Talks

Security governance and assurance of distributed systems

Claudio A. Ardagna

The security community has worked hard to improve the security of distributed infrastructures, and the trust of users that their applications and data are correctly managed and protected by the IT systems. These activities had an exponential boost in the last decade with the introduction of cloud and IoT systems. However, the proliferation of heterogeneous and ad hoc security solutions that target a very small part of the whole problem makes a fair and sound governance of security difficult. Today, with the introduction of stronger regulations (e.g., AgID directive in Italy and GDPR in Europe), there is the need to start from the notion that high security standards pass from better security governance and assurance. Software security assurance techniques, based on continuous monitoring and verification, are fundamental to increase the confidence of all actors that services and systems will consistently demonstrate one or more security properties, and operationally behave as expected despite failures and attacks.

The proposed talk will first discuss the difference between security and security assurance focusing on those security assurance concepts that can be relevant for better security governance. It will then discuss security assurance techniques, including audit, certification and compliance techniques. It will then present the curse of assurance techniques through the evolution of distributed systems from service-based systems to Internet of Things, via cloud systems, specifically focusing on certification techniques. The talk will finally present Moon Cloud, a platform that provides large scale and continuous verification, diagnostic, and monitoring of ICT system compliance against security policies.

When the Magic Wears Off: Flaws in ML for Security Evaluations (and What to Do about It)

Lorenzo Cavallaro

Academic research on machine learning-based malware classification appears to leave very little room for improvement, boasting F1 performance figures of up to 0.99. Is the problem solved? In this lecture, we argue that there is an endemic issue of inflated results due to two pervasive sources of experimental bias: spatial bias, caused by distributions of training and testing data not representative of a real-world deployment, and temporal bias, caused by incorrect splits of training and testing sets (e.g., in cross-validation) leading to impossible configurations. To overcome this issue, we propose a set of space and time constraints for experiment design. Furthermore, we introduce a new metric that summarizes the performance of a classifier over time, i.e., its expected robustness in a real-world setting. Finally, we present an algorithm to tune the performance of a given classifier. We have implemented our solutions in TESSERACT, an open source evaluation framework that allows a fair comparison of malware classifiers in a realistic setting. We used TESSERACT to evaluate two well-known malware classifiers from the literature on a dataset of 129K applications, demonstrating the distortion of results due to experimental bias and showcasing significant improvements from tuning.

The binary similarity problem and its security implication

Giuseppe A. Di Luna

Finding if two binary functions are similar is useful in many tasks: known vulnerability detection, copyright infringement, ecc. Unfortunately, this problem is far from trivial. This is true even when we limit ourselves to functions derived from the same source code. Different compilers and compilation flags (e.g., different optimization levels) have a sensible impact on the binary code that will be generated.

Classical solutions for binary similarity used algorithms exploiting structural similarities of Control Flow Graphs or semantic similarities obtained by SMT solvers. Modern solutions are proposing an embedding approach by creating DNNs that transform binaries in vectors of real numbers.

In this talk, we will do a survey of binary similarity techniques with a special focus on the ones that use embeddings. Moreover, we will discuss new research lines both in the field of representation learning of binary functions and in the learning of statistical models of code.

Computing with private data: Data Processing in the Encrypted Domain

Riccardo Lazzeretti

Private computing provides a clever way to process data without revealing any details about the data itself to the party in charge of processing it. In the last 40 years, several cryptographic tools have been proposed for secure computation. However, despite many recent advances and the introduction of more efficient cryptographic primitives, the complexity of privacy preserving applications based on secure computation is often high to prevent their use in practical applications. Both high privacy level, low complexity and excellent protocol accuracy are desired, however we often need to find a trade-off among them. To reduce the complexity down to a manageable level, it is necessary that the underlying processing algorithms and the secure computation protocol are designed jointly by taking into account both the cryptographic and the data processing facets of the problem. It is hence evident that we need engineering solutions to "tailor" privacy preserving protocols in order to satisfy our requirements.

In this talk, we introduce the cryptographic tools necessary for privacy preserving applications and then we outline a methodology for the optimization of private protocols.

Hands-on Process Mining for Smart Environments

Francesco Leotta

A software system managing a smart space takes, among its inputs, models of human behavior; such models can be employed in different applications including safety and security of smart spaces but they are usually difficult to obtain and to validate. The employment of techniques from business process modeling and mining may represent a solution to both the problems, but a set of challenges need to be faced in order to cope with major differences between human activities and business processes. This seminar will provide attendees with:

  • A brief introduction to smart spaces and models of human behavior
  • A brief introduction to Business Process Management (BPM)
  • A tool to obtain models of human behavior in smart spaces by employing BPM


Towards IoT generation: Hacking and Protecting Target Systems

Federico Lombardi

The digitalisation era is looking towards an IoT-based world. Everything is going to be connected to the internet, ranging from smart home devices to smart vehicles, smart health and smart industry based on SCADA systems. This is exposing users, public and private companies to an increasing number of threats that make cyber-attacks more frequent and more dangerous. How the attackers can hack into a system? And how the defender can protect his infrastructure?

In this talk, we want consider both attacker and defender perspectives. Thus, we introduce approaches and tools the hackers can use to gain access to a target machine by exploiting system vulnerabilities and placing backdoors. On the opposite, we show how the defender can reduce the cyber risk with best practices and security tools.

