Keynote Speakers 2020

We are proud to announce the confirmed speakers:

ARES Keynotes

Title. TBA
Karen Renaud, Abertay University, UK

Karen Renaud is a Scottish computing Scientist working on all aspects of Human-Centred Security and Privacy. She was educated at the Universities of Pretoria, South Africa and Glasgow. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. Her research approach is multi-disciplinary, essentially learning from other, more established, fields and harnessing methods and techniques from other disciplines to understand and influence cyber security behaviours.

Workshop Keynotes

Structural equation modeling in cybersecurity research
Dr. Simon L. R. Vrhovec, Assistant Professor at the University of Maribor, Slovenia

Workshop IWSMR

Abstract:Structural equation modeling (SEM) is one of the most prominent data analysis methods across a variety of different disciplines. SEM is however only occasionally applied in cybersecurity research (e.g. for determining cybercrime victimization and cybersecurity behavior factors). This may be attributed to several factors from poor awareness of SEM among cybersecurity researchers to different measurement challenges. This keynote focuses on the basics of covariance-based structural equation modeling (CB-SEM) through the analysis of a typical dataset. The presented SEM analysis will involve validation of a measurement instrument with a confirmatory factor analysis (CFA) and test of a research model with path analysis. The structure of a typical measurement instrument and issues with measurement common in cybersecurity research will be discussed. The limitations of CB-SEM and alternatives, such as PLS-SEM, will also be outlined.

Dr. Simon L. R. Vrhovec is an Assistant Professor at the University of Maribor, Slovenia. He received his Ph.D. degree in Computer and Information Science from the University of Ljubljana in 2015. He co-chaired the Central European Cybersecurity Conference (CECC) in 2018 and 2019. Since 2019, he is a Steering Committee member of the European Interdisciplinary Cybersecurity Conference (EICC). He is a member of Editorial Boards of the Journal of Cyber Security and Mobility and International Journal of Cyber Forensics and Advanced Threat Investigations. He is or has been a Guest Editor for special issues of IEEE Security & Privacy, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), and Journal of Universal Computer Science (J.UCS). His research interests are in human factors in cybersecurity, secure software development and agile methods, resistance to change, and medical informatics.

Reviewing the DevSecOps community surveys: What we learned in the last 6 years on how to be a DevSecOps Elite

Hasan Yasar, technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division

Workshop SSE

Abstract: We’ve spent six years studying the secure coding practices of DevOps and the continuous delivery organizations by surveying over 20,000 software professionals.  We’ve analyzed their staffing practices, educational priorities, automation choices, security tools usage and various software development processes that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short and breaches happen.

We know, as a collective team, how to produce the highest quality of software by following a DevOps methodology. This methodology helps us enforce security checks at each phase in a SDLC.  We learned many lessons on how automation help improve security. For example, how happy developers vs grumpy developers effect better software security. More specifically, recent surveys point out that mature DevOps practices are 3.6x more likely to consider security as a top concern and 2x more likely to have automated governance and compliance. Mature DevOps practices are constantly testing, deploying, and validating that the software meets every requirement and allows for fast recovery in the event of a problem.

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI’s clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

His current areas of professional interest include the following:

  • secure software development including threat modeling, risk management framework and software assurance model
  • secure DevOps process, methodologies and implementation
  • software development methodologies (Agile, Safe, DevOps)
  • cloud based application development, deployment and operations
  • software architecture, design, develop and management of large-scale enterprise systems

Track me if you can: Abusing the DNS infrastructure to prevent (botnet) takedowns
Davide Ariu, CEO at Pluribus, Italy

Workshop IWCC

Abstract:The Domain Name System (DNS) represents one of the main pillars of the Internet infrastructure. It provides not only a facility of translation from domain names to IP addresses (and vice-versa). Instead, it represents the cornerstone on which many services are built, including services supporting cyber-security applications.
Unfortunately, such a robust infrastructure represents a key asset also for cyber-criminals, since the most significant fraction of the cyber-attacks nowadays involves a form of abuse of a domain name or the DNS service. Thus, monitoring and analyzing the DNS traffic represents a fundamental step toward prompt detection and reaction to cyber-attacks.
During this talk, a quick overview of widespread threats affecting the DNS service will be offered. The talk will briefly recap the fundamentals of the DNS system, and will then show examples of real attacks where the DNS is either abused or opportunistically used. Then it will cover three main families of attacks, namely domain fluxing, IP fluxing, and cybersquatting. For each family, details of the attack techniques will be provided, together with some possible detection approaches recently proposed in the literature.

