In this year, we are going to organize an industrial track on 28th and 29th September with the purpose of inviting ICT and cybersecurity industries and associations to present their secure projects, solutions, frameworks and products. Beyond that, we expect to provide an international platform for those partners to explore further collaborations and talk to the next generation of cybersecurity experts, researchers and engineers. Confirmed speakers are from ING, NVIDIA, EIT Manufacturing, ICANN, Roseman Labs, CheckPoint, TM Systems.
Table of Contents
Title: Safeguarding the DNS: ICANN’s Security Research Initiatives
Speakers: Dr. Samaneh Tajalizadehkhoob and Dr. Carlos H. Gañán
Date and Time: 28th September, Thursday, 09:00 – 10:00
In this presentation, we delve into the world of Domains and DNS abuse, highlighting ICANN’s critical role in Internet security. We explore the evolution of the DNS, emphasizing the need for security measures against threats like cache poisoning and denial of service attacks. We introduce the ICANN SSR Team and their efforts to enhance DNS security, including the implementation of DNS Security Extensions (DNSSEC) and the concept of a “Chain of Trust” to protect against data tampering. Turning to recent events, we examine the intersection of COVID-19 and internet security. We reveal tactics used by cybercriminals during global events and the surge in pandemic-related domain registrations. Our innovative approach to identifying pandemic-related domains is presented, along with its findings. We conclude by discussing data flow and output, inviting engagement with ICANN.
Dr. Samaneh Tajalizadehkhoob holds a PhD in web security, policy, and mathematical analysis from Delft University of Technology. She has more than eight years of experience in the area of cybersecurity and the human factor. Previously, she collaborated with academic institutions and security industry partners across the world in areas related to vulnerability measurement, patch management, statistical modeling of security incidents, abuse incident predictions, and the economics of online banking fraud. Currently, Samaneh is director of the Security, Stability and Resilience (SSR) Research group at ICANN’s Office of the Chief Technology Officer where she leads research related to DNS abuse, security and policy, and translates operational security problems from the ICANN community into potential areas of research. Additionally, Samaneh sits on the program committee of multiple academic and industry conferences. She also is a mentor in the ITU’s Women in Cyber Mentorship Program, where she mentors and supports women worldwide.
Dr. Carlos H. Gañán is an internet security researcher with a background in information security and governance. His research focuses on measuring and improving the resilience and stability of the internet and in particular the misuse of internet identifiers. His research uses socio-technical approaches that combine big data analytics techniques and network science methods to understand cybersecurity problems. He tries to understand broadly how economic factors influence the choices of different actors in response to security threats with the aim of a better societal understanding of information security errors and how to deal with them. His research increases societal resilience to cybersecurity risks through more efficient and effective institutional and incentive structures. He is also passionate about data science and network security.
Title: Operational risk requirements and solution deployments to improve cybersecurity in manufacturing (Panel)
Speakers: Christian Bölling (Managing Director, EIT Manufacturing Central gGmbH), Enrico Frumento (Cybersecurity Senior Domain Expert, Cefriel), Thorsten Breuer, Kaitai Liang (TU Delft)
Date and Time: 28th September, Thursday, 10:00 – 11:30
The rise of digital technologies and the accompanying push towards smart manufacturing leads to new risks and challenges ranging from data breaches to unnoticed manipulation of production. As a result, manufacturers need to focus on cybersecurity in their factories. But what do they need to consider when improving cybersecurity?
Together with partners from industry and research, we will talk about the industry requirements for cybersecurity and how they can be solved.
After the panel discussion, two specialised start-ups will present their solutions for better cybersecurity:
- Amir Gil – SIGA
- Christian Persurich – Bitkorp
Christian Bölling (Managing Director, EIT Manufacturing Central gGmbH) joined the German entity of EIT Manufacturing, a leading European innovation network for production technology, in December 2019 as its Managing Director. EIT Manufacturing’s mission is to bring European manufacturing actors together in innovation ecosystems that add unique value to European products, processes and services to inspire the creation of globally competitive and sustainable manufacturing. Prior to joining EIT Manufacturing, Christian Bölling worked at the Technical University of Darmstadt (Germany) where he held various positions (e.g., Head of Cutting Technology Research) at the Institute of Production Management, Technology and Machine Tools. His doctoral thesis dealt with the simulation-based design of tooling solutions. In this context, he was responsible for several projects aimed at IoT solutions for machining processes. Christian Bölling remains connected to the academic world as he is a lecturer at the Technical University of Darmstadt.
