{"id":358,"date":"2022-11-16T14:12:53","date_gmt":"2022-11-16T19:12:53","guid":{"rendered":"https:\/\/carleton.ca\/rads\/?post_type=cu_event&#038;p=358"},"modified":"2026-03-17T09:46:04","modified_gmt":"2026-03-17T13:46:04","slug":"rads-seminar-designing-secure-software-applying-security-controls-intelligently-and-ensuring-sound-security-metrics","status":"publish","type":"cu_event","link":"https:\/\/carleton.ca\/rads\/event\/rads-seminar-designing-secure-software-applying-security-controls-intelligently-and-ensuring-sound-security-metrics\/","title":{"rendered":"RADS Seminar: Designing Secure Software, Applying Security Controls Intelligently, and Ensuring Sound Security Metrics"},"content":{"rendered":"<header class=\"mb-6 cu-pageheader cu-component-updated md:mb-12\">\n    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] relative after:absolute after:h-px after:bottom-0 pb-5 after:w-10 after:bg-cu-red after:left-px\">\n        \n    <\/h1>\n    \n        <\/header>\n\n    \n    \n    \n    \n    <div class=\"cu-buttongroup cu-component-updated flex flex-wrap md:flex-1 gap-3 md:gap-5 justify-start\">\n                                                                        <\/div>\n    \n<p><a href=\"https:\/\/carleton.ca\/rads\/members\/\">George Yee<\/a> will be giving an online seminar titled \u201cDesigning Secure Software, Applying Security Controls Intelligently, and Ensuring Sound Security Metrics.\u201d<\/p>\n\n\n\n<p><strong>Seminar Abstract:<\/strong><\/p>\n\n\n\n<p>In this talk, I will give an overview of results from my three main areas of security research, namely, designing secure software, applying security controls intelligently, and ensuring sound security metrics.<\/p>\n\n\n\n<p>To design secure software, I propose methods for reducing the attack surface of a software system. The methods are applied to a data flow diagram of the system at an early stage in development. The attack surface is demonstrably reduced resulting in a more secure system. Security controls are often applied haphazardly, without considering their reliability, the priority of vulnerabilities, or a security control\u2019s effect on the overall security posture of the organization. I describe a model that links the reliability of the security controls to the overall security level of the organization. I then combine this model with a method to prioritize vulnerabilities, using this combination to apply security controls more intelligently. Finally, security metrics may be badly formulated resulting in false conclusions regarding security. I describe three conditions that a security metric must satisfy in order to be sound. The conditions may be used to test security metrics for soundness or to construct security metrics that are sound.<\/p>\n","protected":false},"author":2,"featured_media":0,"template":"","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"cu_event_type":[29,39],"cu_event_audience":[4],"class_list":["post-358","cu_event","type-cu_event","status-publish","hentry","cu_event_type-seminars","cu_event_type-seminars-2022","cu_event_audience-anyone"],"acf":{"cu_event_start_date":"2022-11-25T10:30:00","cu_event_end_date":"2022-11-25T11:30:00","cu_event_location_type":"in-person","cu_event_meeting_address_type":"on-campus","cu_building":false,"cu_event_meeting_room":"","cu_event_meeting_address_full":null,"cu_event_virtual_type":"tbd","cu_event_virtual_meeting_link":"","cu_post_thumbnail":false,"cu_event_cost":"","cu_event_registration":"","cu_event_secondary_button":"","cu_event_contact_name":"RADS Director","cu_event_email":"majumdar@sce.carleton.ca","cu_event_phone":""},"_links":{"self":[{"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event"}],"about":[{"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/types\/cu_event"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":3,"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event\/358\/revisions"}],"predecessor-version":[{"id":440,"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event\/358\/revisions\/440"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"cu_event_type","embeddable":true,"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event_type?post=358"},{"taxonomy":"cu_event_audience","embeddable":true,"href":"https:\/\/carleton.ca\/rads\/wp-json\/wp\/v2\/cu_event_audience?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}