We are proud to announce the confirmed speakers of ARES (to be completed):
ARES EU Symposium Keynote:
Head of Unit DG CONNECT – H4 “eGovernment and Trust”, European Commission, Belgium
The keynote will be held in the ARES EU Symposium 2017 on Tuesday August 29, LH A
Andrea Servida is the Head of the Unit “eGovernment and Trust” in Directorate General ‘Communication networks, content and technology’ (DG CONNECT) of the European Commission whose mission is to advance the quality and innovation of public administrations and accelerating the large-scale public sector and private sector use of trusted identification and trust services in the digital single market by leadership in the eGovernment agenda and in eIDAS. From 2012 to June 2016, he led the eIDAS Task Force in charge of the adoption and implementation of the eIDAS Regulation (EU) N°910/2014. The purpose of the regulation is to deliver a predictable regulatory environment for electronic identification and trust services for electronic transactions in the internal market to boost user convenience, trust and confidence in the digital world. From 2006 to 2012, he was Deputy Head of the Unit “Internet; Network and Information Security” in DG INFSO where he co-managed the Unit and was in charge of defining and implementing the strategies and policies on network and information security, critical information infrastructure protection, electronic signature and identification. From 1993 to 2005, he worked in the European Commission ICT research programmes (ESPRIT, IT, IST and ICT) dealing with safety critical systems, software engineering, database technology, privacy enhancing technologies, biometrics, dependability and cyber security. Before joining the European Commission in 1993, he worked in industry for nearly eight years as a project manager of international R&D projects on decision support systems for environmental, civil and industrial emergency and risk management. He graduated with Laude in Nuclear Engineering at Politecnico di Milano and carried out PhD studies on fuzzy sets and artificial intelligence at Queen Mary and Westfield College, University of London.
University of Sheffield and Amazon, UK
Cloaking Functions: Differential Privacy with Gaussian Processes
Wednesday, August 30 2017, 14.00 – 15.00, LH A
Abstract: Processing of personally sensitive information should respect an individual’s privacy. One promising framework is Differential Privacy (DP). In this talk I’ll present work led by Michael Smith at the University of Sheffield on the use of cloaking functions to make Gaussian process (GP) predictions differentially private. Gaussian process models are flexible models with particular advantages in handling missing and noisy data. Our hope is that advances in DP for GPs will make it easier to ‘learn without looking’, i.e. gain the advantages of prediction from patient data without impinging on their privacy.
Neil Lawrence is a Professor of Machine Learning and Computational Biology at the University of Sheffield. He holds a PhD in Computer science from Cambridge University and had a postdoctoral stay with Microsoft Research Cambridge. He has served as the Chair of the NIPS Conference, the premier Machine Learning conference in the world, and was the founding editor of the Journal of Machine Learning (JMLR) Research Workshop and Conference Proceedings. He is a fellow of the Royal Society in the working group for machine learning.
More information can be found here.
Bring Mathematics into Biology: past, present and future impact on Heath
In this talk I will present examples of using machine learning techniques for a variety datasets from medical and biological problems and what are the advantages and disadvantages of this approach. I will also give examples when these techniques enabled to discover informative knowledge from a large complex system in the presence of small number of samples. Finally I will discuss how we use Machine Learning today for analysis of single-cell sequencing data and how we can use it for future more complex datasets generated integrating data from different sources.
Marta Milo is Lecturer in Computational Biology at the Department of Biomedical Science and is group leader at the Centre for Stem Cell Biology at the University of Sheffield. She was a Bioinformatics research fellow at the Sheffield Teaching Hospitals NHS Trust. She holds a PhD in Applied Mathematics and Computer Science from the University of Naples. The main focus of her professional career has been to develop truly interdisciplinary skills, complementing and refining her bioinformatics skills with a deep understanding of the biological nature of the data collected. This is to better identify limitations in the experimental designs and better quantify variations in the data collection and validation. Her work has been concentrating on the analysis and interpretation of high-throughput biological data, with the aim to produce feasible and robust hypotheses for a deeper understanding of the biological systems under study. In quantitative sciences numerical knowledge is not enough to understand and predict systems behaviours that are only partially observed. Since the beginning of 20th century it was clear that predictions of data required an additional “knowledge” to become meaningful. This knowledge needed to be quantified in a way that reflects our prior knowledge of the systems and what we were able to measure. It signed the start of introducing the concept of quantified uncertainty. Marta’s research interests focus on developing computational tools, pipelines, appropriate experimental designs and protocols to assist in improving accuracy and sensitivity in the analysis of biological data.
