1st June 2017
2nd June 2017
Steven Furnell is a professor of information systems security and leads the Centre for Security, Communications & Network Research at Plymouth University. He is also an Adjunct Professor with Edith Cowan University in Western Australia and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His research interests include usability of security and privacy technologies, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 270 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005).
Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and is a member of related working groups on security management, security education, and human aspects of security. He is also a board member of the Institute of Information Security Professionals, and chairs the academic partnership committee and southwest branch. Further details can be found at www.plymouth.ac.uk/cscan, with a variety of security podcasts also available via www.cscan.org/podcasts. Steve can also be followed on Twitter (@smfurnell).
Web page: http://cscan.org/?page=staffprofile&id=1
Build it and they will come? Questioning our provision of security technologies
While organisations often provide (and indeed invest in) security technologies, they can frequently find that there does not appear to be a commensurate reduction in related incidents. However, the reason for this is often unrelated to the effectiveness of the technology itself, but rather the fact that it depends upon people in some way.
This presentation considers the challenge of bridging the gap between simply providing technologies, and actually having solutions that are used effectively. Some of the challenges relate to ensuring sufficient the clarity around how to use the technology, whereas others are more related to user satisfaction with the resulting experience. The discussion will draw upon a number of user-facing examples, with a particular focus upon authentication technologies, which are amongst the most frequently encountered aspects of security form the user perspective.
Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is Research Director of SBA Research and associate professor (Privatdozent) at the Vienna University of Technology and teaches at several universities of applied sciences (Fachhochschulen). His research focuses on applied concepts of IT-security; he is on the editorial board of Elsevier's Computers & Security journal (COSE), general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded together with A Min Tjoa and Markus Klemen the research center SBA Research.
Web page: https://www.sba-research.org/
Empirical in Information Security: Peering, Net Neutrality and Privacy
Over the last years, there is an increasing number of descriptive works observing and describing complex phenomena, e.g., the efficiency of different spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. These studies are characterized by large sets of samples.
Future research will focus on networks and cloud systems; the research methodology will be empirical systems security: (1) passively observing large systems and (2) active probing that stimulates revealing behavior of the systems. The research contribution lies in observing, describing and inferring the behavior of complex systems that cannot be directly observed and have a large impact on users.
In this presentation we will look at how we can measure whether ISPs implement peering, if they adhere to net neutrality and we will also look at aspects of privacy.
Gergely Biczók is an assistant professor at the Laboratory of Cryptography and System Security (CrySyS Lab) at the Budapest University of Technology and Economics. He obtained his PhD from the same university in 2010. He was a postdoctoral researcher at both the Future Internet Research Group of the Hungarian Academy of Sciences and the Norwegian University of Science and Technology. Also, he was a Fulbright visiting scholar to Northwestern University and a research fellow at Ericsson Research. His current research focuses on the economic aspects of networked systems including security and privacy with application areas ranging from cyberwar through social networks to connected vehicles. He currently holds a János Bolyai Research Scholarship from the Hungarian Academy of Sciences and represents Hungary in the IFIP Technical Committee 11 (security and privacy).
Presentation: "Games of Cyber-Warfare"
Involvement of nation-states in cyber-warfare has been gaining notoriety in recent years as evidenced by two developments. First, mainstream media has been reporting about cyber attacks of visible stature such as the Stuxnet incident in Iran, the hacking of the Ukrainian power grid or the much-publicized interference with the US presidential elections. Second, recognizing the powerful capabilities as well as the grave danger of weapon-grade cyber-attacks, major military organizations of nation-states and alliances are devising and implementing strategic plans for cyber-security and cyber-warfare. Given both its potential impact on national security and its high visibility, cyber-warfare has been a much researched topic in the (military) policy literature. Surprisingly, this is not the case from the techno-economic modeling standpoint.
In this presentation, we develop a simple game-theoretical model allowing for a joint analysis of both cyber-war (defence vs. attack) decisions as well as the investment decisions of nation-states. Capturing the unique characteristics of cyber vulnerabilities, we show how the incentives can create a Prisoner's Dilemma situation where the equilibrium is cyber-war. We also show how competition over the same pool of zero-day vulnerabilities may further inflame investment in cyber-war. We discuss the implications our analysis and present directions for future research on this topic.