Keynote Speakers

Academia Track
1 Angelos D. Keromytis
Columbia University, USA
Characterizing Self-healing Software Systems (abstract)

2 Christian Collberg
University of Arizona, USA
Surreptitious Software: Models from Biology and History (abstract)
Co-Authors:
Jasvir Nagra, University of Trento, Italy
Fei-Yue Wang, Key Lab for Complex Systems and Intelligence Science, Institute of Automation, Chinese Academy of Sciences

3 Paulo Verissimo
University of Lisboa, Portugal
Assumptions: the Trojan Horses of secure protocols (abstract)

Industry Track
1 Jean-Daniel Aussel
Gemalto, France
Smart Cards and Digital Security (abstract)

2 Mauricio Sanchez
ProCurve Networking, HP, USA
Virus Throttle as the basis for ProActive Defense (abstract)

3 Victor Serdiouk
Joint Stock Company "DialogueScience", Russia
Technologies for protection against insider attacks on computer systems (abstract)

Angelos D. Keromytis
Columbia University, USA
Characterizing Self-healing Software Systems
Abstract. Automated reactive defense systems have emerged as a new research area, promising to complement other protective measures. In this talk, I will investigate the space of automated reactive defenses that focus on preserving software confidentiality, integrity, and availability (CIA). Emphasis will be given on techniques that evolve systems from a vulnerable state to a state of immunity, with respect to specific vulnerabilities.

Angelos D. Keromytis is an Associate Professor of Computer Science and the Director of the Network Security Laboratory. His current research interests include protection mechanisms against denial of service attacks, network worms, and collaborative self-healing software systems, with a larger view toward system survivability and performance. He is author of more than 100 technical papers and has served on over 40 technical program committees. He is an associate editor for the ACM Transactions on Information and System Security (TISSEC) and the IEE Proceedings - Information Security. His work is being funded by DARPA, DTO, DHS, US Air Force, ONR, and the NSF, with additional support from Cisco, Intel, and Google. He received his Ph.D. and M.Sc. from the University of Pennsylvania, and his B.Sc. from the University of Crete, in Greece.

Christian Collberg
University of Arizona, USA
Surreptitious Software: Models from Biology and History
Abstract. Over the last decade a bewildering array of techniques have been proposed to protect software from piracy, malicious reverse engineering, and tampering. While we can broadly classify these techniques as obfuscation, watermarking/fingerprinting, birthmarking, and tamperproofing there is a need for a more constructive taxonomy. In this paper we present a model of Surreptitious Software techniques inspired by defense mechanisms found in other areas: we will look at the way humans have historically protected themselves from each other and from the elements, how plants and animals have evolved to protect themselves from predators, and how secure software systems have been architected to protect against malicious attacks. In this model we identify a set of primitives which underlie many protection schemes. We propose that these primitives can be used to characterize existing techniques and can be combined to construct novel schemes which address a specific set of protective requirements.

Christian Collberg received a BSc in Computer Science and Numerical Analysis and a Ph.D. in Computer Science from Lund University, Sweden. He is currently an Associate Professor in the Department of Computer Science at the University of Arizona and has also worked at the University of Auckland, New Zealand, and the Chinese Academy of Sciences in Beijing. Prof. Collberg is a leading researcher in the intellectual property protection of software, and also maintains an interest in compiler and programming language research.

Paulo Verissimo
University of Lisboa, Portugal
Assumptions: the Trojan Horses of secure protocols
Abstract. Secure protocols rely on a number of assumptions about the environment which, once made, free the designer from thinking about the complexity of what surrounds the execution context. Henceforth, the designer forgets about the environment and moves on proving his algorithm correct, given the assumptions. When assumptions do not represent with sufficient accuracy the environment they are supposed to depict, they may become the door to successful attacks on an otherwise mathematically correct algorithm. Moreover, this can happen as unwitting to systems as a Trojan Horse's action. Intrusion-tolerant protocols that deal with intrusions much along the lines of classical fault tolerance, like for example Byzantine agreement, have become a reference for achieving security in an automatic way. However, there are issues specific to malicious faults (attacks and intrusions) that bring about some of the problems and limitations introduced above. Using them as example, we wish to discuss the theoretical underpinnings of the problem and evaluate some recent research results that demonstrate a few of those limitations in actual secure protocols.

