Keynote Speakers

We are proud to announce the confirmed speakers (to be completed):

ARES Keynotes:

A Next-generation Secure Internet for the 21st Century
Adrian Perrig, ETH Zürich

Abstract : The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.

Although we cannot conclusively determine what the impact of a 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on society, businesses, and government. Unfortunately, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.

Given the diverse nature of constituents in today’s Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.

To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage. We have implemented SCION and deployed it in the production networks of several ISPs.

Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering, and Engineering and Public Policy at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University, becoming Full Professor in 2009. From 2007 to 2012, he served as the technical director for Carnegie Mellon’s Cybersecurity Laboratory (CyLab). He earned his MS and PhD degrees in Computer Science from Carnegie Mellon University, and spent three years during his PhD at the University of California at Berkeley. He received his BSc degree in Computer Engineering from EPFL. Adrian’s research revolves around building secure systems — in particular his group is working on the SCION secure Internet architecture.

He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, the ACM SIGSAC Outstanding Innovation Award in 2013. He is an IEEE senior member and became an ACM Fellow in 2017.

Innovations in permutation-based crypto
Dr. Joan Daemen,
Radboud University, Security Architect at ST Microelectronics

Wednesday, August 29 2018, 09:30-10:30

Abstract : Imagine there’s no block ciphers, it’s easy if you try:-) A (cryptographic) permutation can be thought of as a block cipher (like AES or DES) without a key (or with a fixed key if you prefer). During the SHA-3 competition it became clear that permutation-based hashing, e.g., by using the sponge construction, is superior to block-cipher based hashing (as in MD5, SHA-1 and SHA-2). By including a key in the sponge input, it can readily be used for message authentication (MAC) and by exploiting the arbitrarily long sponge output even for stream encryption. The duplex variant of sponge widens the spectrum to, among other, authenticated encryption and reseedable pseudorandom generation and was adopted by a dozen submissions to the CAESAR competition for authenticated ciphers. The disadvantage of the sponge and duplex constructions is that they are inherently serial. To address this, we introduced a fully parallel counterpart of the sponge, called Farfalle. Clearly, there is a lot going on in permutation-based crypto and this talk will get you up to date.

Joan Daemen is professor at Radboud University as well as cryptographer and security architect at ST Microelectronics, and in his work as a symmetric cryptography expert he has designed a variety of block ciphers over the past 25 years.

Dr. Daemen is probably best known for his work on the Rijndael cipher, which was selected as the Advanced Encryption Standard (AES) in 2001. He also co-invented Sponge functions and specifically the Keccak hash, which in 2012 has been chosen to become the new SHA-3 hash function. Joan Daemen’s work is thus at the core of much of the cryptography and network security protocols in use today, and in 2017 he was recognized for his contribution with the Levchin Prize for Real World Cryptography.

Steganography in the World of IoT
Aleksandra Mileva, University of Goce Delcev, MK

Workshop IoT-SECFOR 2018, Wednesday, August 29 2018, 11.00 – 12.30

Abstract : Steganography, as a subfield of information hiding, is an art of hiding a message in a legitimate carrier, so that no one suspects it exists. When the carrier is some transmission in communication networks, we speak about network steganography. And when we have a communication channel that can be exploited by a process to transfer information in a manner that violates the system’s security policy, we speak about the covert channel. In this talk, a recent trends and achievements of network steganography and covert channels in the world of Internet of Things and Cyber Physical Systems will be presented.

Aleksandra Mileva is an associate professor and a vice dean at the Faculty of Computer Science, University “Goce Delčev” in Štip, Republic of Macedonia and Head of the Laboratory of computer security and digital forensics. She received her PhD degree in Computer Science from the Faculty of Natural Sciences and Mathematics Skopje, “Ss. Cyril and Methodius” University in Skopje in 2010. Her research interests include: cryptography, network steganography, computer and network security, IoT protocols and security, and digital forensics. She is a member of the Criminal Use of Information Hiding (CUing) initiative.

