Fujitsu Labs of America Technology Symposium 2008 Full Circle of Trust: Technology, Economics, and Social Implications of Trust and Security June 18, 2008, Fujitsu Silicon Valley Campus, Sunnyvale, CA

Speaker Bio Mr. Hitoshi Matsumoto, President & CEO, Fujitsu Laboratories of America

Welcome and Opening Remarks Hitoshi Matsumoto is President & CEO at Fujitsu Laboratories of America and is responsible for advanced IT research activities for Fujitsu as well as strategic alliances and business development in the U.S. Previously, Hitoshi directed various R&D projects, including artificial intelligence, human interface, multimedia systems and Internet services at Fujitsu Laboratories Ltd and Fujitsu Limited (Japan).

Mr. Wyatt Starnes, CEO, SignaCert & NIST Board

Keynote: “IT in Transition: The Positive Trust Model and Whitelists” Wyatt Starnes has spent more than 30 years in high technology, with eight different startups. He is the Founder and Chief Executive Officer of SignaCert, Inc., a software company focusing on integrity verification for commercial and government enterprises. In addition, he is the Cofounder of RAINS (Regional Alliances for Infrastructure and Network Security), a nonprofit public/private alliance formed to accelerate development, deployment and adoption of innovative technology for homeland security.

Prior to SignaCert, he was the Founder, President and CEO of Tripwire, Inc, the world's leading provider of change auditing software. Starnes has also held executive and director positions for Infinite Pictures, Eclipse Technologies, Trisys, Megatest, Data General Corporation, Monolithic Memories and Maruman Integrated Circuits.

Mr. Starnes is a former member of the National Institute of Standards and Technology (NIST), Visiting Committee on Advanced Technologies (VCAT) and a member of the Oregon Executive Council of the American Electronics Association (AeA). He also sits on the board of Comprehensive Intelligence Technology Training Corporation (CINTT) of Annapolis, Maryland and the Advisory Board of Applied Identity, San Francisco, California.

Mr. Taher Elgamal, CTO, Tumbleweed Communications

Keynote: “Trusting Systems with Non-trusted Components” Dr. Elgamal is a leading expert in computer, network and information security. Also, recognized in the industry as the "inventor of SSL," Dr. Elgamal led the SSL efforts at Netscape and throughout the industry. He also wrote the SSL patent and promoted SSL as the Internet Security standard within standard committees and the industry. Dr. Elgamal invented several industry and government standards in data security and digital signatures area, including the DSS government standard for digital signatures. Several thousand publications have been written in the space referred to as "the ElGamal ." He developed the basic work that has been adopted by about ten companies for commercial products and for several IEEE and ISO standards. This work has also been adapted for the DSS government standard for digital signatures and is the basis for the Elliptic Curve encryption methods recently introduced in the industry. Dr. Elgamal has public company board experience with RSA Security, hi/fn, Phoenix Technology and Tumbleweed. He holds a Ph.D. and M.S. in Computer Science from and a B.S. in Computer Science from . Speaker Bio

Dr. Hugh Thompson, Chief Security Strategist, People Security

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Dr. Herbert H. Thompson is chief security strategist at People Security (www.peoplesecurity.com) and a world-renowned expert in application security. He has co- authored five books on the topic, including How to Break Software Security: Effective Techniques for Security Testing (with Dr. James Whittaker, Addison-Wesley, 2003), and the upcoming Protecting the Business: Software Security Compliance (to be published by John Wiley & Sons, 2008). In 2006, he was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine.

Dr. Thompson has written more than 60 academic and industrial articles and has delivered award-winning presentations and keynotes on software security throughout the world at conferences such as STAR, SD, RSA and Gartner. Email him at [email protected]

Dr. Dan Wallach, Associate Professor, Rice University

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Dan Wallach is an associate professor in the Department of Computer Science at Rice University in Houston, Texas and is the associate director of NSF's ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). His research involves and the issues of building secure and robust software systems for the Internet. He has testified about voting security issues before government bodies in the U.S., Mexico, and the European Union, has served as an expert witness in a number of voting technology lawsuits, and recently participated in California's "top-to-bottom" audit of its voting systems.