Enrico Frumento (Cybersecurity Senior Domain Expert, Cefriel) is a Senior Domain Specialist in the cybersecurity team at Cefriel, a privately funded ICT technology research and innovation centre. He has more than 20 years of experience in cybersecurity and has authored many publications and books on the subject. He is also a member of European cybersecurity organisations. His research primarily focuses on unconventional security, cybercrime intelligence technologies, tactics and techniques. His research focuses on unconventional security, cybercrime intelligence technologies, tactics and techniques, and the contrast to modern social engineering and dynamic assessment of organisations’ vulnerabilities corresponding to tangible and intangible assets at risk. Additionally, he regularly conducts training sessions on cybersecurity and cybercrime tactics, techniques, and technology. He has been working in the field of cybersecurity since 1997.
Kaitai Liang is a tenured faculty member of the Cybersecurity group at Delft University of Technology. With over 10 years experiences on cybersecurity R&D, his main focus is on the design and implementation of cryptographic protocols to security. He has led as a PI in several European funded projects, and delivered real-world impact via these projects with academic and industrial partners. He has also maintained a tight research relationship with Europe, Asia-pacific and northern America academic communities and published a series of research works, applying information security and crypto tools to address cybersecurity challenges. These publications have appeared in high-tier international information security journals and A* conferences, e.g., USENIX Security, NDSS, ESORICS (Best Research Paper Award in 2015), Asiacrypt, IEEE TIFS, and IEEE TDSC. Beyond his research contributions, Dr. Liang has played an active role in the academic community serving as a Technical Program Committee (TPC) member, General Chair, and Steering Committee member for over 25 renowned international security and privacy conferences, including IEEE Euro S&P, ESORICS, IEEE CSF, and PoPETs. Furthermore, he has made valuable contributions to ISO standards as a member of the standards committee 381027 “Cybersecurity & Privacy” at NEN. In addition to his academic pursuits, Dr. Liang serves as an Associate Editor for esteemed journals such as the Computer Journal, IEEE Systems Journal, IEEE Transactions on Artificial Intelligence, and the EURASIP Journal on Information Security.
Title: The Future of Intrusion Detection in the Cloud with Nvidia DOCA AppShield
Speaker: Dr. Ahmad Atamli
Date and Time: 28th September, Thursday, 14:00 - 15:00
Virtual Machine Introspection (VMI) is an essential technique for monitoring the runtime state of a virtual machine. VMI systems are widely used by major cloud providers as they enable a range of applications, such as malware detection.
Unfortunately, existing VMI systems suffer from several shortcomings: they either compete with the introspected VMs for shared CPU resources or report poor performance.
We present Nvidia DOCA AppShield, a datapath library operating system that efficiently runs VMI applications by leveraging a physically isolated device: a Data Processing Unit (DPU).
DOCA AppShield facilitates the creation of hardware-accelerated VMI applications and frees the CPU cores while providing performance isolation.
The DOCA AppShield interface abstracts the DPU accelerators and provides an SDK for collecting metrics from running virtual machines using kernel bypassing, achieving μs-scale introspection latency.
In this talk, we present the innovation behind DOCA AppShield and compare it to prior VMI systems. DOCA AppShield achieves 34 times higher bandwidth while monitoring tens of VMs concurrently, without hindering the VMs’ performance.
Dr. Ahmad Atamli is the Innovator and Director leading Nvidia’s involvement in the ASSURED project on runtime tracing. The team led by Dr. Atamli aims to provide efficient monitoring of the behavior of a system, ranging from IoT devices to devices used in cloud environments. In his early career at Mellanox Technologies as the Director of R & D, Dr. Atamli led the security architecture of BlueField Data Processing Unit (DPU), a new innovative technology that provides an isolated environment and hardware primitive for securing cloud environments. The aforementioned innovation shows significant improvement in multiple security workloads, delivering better scale and efficiency compared to host machines.
Dr. Atamli has 15+ years of experience in cybersecurity and has led the development of many security products in the IoT and Cloud space. He holds a Ph.D. in System Security from the University of Oxford, United Kingdom. Dr. Atamli has published numerous world-class academic articles in ACM, IEEE, Springer, and others and holds several patents in the security field. He has wide experience in various security domains such as hardware, platform, and system security, digital forensics, malware analysis, memory analysis, and trust in cloud environments.
