TITLE: Continuous certification of Cloud Service Security: Novel monitoring and hybrid approaches
ABSTRACT: This presentation overviews current approaches to cloud security certification and then present a novel approach to it based on continuous monitoring and testing. Developed by the CUMULUS project, this approach can be used to: (a) define and execute automatically certification models, which can continuously and incrementally acquire and analyse evidence regarding the provision of services on cloud infrastructures through continuous monitoring and where necessary dynamic testing; (b) use this evidence to assess whether the provision is compliant with required security properties; and (c) generate and manage digital certificates confirming the compliance of services if the acquired evidence supports this. The presentation includes examples of using the CUMULUS approach to realise traditional certification benchmarks as, for example, protection profiles defined in Common Criteria.
BIO: George Spanoudakis (BSc, MSc and PhD) is full Professor in the School of Mathematics, Computer Science and Engineering at City University London and Director of the Research Centre on Adaptive Computing Systems within it. His research interests are in software systems security and cloud/service oriented computing. George has published more than 135 peer-reviewed scientific papers and books and has attracted research funding in excess of €5.2m. His research grant portfolio includes several R&D projects funded by the EU, national research councils and directly by the industry. Prof. Spanoudakis has served in the program committees of more than 150 international conferences and workshops, and has chaired/co-chaired several of them (e.g., SEKE ’06, SEKE ’07, CISIS ’11, NTMS ’14). He is also a member of the editorial boards of 10 international journals including the IJSEKE, IJWSR and Int. J. of Advances in Security. Beyond research, he has been providing advisory services to private companies, universities, public funding and standardisation bodies in the UK and overseas.
TITLE: Security for the Internet of Things (IoT) - Challenges & Opportunities
ABSTRACT: In the past couple of years, there has been an increasing trend of security issues in the IoT context. As the number of connected devices is expected to grow exponentially in the next few years, an IoT attack has significant security implications for device-owner as well as enterprise targets. Due to cost and energy constraints, security is often left out or becomes an afterthought, creating serious vulnerabilities in IoT systems. The consequences of IoT system compromise can be catastrophic, since human life and physical property is at stake. Thus it is important to establish a foundation for Trustworthy, Safe, and Reliable IoT systems. This talk will present an overview of the research challenges and opportunities in building such a secure IoT foundation.
BIO: Anand Rajan is Director of the Emerging Security Lab at Intel Labs. He leads a team of senior technologists whose mission is to research novel security features that raise the assurance of platforms across the compute continuum (Cloud to Wearables). The topics covered by his team span Trustworthy Execution Environments, Mobile Security, Identity & Authentication, Cryptography, and Security for emerging paradigms. Anand is a Principal Investigator for Intel’s research collaboration with academia, government, and commercial labs on Trustworthy Platforms. He co-chairs the Security Research Sector of Intel’s Corporate Research Council. Anand was an active member of the IEEE WG that crafted the P1363 (public-key crypto) standard. Anand and his team developed the Common Data Security Architecture specification, adopted as worldwide standard by The Open Group. His team was also instrumental on several security standardization efforts (e.g. PKCS#11, BioAPI, UPnP-Security, & EPID). Prior to joining Intel in 1994, Anand was technical lead for the Trusted-UNIX team at Sequent Computer Systems and worked on development and certification of a TCSEC B1-level Operating System.
TITLE: Presentation of ENISA Threat Landscape
ABSTRACT: In 2014, ENISA has performed for the third time a comprehensive threat assessment based on publicly available information. The assessment is published by means of a report summarizing top 15 cyber threats, together with kill-chain information, information on threat agents, attack vectors and more. The process of assessment consists of:
- Information collection
- Information collation
- Threat analysis
- Creation of context and
In this keynote, the current state-of-play regarding the threat assessment within ENISA will be presented. This will cover an update on current analysis method, data management activities and identified requirements for the activity of threat landscaping.
BIO: Dr. L. Marinos is senior expert at ENISA in the area of Risk and Threat Management with extensive experience in the management and operation of security and the coordination of European expert groups. Currently, he is responsible for Projects in the area of Emerging Threat Landscape. He is the author and main responsible of the ENISA Threat Landscape. His expertise is on:
- Threat Analysis, Risk analysis, Risk Management and Business Continuity Planning, including SMEs, Member States and Critical Information Infrastructure Protection.
- Assessment and management of Emerging and Future Risks, Threats and trends hereof.
- Integration of Risk Management with operational and governance processes.
- Strategic consulting in the area of security for major firms in the financial, telecommunication and commercial sectors.
- Security management with regard to critical business areas, such as financial institutions, B2B and telecommunications.
TITLE: The practice of theory: Challenges in provable security for public-key encryption
ABSTRACT: Provable security is a paradigm that forms the basis of modern cryptography. It teaches us to formulate rigorous and precise definitions of security and construct protocols that are formally proven to satisfy such definitions. In this talk, we will learn how to apply provable security and we will discover some of the common pitfalls that practitioners encounter, in particular, we will look at the challenges in formalising security definitions for robustness in public-key encryption, anonymity in broadcast encryption, and privacy for e-voting.
BIO: Elizabeth Quaglia obtained her BSc in Mathematics from Universita degli Studi di Torino (Italy) in 2007. She obtained her MSc in Mathematics of Cryptography and Communications from Royal Holloway, University of London (RHUL), in 2008, and completed her PhD at RHUL in 2012, under the supervision of Prof. Kenny Paterson. During her time as a PhD student, Elizabeth was a research intern at the IBM T.J. Watson Research Center, New York, in 2010 and in the Qualcomm Security team in San Diego in 2011. She joined the Crypto team at Ecole Normale Superieure, Paris, for an 18-months post-doc and became a visiting lecturer in the Computer Science department of the University of Cape Coast, Ghana, as part of a project in collaboration with Academics Without Borders. She is now Senior Researcher in the security team at Huawei Technologies, France. Elizabeth's area of expertise is public-key cryptography, with special focus on encryption primitives with enhanced properties, such as time-specific encryption and anonymous broadcast encryption. She has also worked on secure network coding, key exchange protocols and, more recently, on e-voting.