University of Minnesota
Software Engineering Center

You are here

Code Freeze 2015 Breakout Sessions

David V Duccini: Blockchain Technology: Bitcoins and Beyond

Abstract: Digital Currencies got a boost in late 2008 when the mysterious and heretofore unknown “Satoshi Nakamoto” released the seminal whitepaper and a reference implementation to fully decentralized peer to peer protocol that supported a new digital currency called Bitcoin. Based on a “block chain” of ever increasing linked transactions a public ledger serves as the authoritative system of record of account for everyone in the Bitcoin economy. In this presentation local InfoSec expert David V Duccini will provide an overview of Bitcoin, it’s protocol, capabilities and limitations as well as share a vision of what’s to come. New: David's slides available at bottom of this page

David V Duccini is a well-regarded information security expert with real world “wire-to-web” experience. In addition to having built an Internet Service Provider from scratch in the 1990’s he has been on a self-described “tour of duty” consulting with Fortune 50 banks, insurance companies, utilities, telecom, biomedical, and recently retail. Duccini holds advanced degrees in Software Engineering from the University of St. Thomas and an MBA from the Carlson School of Management. A serial entrepreneur, he has been involved in a half dozen startups. He has been involved with the crypto-currency movement since late 2010 and this past year launched — a patent-pending charitable giving communication system that generates bits of coin for non-profits. When he’s not at the keyboard, he can usually be found practicing his pilot skills in his Cessna 152. He lives in St. Paul with his wife Gabrielle and their two mini-dachshunds, Ginger and Duke.

John Shackleton: Agentless Introspection Technology for Commodity Servers

Abstract: Introspection is an increasingly popular technique to characterize the execution of virtual machines operating upon server platforms. Adventium Labs has developed a technology called XIP- Xen Introspection Product, which uses introspection to detect different types of malware on virtual hosts running on the Xen hypervisor and commodity server hardware. XIP provides millisecond response times without the need for an agent on the host operating systems. Our demonstrations include a root kit detector and a kernel memory integrity monitor. New: John's slides available at bottom of this page

John Shackleton is a senior principal research scientist at Adventium Labs and the technical lead for XIP development and other hypervisor related technologies. Prior to Adventium, Mr. Shackleton has worked at BBN Technologies and Honeywell, focusing on embedded system security and resiliency.

Tom Marble: Secure E-mail using Tails

Abstract: We are stuck between knowing that our Internet communications are vulnerable and using overly complex crypto tools. This workshop will explain, step by step, how to use open source encryption available in a live USB-drive-based system to secure e-mail. Along the way you will learn about threats to anonymity on the web and how to harness the Web of Trust. We'll then explore the next steps to making secure e-mail more practical for everyday use. New: Tom's slides available here.

Tom Marble is best known for being the first "OpenJDK Ambassador" on the Sun Microsystems core team that open sourced the Java programming language. Tom has a Masters degree in Electrical Engineering from the University of Minnesota where he worked under Otto H. Schmitt. He has combined his EE and community experiences in open source hardware projects such as USB TRNG and his software and intellectual property experiences by organizing a legal and policy issues track at Europe's largest open source conference, FOSDEM. Mr. Marble is committed to increasing diversity in technology (especially in open source) by volunteering as an organizer for ClojureBridge Minneapolis -- a weekend workshop for women to learn the Clojure programming language -- as well as the GNOME Outreach Program for Women on behalf of the Debian project. Mr. Marble is the founder of Informatique, Inc.: a consultancy which leverages his hardware, software and legal engineering background for client projects as diverse as telematics for electric vehicles, probabilistic model checking, autonomous cyber defense, and multiplayer online gaming.

Eric Thayer: Network Hacks for Cyber Physical Systems

Abstract: In the Internet of Things, embedded systems present a unique attack surface for security researchers similar to workstations and servers of the early 2000’s. Attack techniques and tools used to perform cyber security assessments of networks and servers can be repurposed to identify the low hanging fruit of today’s modern embedded platforms. During this session we will use common network assessment techniques and toolsets to perform analysis of a web enabled embedded platform and exploit the device to extract vital information and gain access.

Eric Thayer is a Principal Investigator for the Systems Analysis and Exploitation group at Assured Information Security, a cyber security company serving the DoD and commercial industry. Mr. Thayer has over fifteen years experience in the cyber security field and is the lead engineer for a group of two dozen reverse engineers and security professionals. He has spent his career performing security assessments and security related research for government agencies, state organizations, and commercial entities. With a degree focused in computer security and formalized training in vulnerability identification, exploit development, and reverse engineering Eric regularly serves as a qualified consultant to industry professionals, developers, and academics. This allows him to serve as the “voice of the offense” and provide technical expertise in potential security threats and operational risks to systems. In his twelve years at AIS Eric has served as the lead engineer while conducting security assessment of software systems, networks, and embedded systems to include smart phones, SCADA equipment and networks, automobiles, radios, and air vehicles. In total Eric has led his team in the assessment of nearly one hundred target systems and consulted on the development cycle design and testing of nearly as many.

Return to CodeFreeze 2015 Program