IT architect at IBM Business Analytics, Germany
DevOps in business critical environments
Workshop SSE 2017, Thursday, August 31 2017, 16.30 – 18.00, LH C
Abstract: DevOps is a great way to streamline development and deployment processes and reduce error risks. This is done for example by allowing the developer to bring his code from development to production himself. While this saves time and effort, it also poses a conflict to application compliance regulations. This is where Secure DevOps comes into place. Intra-daily deployments with two face approval? Secure DevOps allows to profit from the advantages of DevOps without having to sacrifice ASCA compliance. It is one of our innovation projects alongside of Watson Analytics and Analytics Apps for mobile devices.
Fabian is an IT architect at IBM Business Analytics. He builds & deploys business intelligence software automation for IBM and its clients. He is part of the innovation team, where they work on integrating innovative solutions and technologies into traditional business environment.
DevSecOps Lead, Intuit
Illuminating Cloud Security with DevSecOps
Workshop SSE 2017, Thursday, August 31 2017, 11.00 – 13.00, LH C
Abstract: Cloud Security is not yet well-defined and the path can be treacherous with adversaries that have become accustomed to it using their auto-pawn infrastructure to quickly capture targets. Developing a good set of controls and defenses can be difficult with larger workloads and sensitive data. Using continuous security methods, such as those integral to DevSecOps, has proven to be the best method for staying ahead of the bad guys. This talk will provide abuse cases and cover the symbiotic relationship of Cloud Security and DevSecOps.
Shannon is an award winning innovator with over two decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s cloud security strategy, roadmap and implementation in support of corporate innovation. She operates a 24×7 DevSecOps team that includes Red and Blue Team operations. Previous to joining Intuit, Ms. Lietz worked for ServiceNow where she was responsible for the cloud security engineering efforts. Prior to this, Ms. Lietz worked for Sony where she drove the implementation of a new secure data center and led crisis management for a large-scale security breach. She has founded a metrics company, led major initiatives for hosting organizations as a Master Security Architect, developed security software and consulted for many Fortune 500 organizations.
Full Professor of Computer Science, University of Firenze
Anomaly Detection for Complex Dynamic System
Workshop FARES 2017, Thursday, August 31 2017, 11.00 – 13.00, LH D
Abstract: Anomaly detection is a promising technique in complex software-intensive systems, as it allows to dynamically controlling the system behavior and permits to sustain resilience. Anomaly detection can infer the presence of errors without needing direct observation of the target service which most of the times and not accessible but acting on the observable parts of the system on which the service resides. Unfortunately, in such systems anomaly detection is often made ineffective due systems’ dynamicity, which implies changes in the services or in the workload. We present an approach to enhance the efficacy of anomaly detection in complex, dynamic software-intensive systems. After discussing the main challenges, we present MADneSs, an anomaly detection framework tailored for such systems. The framework includes an adaptive monitoring module that allows collecting data from the target system through a multi-layer monitoring approach. Monitored data are then processed by the anomaly detector, which adapts its parameters depending on the current behavior of the system, providing an anomaly alert. MADneSs evaluated through an experimental campaign on service oriented architectures based on software fault injection. We finally discuss our results with respect to state-of-the-art solutions, highlighting the key contributions of MADneSs both in quantitative and qualitative terms.
Andrea Bondavalli is a Full Professor of Computer Science at the University of Firenze. Previously he has been a researcher and a senior researcher of the Italian National Research Council, working at the CNUCE Institute in Pisa. His research activity is focused on Dependability and Resilience of critical systems and infrastructures, turning to Cyber-Physical Systems and IoT. In particular he has been working on designing resiliency, safety, security, and on evaluating attributes such as reliability, availability and performability. His scientific activities have originated more than 220 papers appeared in international Journals and Conferences. Andrea Bondavalli supports as an expert the European Commission in the selection and evaluation of project proposals and regularly consults companies in the application field. He led various national and European projects such as the Italian MIUR PRIN “DOTS-LCCI” and “TENACE” and several European projects from framework 2. He has coordinate the FP7-ICT-2013-10-610535 “AMADEOS” and the FP7-PEOPLE-2012-IAPP-324334 “CECRIS” . Now he is involved in the PIRSES-GA-2013-612569 “DEVASSES” and Regione Toscana projects SiSTER and TOSCA-FI. Andrea Bondavalli participates to (and has been chairing) the program committee in several International Conferences such as IEEE FTCS, IEEE SRDS, EDCC, IEEE HASE, IEEE ISORC, IEEE ISADS, IEEE DSN, SAFECOMP. He is the chair of the Steering Committees of IEEE SRDS and a member the Steering committee of LADC and of the editorial board of the International Journal of Critical Computer-Based Systems. Andrea Bondavalli is a member of the IEEE, the IFIP W.G. 10.4 Working Group on “Dependable Computing and Fault-Tolerance”.