Where we are in 5G Security – from early requirements until today
Peter Schneider, Nokia Bell Labs, Germany

Workshop 5G-NS 2018, Monday, August 27 2018, 11.45 – 12.45

Abstract: 5G mobile networks will have to support a variety of services, including control of critical infrastructures, Industry 4.0 factory communication or vehicular communication. There is no doubt that supreme, built-in security is required for maintaining the availability and integrity of the communication network and ensure the dependability that is essential for such mission critical services. Accordingly, demanding security requirements have been raised in early stages of the conceptual work. Since then, various research projects investigated 5G security aspects, and standardization is well on the way, with the first release of the 3GPP 5G System mostly frozen in June 2018. This talk will briefly revisit 5G security requirements, give an overview of what has been achieved until now, and point out some areas for future 5G security research.

Biography: After receiving his diploma in mathematics, Peter started his professional career at Siemens, as a researcher on new software architectures. For several years, he worked on the research and prototyping of innovative communication solutions. Later, he became a system engineer for the IP based mobile core network, working on various aspects of the IP technology, in particular on IP security, deep packet inspection and IP network reliability. Since 2007, he is focusing on network security research. Currently, he is a senior expert for mobile network security in the Security Research Team at Nokia Bell Labs. In this position, he has been involved in various security research projects including publicly funded international projects. He has published his research results at various conferences and has given many invited talks and tutorials on network security topics. His research interests include all aspects of mobile network security, in particular security for programmable, cloud-based networks and the overall security architecture of future 5G networks.

Europol EC3 – Europol’s European Cybercrime Centre – a networked approach
Philipp Amann, Europol European Cyber Crime Centre (EC3)

Workshop CUING 2018, Tuesday, August 28 2018, 09.00 – 10.30

Abstract: There is a service-based underground industry that fuels cybercrime, turning it into a growth business in terms of scope and volume of attacks, number of victims and economic damage. This calls for a networked, intelligence-led, adaptive and pro-active response that includes law enforcement. Prioritised and coordinated joint actions against the key cyber threats supported by adequate legislation can change the rules of the game by increasing the risks for cybercriminals and imposing real consequences. Effective prevention and disruption activities can further tip the scales to the detriment of criminals. The multi-stakeholder model and networked approach used by Europol’s European Cybercrime Centre is a successful example of how this can be put in practice by leveraging the power of the network.

Philipp Amann is the Head of Strategy of the European Cybercrime Centre (EC3). EC3 Strategy is responsible for the delivery of strategic, situational and tactical cyber-related products such as the Internet Organised Crime Threat Assessment (IOCTA). Other key areas of responsibility include prevention and awareness, outreach, stakeholder management, training management and internet governance.

Prior to joining the EC3, he held management positions with the Organization for Security and Co-operation in Europe, the Organisation for the Prohibition of Chemical Weapons and the International Criminal Court. Philipp has more than 17 years of relevant working experience and hands-on skills in information and cyber security management, policy development, combatting cybercrime, electronic evidence management and the analysis and management of intelligence. He has worked in various fields, including the financial sector, global disarmament and arms control, CBRNe, law enforcement and international law. He is also a member of ENISA’s Permanent Stakeholder Group and the program advisory board of the Cyber Akademie. Philipp’s professional experience is complemented by a PhD degree and a Master’s degree in business informatics from the University of Vienna. He also holds an MSc in Forensic Computing and Cybercrime Investigation from the University College Dublin.

Reality of malware author attribution
Natalia Stakhanova, University of New Brunswick, Canada

Workshop IWCC 2018, Wednesday, August 29 2018, 11.00 – 12.30

Abstract: Since the first computer virus hit the DARPA network in the early 1970s, the security community interest revolved around ways to expose identities of malware writers. Knowledge of the adversary’s identity promised additional leverage to security experts in their ongoing battle against perpetrators. At the dawn of computing era, when malware writers and malicious software were characterized by the lack of experience and relative simplicity, the task of uncovering the identities of virus writers was more or less straightforward. Manual analysis of source code often revealed personal, identifiable information embedded by authors themselves. But these times have long gone. Modern days’ malware writers extensively use numerous malware code generators to mass produce new malware variants and employ advanced obfuscation techniques to hide their identities. As a result the work of security experts trying to uncover the identities of malware writers became significantly more challenging and time consuming. With introduction of more and more advanced obfuscation techniques and malware writing kits, we face the challenging questions: Is it even feasible to reveal adversary’s identity? In this talk, we will explore this question in the context of authorship attribution research. Well-established in social science, authorship attribution offers a broad spectrum of techniques that allow author’s characterization based on the analysis of the textual features of documents and an author’s writing style. Drawing analogy between literature and software domain, in this talk we investigate our ability to attribute malware code.

