|
|
LecturesWe are very happy to confirm the participation of the following keynote speakers: Pr Vasileios Mavroeidis, Professor at University of Oslo (Norway) Title: Cyber Threat Intelligence Abstract: Cyber Threat Intelligence (CTI) is actionable knowledge about threats and their operations. In practice, CTI increases threat situational awareness for anticipatory threat reduction and helps mitigate potential attacks and harmful events occurring in cyberspace. This talk gives an introduction to CTI, including its different types and the processes involved with collecting, enriching, analyzing, sharing, and acting on CTI. A challenge in current CTI is that sharing, consuming, and analyzing CTI between organizations is restricted by different representation schemas and heterogeneous data silos. The talk, therefore, also covers common frameworks and standards for representing and sharing CTI. Bio: Vasileios Mavroeidis is a Professor of Cybersecurity at University of Oslo and a board member of the esteemed standards development organization OASIS Open. His research focuses on security automation and threat-informed and collaborative defense, including cyber threat intelligence representation, reasoning, and exchange. Vasileios has published numerous scientific papers contributing to the body of knowledge and has been involved in Norwegian and European research and innovation cybersecurity actions supporting critical infrastructure operators and authorities responsible for cybersecurity. He is a member of the ENISA ad hoc working groups on Cyber Threat Landscapes and Security Operations Centres, and he has assisted the agency as a rapporteur, performing desk research, analysis, and advisory tasks pertinent to standardization. Additionally, Vasileios participates in the EU's Stakeholder Cybersecurity Certification Group, which was established to advise on strategic cybersecurity certification issues. Other involvements include contributing to standardization works and co-chairing the FIRST Automation special interest group and the OASIS Open Threat Actor Context and CACAO standardization committees. In 2022, OASIS Open awarded Vasileios the distinguished contributor designation for his contributions to cybersecurity standardization and open-source projects.
Dr Matthew SORELL, Senior Lecturer at University of Adelaide (Australia)
Title: Introduction to mobile phone forensic science - SLIDES Abstract: What can we tell about what you do, where you go, how you behave, what you think, how you move… when you carry a mobile phone? In this presentation we’ll take a look inside mobile phone records including network logs, phone databases and other files, and take a deep look at Apple Health Data. We will discuss how mobile phone evidence is presented in the Court Room and the role of an expert in the Court. And you’ll have the opportunity to find new and interesting insights in a Health Data Capture-The-Flag exercise. Bio: Dr Matthew Sorell is principal consultant and Chief Technology Officer at Digital Forensic Sciences Australia Pty Ltd. He has been a member of academic staff at the University of Adelaide, leading teaching and research in telecommunications and multimedia systems and digital forensic science since 2002. Previously, he was senior engineer and business development manager at the Centre for Telecommunications Information Networking. He is currently adjunct professor of digital forensic science at the Tallinn University of Technology, Estonia, and serves as Honorary Consul of Estonia in South Australia. Dr Sorell brings 25 years of telecommunications industry and digital forensic science experience as a consultant, researcher and educator.
Dr. , Associate Professor at Universidad Politécnica de Madrid (Spain) Title: Challenges and Opportunities in Mobile Security - SLIDES Abstract: Mobile devices are now an integral part of our lives. As with many other digital technologies, the widespread usage of mobile devices introduces a series of risks that can affect their users in a variety of ways. This talk will provide an overview of the current status of the Mobile security ecosystem. The talk will first review the most prominent security issues in the mobile ecosystem. These will include fighting against cybercrime and malware and the secure development of applications, among others. Based on these issues we will also present some of the challenges that security researchers face today and some initial results on how to overcome them. Bio: Dr Blasco obtained his PhD from Carlos III University in 2012. In July 2014, he moved to City, University of London, where he focused on investigating mobile malware and devising new machine learning methods to identify advanced malware samples. In September 2016, Dr Blasco moved to the Information Security Group (ISG) at Royal Holloway, University of London. In 2018, Jorge Blasco founded the System And Software Security Lab (S3Lab) which included two other members of staff and, overall, supervises the dissertations of 10 PhD students. The S3Lab was founded to consolidate the research addressed by Dr Blasco in the area of software and system security for smartphones and expand these into new platforms. Overall, Dr Blasco has been able to secure up to £500K on competitive grants and has published more than 40 research papers in prestigious international conferences and journals on cyber security. In August 2022, Dr Blasco moved to Universidad Politécnica de Madrid as an Associate Professor (Profesor Titular) where he is now building a new research group in software security and malware.
