Keynote Speakers

We are proud to announce the confirmed speakers:

ARES Keynotes:

Monday, August 26 2019:

Securing Our Future: The Importance of Academia in Closing the Cybersecurity Talent Gap
Dr. Alastair MacWillson, Chair of Institute of Information Security and Chair of Qufaro@Bletchley Park

Monday, 26.08.2019, 13:30-14:45

Abstract : The IISP, having recently received its Royal Charter, has now evolved into the Chartered Institute of Information Security. This is a significant step for us as an organisation and it will change us. We will have additional obligations, have different expectations placed on us and will need to change as an Institute to adapt. More importantly though, we as a community need to think about how we want to develop this now recognised but still very young profession. Initiatives across the community such as the development of a Cyber Council reflect that we need to develop more professional structures and pathways expected of a profession and to gain the recognition for the importance of the work that we do. Academia and research in information security have established a critical pathway for learning and development and increasingly provides the essential foundations needed to underpin the profession. But is this pathway aligned with the needs and challenges professionals, industry and the government faces? We are at a catalytic moment and have a unique opportunity as professionals to shape our future. Alastair will share the work that has taken us to get to this crucial point and pose some thought-provoking ideas to open the discussion on how we should be taking the profession forward.

Dr. Alastair MacWillson was formerly Global Managing Partner of Technology Consulting leading Accenture’s technology strategy and risk, operational performance and management, cyber and information security, and critical infrastructure protection businesses.  He also served on Accenture’s Technology leadership council.

Prior to joining Accenture in 2002, Dr. MacWillson was the global leader of the technology consulting practice in PricewaterhouseCoopers.  During his time with PwC he also had responsibility for the PwC technology venture fund, which had $50m invested in new business activities, and was also the founder and interim global CEO for beTRUSTed, a managed service e-security business of PwC which, after divestment, subsequently became CyberTrust and acquired by Verizon

Over the past 25 years Dr. MacWillson has lead technology transformation and security projects for major organizations such as World Bank, SWIFT, DTC, CBT, LSE, Boeing, Northrop Grumman, NASA, QinetiQ, BP, Shell, Exxon, Petrobras, Barclays, Goldman Sachs, Bank of America, Ericsson, BT, Telstra and Vodafone, as well as intelligence, security and defense departments of the UK, US, European, Australian and Indian Governments.   He has advised clients on information and cyber security in the nuclear research and nuclear energy sector and has worked on projects for the UKAEA and Lawrence Livermore National Laboratory.

Dr MacWillson has acted as an adviser to a number of governments on technology strategy critical infrastructure protection, cyber security and counter terrorism and has sat on related committees for the US and UK governments, the European Commission and the United Nations.

Prior to moving into consultancy in 1990, Dr. MacWillson worked in government service and held senior advisory positions on security and risk related strategy with the UK government and, through secondment, with the US State Department,

With his extensive background and experience in information technology, security and applied cryptography, Dr. MacWillson is internationally recognised as an expert in the field.  As such, he is a frequent speaker and commentator on technology and security issues and his insights have been featured by some of the top media outlets such as the BBC, CNN, The Wall Street Journal and the Financial Times.  He is also a visiting lecturer on security and technology and has presented on many programmes with MIT, Georgetown, Stanford, Cambridge, Surrey and RHUL universities and the LBS.  During his career Dr. MacWillson has published many articles and papers on technology and risk and has authored journals on cyber and information security, risk, cryptography and cyber terrorism, as well as a widely selling textbook on Hostage Taking Terrorism (McMillan 1992).

Dr. MacWillson has a B.Sc. in Physics (Lond), Postgraduate Diplomas in Computer Science and Digital Imaging, a Ph.D. in Theoretical Physics, a D.Phil. in Cryptographic Science and an EMBA from IMD in Lausanne.