Natalia Stakhanova is the New Brunswick Innovation Research Chair in Cyber Security at the University of New Brunswick, Canada. Her work revolves around building secure systems and includes mobile security, IoT security, software obfuscation & reverse engineering, and malicious software.  Working closely with industry on a variety of R&D projects, she developed a number of technologies that resulted in 3 patents in the field of computer security. Natalia Stakhanova is the recipient of the UNB Merit Award, the McCain Young Scholar Award and the Anita Borg Institute Faculty Award. She is a strong advocate of Women in IT and co-founder of CyberLaunch Academy, an initiative that aims to promote science and technology among children.

Structured Argumentation in Digital Forensic Practice: Opportunity or Burden?
Virginia N. L. Franqueira, University of Derby, UK

Workshop WSDF 2018, Tuesday, August 28 2018, 09:00-10:30

Abstract : Digital Forensic (DF) practitioners have to gather massive amounts of data from a diversity of seized devices, online forums and/or cloud storage for the investigation of cyber-enabled or cyber-dependent crimes. This exponentially growing volume, and increasing variety and complexity of data involved in single cases, known as a “big data problem in DF”, imposes numerous challenges. For example, such data typically contains numerous pieces of evidence of different types collected using a variety of forensic tools and techniques, such as hard drive evidence, mobile phone evidence, social media evidence, evidence from the crime scene, and evidence from interviews. It mostly remains up to DF investigators to systematically reason about how evidence of different types can be logically connected and how they fit together in the case’s “big picture”.  This talk explores this problematic phenomenon and discusses ways in which structured argumentation could potentially be helpful for interpretation, reconstruction and reporting of forensic arguments to the Court of Law.

Dr Franqueira received a Ph.D. in Computer Science (focused on Security) from the University of Twente (Netherlands) in 2009, and a M.Sc. in Computer Science (focused on Optimization) from the Federal University of Espirito Santo (Brazil). Since June 2014, she holds a senior lecturer position in Computer Security and Digital Forensics at the University of Derby, UK. She has around 40 publications related to Security or Digital Forensics. Her research interests include cybercrime investigation, image processing and reconstruction. She is a member of the British Computer Society and fellow of The Higher Education Academy.

Usable Privacy&Security Preserving Services in the Cloud
Simone Fischer-Hübner , Karlstad University, Sweden

Workshop iPAT 2018, Thursday 30.08.2018, 09:30-11:00

Abstract : This presentation will present end user perspective and HCI requirements for Privacy-enhancing services that have been developed for the Cloud context within the H2020 project PRISMACLOUD. The focus will be on a Selective Authentic Exchange Service based on malleable signatures in an eHealth use case, which allows patients to selectively disclose authentic medical data from a private cloud platform  to different parties, as well as the configuration management of the ARCHISTAR service based on secret sharing for securely archiving data in the Cloud. User studies with different types of stakeholders and their results will be presented, which show  in particular that even technically-skilled users require special HCI guidance. Moreover, also support for meeting legal and organizational requirements is needed.

Simone Fischer-Hübner has been a Full Professor at Karlstad University since June 2000, where is the head of the Privacy& Security (PriSec) research group. She received a Diploma Degree in Computer Science with a minor in Law (1988), and a PhD (1992) and Habilitation (1999) Degrees in Computer Science from Hamburg University. She has been conducting research in privacy and  privacy-enhancing technologies for more than 30 years. She is the chair of IFIP WG 11.6 on “Identity Management”, the Swedish IFIP TC 11 representative, member of MSB’s  Information Security Advisory Board (MSB:s informationssäkerhetsråd), member of the Scientific Advisory Board of Science Europe, Vice Chair of IEEE Sweden and has been an expert for ENISA (European Network and Information Security Agency). She is partner in several European privacy-related research projects including the EU H2020 projects PAPAYA, CREDENTIAL PRISMACLOUD, and the EU H2020 Marie Curie ITN Privacy&Us, for which she is also the scientific coordinator. Moreover, she coordinates the Swedish IT Security Network SWITS.

