CS Colloquium

Fall 2021

Presented by the Computer Science Department
Wednesdays 12:00 - 12:50pm, Online
All lectures are free and open to the public: Zoom Meeting ID 891 6608 5596

AbuSniff: An automated social network abuse detection system

Sajedul Talukder
Assistant Professor
Southern Illinois University

08/25/2021

Social networks like Facebook provide functionality that can expose users to abuse perpetrated by their contacts. For instance, Facebook users can often access sensitive profile information and timeline posts of their friends, and also post abuse on the timeline and news feed of their friends. In this talk, we introduce AbuSniff, a system to identify Facebook friends perceived to be abusive or strangers, and protect the user by restricting the access to information for such friends. We develop a questionnaire to detect perceived strangers and friend abuse. We train supervised learning algorithms to predict questionnaire responses using features extracted from the mutual activities with Facebook friends. In our experiments, participants recruited from a crowdsourcing site agreed with 78% of the defense actions suggested by AbuSniff, without having to answer any questions about their friends. When compared to a control app, AbuSniff significantly increased the willingness of participants to take a defensive action against friends. AbuSniff also increased the participant's self-reported willingness to reject friend invitations from strangers and abusers, their awareness of friend abuse implications and their perceived protection from friend abuse.

Professional Senior-Level Software Development

Sean Haneberg
Senior Software Engineer
Hulu - The Walt Disney Company

09/01/2021

Healthy software development teams often hold individuals who have significant experience to higher expectations than entry-level or "junior" contributors. Usually, organizations mark this differentiated scope and responsibility with a title like "Senior Software Developer."  When considering a career in software development, it's natural to focus on those immediate concerns around becoming a successful entry-level developer. However, an understanding of those "senior" expectations and practices that developers will encounter in the medium and long-term is invaluable for new professionals looking to bring their own career plans into focus.

So, how do Senior Software Developers impact the products they build? What strategies might Senior Developers use to empower their teams to be more effective? I'll discuss patterns I've noticed in the 17 years I’ve worked as a software developer in the consumer electronics domain. Drawing on my experiences contributing to large-scale products and services such as Xbox, HoloLens, Sonos, and Hulu, I will share some examples of impactful Senior-level deliverables. Audiences will gain a clearer understanding of how professional software development works on large teams through this survey of some of the novel ways individual contributors can make positive team-wide contributions. 

Automotive Software Architecture and Unreal Engine for HMI

Joe Andresen ('08)
Technical Product Manager - HMI
Epic Games

09/08/2021

In this talk I will cover general software architecture for human machine interfaces (HMI) in cars and how Unreal Engine not only fits into this architecture, but how it is bringing together teams and organizations within Car companies to build better UI/UX experiences.

Lessons from Tech Transfer at Microsoft Research

Christian Bird
Principal Researcher
Microsoft Research

09/15/2021

As a basic industrial research lab, Microsoft Research expects its members to both publish basic research and put it into practice.  Unfortunately, moving from a validated technique or model in a published paper to a state where that same technique is being used by and providing value to software development projects on a regular basis in a consistent and timely fashion is a time consuming, fraught, and difficult task. We have attempted to make this transition, which we call "Tech Transfer", many times in the empirical software engineering group (ESE) at Microsoft Research. Much like research in general, there have been both triumphs and setbacks, but each experience has provided valuable insight and informed our next effort. This talk shares our experiences from successes and failures and provides lessons and guidance that can be used by others trying to transfer their ideas into practice in both industrial and academic contexts.

How do we know if data science is “for good”?

Megan Price
Executive Director
Human Rights Data Analysis Group

09/22/2021

We interact with the outputs from quantitative models multiple times a day. As methods from statistics, machine learning, and artificial intelligence become more ubiquitous, so too do calls to ensure that these methods are used “for good” or at the very least, ethically. But how do we know if we are achieving “good”? This question will frame a presentation of case studies from the Human Rights Data Analysis Group (HRDAG), a Bay Area nonprofit that uses data science to analyze patterns of violence. Examples will include collaborations with US-based organizations investigating police misconduct and partnerships with international truth commissions and war crimes prosecutors. HRDAG projects will be used to illustrate challenges of real-world data, including incomplete and unrepresentative samples, and adversarial political and/or legal climates. The potential harm that can be done when inappropriately analyzing and interpreting incomplete and imperfect data will be especially highlighted, including questions such as: How can we develop approaches to help us identify the cases where analytical tools can do the most good, and avoid or mitigate the most harm? We propose starting with two simple questions: What is the cost of being wrong? And who bears that cost?

