Julie Thorpe, PhD
Professor
IT Security
Faculty of Business and Information Technology
IT Security
Faculty of Business and Information Technology
Dr. Thorpe's current research focuses on the interaction between human factors and computer security.
Full biography
At a time when 3.6 billion people worldwide use the Internet each day for work, personal banking, online shopping, and a host of other scenarios, information security and privacy have never been more important. Yet, without rigorous security systems behind each of these platforms, users won’t embrace online technology and Internet trust begins to crumble. IT security expert Julie Thorpe, Ph.D., examines online security, the way people interact with devices, and how that influences security systems. Users are prone to making mistakes in online authentication and security systems which can lead to loss and breach of trust. An Associate Professor in the Faculty of Business and Information Technology, Dr. Thorpe aims to improve online security by designing systems that understand key functions of the human brain. With a myriad of online systems and services, users are required to select and remember a variety of character-specific passwords that don’t necessarily work well with human memory. Dr. Thorpe’s latest research focuses on the design and evaluation of stronger authentication systems that work with the users’ memory. Using a model that assumes most online users are working with a password manager, her research explores ways to help generate a secure password including the use of locations, password phrases and a set of policies to help create secure passwords. Highly specialized computer security programs brought Dr. Thorpe to Ontario Tech University as an Assistant Professor in 2010, and she has developed and taught courses in Malware and Software Security, IT Security Policies and Procedures, and Operating System Security. An advocate for learning beyond the classroom, she founded IT Security Reading Group to create a broad discussion of the latest IT security industry news and help students build critical thinking and communication skills. Dr. Thorpe is also a member of the ACM-W Women in Computing Chapter at Ontario Tech University and DC where she aims to raise the profile of female experts in her field. And as a founding member of the Information Forensics and Security Lab, she helped create an advanced space for hands-on learning. Dr. Thorpe completed her Bachelor of Computer Science with First Class Honours at the Faculty of Computer Science at Dalhousie University in Halifax; then gained six years of invaluable industry experience as a software systems analyst before earning her Doctorate of Philosophy in Computer Science from Ottawa’s Carleton University in 2008. Ontario Tech University's
Areas of expertise
Courses
- INFR 3610Operating System SecurityThis course discusses security solutions for two major Operating Systems: Windows and Unix/Linux. It will cover client/server operation, networking aspects from an OS perspective, as well as Internet services as provided through the OS. It covers comprehensive security operations and deployment information, along with security tools available on the web.
- INFR 4670UMalware and Software SecurityThis course provides a comprehensive study of malicious software (malware), its detection, and its prevention. It explores what vulnerabilities can be exploited by malware (and how), how to identify malware, reverse engineering and debugging, how anti-virus (and other security software) works to detect and remove malware, and how advanced malware tries to evade detection (e.g., obfuscation and encryption). Techniques for preventing and detecting vulnerabilities prior to software release are also covered (e.g., secure programming techniques).
- INFR 4680IT Security Policies and ProceduresThe objective of this course is to provide an understanding of the need for the multi-disciplinary involvement, an understanding of where this involvement fits into the policy development life cycle and a methodology that provides a means of implementing this development life cycle into an organization. The course discusses how the policy development process should be something that requires the involvement of key business decision makers of which information security is only one.
- MITS 5300GOperating System SecurityThis course introduces the main components of operating system security and addresses the IT professional interest in the design and operation of secure operating systems. This course covers various practices, standards, and technology from Linux and Windows operating systems. Operating systems fundamentals are covered to provide a basis for the remainder of the course. The laboratory part of this course puts a particular focus on the Windows and Unix/ Linux operating systems. It provides an overview of the security risk and management of the specified operating systems and preventive efforts to use the security features built within the systems and third-party applications. This course includes a series of hands-on technical exercises in Linux, SELinux and Windows.
- MITS 5600GSecurity Policies and Risk ManagementThis course concerns the role and importance of risk management and security policies. It describes how attackers exploit the interactions between computer systems and their environment in order to learn how to prevent, detect and respond to such attacks. It will also discuss broader business-related security issues such as business continuity, incident recovery and legal issues related to security policies and risk management. Current technologies to aid in implementing security policies and risk management plans will be discussed throughout the course.
Education
- 2008PhD - Philosophy (Computer Science)Carleton University, Ottawa, Ontario
- 2002BSc - Computer Science, First Class Honours (Co-op Option)Dalhousie University, Halifax, Nova Scotia
Media appearances
- The Deal Room online December 31, 1969Businesses slow to adopt even basic cyber security policiesWhile cyber security experts are growing hoarse from telling businesses to wake up and realize leaks and IT infrastructure compromises are bleeding them billions of dollars, the looming threat isn’t savvy new hacking techniques – it’s just plain laziness, according to Hewlett-Packard’s latest Cyber Risk Report.
- CBC Radio Yukon online December 31, 1969Password protectionTech columnist Dan Misener talks about Yahoo's new plan to protect your online profile, and why it won't fly.
- The Toronto Star print December 31, 1969Is there ‘love’ in your online passwords?People are putting a little too much “love” into their online passwords. At least that’s what a team of researchers from the University of Ontario Institute of Technology (UOIT) says. They analyzed 32 million leaked passwords from the now-defunct RockYou.com website. The project was led by UOIT graduate student Rafael Veras in collaboration with UOIT faculty Dr. Christopher Collins and Dr. Julie Thorpe. And their findings are, um, lovely.
- The New York Times Magazine December 31, 1969The Secret Life of PasswordsWe despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts.
- The Toronto Star print December 31, 1969Small business, big problemsThere has never been a more dangerous time to be online. In numbers far greater than the combined populations of the U.S. and Canada, our Internet identities are falling into the hands of hackers—over 552 million breached in 2013 alone. And in this era of cybercrime, small businesses stand to lose big.
- Durham Now tv December 31, 1969Weak passwordsThis segment discusses Dr. Thorpe's Password Semantics research (NDSS 2014) and Geo Pass research (SOUPS 2013) research.
- Durhamregion.com online December 31, 1969Ontario Tech University researchers crack down on password security in wake of HeartbleedIn the wake of an online bug that prompted a number of websites, including the Canada Revenue Agency’s tax filing system, to shut down, Ontario Tech University researchers are discussing personal password security and ways to make them stronger. Dr. Julie Thorpe, assistant professor of IT security at Ontario Tech University, said while high-impact vulnerabilities such as the latest online bug, Heartbleed, are somewhat rare, it highlights the need for education regarding online security.
- The Globe and Mail print December 31, 1969Data breaches: It’s more expensive to react than preventOn April 11, the Investment Industry Regulatory Organization of Canada (IIROC) announced the loss of a mobile device – reportedly a laptop – containing the personal financial information of about 52,000 brokerage firm clients.
Presentations
- Toronto, Ontario December 31, 1969The Presentation Effect on Graphical PasswordsThe ACM CHI Conference on Human Factors in Computing Systems
- Northumbria University, Newcastle, United Kingdom December 31, 1969Usability and Security Evaluation of GeoPass: a Geographic Location-Password SchemeThe 9th Symposium on Usable Privacy and Security
- Bertinoro, Italy December 31, 1969Video Passwords: Advertising While AuthenticatingThe New Security Paradigms Workshop
Affiliations
- UOIT IT Security Reading Group
- ACM-W Women in Computing Chapter at UOIT and DC