We are proud to announce the confirmed speakers of ARES / CD-ARES 2016:

Koen Hermans - FotoKoen Hermans

EUROJUST, The European Union’s Judicial Cooperation Unit, The Netherlands

International Judicial Cooperation in the Fight against Cybercrime

Wednesday, August 31 2016, 9.15 – 10.15, LH A

Koen Hermans is a Dutch public prosecutor, working for the EU agency Eurojust. At Eurojust he was involved in the judicial coordination of various cases, i.e. Operation Blackshades, Operation Onymous / SilkRoad 2.0 and Operation EMMA. He started his career in 1999 at the legal aid office in ‘s-Hertogenbosch, where he provided pro bono legal assistance and specialized in prison and migration law. Before starting his judge / public prosecutor traineeship at the Regional Court of Zwolle, he worked for several years as a (senior) lawyer at the Migration Chamber of the Court in Arnhem. In 2007, he began working as a prosecutor in Arnhem, dealing with a variety of cases (i.e. murder, homicide, armed robberies, drug trafficking) with a special focus on Cybercrime. Mr Hermans also spent one year with the Dutch division of the European Court of Human Rights in Strasbourg. He is the Vice Chair of the Eurojust Taskforce on Cybercrime, Member of the Eurojust Counter Terrorism Team and Eurojust Contact Point for Maritime Piracy.


Bernhard Schölkopf

Max-Planck-Campus Tübingen, Germany

Toward Causal Machine Learning

Thursday, September 1 2016, 16.30 – 17.30, LH A

Abstract: In machine learning, we use data to automatically find dependences in the world, with the goal of predicting future observations. Most machine learning methods build on statistics, but one can also try to go beyond this, assaying causal structures underlying statistical dependences. Can such causal knowledge help prediction in machine learning tasks? We argue that this is indeed the case, due to the fact that causal models are more robust to changes that occur in real world datasets. We touch upon the implications of causal models for machine learning tasks such as domain adaptation, transfer learning, and semi-supervised learning.

We also present an application to the removal of systematic errors for the purpose of exoplanet detection. Machine learning currently mainly focuses on relatively well-studied statistical methods. Some of the causal problems are conceptually harder, however, the causal point of view can provide additional insights that have substantial potential for data analysis.

Bernhard Schölkopf is heading the Department of Empirical Inference. His scientific interests are in the field of machine learning and inference from empirical data. In particular, he studies kernel methods for extracting regularities from possibly high-dimensional data. These regularities are usually statistical ones, however, in recent years he has also become interested in methods for finding causal structures that underly statistical dependences. He has worked on a number of different applications of machine learning – in data analysis, you get “to play in everyone’s backyard.”

Read more about Bernhard Schölkopf.

Negar Kiyavah

Negar Kiyavash

University of Illinois at Urbana-Champaign, US

Data Analytic in Anonymized Networks: Is There Hope for Privacy?

Friday, September 2 2016, 09.30 – 10.30, LH A

Abstract: The proliferation of online social networks has helped in generating large amounts of graph data which has immense value for data analytics. Network operators, like Facebook, often share this data with researchers or third party organizations, which helps both the entities generate revenues and improve their services. As this data is shared with third party organizations, the concern of user privacy becomes pertinent. Hence, it becomes essential to balance utility and privacy while releasing such data. Advances in graph matching and the resulting recent attacks on graph datasets paints a grim picture.

We discuss the feasibility of privacy preserving data analytics in anonymized networks and provide an answer to the question “Does there exist a regime where the network cannot be deanonymized, yet data analytics can be performed?.”

Negar Kiyavash is Willett Faculty Scholar and an Associate of Center for Advance Study at the University of Illinois at Urbana-Champaign. She is a joint Associate Professor of Industrial and Enterprise Engineering and Electrical and Computer Engineering. She is also affiliated with the Coordinated Science Laboratory (CSL) and the Information Trust Institute. She received her Ph.D. degree in electrical and computer engineering from the University of Illinois at Urbana-Champaign in 2006.  Her research interests are in design and analysis of algorithms for network inference and security. She is a recipient of National Science Foundation’s CAREER and The Air Force Office of Scientific Research Young Investigator awards, and the Illinois College of Engineering Dean’s Award for Excellence in Research.

