2001 Conferences

9th CACR Information Security Workshop
Software Security, Is It an Oxymoron?

November 29, 2001 8:30 am - 4:30 pm
Crowne Plaza Hotel, Ottawa, Ontario, Canada

Software Security, Is It an Oxymoron?

Building secure Internet enabled applications for both wired and wireless environments requires that one understands both organic and external risks. Avoiding organic risks requires more than just beginning with secure implementations of the base security algorithms, such as DES, RC4, RSA and ECC. It requires that from the start one designs security in the application and during the product development process one continuously tests the implementation against the established risk models. Avoiding external risks also requires more than just a proper implementation of firewalls and anti-virus products. It requires understanding the types of attack methodology used by developers of worms and viruses.

This 9th CACR Information Security Workshop features two prominent researchers, authors and presenters, Dr. Gary McGraw and Dr. Avi Rubin. Dr. McGraw will open the workshop with a morning tutorial on "Building Secure Software" using materials from his latest book of the same title released by Addison-Wesley in September, 2001. Dr. Rubin will provide an informative afternoon tutorial on "Security on the Internet and in Wireless Networks" also using materials from his latest book, titled "White-Hat Security Arsenal" (Addison Wesley, 2001). The workshop will conclude with a panel discussion on the topic of "Secure Software Implementations for Wired and Wireless Applications" hosted by Dr. Scott Vanstone. Panelist will include Dr. McGraw; Dr. Rubin; Carlisle Adams, Entrust; Stanley Chow, Cloakware; and Robert Gallant, Arcamatrix. Attendees who are present at the close of the workshop will be eligible to participate in a drawing for copies of "Building Secure Software" and "White-Hat Security Arsenal".

The series of Information Security Workshops is organized by the University of Waterloo's CACR (Centre for Applied Cryptographic Research) and has been established to provide a highly focused and content-full program covering topics of interest to the sponsors' customers, potential customers and employees. The targeted attendee is an individual with a solid background in information security, with two plus years of experience in developing or deploying information security solutions for electronic commerce or other applications. This individual understands some of the issues and challenges (short-term and long-term) in this area and attends the workshop in order to gain exposure to different approaches (including specific vendor's approaches) or technology and understand the availability of such, thereby expanding the "tools" in his or her respective tool box.

This workshop is the 9th in the series. Agendas and presentations from previous workshops can be found here.


  • Alcatel Canada
  • Certicom Corp.
  • Communications Security Establishment, Canadian Federal Government
  • Pitney Bowes

  • Alfred Menezes
    Centre for Applied Cryptographic Research (CACR)
    University of Waterloo
  • Sherry Shannon
    Centre for Applied Cryptographic Research (CACR)
    and SVI Consulting Ltd.


  • Carlisle Adams, Entrust
  • Stanley Chow, Cloakware
  • Robert Gallant, Arcamatrix
  • Scott Vanstone, University of Waterloo


November 29, 2001 (Thursday)
Crowne Plaza, Ballroom A, Lower Level
  • 8:30 - 9:15
    • Registration/American Breakfast
  • 9:15 - 9:30
    • Welcome, introductions and logistics
  • 9:30 - 12:00
    • "Building Secure Software," Dr. Gary McGraw
  • 12:00 - 1:00
    • Lunch provided at the Crowne Plaza Panorama Room, Penthouse Level
  • 1:00 - 2:30
    • "Security on the Internet and in Wireless Networks," Dr. Avi Rubin
  • 2:30 - 3:00
    • Break
  • 3:00 - 4:00
    • Panel, "Secure Software Implementations for Wired and Wireless Applications," moderated by Dr. Scott Vanstone
  • 4:00 - 4:30
    • Wrap Up and Book Give Away

There is no registration fee for guests invited by the sponsors (Alcatel, Certicom, CSE, MITACS, and Pitney Bowes). The registration fee for other participants is as follows:
  • CAD $300 (USD $200).
  • For participants affiliated with an academic institution: CAD $150 (USD $100).
Please register as soon as possible as space is limited for this workshop; registration is on a first-come first-serve basis. Registration fees will include admission to all presentations, full American breadfast, lunch, and handouts.

To register, complete, in full, the attached REGISTRATION FORM and return it along with your payment (if applicable) to:
Mrs. Frances Hannigan,
C&O Dept., University of Waterloo,
Waterloo, Ontario, Canada N2L 3G1.
You may also register by email (fhannigan@math.uwaterloo.ca) or by phone (Frances Hannigan: 519-888-4027).

------------------------cut from here---------------------------------


Full name:





E-Mail Address:

Telephone #:

** Are you a vegetarian?   [  ] Yes      [  ] No

** Please let us know if you have any specific food allergies
**Invited by Sponsor 
  [  ] Sponsor:_______________________
  No Registration Fee required

**Make Cheque/Money Order Payable in
   CAD or USD funds only to: CACR

**Credit Card Payments:

   [  ] Visa                  [  ] MasterCard

   Cardholder's Name: ___________________________________

   Card Number: _________________________________________

   Expiration Date: _____________________________________

   Signature: ___________________________________________

-------------------------cut from here-------------------------------


The workshop will be held at the Crowne Plaza Hotel Ottawa, 101 Lyon St, Ottawa, ON K1R 5T9

A block of hotel rooms (under the name Security Workshop/University of Waterloo) has been set aside for Wednesday, November 28 at the Crowne Plaza at the rate of $149.00 CDN plus tax until NOVEMBER 6, 2001. Please make your reservations directly with the hotel by calling 1-800-2CROWNE or 613-237-3600 ext 6200. All reservations must be guaranteed and accompanied by a first night room deposit or guaranteed with a major credit card. Individual cancellations not made by 6:00 pm the day prior to arrival will result in a charge of one night's room and tax to the guest's credit card. No-shows will be charged. Please take a moment and take a tour of the Crowne Plaza Ottawa.


The Ottawa International Airport is a twenty-minute drive south of the city and the Crowne Plaza. An airport bus run by Carleton Bus Lines links the airport to various downtown hotels and leaves every half-hour at a cost of $9. Also please check out www.ottawaairportshuttle.ca. This shuttle leaves the airport every :05 and 0:35 until the last flight arrives. Cost is $11 per person one way, and $18 per person return. A taxi from the airport to the Crowne Plaza will cost about $20 one way.

For further information please contact:
Ms. Frances Hannigan
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: fhannigan@math.uwaterloo.ca
Fax: (519) 725-5441
Phone: (519) 888-4027

Back to CACR home page