Mr. Ryu Masuoka, Group Lead, TSIG, FLA

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Dr. Ryusuke Masuoka is the director of Trusted Systems Innovation Group at Fujitsu Laboratories of America, Inc. at College Park, Maryland, USA. He is also an adjunct professor of UMIAC, University of Maryland, USA. Since joining Fujitsu Laboratories Ltd. in 1988, he has conducted research into neural networks, simulated annealing, and agent systems. Results from all of those research areas have lead to products from Fujitsu. After moving to Fujitsu Laboratories of America, Inc. in March of 2001, he has engaged in researches on pervasive/ubiquitous computing, Semantic Web, and bioinformatics, from which Task Computing resulted. Now he has extended his research into Trusted Computing, Software/Security Validation, and System Level Design.

Dr. Markus Jakobsson, Principal Scientist, PARC

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Markus Jakobsson, Ph.D. is currently principal scientist at Palo Alto Research Center, and CTO of RavenWhite, Inc. He has previously held positions as associate professor at Indiana University, principal research scientist at RSA Laboratories, adjunct associate professor at New York University, and member of the technical staff at Bell Laboratories. He studies technical and social factors of security, and has spear-headed the study of online fraud and its countermeasures. Markus has coauthored more than a hundred peer-reviewed articles, is a co-inventor of more than fifty patents and patents pending, and is an editor of "Phishing and Countermeasures" (Wiley, 2006) and "Crimeware" (Symantec Press, 2008). He received his Ph.D. in computer science from University of California at San Diego in 1997. Speaker Bio

Dr. Ton Kalker, Distinguished Technologist, HP

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Ton Kalker is a Distinguished Technologist at Hewlett-Packard Laboratories, Palo Alto, CA.

He received the Ph.D. degree in mathematics from the Rijksuniversiteit Leiden, The Netherlands, in 1986. From 1986 to 2004 he was with Philips Research, Eindhoven, The Netherlands, working on formal verification of VLSI design (1986 - 1991), video and image coding (1992 - 1995), watermarking (1996 -2000) and robust hashing (2001 - 2004). In 1994 he was a visitor scholar at the University of California Berkeley. From 1999 to 2005 he was part-time faculty at the University of Eindhoven, teaching 'signal processing for data protection'. He was elected Fellow of IEEE in 2001 for his contributions to practical applications of watermarking. In 2004 he joined Hewlett-Packard Laboratories as a Distinguished Technologist, focusing on multimedia processing, multimedia security, interoperability of DRM system in particular. His interests include signal and image processing, biometrics, watermarking, robust hashing, cryptography, fingerprinting and tracing, processing in encrypted domains, and Digital Rights Management.

He was instrumental in the creation of the Content Identification business unit of Philips Electronics, successful in commercializing watermarking and other identification technologies. He is currently one of the lead architects of the Coral consortium on DRM interoperability.

Ton Kalker is an active member of academic community, in particular IEEE Signal Processing, IEEE Information Theory, SPIE Electronic Imaging and AES. He has served on multiple Ph.D. thesis committees, and he is a frequently invited speaker at conferences and panels on issues of multimedia security. He serves on multiple conference program committees, and has been co-chair of the International Workshop on Digital Watermarking (IWDW). He has been associate editor of IEEE T-MM, and is reviewer for T-SP, T-IP, T-MM and T-IT. He has been a member of the IMDSP TC and chair of the IFS TC. He has (co- )authored more than 180 journal and conference submissions, as well as 30 patents and 39 patent applications.