Davide Ariu is the CEO of Pluribus One (, a producer of cyber-security solutions empowered by secure and explainable AI.
He has a background as a computer security researcher, given that he has been working since 2005 on applications of machine learning to computer security. He is affiliated, since then, with the Pattern Recognition and Applications Laboratory of the University of Cagliari (
In 2010 he got a PhD in Computer and Information Security after also a visiting period at the Georgia Tech Information Security Center.
On such topics, he has published about 30 papers in peer-reviewed conferences, journals, and workshops. He regularly serves as a reviewer for international conferences and journals, including, among the others, the IEEE Transactions on Information Forensics and Security, Elsevier Computer Networks, and Elsevier Computers and Security. He is ACM and IEEE member.
From 2012 to 2016, he has been among the organizers of the Summer School on Computer Security and Privacy “Building Trust in The Information Age” (
In recent years, he participated in more than 10 EU funded research project, with coordinating duties in the context of the projects CyberROAD ( and ILLBuster ( He currently covers the role of Innovation Manager for the SIMARGL project ( In 2015 he co-founded Pluribus One, which currently represents the primary focus of his activity.

Targeted image steganalysis using the embedding algorithm in the detection method
Prof. David Megías, Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), Universitat Oberta de Catalunya (UOC)


Abstract: It is increasingly common to use steganography for malicious purposes, either to maintain secret communications between members of criminal and terrorist groups, or as a means to deploy cyberattacks or infect information systems with malware. For this reason, steganalysis has received growing attention by the research community in the last few years. Steganalysis is the term used to refer to the different techniques that are used to detect statistical anomalies in the potential carriers of steganographic messages in order to identify suspected stego objects.

Images and the network protocols are two of the most frequently used carriers of secret steganographic messages in malicious scenarios. This keynote focuses on image steganalysis and summarizes a research line that has led to different published results in the last few years. The main idea behind the steganalytic methods overviewed in the presentation is to exploit the targeted embedding algorithm itself within the steganalytic method. When appropriately used, the embedding method aimed to be detected can increase the accuracy of current steganalytic methods and even help to predict whether a steganlytic detector will provide a reliable classification of a set of suspected images or not. The pros and cons of this strategy will be discussed, and some ideas for further research will be outlined.

Prof. David Megías is the Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), at the Universitat Oberta de Catalunya (UOC). He received the Ph.D. degree in computer science from the Universitat Autònoma de Barcelona (UAB) in July 2000. Since October 2001, he has been at the UOC with a permanent position (currently as Full Professor). At the UOC, he has held several academic positions, until he was appointed director of the IN3 in April 2015. His current teaching is mostly related to computer networks, information security (watermarking and steganography), and research techniques and methodologies in the field of network and information technologies. His current research interests focus on information security and privacy, and include the security and privacy in multimedia content distribution (mainly in the watermarking and fingerprinting topics), steganography and steganalysis, and privacy concerns in different applications of decentralized networks. He has published research papers in numerous international journals and conferences and has participated in several national joint research projects both as a contributor and as principal investigator. He is also member of the editorial board and programme committees of several journals and conferences in the area of security and privacy.

Machine learning for intelligent sensors

Simin Nadjm-Tehrani, Linköping University, Sweden

Workshop CyberTIM

Abstract: Intrusion detection systems (IDS) can be considered as one sensor amongst many in enterprises that aim to create threat intelligence based on collected data from their systems. IDS research has a long history but at the same time very hard to evaluate scientifically. In this talk I will describe the major stumbling blocks for evaluation of IDS, including lack of relevant and large datasets, lack of possibility to perform live experiments, and lack of understanding of what the application of machine learning approaches tells us today. Using examples from recent work in the context of critical infrastructures I show that collected data from emulated or virtual test beds may have characteristics far from those observed in data collected from real systems.

Simin Nadjm-Tehrani is a professor in dependable distributed systems at Linköping University and the lab leader for the Real-time Systems Laboratory at Dept. of Computer and Information Science. Her research interests span multiple attributes of dependability, with applications in safety-critical systems, time-critical systems, and security in critical infrastructures. She is the coordinator of the national research centre on Resilient Information and Control Systems ( in Sweden since 2015, a centre supported by the Swedish Civil Contingencies Agency (MSB).

An Overview of Research Directions for Protecting Privacy of Location Data
Gabriel Ghinita, Associate Professor at University of Massachusetts

Workshop LPW

Abstract: The use of location data has become ubiquitous, given the emergence of mobile apps in the past decade. Numerous services rely on location data to provide customized service to their users. While the benefits of using such data for location-based services, recommender systems or healthcare apps are clear, there are also concerns with respect to protecting individual privacy. Disclosing location traces to an untrusted service can lead to serious privacy violations.