Martin Gilje Jaatun
Senior Scientist at SINTEF Digital
Cyber Security in Critical Infrastructure Domains
Workshop IWCC 2017, Wednesday, August 30 2017, 11.00 – 12.30, LH C
Abstract: Cyber crime hits hardest when it affects critical infrastructures such as communications, electricity and water. This presentation will provide a brief overview with examples of cyberattacks in different critical infrastructure domains, and argue why it is important to build security into all software and hardware that we rely on in our daily lives.
Technology Transfer Director of ATOS R&I (ARI)
Known Unknowns in Cybersecurity research and transfer of results to the market
Workshop S-CI, Tuesday, August 29 2017, 13.30 – 15.00, LH D
Abstract: Known unknowns refers to risks and challenges we are mainly aware of, or follow predictable patterns. Although cybersecurity hype is rather new, the most of market trends and research challenges have been either reported before or follow patterns that have existed in information or IT security before. Based on the observation of past strategic research agendas or roadmaps in security and privacy, the keynote will address dynamics of changes and challenges including possible scenarios and tradeoffs: core versus edge, abstraction versus focused, open versus closed etc. The associated trends and challenges will be presented, with focus on the emerging concept of trust as service. Cybersecurity is also a topic on which a broad plethora of research activities are being carried out at national and international level and some of them will be presented during the session. These activities are also linked to market opportunities, but transferring the project results to the market has not been satisfactory in many cases. Related to this issue, Aljosa will talk about R&D cybersecurity technology transfer strategy, tactics and operations, with presentation of several examples.
ALJOSA PASIC current position is Technology Transfer Director in Atos Research & Innovation (ARI), based in Madrid, Spain. He graduated Information Technology at Electro technical Faculty of Technical University Eindhoven, The Netherlands, and has been working for Cap Gemini (Utrecht, The Netherlands) until the end of 1998. In 1999 he moved to Sema Group (now part of Atos) where he occupied different managerial positions. During this period he was participating in more than 50 international research, innovation or consulting projects, mainly related to the areas of information security or e-government. He is member of EOS (European Organisation for Security) Board of Directors, and collaborates regularly with organisations such as ENISA, IFIP, IARIA, FI-PPP and others.
Deutsche Bahn (DB) IT-Security expert
Challenges in securing critical infrastructures of the railway domain
Workshop S-CI, Tuesday, August 29 2017, 17.15 – 18.15, LH D
Abstract: The railway domain is a complex critical infrastructure(CI) linking communication and control elements, and susceptible to multiple security threats similar to those encountered by industrial control systems. However, protecting modern railway signalling systems is a challenging task given the rigorous human safety standards that must be adhered to while augmenting the systems with security mechanisms. As railway CIs are subject to strong regulation and also cannot be adequately protected by physical security given that they are distributed over large areas, the strong interplay of security and safety requirements results in both unique problems and solutions. In this presentation the current state of railway signalling, the obstacles to consider when protecting signalling using state of the art information security will be shown, and also contemporary approaches to address such obstacles will be shown. For this a shell concept as an approach to decouple safety and security and an integrated approach will be discussed. The railway domain is a complex critical infrastructure(CI) linking communication and control elements, and susceptible to multiple security threats similar to those encountered by industrial control systems. However, protecting modern railway signalling systems is a challenging task given the rigorous human safety standards that must be adhered to while augmenting the systems with security mechanisms. As railway CIs are subject to strong regulation and also cannot be adequately protected by physical security given that they are distributed over large areas, the strong interplay of security and safety requirements results in both unique problems and solutions. In this presentation the current state of railway signalling, the obstacles to consider when protecting signalling using state of the art information security will be shown, and also contemporary approaches to address such obstacles will be shown. For this a shell concept as an approach to decouple safety and security and an integrated approach will be discussed.
Christian Schlehuber studied informatics and IT-Security at the TU Darmstadt with a specialization in critical infrastructures. After receiving his master degree he started to research at the Security Engineering Group of TU Darmstadt on the topic Critical Infrastructure Protection in 2013. In 2015 he got the opportunity to apply his researches in the interlocking technologies of DB Netz AG and switched to DB Netz AG. He currently is responsible for the IT-Security of the operational technologies of DB Netz AG. Besides this he is active in the European research projects Shift2Rail and CIPSEC, which aim at improving the IT-Security of Critical Infrastructures. He is also member of the CENELEC SG 24 and currently working on a European standard on IT-Security for Railways.