Ton Kalker is one of the co-founders of the IEEE Transactions on Information Forensics, for which he currently serves as an associate editor. He served as the first Chair of the IEEE Technical Committee of Information Forensics and Security. He is on the scientific advisory board of the European projects ECRYPT and SPEED. Mr. Patrick Wheeler, Senior Manager, Endpoint Compliance, Symantec Corporation

Panel Session: “Realizing a Circle of Trust and Security: A Technology Perspective” Patrick Wheeler is senior manager for Endpoint Compliance solutions at Symantec, where he leverages more than eights years of product management and software development experience. In his current role, Wheeler drives the development and delivery of the company’s market-leading Endpoint Security solutions. He also works closely with enterprise customers to understand and address their security challenges.

Before joining Symantec’s Endpoint Security business unit, Wheeler served as a product manager at Symantec, Qualys, and Internet Security Systems (ISS), where he has worked with solutions addressing the range of enterprise security challenges, from network intrusion prevention to vulnerability assessment to enterprise-level security data management.

Wheeler speaks on Network Access control and endpoint security topics. Wheeler holds a BA from Rutgers University as well as a PhD from Emory University. Speaker Bio

Mr. Scott Rotondo, President, Trusted Computing Group (need confirmation)

Keynote: "Overview of the Trusted Computing Group: Open Standards for Trusted Computing" Scott Rotondo is a Security Architect for the Solaris operating system at Sun Microsystems. He also serves as President of the Trusted Computing Group (TCG), an industry consortium that defines open standards for hardware-enabled trusted computing. In addition to work on other security features, Scott leads Sun's development effort to support TCG technologies in Solaris.

Scott has over 20 years of technical and management experience in UNIX operating system development. For more than a decade, his focus has been on security issues and features in the operating system.

Mr. Dazza J. Greenwood, JD Principal, Civics.Com Consultancy

Panel Session: "Ground Truth of Trust and Security: Customer Perspective" Daniel “Dazza” Greenwood is principal of the research and development effort to create a new, massively scalable platform to support dialog online, hosted at CIVICS.com. As a lecturer at the MIT Media Lab, Dazza focused teaching and research at the intersection of public policy, information technology and innovation. A lecturer at MIT since 1997, Mr. Greenwood has led projects for national and state governments as well as fortune 500 private sponsors of research in the MIT E-Commerce Architecture Program, which he founded and directs. As an attorney, prior to joining MIT, Mr. Greenwood served as in-house and outside counsel for information technology issues for the government of Massachusetts. Mr. Greenwood founded and directs the information technology consultancy CIVICS.com, providing strategic and policy solutions for public and private sector organizations and he serves on the boards of directors of various non- profit, standards and trade associations dedicated to information society issues.

Mark Seiden, Yahoo Paranoids

Panel Session: "Ground Truth of Trust and Security: Customer Perspective" Mark Seiden, a programmer since the '60s, has worked since 1983 in areas of security, network, and software engineering for companies worldwide. As a Yahoo Paranoid and as a consultant, recent projects have included design, architecture, and implementation for ebusiness systems, security for online financial transaction processing and for a distributed document processing system, testimony as an expert in computer crime cases, and testing of network, procedural, and physical security in diverse deployed systems, enterprises, and co-location facilities.

Time Digital named him one of the 50 "CyberElite" in their first annual list, and he's been involved with four National Academy of Sciences studies on some trippy subjects. Mark was the first registant of the domain food.com. He's been played by an actor in a rather bad movie. His Erdos number is 4. Speaker Bio

Dr. Rachna Dhamija, CEO, Usable Security Sytems

Panel Session: "Ground Truth of Trust and Security: Customer Perspective" Dr. Rachna Dhamija is Co-founder and CEO of Usable Security Systems. Previously, Dhamija was a Postdoctoral Fellow at the Harvard Center for Research on Computation and Society. She received a Ph.D. from U.C. Berkeley, where her research focused usable security, authentication, anti-phishing and identity theft protection. She is the author of numerous books and peer-reviewed publications on these topics, and her work has been featured in the New York Times, the Wall Street Journal, the Economist and CNN.