Tuesday, August 27 2019:

Why strong foundations matter: Lessons from developing CyBOK, the Cyber Security Body of Knowledge
Awais Rashid, Professor of Cyber Security, University of Bristol

Tuesday, 27.08.2019, 11:10-12:20

Abstract: Cyber security is increasing in the spotlight, with almost daily news of high profile cyber attacks and data or service losses. At the same time, there is a shortage of workers to meet the growing demand for cyber security expertise. The ISC(2) Global Information Security Workforce Study estimates a shortage of nearly 3M globally. But what knowledge should cyber security workers posses? This is a fundamental question that we must address as we strive to meet the shortfall in the cyber security workforce. I will discuss the insights and experience from developing CyBOK, the cyber security body of knowledge. This National Cyber Security Programme project has engaged a global community of experts to develop interdisciplinary foundations for cyber security. Even more critically, CyBOK provides an opportunity to contrast the focus of different professional and academic educational programmes and the knowledge one can expect students to have after completing a particular certification or course. Using various exemplars, I will discuss questions such as: what does a cyber security expert look like and are there key knowledge areas that are not adequately covered by existing programmes as we move towards a highly connected digital world with its billions of connected devices and the cyber security challenges inherent therein.

Awais Rashid is Professor of Cyber Security at University of Bristol. His research focuses on cyber security of large-scale connected infrastructure systems, taking an integrated view of technical and human factors. He heads the Cyber Security Group at Bristol and is Director of the EPSRC Centre for Doctoral Training in Trust, Identity, Privacy and Security in Large-Scale Infrastructures (TIPS-at-Scale). He leads projects as part of the UK Research Institute on Trustworthy Interconnected Cyber-Physical Systems (RITICS) and UK Research Institute on Science of Cyber Security (RISCS), co-leads the Security and Safety theme within the UK Hub on Cyber Security of Internet of Things (PETRAS) and is a member of the UK Centre for Research and Evidence on Security Threats (CREST). He also leads a major international effort on developing a Cyber Security Body of Knowledge (CyBOK) to provide much needed foundations for education and training programmes.

CD-MAKE Keynotes

Tuesday, August 27 2019:

Toward to transparency of deep learning in medical imaging: Beyond quantitative to qualitative AI
Yoichi Hayashi, Dept. Computer Science, Meiji University

Tuesday, 27.08.2019, 08:30-09:15

Abstract. Artificial intelligence (AI), particularly deep learning (DL), which involves automated feature extraction using deep neural networks (DNNs), is expected to be used increasingly by clinicians in the near future. AI can analyze medical images and patient data at a level not possible by a single physician; however, the resulting parameters are difficult to interpret. This so-called “black box” problem causes opaqueness in DL. The aim of the present study is to help realize the transparency of black box machine learning for medical imaging. To achieve this aim, we review the “black box” problem and the limitations of DL for medical imaging and attempt to reveal a paradigm shift in medical imaging in which diagnostic accuracy is surpassed to achieve explainability. DL in medical imaging still has considerable limitations. To interpret and apply DL to medical images effectively, sufficient expertise in computer science is required. Enabling almost every type of clinician, ranging from certificated medical specialists to paramedics to interpret elements of decision-making behind classification decisions. While DL algorithms have the opportunity to markedly enhance the clinical workflow of diagnosis, prognosis, and treatment, transparency is a vital component. Moreover, although rules can be extracted using the Re-RX (Recursive-Rule eXtraction) family, the classification accuracy is slightly lower than that using whole medical images trained by a convolutional neural networks; thus, to establish accountability, one of the most important issues in medical imaging is to explain the classification results clearly. Although more interpretable algorithms seem likely to be more readily accepted by medical professionals, it remains necessary to determine whether this could lead to increased clinical effectiveness. For the acceptance of AI by physicians in areas such as medical imaging, not only quantitative, but also qualitative algorithmic performance such as rule extraction should be improved.

Yoichi Hayashi received the Dr. Eng. degree in systems engineering from Tokyo University of Science, Tokyo, in 1984. In 1986, he joined the Computer Science Department of Ibaraki University, Japan, as an Assistant Professor. Since 1996, he has been a Full Professor at the Computer Science Department, Meiji University, Tokyo. He has also been a Visiting Professor at the University of Alabama in Birmingham, USA, and the University of Canterbury in New Zealand and has authored over 230 published computer science papers.