Pr. Christophe ROSENBERGER, Full professor at ENSICAEN (France) Title: Foundations and Trends in Biometrics - SLIDES Abstract:Biometrics is now a standard method of user authentication. In this talk, we present the main components of biometric systems and their evaluation. We detail all the main trends to be taken into account in the future, including their robustness against attacks, privacy considerations and their ability to treat every human equally (inclusion). Bio: Christophe Rosenberger obtained his PhD in Information Technology from the University of Rennes 1 in 1999. In 2007, he joined the ENSICAEN school of engineering in Caen as full professor. He is actually director of the GREYC research lab composed of 180 members. He belongs to the SAFE (Security, Architecture, Forensics, biomEtrics) research group in the GREYC research lab. His current work focuses in the domain of cybersecurity, in particular research activities in biometrics (keystroke dynamics, soft biometrics, evaluation of biometric systems, fingerprint quality assessment...). He has authored or co-authored over 200 publications among 16 book chapters, 44 international journals and 5 patents (5 WO, 5 EP, 5 FR, 2 US, 1 PT).
Pr. Pierangela SAMARATI, Professor at University of Milan (Italy) Title: Privacy in data publication and release - SLIDES Abstract:Today's society places great demand on dissemination and sharing of personal information. Information about us is collected every day, as we join associations or groups, shop for groceries, or execute most of our common daily activities. Pervasive and ubiquitous services allow us to enjoy the convenience of access whenever and wherever we are, but often increase the amount of information about us that is released. In addition, organizations, as well as end users are more and more resorting to external parties for storing and manage their data and resources. Such scenarios has brought to growing privacy concerns. In this talk, I will illustrate different aspects related to the problem of protecting privacy in such emerging scenarios, where sensitive information may be directly or indirectly put at risk of improper disclosure. Bio:Pierangela Samarati is a Professor at the Department of Computer Science of the Università degli Studi di Milano, Italy. Her main research interests are on data and applications security and privacy, especially in emerging scenarios. She has participated in several EU-funded projects involving different aspects of information protection, also serving as project coordinator. She has published more than 290 peer-reviewed articles in international journals, conference proceedings, and book chapters. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems of George Mason University, VA (USA). She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the ERCIM Security and Trust Management Working Group (STM), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is a member of several steering committees. She is IEEE Fellow (2012), ACM Fellow (2021), IFIP Fellow (2021). She has received the ESORICS Outstanding Research Award (2018), the IEEE Computer Society Technical Achievement Award (2016), and the IFIP WG 11.3 Outstanding Research Award (2012).
Per THORSHEIM, Security evangelist (Norway) Title: Passwords, pins & digital authentication - Past, Present and Future? - SLIDES Abstract: Back in 1999-2000 I got my first fingerprint reader for Microsoft Windows. In 2004 Bill Gates predicted the death of passwords in the very near future. In 2018 I made a bet with the FIDO product manager at Google if passwords or WebAuthn would still exist in 10 years. «Passwordless» authentication is often protected with a 4-digit pin, which is a very weak password. In this lecture I will go through the past & present status of our use of passwords & pins, including many of the common misconceptions, present standards and a lot of challenges that remain unsolved. Furthermore I will put all of this into an extended context of digital authentication that includes «passwordless», use of biometrics and more. Last but not least: how a presentation from Christophe Rosenberger at PasswordsCon in 2012 about behavioral keystroke dynamics presented a challenge to me, which took me almost 10 years to «crack». Bio: Per Thorsheim is the founder & organizer of PasswordsCon, the first & only conference dediated to passwords, pins and digital authentication. First held in 2010 based on an initiative from the university in Bergen, Norway, the conference is held 1-2 times per year in Las Vegas and somewhere in Europe. With an obsession for this topic since working as a pentester for PWC back in 1998-2001, Per says there is no other computer security challenge that affects more people more frequently on a global basis. Per has held positions such as pentester, auditor, consultant, CISO and more with a variety of private companies. He is currently certified CISA & CRISC from ISACA, and claims to know your next password.
Dr. Adeline ROUX-LANGLOIS, Research director at CNRS (France) Title: Introduction to (lattice-based) cryptography Abstract: Cryptography is widely used today to secure all kinds of communications. In this talk, I will give an introduction to (lattice-based) cryptography, first with classical constructions and then, with more recent constructions called post-quantum with their security based on hard problems on lattices (meaning they would resist attacks using a quantum computer). Bio: Adeline Roux-Langlois is a full-time researcher at CNRS (Directrice de recherche in French) in the GREYC Lab in Caen, France. She obtained her PhD at the ENS Lyon in 2014 and worked as a postdoctoral researcher at EPFL in Switzerland. Her research focuses on lattice-based cryptography, in particular on the theoretical hardness of the underlying assumptions like the Learning With Errors problem (LWE) and its Module variants. She also works on cryptographic constructions based on lattices and their security proofs.
