Special Topics Lecture Schedule

Monday (July 17)

Prof. Jungwoo Ryoo, Penn State Altoona, U.S.A.

Title: Architectural Analysis For Security (AAFS)

Security is a quality attribute that has both architectural and coding implications—it is necessary to get both right to create and maintain secure systems. But most of the existing research on making systems secure has focused on coding, and there is little direction or insight into how to create a secure architecture.  This tutorial teaches participants several ways to analyze and evaluate the security readiness of a software architecture: vulnerability-based (VoAA), tactics-based (ToAA), and pattern-based architectural analysis (PoAA) techniques.  The tutorial will also compare the strengths and weaknesses of each approach. Participants will eventually learn that these different approaches are complementary to each other. Finally this tutorial teaches how to combine these analysis techniques to obtain the best outcomes. A real-life case study will be used to demonstrate the feasibility of AAFS. Dr. Ryoo is a Professor of IST at Penn State Altoona. He conducts his research in the areas of software engineering, cyber security, and software security.

Tuesday (July 18)

Prof. Sebastian Schrittwieser, St. Pölten University of Applied Sciences, Austria

Title: Malware Analysis

Malware has become more and more sophisticated in recent years and with over 400,000 new malware samples each day, analysis and protection have become highly challenging tasks. However, the technological arms-race between malware writers and security experts continues, and powerful malware analysis concepts have been developed to mitigate this threat. This talk gives an introduction to malicious software in general, discusses various infection paths based on real malware cases and explains today’s malware analysis concepts ranging from simple static analysis to more sophisticated dynamic methods. Dr. Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (https://www.jrz-target.at) and is a professor for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. His research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security.

Wednesday (July 19)

Prof. Syed Rizvi, Penn State Altoona, U.S.A.

Title: Towards a Secure and Trustworthy Cloud Environment

While cloud computing is gaining popularity, diverse security and privacy issues are emerging, which hinders the rapid adoption of this new computing paradigm. In addition, the development of defense solutions is lagging behind. To build a secure and trustworthy cloud environment, it is essential to have a good understanding of existing research problems in cloud computing. In this presentation, Professor Rizvi will discuss the existing data privacy and security issues and challenges in cloud computing and his research contributions to address some of the open research problems. Professor Rizvi is an Assistant Professor in the Department of Information Sciences and Technology at Penn State Altoona since August 2012. His research interests lie at the intersection of network security, computer networking, and cloud/mobile security.

Prof. Hyungjong Kim, Seoul Women’s University (SWU), South Korea

Title: How can we contribute to society with our information security knowledge?

김형종 부교수Information security knowledge is not easy to obtain and use for common people such as children or elderly people. The students of SWU have been building a framework for sharing information security knowledge with many people who do not have background knowledge in information technologies. This presentation will show the journey of SWU students for sharing knowledge of information security and how they have been contributing to society with the knowledge. Professor Hyung-Jong Kim will introduce three activities in the CES+ project such as volunteering for security education for kids, web security assessing services and research collaboration for small and middle-size companies. Professor Kim has been with SWU since 2007. He was awarded vice prime minister prize for his supporting education of kids in information security field in 2016. He was a principle researcher of Korea Internet Security Agency (KISA) from 2001 to 2007. He conducted a cyber security research project at Carnegie Mellon University (CMU) CyLab (Pittsburgh, PA) from 2004 to 2006 while he was with KISA.

Thursday (July 20)

Security Information Exchange/Threat Modeling by Prof. Simon Tjoa, St. Pölten University of Applied Sciences, Austria

Title: How modeling threats and attacks contributes to security – An Overview

The  growing  complexity of  software  makes  it  increasingly  challenging for  security  analysts  to  investigate  potential threats to an application or its systemic environment. High-level attack and software vulnerability models are useful approaches to tackle the problem in a formal manner. These models are used to gain more insights into sophisticated attacks and  further enable  the  sharing  of  in-depth  knowledge  with  other  entities. Attack  modeling and graphical modeling approaches in particular, are important methods for explaining system flaws as well as attacker actions and goals. This talk will provide a brief overview of existing techniques in threat modelling. Simon Tjoa is FH-Professor at St. Pölten University of Applied Sciences in the field of information security. He received his Ph.D. (computer science) and Master’s degree (business informatics) from University of Vienna. He currently serves as secretary for the Austrian IEEE CS/SMCS Chapter and holds various security certifications, such as CISA, CISM and ISO 22301 LA. He further actively serves as a program committee member for various conferences and journals.

Dr. Hae Young Lee, Director, Dudu IT

Title: Principles and Guidelines for IoT Security

We are expecting the Internet of things (IoT) to produce enormous and obvious benefits to us. But it is also expected to put us at (also obvious) risk for security and privacy. We know a large number of Mirai-infected ‘things,’ such as IP cameras, baby monitors, residential gateways, and network printers, were involved in the 2016 Dyn cyber attack. Recently, dozens of videos that appear to be from IP cameras at home have been found on some websites, including adult ones, possibly due to insecure web interfaces. As a result of such security incidents, governments and organizations have issued IoT security principles and guidelines to assist stakeholders, including IoT developers, manufacturers, service providers, and users, with their understanding of IoT security and privacy. As part of this effort, Dr. Lee will talk about major IoT security incidents and review security and privacy risks within IoT. Then, he will give a brief overview of several security principles and guidelines for IoT. Finally, Dr. Lee will discuss their limitations and opportunities, by comparing them with other industries. Dr. Lee is a Director at DuDu IT, which is a security company in South Korea and currently investigates training systems for cyber and IoT security. Before joining DuDu IT, he was an Assistant Professor of Information Security at Seoul Women’s University (2013 ~ 2017), a Senior Researcher of CPS (cyber-physical systems) Research Section at Electronics and Telecommunications Research Institute (ETRI) (2009 ~ 2013), and a programmer in several start-up companies (1998 ~ 2001).

Friday (July 21)

Prof. Hyoungshick Kim, Sungkyunkwan University, South Korea

Title: Usable Security

Usability and security are often seen as competing design goals. In practice, however, security mechanisms have to be usable to be effective. Wrong assumptions about users can lead systems that are useless and vulnerable. We can see that many security solutions fail because of their poor usability. For example, many casual users don’t use anti-virus scanners because they believe security solutions will degrade the performance of their systems. In this talk, Prof. Kim will explain basic principles to help audiences develop more secure and usable solutions through many real-world examples and introduce a recent project on an Android pattern lock system. Dr. Kim is an assistant professor in the Department of Computer Science and Engineering, College of Software, Sungkyunkwan University.