Paulo Verissimo is currently a professor of the Department of Informatics (DI) of the University of Lisboa, Faculty of Sciences, and Director of LASIGE, a research laboratory of the DI. He belongs to the European Security & Dependability Advisory Board, and is associate editor of the IEEE Transactions on Dependable and Secure Computing. He is past Chair of the IEEE Technical Committee on Fault Tolerant Computing and of the Steering Committee of the DSN conference, and belonged to the Executive Board of the CaberNet European Network of Excellence. He was coordinator of the CORTEX IST/FET project. He is senior member of the IEEE. Paulo Verнssimo leads the Navigators research group of LASIGE, and is currently interested in: architecture, middleware and protocols for distributed, pervasive and embedded systems, in the facets of real-time adaptability and fault/intrusion tolerance. He is author of more than 130 refereed publications in international scientific conferences and journals in the area, and co-author of five books

Jean-Daniel Aussel
Gemalto, France
Smart Cards and Digital Security
Abstract. Smart cards are portable tamper-resistant cryptographic devices that play a key role in digital security. This paper is a review of the state-of-the-art of the use of smart cards in securing the network, the online services, the operating system, and the card-holder identity.
Smart card network authentication is routinely used on GSM and 3G networks, and for virtual private network authentication. Mobile network operator (MNOs) use custom 2G and 3G private key cryptography to authenticate users on the network, whereas VPN typically use public key cryptography. With the recent deployment of WiFi hot spots, eventually operated by MNOs, new strong authentication techniques based on the Extensible Authentication protocol have been developed, such as EAP-SIM and EAP-AKA, that can reuse the MNO's cryptographic infrastructure and avoid the deployment of public key infrastructure. Securing online services with smart card is traditionally performed at the SSL/TLS level using public key cryptography (PKI) and certificates, or using one-time-passwords (OTP) generated by tokens and smart cards. Some card issuers, such as financial institutions and MNOs, already have smart cards deployed on the field with their associated server infrastructure, and would like to avoid the burden of deploying new cards or tokens on the field, and new servers. To avoid this new deployment, authentication techniques have been developed to allow conventional card issuers to perform end-to-end browser to server authentication using their installed server database and standard cards, such as Eurocard Mastercard Visa (EMV) cards for financial institutions, or 2G and 3G cards for MNOs. At the operating system level, the Trusted Computing initiative attends to address the issue of computing platform trustworthiness, thru the specification of hardware-based security computing platforms (TPMs). We will show how smart cards and TPM have complementary roles, and why it makes sense to physically separate the platform credentials, stored in the TPM, and the credentials of the individual temporarily using this platform, stored in the smart card.
The paper reviews the usage of smart card as identity and authentication tokens in identity frameworks such as the liberty-alliance single-sign-on and federation framework and the Microsoft cardspace framework. The Microsoft Cardspace authentication framework supports three types of authentication: basic login/password, Kerberos and PKI authentication. We show how smart cards can be used in this context, with straightforward PKI authentication, but also OTP authentication as a derivative of the login/password, or authentication using mobile phones and MNOs infrastructure. In the liberty alliance framework, the authentication is currently out-of-scope of the specification, which leaves many possibilities to perform strong authentication with smart cards. Another advantage of the card is to hold securely card holder attributes and control thru user consent the publication of these attributes. Finally, we will review emerging USB smart cards, such as the Network Identity Module (NIM), that can mutually authenticate the user and servers thru an end-to-end connection using standard security protocols.

Jean-Daniel is heading the Tools & Application Labs R&D at Gemalto. Gemalto provides end-to-end digital security solutions, from the development of software applications through design and production of secure personal devices such as smart cards, SIMs, e-passports, and tokens to the management of deployment services for its customers. Jean-Daniel holds a PhD from the INSA Engineering School in Lyon, France, and has been working in the smart card industry successively in Bull, CP8, Schlumberger smart cards, Axalto, and finally Gemalto, created from the merge of the two smart card market leaders Gemplus and Axalto. Before that, he has been working in digital signal processing at the Research Council Canada and Ultra Optec, a small Canadian start-up, and later on operating systems at Prologue Software.