Dr. Gencer ERDOGAN, Senior Research Scientist at SINTEF Oslo (Norway) Title: Human and Organizational Risk Modelling in Cybersecurity - SLIDES Abstract: Micro, small and medium-sized enterprises (SMEs) constitute 99% of companies in the EU. The most challenging tasks for cybersecurity risk management in SMEs include determining the initial actions to improve their security posture and addressing the human element, specifically errors made by employees. According to the World Economic Forum, 95% of all cybersecurity issues can be traced to human error. This talk will first present a study on the cybersecurity awareness and capacities of SMEs. Then, it will introduce the Human and Organizational Risk Modelling Toolbox, which aims to assist understanding and communication of cybersecurity incidents through simple visualizations. These visualizations help illustrate how daily activities may result in unwanted incidents and aid in communicating cybersecurity incidents across a broad user group. Bio: Gencer Erdogan is a Senior Research Scientist at SINTEF in the Department of Sustainable Communication Technologies. He received his PhD in Computer Science from the University of Oslo in 2016 with the dissertation “CORAL: A Model-Based Approach to Risk-Driven Security Testing." His research interests include cybersecurity, cyber-risk assessment, privacy, the Internet of Things, model-based security testing, and cybersecurity training. He has extensive experience from national and international research projects in these areas, as well as industrial experience as a software developer and security tester.
Dr. Mazaher KIANPOUR, Postdoctoral Researcher, Norwegian University of Science and Technology (Norway) & Researcher, RISE Research Institutes of Sweden Title: The necessities and challenges of cybersecurity regulations - SLIDES Abstract: This lecture focuses on the role of cybersecurity regulations, their benefits, challenges, and finding the right balance. It starts by explaining why regulations are important for protecting data and national security, using examples of laws and breaches to show their impact. The next section highlights the downsides, like high compliance costs and how strict rules can slow down innovation and make it hard for companies to decide how much to invest in cybersecurity. Finally, it discusses ways to achieve a balance, suggesting flexible, risk-based regulation, collaboration between the public and private sectors, and using new technologies to meet security needs without hampering innovation. The goal is to help understand the complex relationship between cybersecurity laws and the protection they offer versus the constraints they impose, offering ideas for creating effective regulations that safeguard against threats while supporting growth and innovation. Bio: Mazaher Kianpour is a researcher with a deep interest in how technology and economics intersect, especially in the area of cybersecurity. He earned his Ph.D. in Information Security from the Norwegian University of Science and Technology (NTNU) in 2022. His work focuses on the economic and policy challenges of cybersecurity. Currently, he is involved in research at RISE Research Institutes of Sweden and serves as a postdoctoral researcher at NTNU, concentrating on the regulatory risks connected to cybersecurity.
Dr. Teddy Furon, Director of Research, Inria Center, Rennes University. (France) Title : Artificial Intelligence and Security - SLIDES Abstract: The presentation attempts to define a reading grid in order to organize the security problems related to AI. It emphasizes the difference between robustness and security, adverse examples, backdoors, membership inference attacks, watermarking and fingerprinting models. The reading grid is based on the type of AI (decision-making or generative), the access to the AI (white or black box), the security issues (intrinsic vulnerabilities of Machine Learning or malicious use of AI), and the ultimate goals (patch vulnerabilities, audit, or dissuasion of misuse). A definition of IA security relies on the basic definition of Machine Learning: learning a model from training data and applying it to some test data. The confidence in the results implies protecting the training data, the model, and the test data. Protecting resorts to the definition of security in IT: it means defending the cardinal values of confidentiality, privacy, and integrity. Since the cost of training may be significant, models become a valuable industrial asset that also needs protection.This increases the attack surface to enable proof of ownership of models by fingerprinting and watermarking. Bio: His research interests include the security of multimedia data, signal processing, and of machine learning. He has alternated research in academia (Catholic University of Louvain, Inria Rennes) and in industry (Thomson multimedia, Technicolor) where he was also a consultant for Hollywood MovieLabs.He co-founded the company IMATAG, which defends the copyrights of photo agencies (AFP, Reuters) thanks to an image watermarking technique. He is an IEEE Senior Member and has been an associate editor of four scientific journals, including IEEE Transactions on Information and Forensics. He has been the PI of two ANR projects, a partner in three national and two European projects, and co-organizer of two international conferences. He is currently the recipient of the AI and Defense Chair SAIDA funded by the ANR and AID. |
Online user: 1 | Privacy |