Mr. Carlos Solari, VP, Alcatel-Lucent, Formerly CIO, Executive Office of the President, The White House

Panel Session: "Ground Truth of Trust and Security: Customer Perspective" Carlos Solari joined Alcatel-Lucent as Bell Labs Security Solutions Vice President in April 2006 recently transitioning to lead in the same capacity from the CTO Organization. In this role, Carlos leads a team defining and implementing the security strategy positioning Alcatel- Lucent as the vendor of choice for secure, reliable networks, services and applications.

Prior to joining Alcatel-Lucent, Carlos served as President of Solari Innovations, Inc., providing consulting services in the area of security strategies, IT architecture development and IT best practices. Carlos brings extensive experience in the field of information systems security as applied in the areas of homeland security, law enforcement, public safety and defense; with over 25 years in various government and private industry positions, including 13 years as an officer in the U.S. Army and more than 6 years as a senior executive with the Federal Bureau of Investigation. From 2002 to 2005 he served as Chief Information Officer for the Executive Office of the President - the White House. He was responsible for the implementation of a complete computing modernization for the White House and its supporting offices with IT security a central part of the work.

He is a graduate of Washington and Lee University in Lexington, Virginia with a BS in Biology (1979), and the Naval Postgraduate School in Monterey, California; MS in Systems Technologies (1990).

Mr. Lars Ewe, CTO, Cenzic

Panel Session: "Ground Truth of Trust and Security: Customer Perspective" Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management, and pre-sales in a variety of different markets. Prior to Cenzic, Lars was development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars was also AMD's representative to the board of directors of the Distributed Management Task Force (www.dmtf.org). Before AMD, Lars was senior director at Borland Software Corp. Prior to Borland he held key positions at Oracle Corporation's Server Technologies Division and Webgain.

Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany . Speaker Bio

Mr. Ross Bagully, Advisor to FLA

Panel Session: Business for Trust and Security: Where is the Money? Ross Bagully is an experienced business professional, with a history of senior management responsibility in both large corporate and entrepreneurial companies.

He served as CEO of US West Enterprises, a $100 Million subsidiary of the then Regional Operating Company. Additionally, he did extensive international business development and partner building while at US West. Afterwards he managed the Western US for the telecommunications division of Computer Science Company, then all of Latin America, and finally served as Managing Director - Asia Pacific for CSC. During these responsibilities he rapidly grew CSC’s presence in these new territories, creating large and profitable growth for the company. He then founded and led several early stage internet companies, the last being Tribal Voice which was a CMGi subsidiary. When the Nasdaq experienced the correction of 2000 Tribal Voice was consolidated with other CMGi companies, and he opted to pursue independent consulting and advisory work, which continues to this day. Currently he works with different high (and some low) tech companies in advisory and a management consulting capacity.

Ross is a graduate of the US Naval Academy, and has received an MBA from Harvard Business School.

Mr. Bart Schachter, Managing Director, Blueprint Ventures

Panel Session: Business for Trust and Security: Where is the Money? Bart Schachter is a Managing Director of Blueprint Ventures. Bart brings 18 years of entrepreneurial, venture, and industry operating experience in communication semiconductors, wireless, and infrastructure software. He has backed and served on the boards of over 20 emerging technology companies including Covad, Copper Mountain, Media4 (EchoStar), NorthPoint, AccessLan (AFC), IteX, GlobeSpanVirata (Conexant), and Broadband Access Systems (ADC).

Bart’s current investment focus includes wireless technologies, nanoelectronics, and Corporate IP Spinouts.

Mr. Jeb Miller, Principal, The Carlyle Group

Panel Session: Business for Trust and Security: Where is the Money? Jeb Miller has been in the venture capital industry for the past seven years and is currently a Principal with The Carlyle Group focused on U.S. venture and growth capital investments.

