Keynotes & Invited Talks Details
Opening Keynote by Martin Schallbruch
Chief Information Officer at the Federal Ministry of the Interior (Germany)
Title: Cyber Security in Germany
Abstract: TBA
Bio: Martin Schallbruch is the Chief Information Officer of the German Federal Ministry of the Interior. He is responsible for the IT strategy and IT coordination within the Federal government. His office is, amongst others, managing the BundOnline e-government and coordinating the Deutschland-Online e-government strategy. Mr. Schallbruch’s responsibilities embrace the IT security policy of the Federal Government, and the supervision of the Federal Office for Information Security. He is also responsible for the passport and ID card service of the Federal government. He holds a M.Sc. in computer science (Technical University in Berlin) and was a research fellow at Humboldt University Berlin, before he was appointed head of the university IT service centre.
Keynote by Mikko Hypponen
Chief Research Officer of F-Secure (Finland)
Title: The Cyber Arms Race
Abstract: We have no hope
of protecting ourselves against online attacks if we don’t understand who the attackers are and what their motives are. How do online crime gangs make millions with malware? And how do they move their funds from the cyberworld into real world? Who are the people behind hactivist attacks? Who runs Anonymous? What do they want? What is governmental malware? And what’s going to happen next?
Bio: Mikko Hypponen is the Chief Research Officer of F-Secure in Finland. He has been working with computer security for over 20 years and has fought the biggest virus outbreaks in the net, including Loveletter, Conficker and Stuxnet. His TED Talk on computer security has been translated to over 35 languages. His columns have been published in the New York Times, Wired, CNN and BBC. Mr. Hypponen sits in the advisory boards of the ISF and the Lifeboat foundation.
Keynote by Prof. Ravi Sandhu
Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio (USA)
Title: The Science, Engineering and Business of Cyber Security
Abstract: I will use the rare opportunity of this keynote talk
to give my perspective on the general state and future prospects for cyber security, and the consequences of this perspective with respect to cyber security research and education. The ambiguous status of computer science in modern academia has persisted through the thirty plus years of my career. Does it belong in the College of Science or the College of Engineering? How about the College of Business? Is it worthy of a separate College of its own? I believe this ambiguity is a manifestation of the fundamental difference between computer science relative to traditional sciences and engineering disciplines. The forces of science, engineering and business come together and reconcile in a particularly unique way in computer science, and within computer science cyber security brings additional peculiarities to this reconciliation.
My outlook on cyber security is generally optimistic. I believe at the consumer level market and social forces will drive developed societies to a relatively low assurance of security and privacy analogous to the current state of internet security. The large-scale adoption of internet services across diverse global populations is one indicator that the average consumer is reasonably comfortable with the collateral risks. But nothing is automatic, so social organization will be required to compensate for the intrusions of big government and big business which may turn out to be the much bigger problem than big crime. At the same time I share the concern of many senior national security officials and thought leaders on the increasingly grave threat of cyberwar and cyberterrorism. The US Department of Defense has publicly recognized cyberspace as a man-made domain on par with land, sea, air and space within which wars will be conducted and facilitated. Many other nations and militaries are preparing offensive and defensive cyber capabilities.
My talk will elaborate on these notions and seek to glean some lessons for cyber security researchers.
Bio: Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security in the Department of Computer Science. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi respectively, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His papers have accumulated over 25,000 Google Scholar citations including over 6,000 citations for his seminal role-based access control paper. He has authored over 235 papers with over 100 co-authors. He is ranked as the number one non-cryptographer and number five overall at Microsoft Academic Search for Security and Privacy.
His papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable influence. He is Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and founding General Chair of the ACM Conference on Data and Application Security and Privacy. He previously served as founding Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial board for IEEE Internet Computing. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies and chaired their Steering Committees for many years. He has served as General Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He was a co-founder of TriCipher, a Silicon Valley security start-up acquired by VMware. He is an inventor on 29 security technology patents. At the Institute for Cyber Security he leads multiple teams conducting research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance, attribute-based access control and botnet analysis and detection, in collaboration with researchers all across the world.
Invited Talk by Jacob Appelbaum
Independent Security Analyst and The Tor Project
Title: The New Threat Models
Abstract: The recent leaks of information by Edward Snowden teach us about actual threats to security, privacy, and to democratic society.
Bio: Jacob Appelbaum
works as a journalist, a photographer, and as a software developer and researcher with The Tor Project. He also trains interested parties globally on how to effectively use and contribute to the Tor network, an anonymity network for everyone. He is a founding member of the hacklab Noisebridge in San Francisco where he indulges his interests in magnetics, cryptography and consensus based governance. He was a driving force in the team behind the creation of the Cold Boot Attacks; winning both the Pwnie for Most Innovative Research award and the Usenix Security best student paper award in 2008. Additionally, he was part of the MD5 Collisions Inc. team that created a rogue CA certificate by using a cluster of 200 PlayStations funded by the Swiss taxpayers. The “MD5 considered harmful today” research was awarded the best paper award at CRYPTO 2009.
Invited Talk by Vincenzo Iozzo
Director of Security Engineering, Trail of Bits (USA)
Title: From One Ivory Tower to Another: Wish Listing for Filling the Gaps in Information (In)Security
Abstract: Information Security research
has become more and more sophisticated throughout the years with millions of dollars being invested into it, and yet we still cannot protect ourselves against threats and attacks that have been known for more than a decade. On top of that, there’s very little collaboration between academia and industry on research topics where both sides could benefit from a more engaged relationship between the parts. The talk aims at asking Basic questions and providing biased answers on the future of application security research and the relationship between academia and industry moving forward: What problems are worth solving together? What areas seem dead-ends? How do we foster collaboration? What’s at stake here?
Bio: Vincenzo Iozzo directs security engineering efforts at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. His specialized research in Mac OS X security, smartphone exploitation, and exploit payloads has been presented at information security conferences around the world including Black Hat, CanSecWest and Microsoft BlueHat. In 2008, he was selected to participate in the Google Summer of Code and developed a testing infrastructure for TrustedBSD, the Mandatory Access Control system that became the foundation for sandboxing technologies included in Mac OS X. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the “iOS Hacker’s Handbook” (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.
Invited Talk by Felix ‘FX’ Lindner
Research Lead of Recurity Labs GmbH (Germany)
Title: Resistance is Not Futile – Fighting Nation-State Actors and the Borg
Abstract: TBA
Bio: Felix ‘FX’ Lindner is the
founder as well as the technical and research lead of Recurity Labs GmbH, a high-end security consulting and research team, specializing in code analysis and design of secure systems and protocols. Well known within the computer security community, he has presented his research for over a decade at conferences worldwide. Felix holds a title as German State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional, is highly specialized in digital attack technologies, but recently changed the direction of his research to defense, since the latter seems to be a lot less fun.
Invited Talk by Dr Ivan Martinovic
Faculty Member, Department of Computer Science, University of Oxford (UK)
Title: Fasten Your Seatbelts – An Overview and Security Considerations of Next Generation Air Traffic Communication
Abstract: TBA
Bio: Dr Ivan Martinovic is a faculty member
at the Department of Computer Science, University of Oxford and a member of Oxford’s Cyber Security Centre. His research interests are in the area of system security and wireless communication. Before coming to Oxford in 2012 he was a postdoctoral researcher at the Security Research Lab, UC Berkeley and at the Secure Computing and Networking Centre, UC Irvine. He received his PhD degree from Technische Universitaet Kaiserslautern, Germany.