Read more about Negar Kiyavash.

ARES EU Symposium Keynote:

Thomas Stubbings

 Thomas C. Stubbings

Thomas Stubbings Management Consulting eU, Austria

The keynote will be held in the ARES EU Symposium 2016 on Wednesday August 31, 2016 14.30 – 15.15, LH F

Cyber-Legislation, Standardisation and Pan-European Cooperation as strategic drivers to strengthen Cybersecurity across Europe

Abstract: The ever-increasing interconnection of societies, businesses and individuals has led to a new level of cyberthreats: organised crime, fraud and cyber terrorism have a direct and tangible impact on the way we live, work and do business. The evolving threat landscape demands for new strategies of cyber protection. As part of the digital single market strategy the European Commission has developed a Cybersecurity strategy in order to foster an open, safe and secure cyberspace and digital souvereignity. Elements of this strategy are closer cooperation of memberstates and key stakeholders, establishment of a suitable cybersecurity legal basis and development of a security ecosystem of European standards, service offerings and service providers. The presentation will outine the current situation and key elements of the approach to strengthen Cybersecurity and manage risks at an appropriate level.
Dr. Thomas C. Stubbings is Senior Security Expert and Strategy Consultant working for large corporates and SMEs. He is also chairman of the Cybersecurity Plattform of the Austrian Federal government. Before starting his consulting business, Thomas Stubbings was 12 years Chief Security Officer and head of Group Security Management at Raiffeisen Bank International AG, leading a team of experts in 23 organizations in CEE and overseas. Before being with Raiffeisen, Thomas Stubbings worked as managing consultant at a large international consulting firm. He holds a PhD in technical sciences and several certifications in the information security and risk management area. He is invited speaker at various national and international conferences and member of the CSO roundtable.

Read more about Dr. Thomas C. Stubbings

Workshop Keynotes:

n. asokanN. Asokan

Professor of Computer Science at Aalto University, Finland

Securing cloud-assisted services

Workshop SECODIC 2016, Wednesday August 31, 2016, 10.30 – 12.00, LH C

Abstract: All kinds of previously local services are being moved to a cloud setting. While this is justified by the scalability and efficiency benefits of cloud-based services, it also raises new security and privacy challenges. Solving them by naive application of standard security/privacy techniques can conflict with other functional requirements. In this talk, I will outline some cloud-assisted services and the apparent conflicts that arise while trying to secure these services. I will then discuss a specific instance: the case of cloud-assisted detection of malicious mobile application packages and the privacy concerns involved. I will discuss how techniques for private membership test, assisted by hardware security mechanisms, can be used to address these concerns.

Between 1995 and 2012, he worked in industrial research laboratories designing and building secure systems, first at the IBM Zurich Research Laboratory and then at Nokia Research Center. His primary research interest has been in applying cryptographic techniques to design secure protocols for distributed systems. Recently, he has also been investigating the use of Trusted Computing technologies for securing endnodes, and ways to make secure systems usable, especially in the context of mobile devices.

Asokan received his doctorate in Computer Science from the University of Waterloo, MS in Computer and Information Science from Syracuse University, and BTech (Hons.) in Computer Science and Engineering from the Indian Institute of Technology at Kharagpur. He is an ACM Distinguished Scientist and an IEEE Senior Member. For more information about Asokan’s work see his website here.

Hugues Mercier

Research associate at the Université de Neuchâtel, Switzerland

Building a Secure and Resilient Cloud Architecture: Theoretical and Practical Challenges behind the SafeCloud Project

Workshop SECPID 2016, Wedneyday August 31, 2016, 10.30 – 12.00, LH D

Abstract: Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. There are major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. These questions are currently not answered satisfactorily by existing technologies.

This talk presents the objectives and challenges of the H2020 SafeCloud project. SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be (1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; (2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity. These two principles (partitioning and entanglement) are applied holistically across the entire data management stack, from communication to storage and processing.