Professor Hayashi’s research interests include deep learning (DBN, CNN), especially the black box nature of deep neural networks and shallow neural networks, transparency, interpretability and explainability of deep neural networks, XAI, rule extraction, high-performance classifiers, data mining, big data analytics, and medical informatics. He has been the Action Editor of Neural Networks and the Associate Editor of IEEE Trans. Fuzzy Systems and Artificial Intelligence in Medicine . Overall, he has served as an associate editor, guest editor, or reviewer for 50 academic journals. He has been a senior member of the IEEE since 2000.

Wednesday, August 28 2019:

Explainable Artificial Intelligence – Methods, Applications & Recent Developments
Wojciech Samek, Machine Learning Group at Fraunhofer Heinrich Hertz Institute

Wednesday, 28.08.2019, 09:00-10:00

Abstract : Deep neural networks (DNNs) are reaching or even exceeding the human level on an increasing number of complex tasks. However, due to their complex non-linear structure, these models are usually applied in a black box manner, i.e., no information is provided about what exactly makes them arrive at their predictions. This lack of transparency may be a major drawback in practice. In his talk, Samek will touch upon the topic of explainable AI and will discuss methods, applications and recent developments. He will demonstrate the effectivity of explanation techniques such as Layer-wise Relevance Propagation (LRP) when applied to various datatypes (images, text, audio, video, EEG/fMRI signals) and neural architectures (ConvNets, LSTMs), and will summarize what he has learned so far by peering inside these black boxes.

Wojciech Samek is head of the Machine Learning Group at Fraunhofer Heinrich Hertz Institute, Berlin, Germany. He studied Computer Science at Humboldt University of Berlin as a scholar of the German National Academic Foundation, and received his PhD in Machine Learning from the Technical University of Berlin in 2014. He was a visiting researcher at NASA Ames Research Center, Mountain View, CA, and a PhD Fellow at the Bernstein Center for Computational Neuroscience Berlin. He was co-organizer of workshops and tutorials about interpretable machine learning at various conferences, including CVPR, NIPS, ICASSP, MICCAI and ICIP. He is part of the Focus Group on AI for Health, a world-wide initiative led by the ITU and WHO on the application of machine learning technology to the medical domain. He is associated with the Berlin Big Data Center and the Berlin Center of Machine Learning and is a member of the editorial board of Digital Signal Processing and PLOS ONE. He has co-authored more than 90 peer-reviewed papers, predominantly in the areas deep learning, interpretable machine learning, neural network compression, robust signal processing and computer vision.

Thursday, August 29 2019:

Crossing the chasm: from Academia to Industry
Janet Bastiman, Venture Partner at MMC Ventures and Chief Science Officer at StoryStream

Thursday, 29.08.2019

Abstract: Adoption of AI techniques by industry has risen rapidly in the past few years. Established companies are waking to the possibilities that AI techniques can give them and Europe is a breeding ground for academic researchers to make a difference as entrepreneurs. Whether the motivation for this is money, the challenge of running your own company and/or AI for good, making the step from research to being key in your own company brings a host of challenges for which many academics have little preparation.

In her talk, Bastiman will cover the main challenges faced in transitioning to industry that are just not present within the research community: world wide legislation and data provenance, explanability, AI operations, and the impact of accuracy and bias in real world decision making. She’ll outline the skills you need to build a successful industrial project, how you can get them, or what it might cost to hire them. Finally, she’ll go through how to get your business ready for funding.

Janet Bastiman in the AI Venture Partner at MMC Ventures Ltd, a London based venture capital company, and is also Chief Science Officer at StoryStream Ltd, an automotive-focussed company. She studied Cellular and Molecular Biochemistry at Oxford University with a scholarship from the Landau Foundation, and received her PhD from Sussex University in the Centre for Computational Neuroscience and Robotics, supported by the BBSRC with a CASE scholarship. Her career has focussed in industry where she has worked for large multinationals and smaller enterprises as Chief Technical Officer and continues to champion new technologies. She co-founded the Tech Women London meetup group and is treasurer of the IEEE UK STEM committee. Since 2018 she has also been a judge for Awards.AI, showcasing the best UK AI start-ups. Her interests are predominantly in combinatorial techniques in computer vision and the intersection of machine learning with biological inspiration.

