We are proud to announce the confirmed speakers of ARES 2015:
Let’s Encrypt: Deploying free, secure, and automated HTTPS certificates for the entire Web
EFF Technology Projects Director
Abstract: EFF Technology Projects Director Peter Eckersley will discuss the obstacles that have prevented us from transitioning to a secure, encrypted Web that uses HTTPS by default. He will provide an overview of the Let’s Encrypt CA which EFF is building with Mozilla, Cisco, Akamai and IdentTrust, to offer free and automated deployment of certificates for HTTPS/TLS/SSL, and of other standards initiatives that will be necessary to make Web communications safe by default against surveillance, censorship, and tampering on the network.
University of Innsbruck, Austria
In blocks we trust: the case of crypto-currencies
Abstract: Cryptographic currencies, such as Bitcoin, have received considerable attention from researchers and practitioners in various fields. In this talk, I analyze the potential of block chain technologies — a term referring to Bitcoin’s underlying authenticated data structure — for general purpose distributed arbiters. I share observations on the success factors driving initial adoption and long-term sustainability of the Bitcoin system as we know it. I try to motivate research questions that address fundamental obstacles to the theoretical analysis and practical implementation of block chain technologies, and I sketch a vision of how they might be overcome.
Rainer Böhme is Professor of Security and Privacy at the Institute of Computer Science, Universität Innsbruck, Austria. A common thread in his scientific work is the interdisciplinary approach to solving exigent problems in information security and privacy, specifically concerning cyber risk, digital forensics, cyber crime, and crypto finance. Prior affiliations in his academic career include TU Dresden and Westfälische Wilhelms-Universität Münster (both in Germany) as well as the International Computer Science Institute in Berkeley, California.
Read more about Rainer Böhme.
Università degli Studi di Milano, Italy
Data Security and Privacy in the Cloud
Abstract: The rapid advancements in Information and Communication Technologies (ICTs) have enabled the emerging of the “cloud” as a successful paradigm for conveniently storing, accessing, processing, and sharing information. With its significant benefits of scalability and elasticity, the cloud paradigm has appealed companies and users, which are more and more resorting to the multitude of available providers for storing and processing data. Unfortunately, such a convenience comes at a price of loss of control over these data and consequent new security threats that can limit the potential widespread adoption and acceptance of the cloud computing paradigm. In this talk I will illustrate some security and privacy issues arising in the cloud scenario, focusing in particular on the problem of guaranteeing confidentiality and integrity of data stored or processed by external cloud Providers.
Pierangela Samarati is a Professor at the Department of Computer Science of the Universita‘ degli Studi di Milano. Her main Research interests are access control policies, models and systems, data security and privacy, information system security, and Information protection in general. She has participated in several projects involving different aspects of information protection. On these topics she has published more than 240 peer-reviewed articles in international journals, conference proceedings, and book chapters. She is the Coordinator of the ESCUDO-CLOUD European project (H2020). She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems of George Mason University, VA (USA).
She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the Steering Committees of the European Symposium on Research in Computer Security (ESORICS), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is member of several steering committees. She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012). She has been awarded the IFIP TC11 Kristian Beckman award (2008) and the IFIP WG 11.3 Outstanding Research Contributions Award (2012).
Read more about Pierangela Samarati.
Trust & Security Unit, European Commission
The European Strategic Agenda for Research and Innovation in Cybersecurity
Abstract: This talk will present the European Strategic Research and Innovation Agenda (SRA) for cybersecurity as it is being released by the Working Group on Secure ICT Research and Innovation (aka WG3) of the Network and Information Security Platform, which is a public-private partnership put in place by the European Commission in 2013. Members of WG3 are close to two hundred. They address issues related to cybersecurity research and innovation in the context of the EU Strategy for Cyber Security and of the Network and Information Security Platform. WG3 identified the key challenges and corresponding desired outcomes in terms of innovation-focused, applied but also basic research in cybersecurity, privacy, and trust. The European SRA for cybersecurity designed by WG3 serves as main input for the drafting of Horizon 2020 Work Programmes by the European Commission and is source of inspiration for the coordination of, and collaboration between, research agendas across Europe, including industry research roadmaps and national research and innovation programmes of the Member States.
Afonso Ferreira is currently in charge, amongst others, of the general secretariat of the Working Group on “Secure ICT Research and Innovation” of the European Network and Information Security Platform, which provides the input for Horizon 2020 Work-Programmes in Digital Security, and is leading the planning and financing of cybersecurity activities through the Connecting Europe Facility programme. He has been seconded as a French expert to the European Commission since 2011, working now as policy officer at the Trust and Security unit of the DG CONNECT. Other assignments included the Future and Emerging Technologies unit and the Digital Futures task force.
Read more about Afonso Ferreira.
Workshop AU2EU I, Monday 24 August 2015, 09:15 – 09:45
Anonymous Authentication in a Cloud Context
Abstract: The cloud provides a new model for the deployment and development of services and applications. This model that makes deployment and development significantly easier. However, it also means that some or all components of an application run somewhere in the cloud and thus also potentially process user data in the cloud, i.e., in a domain that is not necessarily controlled by the owner of the data. In this talk we look at the case of how the different components of an anonymous authentication system can be used in conjunction with the cloud model, identify potential issues and discuss how they can be addressed.
Jan Camenisch is an Principal Research Staff Member at IBM Research and leads the Privacy & Cryptography research team. Jan got is PhD in cryptography in 1998 from ETH Zurich. He is a member of the IBM Academy of Technology and an IEEE Fellow. He is a leading scientist in the area of privacy and cryptography, has published over 100 scientific papers, and has received a number of awards for his work including the 2010 ACM SIGSAC outstanding innovation award and the 2013 IEEE computer society technical achievement award. Jan was leading the FP7 European research consortia PRIME and PrimeLife and he and his team have participated and continue to do so in many other projects including ABC4Trust, AU2EU, and Witdom. Jan currently holds an advanced ERC grant for personal cryptography.
Achim D. Brucker
Workshop ASSD I, Wednesday 26th of August, 10:15 – 11:45
Agile Secure Software Development in a Large Software Development Organisation: Security Testing
Abstract: Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between „end of development“ and „offering the product to customers“.
Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP’s security development lifecycle which supports the specific needs of the various software development models at SAP.
In this presentation, we will briefly presents SAP’s approach to an agile secure software development process in general and, in particular, present SAP’s Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and Tools.
Dr. Achim D. Brucker is a Research Expert (Architect), Security Testing Strategist, and Project Lead at SAP SE. He received his master’s degree in computer science from University Freiburg, Germany and his Ph.D. from ETH Zurich, Switzerland. He is responsible for the Security Testing Strategy at SAP. His research interests include information security, software engineering, security engineering, and formal methods. In particular, he is interested in tools and methods for modeling, building and validating secure and reliable systems. He also participates in the OCL standardization process of the OMG.
UCD School of Computer Science and Informatics
Workshop WSDF II, Wednesday 26th of August, 14:15 – 15:15
Remote Evidence Acquisition
Abstract: In an increasing trend, more and more consumer and enterprise data is being accessed on-the-fly and synchronised from remote machines or cloud services. Providing the ability to transfer, store and analyse digital evidence from these remote sources could prove invaluable to a variety of investigations. In a typical investigation, a number of impeding factors might result in traditional local evidence acquisition becoming extremely time consuming, if not entirely impossible, for example device encryption, data corruption, device destruction, etc. This talk provides an overview of the techniques available for the acquisition and handling of digital forensic evidence from a variety of remote sources including physical media, peer-to-peer networks and file synchronisation services, and discusses the methods available for the verification of the evidence collected.