Hugues Mercier received the B.Sc. degree in mathematics from Université Laval, the M.Sc. degree in computer science from the Université de Montréal, and the Ph.D. degree in electrical and computer engineering from the University of British Columbia, Canada, in 2008. From 2008 to 2011, he was a postdoctoral research fellow at the Harvard School of Engineering and Applied Sciences, and at McGill University. Currently, he is a research associate at the Université de Neuchâtel in Switzerland. My current interests are the applications of coding theory, information theory, combinatorics, and algorithms to the study of communication networks. He is the scientific and technical director of SafeCloud.

Evaldas Bruze

Lithuanian Cybercrime Centre of Excellence for Training, Research & Education (L3CE), Lithuania

Strengthening Cooperation of European Network Centres of Excellence in Cybercrime

Workshop SENCEC 2016. Wednesday, August 31, 2016, 15.15 – 16.45, LH D

Abstract: More than 10 Centres of Excellence (hereinafter – CoE) in the area of cybercrime are operating in Europe today. Despite some of the great achievements of certain CoE most of them have been operating mainly in isolation of each other, they have different goals and may frequently result in duplication of effort. Such a lack of visible agreement and commitment to cooperate among the CoE and the current virtual nature of the European network limits a lot the possibilities to go into any kind of mutual, long-term agreement.

In order to synchronize the activities of different CoE, it is currently aimed (within the framework of SENTER project) to create a sustainable international cross-organizational partnership by establishment of European network, which will lead research, training and education in the area of cybercrime at the EU level, and act as a facilitator of the transfer and adoption of the best practices developed in Europe and other continents.

Possibility offered by the network of bridging the resources and using the European network as a communications, distribution & dissemination channel has encouraged European organizations (such as EUROPOL, FRONTEX, E.C.T.E.G and etc.) and industry clusters to express their support to the network.

SENCEC I aims to present the current state of development of the European network of CoE (namely, SENTER project activities) and to draw the attention of the part of scientific community concerned with the issues of cybercrime.

Evaldas Bruze – business development analyst and consultant having more than 12 years of experience in implementation, supervision and maintenance of information systems. Evaldas has considerable consulting and business management experience and has accumulated an expertise in local as well as international projects while implementing business management solutions, such as Atava, TIA, iFlex, in Lithuanian, Danish, Swedish, Netherlands, Latvian and other companies. He is currently the Deputy Director of Lithuanian Cybercrime Centre of Excellence for Training, Research & Education (L3CE).

Jarno LimnéllJarno Limnéll

Professor of Cybersecurity at Aalto University, Finland

The Strategic Trends in Cybersecurity

Workshop ISPM 2016, Thursday September 1, 2016, 09.30 – 11.00, LH E

Abstract: Cyber security is primarily a strategic issue in today´s world. This mean raising the level of discussion from mere technology to pondering the big picture – the influence of cyber security on societies as a whole. Especially multidisciplinary understanding is needed since the line between physical and digital worlds is blurring. What are the current strategic trends in cybersecurity – and cyber warfare – and how we are able to face these trends? The keynote will provide visionary ideas into the future, in order to make it more secure.

Jarno Limnéll is the Professor of Cybersecurity in Finnish Aalto University. He also works as a Vice President of Cybersecurity in Insta Group plc. He has been working with security issues more than 20 years, and he has profound understanding of the global threat landscape, combined with the courage to address the most complex issues. Prof. Limnéll holds a Doctor of Military Science degree in Strategy from the National Defense University in Finland; a Master of Social Science degree from Helsinki University; and an Officer ́s degree from the National Defense University. Mr. Limnéll has published a comprehensive list of works on security issues. His most recent book is “Cybersecurity for decision makers.” Limnéll served a long career as an officer in the Finnish Defense Forces and has worked as Director of Cybersecurity in McAfee.

Read more about Jarno Limnéll

Hyasar_HeadShotHasan Yasar

Carnegie Mellon University, US

How to include Security into Software Lifecycle: Secure DevOps!