Mauricio Sanchez
ProCurve Networking, HP, USA
Virus Throttle as the basis for ProActive Defense
Abstract. The spread of viruses and worms has severe implications on the performance of virtually any network. Current methods to stop the propagation of malicious code rely on anti-virus signature recognition to prevent hosts from being infected. Unfortunately, the latency between the introduction of a new virus into a network and the implementation/distribution of a patch can be significant. Within this period, a network can be crippled by the abnormally high rate of traffic generated by infected hosts. Previous research has provided a mechanism for controlling the rate at which a host can make new network connections when exhibiting virus-like behavior. Extending this technology to network routers provides the benefit of network protection without the need for individual client support, and serves as an initial step in developing a virus-resilient network. This paper/presentation reflects on the unique challenge of adapting the Virus Throttle mechanism to HP ProCurve network switch routers. Also discussed is the method of proving that it works in realistic network conditions to protect against worms without interfering with normal network traffic.

Mauricio Sanchez is the Chief Network Security Architect for ProCurve Networking by HP. He is responsible for specifying ProCurve's security technology strategy across all product lines and assisting in the design of ProCurve security products and solutions. Sanchez is currently representing ProCurve in IETF and TCG/TNC (Trusted Computing Group/Trusted Network Connect) standards bodies. In the IETF, he has edited a number of standards track RFCs in the realm of VLAN, priority, and filtering attributes for RADIUS. In the TNC, he is the lead in defining the IF-PEP interface that resides between the network access server and policy enforcement device. He also was pivotal in the engagement and design of Virus Throttle in ProCurve products in conjunction with researchers from HP Labs. Sanchez joined ProCurve in 2000 as a Software Development Engineer responsible for design and development of switch fabric ASIC verification tools. He quickly expanded his focus from the low-level domain into the security domain by leading the design and implementation of several management security protocols offered in ProCurve products. The ensuing years have allowed him to obtain broad experience in the ongoing effort to meld network and security technologies that together are establishing the next generation in enterprise networking. Sanchez holds a B.S. in Computer Engineering and M.S. degree in Electrical Engineering both from Cal Poly, San Luis Obispo. He is registered as a CISSP and has eleven security related patents pending.

Victor Serdiouk
Joint Stock Company "DialogueScience", Russia
Technologies for protection against insider attacks on computer systems
Abstract. During last decade the number of successful intruder attacks has increased in many times. The damage caused by these attacks is estimated in hundreds millions of dollars. According to the latest results of research conducted by leading institutes and laboratories in the field of information security more than 80% of computer attacks are coming from inside of the company. Insiders have a significant advantage over others who might want to harm an organization. Insiders can bypass physical and technical security measures designed to prevent unauthorized access. Mechanisms such as firewalls, intrusion detection systems, and electronic building access systems are implemented primarily to defend against external cyber threats. In spite of the complexity the problem, insiders can be stopped by means of a layered defense strategy consisting of policies, procedures, and technical controls. The paper describes a threat model of insider attacks and modern technologies that allow to protect computer systems against insiders. The paper covers advantages and disadvantages of different approaches that are used nowadays for detection and prevention of insider attacks.

Victor Serdiouk is Chief Executive Officer of Joint Stock Company "DialogueScience". Joint Stock Company DialogueScience is one of the leading company in the filed of information security in Russia. DialogueScience provides wide range of services including: penetration testing, risk assessment and management, development of complex information security systems, development of security policy of organizations, etc. Victor Serdiouk graduated the IT Department of Russian State Technological University, he received his Ph.D. at Moscow State Institute of Electronics and Mathematics. He gives lectures at Higher School of Economics, Russian State Technological University and Moscow Technical University of Communications and Informatics. He is author of more than 70 publications in scientific conferences and journals in the field of information security. Victor has a status of Certified Information Systems Security Professional, Microsoft Certified Solution Developer, Microsoft Certified Application Developer and Microsoft Certified System Engineer.