Dr Shujun Li
University of Surrey, UK
Abstract: In this talk, the speaker will discuss how information hiding has evolved from traditional approaches based on digital objects to network based approaches and more recently to even more general approaches based on diverse activities in the cyber-physical-social world including observable behaviors of human users and activities of automated programs (e.g., bots) and devices (e.g., smart sensors). He will introduce some recent work he and his collaborators have been working on, which started several years ago from a small feasibility research project called “Mobile Magic Mirror (M3): Steganography and Cryptography on the move”
Dr Shujun Li will join the University of Kent later in 2017 as a Professor of Cyber Security and Director of its Interdisciplinary Research Centre in Cyber Security. He is currently a Reader (Associate Professor) at the Department of Computer Science, University of Surrey, and has been a Deputy Director of the Surrey Centre for Cyber Security (SCCS) since July 2014. SCCS has been a UK government recognized Academic Centres of Excellence in Cyber Security Research (ACE-CSR) since 2015 and its status has been recently re-recognized until 2022. Dr Li’s research interests are mostly around interdisciplinary topics covering cyber security, digital forensics and cybercrime, human factors and human-centric computing, multimedia computing and information visualization, and applications of artificial intelligence and discrete optimization. Due to the interdisciplinary nature of his research, Dr Li is actively working with researchers from other disciplines especially Electronic Engineering, Psychology, Business and Sociology. He has been leading a number interdisciplinary research projects including one on better approaches to understanding and influencing human behaviors for reducing human-related risks (ACCEPT), one on applications of cognitive modelling in cyber security (COMMANDO-HUMANS), and one on human-assisted machine learning for data loss prevention (H-DLP). Several projects he has been involved are about crime investigation and prevention (e.g. POLARBEAR), digital forensics (e.g. one on digital forensics standards), and information hiding (e.g. M3 and another research project on digital watermarking). He has been working very closely with industry and public bodies especially law enforcement agencies (LEAs) including a number of UK LEAs and Europol. Dr Li has published around 100 publications at international conferences and journals, and his work has attracted over 5500 citations with an h-index of 38 (Google Scholar). He is the co-editor of the Handbook of Digital Forensics of Multimedia Data and Devices, co-published by Wiley and IEEE Press in 2015. He is currently on the editorial boards of 5 international journals and has been on the organizing and technical program committees of many international conferences and workshops. He has one pending EU patent application on a new information hiding technology and another UK patent application on a new user authentication framework. Although not a mathematician or a theoretical computer scientist, his interdisciplinary work with at least two groups of researchers gives him a current Erdös Number of 3. Dr Li is a Senior Member of IEEE, a Professional Member of ACM, and a Global Member of the Internet Society. From 2009-2011 he was a member of MPEG (ISO/IEC JCT 1/SC 29/WG 11), and in 2012 was awarded an ISO/IEC Certificate of Appreciation for being the lead editor of ISO/IEC 23001-4:2011, the 2nd edition of the MPEG RVC standard. More about Dr Li’s research can be found at http://www.hooklee.com/.
Warsaw University of Technology, Poland
Abstract: In this keynote the main facts and activities related to the newly formed Criminal Use of Information Hiding (CUIng) initiative launched in cooperation with Europol EC3 will be presented. Moreover, the rising trend of information hiding-based malware will be characterized and the challenges for digital forensics experts related to this new phenomenon will be discussed.
Wojciech Mazurczyk is an Associate Professor at Cybersecurity Division, Institute of Telecommunications (IT), Faculty of Electronics and Information Technology, Warsaw University of Technology (WUT), Poland. Co-founder of Cybersecurity Division and the head of the Bio-inspired
covered by worldwide media numerous times including in “IEEE Spectrum”, “New Scientist”, “MIT Technology Review”, “The Economist”, “Der Spiegel”, etc.
Dr Richard Overill
The Sky: a Neglected Source of Error in Digital Forensic Investigations?”
Abstract: When evidence is recovered from a suspected crime scene prior to mounting a criminal prosecution the defence team will either try to discredit the recovered evidence or try to come up with an alternative non-criminal explanation for the evidence. This is as true in digital forensics as in any other branch of forensics science. Sometimes an alternative explanation appears sufficiently plausible that the court is not convinced by the prosecution’s case “beyond all reasonable doubt”. Examples of this include the “Trojan Horse Defence” and the “Inadvertent Download Defence”. One of the strands of my digital meta-forensics research is to devise and evaluate the plausibility of such alternative explanations proactively, in anticipation of their use at trial by the defence team.