DevOps is the key for Continuous Security: RMF, ATO and beyond
Hasan Yasar

Workshop SSE 2018, Tuesday 28.08.2018, 16:30-17:30

Abstract : Risk Management Framework (RMF) or Authority to Operate (ATO) is the bottleneckfor continuous deployment when it is not addressed automatically. The only solution is being agile with DevOps principles. Such as communication and collaboration between all stakeholders via automated and integrated platform enables to address lengthy RMF/ATO process, so new features can be deployed into production faster with high degree on security. To do, the team must identify a continuous monitoring approach to the security controls with automated ways of performing assessments throughout DevOps pipeline. This talk will describe how to overlays RMF onto DevOps pipeline and taking an advantage of core DevOps core principles (CI, CD, IaC, automation and beyond) based on lesson learned examples on SEI/CERT engagement with various clients who operates at Highly Regulated Environments

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group Software Engineering Institute, Carnegie Mellon University. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps practices, cloud technologies and big data problems while providing expertise and guidance to SEI’s clients. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is specialized on secure software solutions design and development experience in the cybersecurity domain including data-driven investigation and collaborative incident management, network security assessment, automated and large-scale malware triage/analysis. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps : Engineering for Deployment and Operations”

Kas Clark
National Cyber Security Centre

Building CTI at the national level
Workshop WCTI, Tuesday, August 28, 2018, 13:15 – 14:45, LH E

Cyber Threat intelligence (CTI) is not a single product, but rather a wide spectrum of tools, processes, knowledge and, above all, close collaboration with trusted partners. In the Netherlands, the National Cyber Security Centre (NCSC) is working hard to build and improve its CTI capabilities. As the Computer Emergency Response Team (CERT) for the Dutch national government and critical infrastructure, we are responsible for the increasing the resilience of our digital society. As threats increase and malicious actors improve their skills, so too must we continue to grow our defensive capabilities. One aspect of this is significant investment to harness the benefits of CTI by turning limited information into actionable intelligence. This presentation describes our role in this field, the types of questions our CTI needs to answer, as well as the growth of our capabilities and research in this area.

Kas Clark lives and works in The Hague as a senior researcher for the National Cyber Security Centre (NCSC), a division of the Dutch Ministry of Justice and Security. The NCSC works together with academia and the private sector to align efforts around high priority areas of research. His current work focusses on improving the effectiveness of security teams through multidisciplinary research that includes both technical and social aspects. After completing his bachelor’s and master’s degrees in computer science, he received a Ph.D. in computer science with a specialization in distributed computing from the Delft University of Technology. In addition, he has served on the editorial boards of the IEEE Security & Privacy and Platform for Information Security magazines.

Kim-Kwang Raymond Choo
UTSA College

Keynote: Cyber Security Threat Intelligence: Challenges and Research Opportunities

Workshop CyberTIM, Monday, August 27, 11:45-12:45

Abstract : Cyber threat intelligence and analytic is among one of the fastest growing interdisciplinary fields of research bringing together researchers from different fields such as digital forensics, political and security studies, criminology, cyber security, big data analytics, machine learning, etc. to detect, contain and mitigate advanced persistent threats and fight against organized cybercrimes. In this presentation, we will discuss some of the challenges underpinning this inter- / trans- /multi-disciplinary field as well as research opportunities (e.g. how can we leverage advances in deep learning to better predict cyber attacks?).

Bio :  Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA), and has a courtesy appointment at the University of South Australia. In 2016, he was named the Cybersecurity Educator of the Year – APAC (Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn), and in 2015 he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, ESORICS 2015 Best Paper Award, 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, 2008 Australia Day Achievement Medallion, and British Computer Society’s Wilkes Award in 2008. He is also a Fellow of the Australian Computer Society, an IEEE Senior Member, and an Honorary Commander of the 502nd Air Base Wing, Joint Base San Antonio-Fort Sam Houston.

Hervé Debar
Telecom ParisSud

Keynote: Reasoning about alert formats: a comparative study

Workshop CyberTIM, Monday, August 27, 17:40-18:40

Abstract : Intrusion detection sensors and SIEM platforms have been available for over a decade now. While significant efforts have been realized to ensure communication between detection tools and management platforms, one needs to acknowledge that no standard has prevailed at this time for expressing alert information. In this presentation, we will analyze several relevant alert formats, describe their advantages and drawbacks, and provide hints for future situational awareness platforms.