Workshop ASSD 2016, Thursday September 1, 2016, 09.30 – 11.00, LH D

Abstract: As general thought, “Software security” often evokes negative feelings among software developers since this term is associated with additional programming effort, uncertainty and road  blocker activity on fast development and release cycle. To secure software, developers must follow a lot of guidelines that, while intended to satisfy some regulation or other, can be very restricting and hard to understand. As a result a lot of fear, uncertainty, and doubt can surround software security. This talk describes how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems. Emphasizing a set of DevOps principles enables developers to learn more about what they are developing and how it can be exploited. Rather than just blindly following the required security practices and identified security controls, developers can understand how to think about making their applications secure. As a result, they can derive their own creative ways to solve security problems as part of understanding the challenges associated with secure software development.  Rather than reacting to new attacks, secure software should be proactively focused on surviving by providing reliable software with a reduced attack surface that is quick both to deploy and restore. In other words, developers worry less about being hacked and more about preventing predictable attacks and quickly recovering from cyber incident. In the past, software security focused on anticipating where and how the attacks would come and putting up barriers to prevent those attacks. However, most attacks–especially sophisticated attacks–can’t be anticipated, which means that fixes are bolted on as new attacks are discovered. The inability to anticipate attacks is why we often see patches coming out in response to new 0-day vulnerabilities. Secure DevOps developers would rather their software absorb the attacks and continue to function. In other words, it should bend but not break. This shift in thinking from a prevent to a bend-don’t-break mindset allows for a lot more flexibility when it comes to dealing with attacks. Becoming secured lifecycle requires the development team to focus on continuous integration, infrastructure as code, eliminating denial of service (DOS), and limiting the attack surface. A look at how DevOps principles can be applied to software development process on regardless of size or industry types. The burgeoning concepts of DevOps include a number of concepts that can be applied to increasing the security of developed applications. These include adding automated security testing techniques such as fuzz testing, software penetration testing to the software development cycle or the system integration cycle. Other techniques include standardizing the integration cycle in order to reduce the possibility of the introduction of faults and introducing security concerns and constraints to software and system development teams at the inception of projects rather than applying them after the fact. Applying these and other DevOps principles can have a big impact on creating an environment that is resilient and secure. Examples of how DevOps principles were applied on projects will be discussed along with lessons learned and some ideas on how to apply them to development and acquisition. Specifically in this talk, I will clearly explain on how to address security concern at early development lifecycle and the way of addressing these threads  at many  decisions point. And share a reference architecture to have automation security analysis during integration or in deployment and delivery phases.

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, Carnegie Mellon University. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps and development; and researches advanced image analysis, cloud technologies, and big data problems while providing expertise and guidance to SEI’s clients. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specialized on secure software solutions design and development experience in the cybersecurity domain including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems and document management. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps – Modern Deployment”.

His current areas of professional interests focus on: Secure Software Development including threat modeling, risk management framework and software assurance model; Secure DevOps process, methodologies and implementation; Software Development Methodologies (Agile, SAFe, DevOps); Cloud based application development, deployment and operations; Software Architecture, Design, Develop and Management of large-scale enterprise systems

Read more about Hasan Yasar

Giorgio GiacintoGiorgio Giacinto

Associate Professor of Computer Engineering at the University of Cagliari, Italy

Learning from examples in the presence of adversaries for malware detection and classification 

Workshop WMA 2016, Friday September 2, 2016, 11.00 – 12.30, LH G

Abstract: Nowadays, machine learning techniques are increasingly employed to perform detection and classification tasks for computer security. Malware analysis is one of the prominent tasks, due to the vast amount of samples that need to be scrutinized daily. The effectiveness of machine learning approaches for malware classification and detection strictly depends on the effort spent in feature engineering, and in the choice of the learning function, with the goals of achieving high detection rate on known malware, reducing the false detection rate, and, in particular, making the system capable of detecting new malware samples specifically designed to evade the machine learning system. In this talk, I will outline some of the challenges posed by the current malware scenario, both for x86, and Android architectures, and some of the solutions proposed to design robust and effective malware detection and classification systems based on machine learning approaches.

