Monday (July 17)
Prof. Jungwoo Ryoo, Penn State Altoona, U.S.A.
Title: Architectural Analysis For Security (AAFS)
Security is a quality attribute that has both architectural and coding implications—it is necessary to get both right to create and maintain secure systems. But most of the existing research on making systems secure has focused on coding, and there is little direction or insight into how to create a secure architecture. This tutorial teaches participants several ways to analyze and evaluate the security readiness of a software architecture: vulnerability-based (VoAA), tactics-based (ToAA), and pattern-based architectural analysis (PoAA) techniques. The tutorial will also compare the strengths and weaknesses of each approach. Participants will eventually learn that these different approaches are complementary to each other. Finally this tutorial teaches how to combine these analysis techniques to obtain the best outcomes. A real-life case study will be used to demonstrate the feasibility of AAFS. Dr. Ryoo is a Professor of IST at Penn State Altoona. He conducts his research in the areas of software engineering, cyber security, and software security.
Tuesday (July 18)
Prof. Sebastian Schrittwieser, St. Pölten University of Applied Sciences, Austria
Title: Malware Analysis
Malware has become more and more sophisticated in recent years and with over 400,000 new malware samples each day, analysis and protection have become highly challenging tasks. However, the technological arms-race between malware writers and security experts continues, and powerful malware analysis concepts have been developed to mitigate this threat. This talk gives an introduction to malicious software in general, discusses various infection paths based on real malware cases and explains today’s malware analysis concepts ranging from simple static analysis to more sophisticated dynamic methods. Dr. Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (https://www.jrz-target.at) and is a professor for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. His research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security.
Wednesday (July 19)
Prof. Syed Rizvi, Penn State Altoona, U.S.A.
Title: Towards a Secure and Trustworthy Cloud Environment
While cloud computing is gaining popularity, diverse security and privacy issues are emerging, which hinders the rapid adoption of this new computing paradigm. In addition, the development of defense solutions is lagging behind. To build a secure and trustworthy cloud environment, it is essential to have a good understanding of existing research problems in cloud computing. In this presentation, Professor Rizvi will discuss the existing data privacy and security issues and challenges in cloud computing and his research contributions to address some of the open research problems. Professor Rizvi is an Assistant Professor in the Department of Information Sciences and Technology at Penn State Altoona since August 2012. His research interests lie at the intersection of network security, computer networking, and cloud/mobile security.
Prof. Hyungjong Kim, Seoul Women’s University (SWU), South Korea
Title: How can we contribute to society with our information security knowledge?
Information security knowledge is not easy to obtain and use for common people such as children or elderly people. The students of SWU have been building a framework for sharing information security knowledge with many people who do not have background knowledge in information technologies. This presentation will show the journey of SWU students for sharing knowledge of information security and how they have been contributing to society with the knowledge. Professor Hyung-Jong Kim will introduce three activities in the CES+ project such as volunteering for security education for kids, web security assessing services and research collaboration for small and middle-size companies. Professor Kim has been with SWU since 2007. He was awarded vice prime minister prize for his supporting education of kids in information security field in 2016. He was a principle researcher of Korea Internet Security Agency (KISA) from 2001 to 2007. He conducted a cyber security research project at Carnegie Mellon University (CMU) CyLab (Pittsburgh, PA) from 2004 to 2006 while he was with KISA.
Thursday (July 20)
Security Information Exchange/Threat Modeling by Prof. Simon Tjoa, St. Pölten University of Applied Sciences, Austria
Title: How modeling threats and attacks contributes to security – An Overview
Dr. Hae Young Lee, Director, Dudu IT
Title: Principles and Guidelines for IoT Security
We are expecting the Internet of things (IoT) to produce enormous and obvious benefits to us. But it is also expected to put us at (also obvious) risk for security and privacy. We know a large number of Mirai-infected ‘things,’ such as IP cameras, baby monitors, residential gateways, and network printers, were involved in the 2016 Dyn cyber attack. Recently, dozens of videos that appear to be from IP cameras at home have been found on some websites, including adult ones, possibly due to insecure web interfaces. As a result of such security incidents, governments and organizations have issued IoT security principles and guidelines to assist stakeholders, including IoT developers, manufacturers, service providers, and users, with their understanding of IoT security and privacy. As part of this effort, Dr. Lee will talk about major IoT security incidents and review security and privacy risks within IoT. Then, he will give a brief overview of several security principles and guidelines for IoT. Finally, Dr. Lee will discuss their limitations and opportunities, by comparing them with other industries. Dr. Lee is a Director at DuDu IT, which is a security company in South Korea and currently investigates training systems for cyber and IoT security. Before joining DuDu IT, he was an Assistant Professor of Information Security at Seoul Women’s University (2013 ~ 2017), a Senior Researcher of CPS (cyber-physical systems) Research Section at Electronics and Telecommunications Research Institute (ETRI) (2009 ~ 2013), and a programmer in several start-up companies (1998 ~ 2001).
Friday (July 21)
Prof. Hyoungshick Kim, Sungkyunkwan University, South Korea
Title: Usable Security
Usability and security are often seen as competing design goals. In practice, however, security mechanisms have to be usable to be effective. Wrong assumptions about users can lead systems that are useless and vulnerable. We can see that many security solutions fail because of their poor usability. For example, many casual users don’t use anti-virus scanners because they believe security solutions will degrade the performance of their systems. In this talk, Prof. Kim will explain basic principles to help audiences develop more secure and usable solutions through many real-world examples and introduce a recent project on an Android pattern lock system. Dr. Kim is an assistant professor in the Department of Computer Science and Engineering, College of Software, Sungkyunkwan University.