Prior to joining Carlyle, Mr. Miller spent three years as a Partner with ComVentures, an early stage venture capital firm, where he focused on the software, data center and mobile applications sectors. Previously, Mr. Miller was a Principal with Worldview Technology Partners, where he focused on investments in the software, security and data center sectors. Mr. Miller began his venture capital career with Morgan Stanley Technology Ventures, a corporate venture effort he co-founded. Mr. Miller was previously Director of Business Development for Scient, a pioneering Internet consulting firm, and began his career with Morgan Stanley's technology investment banking groups in New York, Boston and Menlo Park.

Mr. Miller currently serves on the boards of ComVentures portfolio companies Ad Infuse, Innotas and Pano Logic. Mr. Miller is also a venture capital consultant to the U.S. Department of Defense's DeVenCI (Defense Venture Catalyst Initiative) program.

Mr. Miller holds an A.B. in economics form Harvard College where he graduated summa cum laude. Speaker Bio

Mr. Ariel Gorfung, Co-Founder, CEO, Neocleus

Panel Session: Business for Trust and Security: Where is the Money? Mr. Ariel Gorfung: Co-Founder, President and Chief Executive Officer, Neocleus Mr. Gorfung is responsible for executing the company’s strategic vision. He brings over 18 years of successful entrepreneurship and technology industry leadership experience to the role, having most recently served as the Chief Executive Officer of Intuwave Ltd., a UK based company providing connectivity middleware to the Symbian mobile operating system. Prior to Intuwave, Ariel co-founded e-Sponsor (Acquired by Intuwave Ltd. Oct, 2000), held executive positions at Magic Software Enterprises (Nasdaq; MGIC) and established Optibase Inc. (Nasdaq:OBAS).

Website: www.neocleus.com

Mr. David Maher, CTO, Intertrust

Panel Session: Business for Trust and Security: Where is the Money? David Maher is the EVP and CTO at Intertrust. He is also President of Seacert Corporation, a company that specializes in trust management services for the consumer electronics and content distribution industries, and he is Co-President of the Marlin Trust Management Organization, an LLC that provides the trust management infrastructure for adopters of the Marlin DRM standard.

Before joining Intertrust, he was Chief Scientist for AT&T Secure Communications Systems, Head of the Secure Systems Research Department, and security architect for AT&T's Internet services platform. After joining Bell Labs in 1981, Maher developed secure communications, information vending, and e-commerce systems. He was Chief Architect for secure voice, data, and video products used by the White House and Department of Defense for top-secret communications.

Dr. Matt Blaze, Associate Professor, University of Pennsylvania

Keynote: “Dynamic Trust Management and Network Security” Matt Blaze is a researcher in the areas of secure systems, cryptography, and trust management. He is currently an Associate Professor of Computer and Information Science at the University of Pennsylvania; he received his PhD in Computer Science from Princeton University.

In 1992, while working for AT&T, Blaze implemented a strong cryptographic package known as "CFS", the Cryptographic File System, for Unix. CFS uses NFS as its transport mechanism, allowing users to encrypt selected directory hierarchies, but mount them unencrypted after providing the key. In November, 1993, he presented a paper on this project, "A Cryptographic File System for Unix", at the 1st ACM Conference on Computer and Communications Security. Blaze also published a paper "Key Management in an Encrypting File System", in the Proceedings USENIX Summer 1994 Technical Conference. At his request, AT&T released this software into the public domain and Blaze continued to expand and generalize it through 1997. It is still alive today as a downloadable package[1] in the latest Linux Ubuntu release.

In 1993, Blaze published (with John Ioannidis) a paper presenting a protocol ("swIPe") that was to be one of the forerunners of IPsec. In 1994, he found a means to circumvent the wiretapping mechanisms of the Clipper chip, contributing to the death of this government-sponsored initiative. In 2003, he independently rediscovered a serious vulnerability in "master key" security in physical locks that was an open secret among locksmiths; his decision to disclose it publicly provoked controversy.

Blaze coined the term trust management to refer to the policy system which decides whether a particular entity should be permitted to carry out a particular action, and has provided foundation research in this area.