Lessons from Tech Transfer at Microsoft Research
Christian Bird
Principal Researcher
Microsoft Research
09/15/2021
As a basic industrial research lab, Microsoft Research expects its members to both publish basic research and put it into practice. Unfortunately, moving from a validated technique or model in a published paper to a state where that same technique is being used by and providing value to software development projects on a regular basis in a consistent and timely fashion is a time consuming, fraught, and difficult task. We have attempted to make this transition, which we call "Tech Transfer", many times in the empirical software engineering group (ESE) at Microsoft Research. Much like research in general, there have been both triumphs and setbacks, but each experience has provided valuable insight and informed our next effort. This talk shares our experiences from successes and failures and provides lessons and guidance that can be used by others trying to transfer their ideas into practice in both industrial and academic contexts.
How do we know if data science is “for good”?
Megan Price
Executive Director
Human Rights Data Analysis Group
09/22/2021
We interact with the outputs from quantitative models multiple times a day. As methods from statistics, machine learning, and artificial intelligence become more ubiquitous, so too do calls to ensure that these methods are used “for good” or at the very least, ethically. But how do we know if we are achieving “good”? This question will frame a presentation of case studies from the Human Rights Data Analysis Group (HRDAG), a Bay Area nonprofit that uses data science to analyze patterns of violence. Examples will include collaborations with US-based organizations investigating police misconduct and partnerships with international truth commissions and war crimes prosecutors. HRDAG projects will be used to illustrate challenges of real-world data, including incomplete and unrepresentative samples, and adversarial political and/or legal climates. The potential harm that can be done when inappropriately analyzing and interpreting incomplete and imperfect data will be especially highlighted, including questions such as: How can we develop approaches to help us identify the cases where analytical tools can do the most good, and avoid or mitigate the most harm? We propose starting with two simple questions: What is the cost of being wrong? And who bears that cost?
A Soft Introduction to Advanced Persistent Threats
Marco Ramilli
Founder & CEO
Yoroi, https://yoroi.company
09/29/2021
Cybersecurity became the 5th battlefield space in which many threat actors play. In this talk we will address some basic concepts about Advanced Persistent Threats (APT) with special focus on threats against the financial and energy sectors.
Detecting Phishing Messages
Rick Wash
Associate Professor
Michigan State University
10/06/2021
Phishing messages are communications, such as emails, where someone sends a message pretending to be something or someone they are not in order to get you to do something you normally wouldn’t be willing to do. Phishing is one of the leading methods of attack by cybercriminals and in information warfare, is commonly used to install ransomware, and was previously used to disrupt elections. Phishing is fundamentally a human problem, but it most commonly occurs when sending messages through computers. Humans and computers need to work together to detect when a message if phishing and to deal with it appropriately. I will describe how IT experts detect phishing emails, will compare that with how non-experts detect phishing, and discuss how this human work integrates with and complements the ways that computers detect phishing.
Deep Dive into Authentication and Authorization using OAuth and OpenID Connect
Catherine Meyer ('19)
.NET Software Engineer
Radiant Logic
10/13/2021
Authentication (AuthN) is ensuring a user is who one says he or she is. Authorization (AuthZ) is ensuring that a properly authenticated user is accessing only those resources he or she is allowed. But how do businesses ensure that users are being properly authenticated? Identity Providers (IdPs) are services that businesses rely on to securely store and manage users digital data.
These IdPs are responsible for implementing the proper mechanisms for authenticating and verifying users. But what procedures do these IdPs follow to ensure such measures? There are several protocols and frameworks used by IdPs such as SAML, OAuth (and subsequently OIDC), Kerberos, and WsFed. Today, however, more services are relying on OAuth and OIDC to securely and correctly authenticate users. In this talk, Catherine will discuss how an IdP works, introduce the most common types of authentication protocols, and provide an in-depth explanation of OAuth and OIDC.