Access Control: Insights and Challenges
Prof. Ravi Sandhu
Executive Director and Chief Scientist
Institute for Cyber Security (ICS)
University of Texas at San Antonio

Abstract: Since about 2010 there has been considerable growth of interest among cyber security researchers and practitioners in attribute-based access control (ABAC). The Institute of Cyber Security at the University of Texas at San Antonio has pursued this area intensively. This talk will present a personal perspective on the insights obtained by the Institute's research, as well as research from other groups working on this topic. The talk will identify some challenges in research as well as in practical deployments of ABAC.

Bio: Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy. He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 30 security technology patents and has accumulated over 32,000 Google Scholar citations for his papers. At the Institute for Cyber Security his research projects include attribute-based access control, secure cloud computing, secure cloud-enabled Internet of Things, social computing security, and secure data provenance. His web site is at www.profsandhu.com.

Keynote Talk #2

9:00—10:00, August 9
B1 Metro Suite, Shangri-La's Far Eastern Plaza Hotel

Title: Increase Your Security Effectiveness by Automating and Machine Learning
Michael Montoya
Chief Cybersecurity Advisor, Asia
Microsoft Enterprise & Partner Group

Abstract: With the increasing velocity and volume of cyberattacks, coupled with the lack of sufficiently trained staff, it is essential that detection and response activities are automated as much as possible. Based on lessons learned in Microsoft’s SOC, we will show in this talk how to automate tasks, increase machine learning and build a modern security posture.

Bio: As the Asia Chief Cybersecurity Officer for the Microsoft Enterprise Cybersecurity Group, Michael is a leader of Microsoft’s initiatives and operations to provide thought leadership, strategic direction on the development of Microsoft security products and services, and deep customer and partner engagement across Asia.

Michael re-joined Microsoft in 2016 as an experienced information security executive bringing more than 20 years of enterprise IT support and leadership. Michael was Vice President of Cloud and Engineering with Fireeye, where he was responsible for developing and operating the cloud services for Fireeye’s threat intelligence backbone (DTI) and cloud services of Threat Analytics Platform (TAP), Email Threat Prevention (ETP), Mobile Threat Platform (MTP), Cloud Endpoint Security (Helix) and CloudMVX. Prior to his role at Fireeye, Michael was the Deputy Chief Information Officer at EMC where he was responsible for their Cloud First platform, and Infrastructure and Security Operations bringing cloud adoption best practices to a $20 Billion USD enterprise for virtualization, cloud adoption and security resulting in CIO100 industry recognitions.

In Michael’s previous role with Microsoft, he held a number of IT leadership roles including Asia Regional Chief Information Officer and leader of Microsoft’s Global Hosting organization responsible for managing all Internet Datacenter architecture and operations. Michael helped lead Microsoft to expand into the Asia region during a time of incredible growth helping establish global delivery in China and India, as well as, expand IT infrastructure across all the regions in Asia. Michael also was a founder of Microsoft’s Global Hosting Strategy which is now Azure. Under his leadership, Michael helped design and operate Microsoft’s initial 7 datacenters to support the growth in MSN properties, Microsoft.com, WindowsUpdate, Hotmail and the secure extranet to support a business partner network. Michael led the team to industry leading support models, service level agreements and security and operation innovations to support a globally secure and distributed service-oriented architecture.

Michael has established himself as a recognized innovative IT leader and serves as an advisor to several security and IT startups and venture capital firms. Michael earned a dual degree from the University of New Mexico.

© 2017 IEEE Conference on Dependable and Secure Computing