Furthermore, we will focus on novel vulnerabilities and threats appeared with IoT, concluding with some research challenges to avoid or mitigate next generation cyber attacks.

Multi-sector cyber ranges and federation concepts and actual research activities

Matteo Merialdo

Cyber ranges are becoming more and more relevant in the last years, leveraging training, R&D and testing activities. Their full potential on multi-sector cyber security activities is, however, only barely approached. The talk will analyse some of the most recent research approaches on the domain, including the planned activities on PANACEA H2020 (healthcare sector simulations) and ECHO H2020 (federation of cyber ranges to create multi-sector advanced scenarios).

Ensuring Security in Critical Infrastructures with Probabilistic Relational Modeling

Ralf Möller

The goal of the tutorial is to give an overview about how probabilistic relational modelingcan be applied for ensuring security in critical infrastructures. We use probabilistic relational models because information that can be automatically obtained of attackers in these systems defined in terms of objects and relations is largely involved with uncertainty. Attackers as well as defenders are modeled as agents, each of which builds a model about other agents in terms of beliefs of and about other agents. We introduce techniques to formalize agents’ beliefs for cyber-security defense strategy planninginvolving actions for influencing those beliefs. As a second topic, we analyze how inference proceduresfor probabilistic relational models can be used to investigate future states of a complex systemunder attack over time.

Blockchain Technology - Trust, Consensus, and Beyond

Zhijie Ren

Blockchain technology is one of the most disruptive technologies of our era. It could provide trust in a trustless network, thus could be used to replace a central authority or a third party under various scenarios. However, although has been rapidly developed for near a decade and heavily focused by academia in recent years, it is still widely known as "something like Bitcoin" and the recent development of blockchain is rarely introduced. In this lecture, we will introduce the fundamentals of blockchain technology, its developments over years, and some important challenges for future research.

Cybersecurity for Internet of Medical Things (IoMT) supporting future healthcare services

Emmanouil G. Spanakis

Healthcare is a vast ecosystem, making applications for the Internet of Things in healthcare to be endless. Much like smart devices have infiltrated into spaces IoT has today taken hold of healthcare. The ambition is to create an Internet of Medical Things-IoMT ecosystem able to empower patient/citizens in their daily care activities and make them feel safer and be healthier, and also to improve how physicians deliver care as well. IoMT — networked medical devices and applications in healthcare IT — has the potential to change future strategies for healthcare organizations adding a new layer of possible benefits affecting diagnostics, treatments and in general patient health management in such a critical infrastructure area. The big caveat though in healthcare, is that like in any such environment, more connected devices means a larger attack surface, making security breaches to be a significant challenge for healthcare organizations – where security is not optional. This talk is about the needs for a unique identification of IoT/ IoMT security methods for health care where conventional security mechanisms do not directly suit. We will describe many of the constraints in terms of security for hardware (memory, computational and energy constraints, as well as tamper resistant packaging), software (embedded software constraint and dynamic security patch) and networking (mobility, scalability, multiplicity of devices, multiplicity of communication medium, multi-protocol networking, and dynamic network topology). We will identify new constrains for future to come networking technologies (i.e. 5G) and will try to explain how resilient network services (i.e. DTN) for critical mHealth applications can ensure not only reliability of transmissions for smart things, but also security on different platforms and systems. The goal of this area of research is to establish a well-established security strategy to anticipate and prevent potential threats, and bridge any gaps across operations. At the core of this effort we must create a robust technology that can orchestrate electronic services and management of data ensuring security and privacy of all connected devices in a vast ecosystem. Finally, we will discuss the initiatives healthcare organizations need to take in order to manage and secure their environments.

Formalising the Human Dimension of Cybersecurity

Luca Viganò

The Internet is such a big part of our lives today that it’s hard to imagine that we once did without it. We use the Internet at work, at home, on the street. We use it to keep in touch, stay on top of the news, research information, manage our savings, pay bills, shop, vote, play and have fun. However, security failures make the news on a regular basis, reminding us that no country, industry, community or individual is immune to cyber risks and we face constant threats against our critical infrastructures, government, economy, identity and privacy.

Experience has shown that the design of protocols and services for Internet security is highly error-prone and that conventional validation techniques based on informal arguments or testing are not up to the task. It is now widely recognised that only formal analysis can provide the level of assurance required by both developers and users. In this talk, I will survey the novel formal methodologies and technologies for information security that I have developed with several collaborators in the context of research and industrial projects, and suggest some interesting directions for the future.

I will also talk about Explainable Security, a novel paradigm in security research that Daniele Magazzeni and I proposed. I will discuss the “Six Ws” of XSec (Who? What? Where? When? Why? and How?) and argue that XSec has unique and complex characteristics: XSec involves several different stakeholders (i.e., the system’s developers, analysts, users and attackers) and is multi-faceted by nature (as it requires reasoning about system model, threat model and properties of security, privacy and trust as well as about concrete attacks, vulnerabilities and countermeasures). I will define a roadmap for XSec that identifies several possible research directions. As concrete examples, I will first discuss a new, declarative way to define and reason about privacy and then briefly show how some basic cybersecurity notions (and even some advanced ones) can be explained with the help of some famous and some perhaps less obvious films and other artworks.