This talk will explore the latest research directions and trends in protecting the privacy of location data. We will investigate three main categories of approaches: (1) differential privacy for releasing statistics on user whereabouts; (2) geo-indistinguishability for location perturbation in online services; and (3) techniques for processing on encrypted location data. These three approaches offer interesting trade-offs with respect to data accuracy, performance, and the nature of data access supported (i.e., aggregate data access vs individual location data use).

Dr. Gabriel Ghinita is an Associate Professor at University of Massachusetts, Boston. During the 2018/19 academic year, he spent one year as a Visiting Associate Professor at University of Southern California. Prior to joining UMB in Fall 2011, he was a Research Associate at the Purdue Cyber Center and Purdue Center for Education and Research in Information Assurance and Security (CERIAS).

Dr. Ghinita’s research focuses on information security and privacy, with emphasis on protecting location data. His 2008 work published in ACM SIGMOD 2008 was the first to support practical nearest-neighbor queries  with  cryptographic-strength  protection,  and  has  more  than  900  citations  to  date  (according  to  Google Scholar). His research work on protecting location privacy received an Outstanding Paper Award at  the  ACM  SIGSPATIAL  2009  conference,  and  a  Distinguished  Paper  Award  at  the  2014  ACM  Conference on Data and Application Security and Privacy (CODASPY)

Internet of Things (IoT) Forensics: Challenges and Opportunities
Kim-Kwang Raymond Choo, University of Texas at San Antonio, USA

Workshop WSDF

Abstract:Internet of Things (IoT) devices are becoming commonplace in our society, due to their widespread applications (e.g., environmental monitoring, smart cities, healthcare, surveillance, and battlefields such as Internet of Battlefield Things). Such devices are also generally capable of capturing a broad range of information, including digital artefacts that can facilitate a digital investigation during a cyber security incident (e.g., data breach). While IoT devices are potential evidence acquisition sources, there are a number of challenges associated with IoT forensics and investigations as discussed in this presentation. We also identify a number of opportunities, which hopefully will help to shape future research agenda on IoT forensics. For example, we posit the importance of having a digital forensic black-box, conceptually similar to the cockpit voice recorder (also known as a flight recorder) on aircrafts, to facilitate digital investigations.

Kim Wang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia, and currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA), US. In 2015 he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, Outstanding Associate Editor of 2018 for IEEE Access, British Computer Society’s 2019 Wilkes Award Runner-up, 2019 EURASIP Journal on Wireless Communications and Networking (JWCN) Best Paper Award, Korea Information Processing Society’s Journal of Information Processing Systems (JIPS) Survey Paper Award (Gold) 2019, IEEE Blockchain 2019 Outstanding Paper Award, International Conference on Information Security and Cryptology (Inscrypt 2019) Best Student Paper Award, IEEE TrustCom 2018 Best Paper Award, ESORICS 2015 Best Research Paper Award, 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, 2008 Australia Day Achievement Medallion, and British Computer Society’s Wilkes Award in 2008.

Semi-Automated Cyber Threat Intelligence (ACT)
Dr. Martin Eian, Head of Research at mnemonic, Norway

Workshop NG-SOC 2020

Abstract: The ACT platform is an open source, scalable graph database with support for granular access control and workflow management. ACT enables advanced threat enrichment, threat analysis, visualization, process automation, lossless information sharing, and powerful graph analytics. Its modular design and APIs facilitate implementing new workers for enrichment, analysis, information sharing, and countermeasures. This presentation will explain why we built ACT, how we did it, the challenges we faced, and the lessons we learned.

In 2014, we decided that we needed a platform that would let us collect and organize our knowledge of threats, facilitate analysis and sharing, and make it easy to retrieve that knowledge when needed. We spent too much time on manual processes, copy-pasting information between different systems. A lot of our knowledge was in unstructured form, which made it difficult and time consuming to figure out if we had relevant knowledge that could help us decide how to handle security alerts and security incidents. We evaluated the existing threat intelligence platforms, concluded that they could not easily be adapted to meet our needs, and decided to research and develop a new platform: ACT. The ACT platform is the product of a 3-year collaborative research project between the private sector, security agencies, CERTs and universities.

Dr. Martin Eian is the Head of Research at mnemonic. He has more than 15 years of work experience in IT security, IT operations, and information security research roles. In addition to his position at mnemonic, he is a member of the Europol EC3 Advisory Group on Internet Security.