Bio : I am a professor at Telecom SudParis, head of the Networks and Telecommunication Services department. My activity is related to the area of Information and Communication Technology (ICT) security, including network and information systems security. While I have been heavily involved in intrusion detection research in the past and am still conducting research in the area, I am today focusing on Security Information and Event Management (SIEM), with an emphasis on automated threat mitigation.

CD-MAKE Keynotes:

Machine learning and AI for the sciences – towards understanding
Prof. Dr. Klaus-Robert MÜLLER , Machine Learning Group TU Berlin, MPI for Informatics, Saarbrücken , and Korea University, Seoul

Tuesday, August 28 2018, 11.00 – 12.30

Abstract : In recent years, machine learning (ML) and artificial intelligence (AI) methods have begun to play a more and more enabling role in the sciences and in industry. In particular, the advent of large and/or complex data corpora has given rise to new technological challenges and possibilities. In his talk, Müller will touch upon the topic of ML applications in the sciences, in particular in neuroscience, medicine and physics. He will also discuss possibilities for extracting information from machine learning models to further our understanding by explaining nonlinear ML models. E.g. Machine Learning Models for Quantum Chemistry can, by applying interpretable ML, contribute to furthering chemical understanding. Finally, Müller will briefly outline perspectives and limitations.

Klaus-Robert Müller studied physics (Master-1989) and computer science (PhD-1992) in Karlsruhe, did a Postdoc at GMD FIRST (1992-1994) and at the University of Tokyo (1994/95), then founded the Intelligent Data Analysis group at GMD FIRST (1995) and became Professor at the University of Potsdam (1999). Since 2006 he is Machine Learning Professor at TU Berlin; directing the Bernstein Center for Neurotechnology Berlin (-2014) and from 2014 co-directing the Berlin Big Data Center. He was awarded the Olympus Prize for Pattern Recognition (1999), the SEL Alcatel Communication Award (2006), the Science Prize of Berlin by the Governing Mayor of Berlin (2014), the Vodafone Innovations Award (2017). In 2012, he was elected member of the German National Academy of Sciences-Leopoldina, in 2017 of the Berlin Brandenburg Academy of Sciences and also in 2017 external scientific member of the Max Planck Society. His research interests are intelligent data analysis and Machine Learning in the sciences (Neuroscience, Physics, Chemistry).

More information can be found here .

Integrating abduction, visualization, and explanation as a data architecture for Artificial Intelligence
Randy Goebel, University of Alberta, Canada

Workshop MAKE-Explainable AI, Thursday 30.08.2018, 9:30-11:00

Abstract : The integration of abduction, visualization, and explanation provides a fundamental data architecture for artificial intelligence (AI).
Abduction has been described as constrained induction, which provides the basis for using what is already known to focus the synthesis — both creation and adjustment — of scientific theories. Visualization is inherently about how to appropriately present information for drawing inferences by the human visual system. And explanation is at the heart of the scientific process, which, in all its forms, is about connecting theories and evidence across a spectrum from exposing relationships between observation and theory, all the way to exposing causality.

We will attempt to create coherence around these three foundational ideas, show how they can be related in both theory and practice, by use of examples of multi-level representations that can exploit AI and machine learning for both humans and machines.

R.G. (Randy) Goebel is Professor of Computing Science at the University of Alberta, in Edmonton, Alberta, Canada, and concurrently holds the positions of Associate Vice President Research, and Associate Vice President Academic. He is also co-founder and principle investigator in the Alberta Innovates Centre for Machine Learning. He holds B.Sc., M.Sc. and Ph.D. degrees in computer science from the University of Regina, Alberta, and British Columbia, and has held faculty appointments at the University of Waterloo, University of Tokyo, Multimedia University (Malaysia), Hokkaido University, and has worked at a variety of research institutes around the world, including DFKI (Germany), NICTA (Australia), and NII (Tokyo), was most recently Chief Scientist at Alberta Innovates Technology Futures. His research interests include applications of machine learning to systems biology, visualization, and web mining, as well as work on natural language processing, web semantics, and belief revision. He has experience working on industrial research projects in scheduling, optimization, and natural language technology applications.

Image sources:
Dr. Joan Daemen: