Program

Program at a Glance (28 hours)

Monday
August 27
Tuesday
August 28
Wednesday
August 29
Thursday
August 30
Friday
August 31
9:00
10,30 Coffee break
11,00
12,30 Lunch
14,00
15,30 Coffee break
16,00 Social Event Spotlight Session and Poster/Demo
18,00
19,30
20,30 Social Dinner

« Go Back to the Main Program

Computer Security: Where we are, Where we are going (6 hours)

The purpose of the course is to give a broad understanding of the current scenario of information technology, as well as the expected scenario in the near future. This understanding will be employed to clearly highlight the key security-related topics that need (and are worth of) further research, or that will be of interest in the near future. The course will also point out the open, challenging points. The second part of the course will give an overview of the main international research activities and opportunities in the field of computer security.

Contents

Where we are - the current computing scenario: devices, networks, computation paradigms, current practices in computer security, security tradeoffs. Why we are here - history of computing, and history of security, evolution of attacks, and evolution of design paradigms, defense and proactive mechanisms. Where we are going - the near future of computing scenarios, and related security issues and threats. Main research centers and laboratories, technical universities, technical committees, international organizations working on computer security. Renowned international journals, conferences, workshops. Research funding sources, job opportunities, internet community initiatives.

Lecturer: Edgar R. Weippl, Research Director of SBA Research and Associate Professor at the Vienna University of Technology, Austria

« Go Back to the Main Program

Security of the Infrastructure of Application Service Providers (6 hours)

This course aims to point out the main threats to the infrastructure of application service providers, as well as the state-of-the-art defense mechanisms, the key challenges and ways of research. In particular, this course will focus on web security, because of the wide adoption of the world wide web infrastructure for providing Internet services.

Contents

Goals of attacks against web services and users: financial, political, military (or other) gains. Vulnerabilities in the HTTP/HTTPS protocol. Vulnerability in the infrastructure. Server-side and client-side vulnerabilities. Exploitation of web vulnerabilities. Best security practices: programming and design paradigms, web development frameworks for ensuring availability, integrity and confidentiality. Defense systems: web application firewalls, browser configurations and plugins. Security tests and certifications.

Lecturer: Dawn Song, Associate Professor, Computer Science Division, University of California, Berkeley, USA

« Go Back to the Main Program

Security of User's Devices and Applications (9 hours)

This course aims to highlight the types, functionalities and goals of modern malware, how to detect them and how to fight the high-scale phenomenon of botnets. The course will highlight the open points and the most interesting ways of research on this topic.

Contents

Malicious software: types, variants, functionalities and goals. Modern malware evasion techniques: polymorphism, encoding, mimicry, kernel object modification. Malware detection: honeypots, anomaly-based and misuse-based techniques, sandboxing, malware clustering. Botnet detection and defense.

Lecturer: Lorenzo Cavallaro, Assistant Professor in the Information Security Group at Royal Holloway, University of London, UK.

« Go Back to the Main Program

Privacy in emerging scenarios (6 hours)

This course aims to clearly point out the main threats to the privacy of users within the framework of mobile users, wireless access, cloud computing, social networks, world wide web. At the same time, the course should highlight the possible ways to reduce the impact of this threat (e.g. new privacy-aware frameworks, defense mechanisms, privacy preserving tools), and the most interesting ways of research in the field.

Contents

Information privacy, data protection, access control policies, models and systems, information system security, inference control, and information protection. Privacy in the world wide web and for mobile applications. Key research activities for new privacy-preserving infrastructures and frameworks.

Lecturer: Pierangela Samarati, Professor at the Department of Information Technologies, University of Milan, Italy

« Go Back to the Main Program

Perspectives of consumers' privacy and cyber security and business tradeoffs for financial institutions (1 hour)

Scope of the talk is to highlight the (FI) Financial Institutions perspectives about cyber security and privacy and the tradeoffs that FI do between business and consumers' privacy and cyber security.

Contents

Data privacy and cyber security tradeoffs can be articulated by understanding the perspective of the business (e.g. generating revenue with customer data) and the people's (as citizens and clients) perspective of data privacy. From user perspective for example, the tradeoffs is the one of privacy of Personal Identifiable Information (PII) with the fact that this data can be given to the business such as financial services to provide a service (e.g. online banking). For the FI perspective, the tradeoffs are between business needs of using customers PII data and compliance with country data privacy laws. From the perspective of a financial institution's information security manager (e.g. CISO) the main concerns toward customers privacy is compliance with data breach disclosure laws (e.g. in the States, SB1386) and with data privacy laws enacted by the various countries where the FI operates. As citizens, the main questions to answer if the government is doing enough to protect his citizens privacy while as consumer the main question is what is the business liability for data that is either lost of compromised such as in case of security incidents. As cyber threats trend up and as business want to use more confidential and PII data, the consumers options to keep data private are certainly shrinking so perhaps the question is, who is stepping up and what citizens/consumers and countries/businesses can do to take stronger measures for preserving consumers rights to privacy of confidential and PII data.

Lecturer: Marco Morana, SVP Technology Risks & Controls at Citi