Title: Absolute Zero Trust Framework: never trust, always verify
Speaker: Zahier Madhar (Security Engineer & Evangelist, CheckPoint)
Date and Time: 28th September, Thursday, 15:00 – 16:00
In 1994, the term ‘zero trust’ was introduced. This term refers to a security approach based on the fundamental principle that nothing is automatically trusted, not even within an organizational network. Twenty-nine years later, this concept is more important than ever. As in the modern era of digital transformation, boundaries disappear, and the attack surface expands.
During this presentation, Zahier will showcase how Zero Trust evolved to the Absolute Zero Trust Framework.
Zahier Madhar, Security Engineer & Evangelist, CheckPoint
Title: Developments in privacy-enhancing technologies: overview and real-world use cases
Speaker: Mark Abspoel (Cryptographer)
Date and Time: 28th September, Thursday, 16:00 – 17:00
In this talk, we discuss the emergence of privacy-enhancing technologies (PETs). We give an overview of the different technologies that currently exist, both based on cryptography and on other techniques, and discuss some recent developments. Finally, we discuss some real-world use cases where PETs are used to enable collaboration on data between several organizations.
Mark Abspoel is a cryptographer at Roseman Labs, where he works on their data collaboration tool that is based on secure multi-party computation (MPC). He has a background in pure mathematics and cryptography (CWI and Leiden University), and has done research on ring-based MPC and secure learning of decision trees.
Title: Data spaces as a key enabler for data sovereignty
Speaker: Carlos Gonzalez (IDSA), Gerard van der Hoeven (iShare)
Date and Time: 29th September, Friday, 09:00 - 10:00
Carlos Gonzalez (IDSA)
Gerard van der Hoeven (iShare)
Title: Threat of AI: Balancing National Security and Democracy - Finding a middle ground between AI’s potential to threaten democratic principles & it’s positive impact in society
Speaker: Sahil Shah (Chief Information Security Officer, TM Systems)
Date and Time: 29th September, Friday, 11:00 - 12:00
Artificial Intelligence (AI) has become a ubiquitous technology with enormous potential to improve our lives in various areas. However, the increasing use of AI has also brought about significant concerns over its potential to pose a threat to democracy and national security. The manipulation of public opinion through AI-generated fake news, propaganda, and misinformation, the use of deepfake videos to influence public opinion, and the automation of decision-making processes based on biased algorithms are some of the risks that AI poses to democratic institutions. To address these challenges, collaborative efforts between governments, civil society, and the private sector are required to establish ethical and responsible guidelines for the use of AI. This talk will highlight the various risks associated with AI and propose a path towards leveraging the positive impact of AI while safeguarding our democratic institutions.
Sahil Shah is Chief Information Security Officer at TM Systems.
Title: Practical implementation of data analytics cases at ING
Speaker: Dr. Eduardo Barbaro (Head of Security Analytics, ING)
Date and Time: 29th September, Friday, 13:30 - 14:30
In this talk, we will present a critical outlook on our analytical implementation at ING CISO. We will also discuss attempts to bridge the gap between rich and sophisticated scientific outcomes and, at times, underwhelming industry adoption. What is happening, and why is that the case? In addition, we showcase some of our results and present a couple of suggestions on how to bridge this gap.
Dr. Eduardo Barbaro is a seasoned, results-driven leader with extensive experience in the data science and artificial intelligence fields. As the Head of Security Analytics at ING, he leads the strategic direction and execution of high-quality analytics and data strategy. His expertise in AI, data science, and analytics has been honed through a series of progressive leadership roles, including serving as the AI Practice Leader for IBM Benelux and Principal Data Scientist for IBM Europe, where he played a key role in defining the AI strategy at the EU level and developing industry-aligned AI-powered solutions.
He has a proven track record of delivering value through data-driven insights, with experience in building and validating AI models and consulting for clients at IBM, Mobiquity and Easytobook. His academic background includes a Ph.D. in Atmospheric Physics from Wageningen University, the Netherlands, and several well-cited papers in top-tier international scientific journals. He has received a number of honours and awards in the US, Europe, and Brazil. He is certified as a Distinguished Data Scientist by the OpenGroup, and as of 2022, he acts as a board member for the Data Scientist profession certification. In 2023, he became a visiting researcher at the Cybersecurity Lab of the Faculty of Technology, Policy and Management at Delft University.
He is an adept at leading cross-functional teams and has a proven ability to drive strategic initiatives, leveraging his deep understanding of data science and AI to drive business growth. He is committed to staying at the forefront of the industry and is always looking for ways to bring the latest technologies and best practices to the organisation.
You can check his portfolio here.