Prof. Giorgio Giacinto is Associate Professor of Computer Engineering at the University of Cagliari, Italy. He obtained the MS degree in Electrical Engineering in 1994, and the Ph.D. degree in Computer Engineering in 1999. Since 1995 he joined the research group on Pattern Recognition and Applications of the DIEE, University of Cagliari, Italy. His main research interest is in the area of pattern recognition and machine learning for computer security tasks, and he is also involved in some activities for image classification and retrieval. During his career Giorgio Giacinto has published more than one hundred papers on international journals, conferences, and books. He is a senior member of the ACM and the IEEE. He has been involved in the scientific coordination of several research projects at the local, national and international level. In particular, he coordinated two projects funded by the regional government of Sardinia, and he was involved in the scientific coordination of two EU Projects in the field of computer security, namely CyberRoad, and IllBuster. Since 2012 he is the director of the Summer School on Computer Security and Privacy “Building Trust in the Information Age”.

Artur JanickiArtur Janicki

Assistant professor at the Institute of Telecommunications, Warsaw University of Technology, Poland

Steganography in the Internet Telephony

Workshop IWCC 2016, Friday September 2, 2016, 11.00 – 12.30, LH C

Abstract: Internet telephony during the last decade has become intensively used all over the world, and the VoIP traffic volume is constantly growing. It is no wonder that for a couple of years researchers have tried to use the VoIP traffic also as a carrier for hidden transmission. So far, several approaches have been proposed. They include methods based on voice payload modification, methods based on packet header modification, methods which modify packets’ arrival time, as well as hybrid methods, which combine two or more of these steganographic techniques. Various techniques have been elaborated, such as LACK, TranSteg or HideF0. These methods will be briefly explained and compared.

Artur Janicki received MSc and PhD (1997 and 2004, respectively, both with honors) in telecommunications from the Faculty of Electronics and Information Technology, Warsaw University of Technology (WUT). Assistant Professor at the Institute of Telecommunications, WUT. In 2014 he took his sabbatical at the Multimedia Department at EURECOM, Sophia Antipolis, France. His research and teaching activities focus on speech processing, including speaker recognition, speech coding and synthesis, with elements of data mining, information theory and hidden transmission. He took part in elaborating efficient steganographic techniques for the Internet telephony using speech transcoding and pitch modification. Author or co-author of over 50 conference and journal papers, supervisor of over 40 bachelor and master theses. Member of the International Speech Communication Association (ISCA).

Read more about Artur Janicki

CCWProbst_1200x1600hristian W. Probst

Associate professor at the Department of Applied Mathematics and Computer Science, Technical University of Denmark, Denmark

Behavioural profiling for forensic attribution of attacks

Workshop WSDF 2016, Friday September 2, 2016, 11.00 – 12.30, LH D

Abstract: Digital forensics focusses on extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Digital evidence, however, rarely reveals why or how it was created, or by whom. Digital investigations aim at attributing the generation of digital artefacts, and transitively of attacks they contributed to.

The attacks we are facing today exploit vulnerabilities in the IT infrastructure, the physical infrastructure, and the human factor. Investigating such attacks consequently requires to consider all three levels both for collecting evidence and attibuting attacks. Integrating the human factor in the forensic process promises to understand the motivation of attackers, and to provide causal evidence.

In this talk we will present an approach for combining behavioural frameworks, originally developed for explanation of insider attacks, with digital forensics. The work presented is part of the TREsPASS project, which will be presented in the RESIST session at the ARES EU workshop.

Christian W. Probst is an associate professor at the Department of Applied Mathematics and Computer Science at the Technical University of Denmark. Christian’s research aims at guaranteeing the robustness of systems, from IT security to organisational security. He has developed the ExASyM model for socio-technical systems, which enables risk assessment of these systems and, eg, the identification of insider threats. The ExASyM model supports both designing secure systems and guide forensic analyses after an attack. Christian is the technical lead of the TREsPASS project.