A Soft Introduction to Advanced Persistent Threats

Marco Ramilli
Founder & CEO
Yoroi, https://yoroi.company

09/29/2021

Cybersecurity became the 5th battlefield space in which many threat actors play. In this talk we will address some basic concepts about Advanced Persistent Threats (APT) with special focus on threats against the financial and energy sectors.

Detecting Phishing Messages

Rick Wash
Associate Professor
Michigan State University

10/06/2021

Phishing messages are communications, such as emails, where someone sends a message pretending to be something or someone they are not in order to get you to do something you normally wouldn’t be willing to do. Phishing is one of the leading methods of attack by cybercriminals and in information warfare, is commonly used to install ransomware, and was previously used to disrupt elections. Phishing is fundamentally a human problem, but it most commonly occurs when sending messages through computers. Humans and computers need to work together to detect when a message if phishing and to deal with it appropriately. I will describe how IT experts detect phishing emails, will compare that with how non-experts detect phishing, and discuss how this human work integrates with and complements the ways that computers detect phishing.

Deep Dive into Authentication and Authorization using OAuth and OpenID Connect

Catherine Meyer ('19)
.NET Software Engineer
Radiant Logic

10/13/2021

Authentication (AuthN) is ensuring a user is who one says he or she is. Authorization (AuthZ) is ensuring that a properly authenticated user is accessing only those resources he or she is allowed. But how do businesses ensure that users are being properly authenticated? Identity Providers (IdPs) are services that businesses rely on to securely store and manage users digital data.

These IdPs are responsible for implementing the proper mechanisms for authenticating and verifying users. But what procedures do these IdPs follow to ensure such measures? There are several protocols and frameworks used by IdPs such as SAML, OAuth (and subsequently OIDC), Kerberos, and WsFed. Today, however, more services are relying on OAuth and OIDC to securely and correctly authenticate users. In this talk, Catherine will discuss how an IdP works, introduce the most common types of authentication protocols, and provide an in-depth explanation of OAuth and OIDC.

Account compromise: notes from the trenches

Juan Lang
Tech Lead / Manager
Google

10/20/2021

Find out what tricks attackers use to compromise Google accounts, and what you can do to keep yourself safe online. That, and some stories from the field.

Tales from the Trenches: Deriving Production Requirements for Secure Computing Machines

Alric Althoff
Senior Hardware Security Engineer
Tortuga Logic

10/27/2021

Today we find ourselves on the cusp of a revolution in computer hardware security. Semiconductor companies are creating chips as fast as possible to meet increasing global demand using development approaches that effectively address functionality but leave security out in the cold.

We will present this problem, and solutions, through stories and history. These stories incorporate humor, adventure, and survival in the midst of the war-torn wilderness known as: The Semiconductor Production Pipeline. Few have returned to tell the tale.

This talk, rescued, smuggled out from behind enemy lines, and authenticated by titans of industry, presents hardware security from a perspective rarely discussed in academic circles: deriving engineering requirements from customer security needs.

Bias in Algorithms and the Misuse of Big Data Sets

Henry M. Walker
Professor Emeritus of Computer Science and Mathematics
Grinnell College

11/03/2021

The news abounds with stories about the uses of algorithms and Big Data.  In this reporting, successes are widely publicized.  However, discussion of bias and challenges is spotty at best.  In many settings, it seems that policies and practices may assume that computing algorithms will be unbiased and objective, and results are not challenged.

And yet, on March 23, the subtitle of a 2019 story in the Wall Street Journal proclaimed, "Data scientists and civil rights groups are raising the alarm about bias in algorithms that determine everything from who goes to jail to how much your insurance will cost".  Also, the subtitle of Cathy O'Neil's book, "Weapons of Math Destruction", highlights, "How Big Data increases inequality and threatens democracy."

This talk will review a range of issues and challenges in deployed computing systems and encourage all to consider the appropriate role of technology in the setting of both policies and practices.
 

Careful what you wish for - an irreverent look at the evolution of graphics APIs

Dave Shreiner
Low-level graphics team lead
Unity Technologies

11/10/2021

Technologists always search for better solutions to problems, and interfacing with GPUs is no exception.  In the almost four decades of commercially-available, hardware-accelerated computer graphics, there have been numerous APIs designed for the task.  This talk takes a look a how some of those interfaces have changed over time, and the impacts that their design has had in application performance, educational aspects, and engineer productivity.

Fall 2021 Short Presentations Of Student Research

11/17/2021

Short presentations of research carried out by Sonoma State Computer Science Students.

Advanced Software Design Project - CS 470 - Virtual Showcase

Ali Kooshesh
Professor, Computer Science Dept.
Sonoma State University

12/01/2021

Dr. Kooshesh will facilitate a virtual showcase of students’ advanced software design projects from CS 470 this semester.