CD-MAKE Special Tutorial

What is missing in the evaluation of binary classifiers and diagnostic tests? Improved AUC measures & ROC explanations
André Carrington,Ottawa Hospital Research Institute, Canada

Wednesday, 28.08.2019, 08:30-09:00

Tutorial Abstract: In classification and diagnostic testing there are many ways to measure and plot the accuracy of results, for example: sensitivity, specificity, average precision (AP), area under the curve (AUC), the receiver operating characteristic (ROC) plot and the precision recall curve/plot (PRC).

In the common case of classification with imbalanced data, i.e., more negatives than positives or vice versa, many common measures are missing information, which we need to know for fair (ethical), safe and good practice when evaluating accuracy and performance. Even measures deemed more robust for imbalanced data are missing information.

We propose measures which bridge some of the gaps in theory and practice and we review the alternative measures and missing information along the way. We then conclude with a summary of good practices in performance measurement.

André Carrington is a medical AI research fellow with PhD and MMath degrees in Engineering and Computer Science from the University of Waterloo and 18 years of industry experience as a security and privacy expert (CISSP, and former CIPP/C, CISM, CISA). His dissertation focused on transparent machine learning with equivalent accuracy.

André has applied many different statistical and machine learning methods. His research interests include: applications of AI and statistics in medicine, performance and utility, explainable and transparent AI, ethical AI, causality, federated learning, privacy and innovation, trust and governance.

André has done machine learning with/for: the University of Waterloo, Roche, the Cancer Clinical Trials Group, Sunnybrook Hospital, Alberta Health Services, Analytics for Life, the University Health Network and Agfa with funding awarded by Mitacs, the Ontario Centres of Excellence and the University of Waterloo. He joins the Ottawa Hospital Research Institute in September.

Workshop Keynotes

Immersive Virtual Insanity: Exploring Immersive Virtual Reality Security & Forensics
Ibrahim (Abe) Baggili, Elder Family Endowed Chair of Computer Science & Cybersecurity at the Tagliatela College of Engineering, University of New Haven

Workshop WSDF, Wednesday, 28.08.2019, 10:00-10:30

Abstract : The Virtual Reality (VR) market could surpass $ 40 Billion by 2020. The U.S. Military recently closed a deal worth $ 480 Million for the Microsoft HoloLens Mixed Reality (MR) device. Oculus has already released the first immersive VR system that is mobile with no wires and no need for a high-end gaming PC for $399. While these are exciting times, an important question needs to be investigated: Are we ensuring the security and privacy of these systems? In this talk I will present various experiments and findings we conducted in our lab related to the security and forensics of consumer grade immersive VR systems. I will show you how we are able to move people in physical spaces without their knowledge or consent, as well as other attacks that we coined and implemented related to immersive VR. Furthermore, we will also explore the forensic artifacts these systems produce.

Dr. Ibrahim (Abe) Baggili is the Elder Family Endowed Chair of Computer Science & Cybersecurity at the Tagliatela College of Engineering, Department of Computer & Electrical Engineering and Computer Science at the University of New Haven, CT, specializing in Cybersecurity & Forensics. He serves as the Assistant Dean and is the founder of the University of New Haven’s Cyber Forensics Research and Education Group ( UNHcFREG ). Abe is also the former editor-in-chief of the Journal of Digital Forensics, Security and Law (JDFSL). He received his BSc, MSc and PhD all from Purdue University where he worked as a researcher in CERIAS. He is the program lead on the Center of Academic Excellence in Cyber Operations, designated by the National Security Agency – one of only 21 programs nationally with that prestigious designation. Abe is also the co-founder of the X Reality Safety Initiative (XRSI.ORG).

Abe co-authored over 70 publications including books, peer reviewed articles, and conference papers and has received millions of dollars in funding for his work from a variety of sources including the NSF, NSA, DHS and MITRE. Most recently, work with his students showed security issues in mobile social messaging applications that affect over 1 billion people worldwide they also found major Virtual Reality exploits that affect people globally. His research interests include cybersecurity and forensics from technical, social, and psychological perspectives. He has worked closely with law enforcement and private sector and has published work on real challenges facing cybercriminal investigators and has presented at a number of conferences worldwide.

Abe’s work has also been featured in news outlets and on TV worldwide in over 20 languages.

To learn more about Abe and his work you can visit and .

Gareth Howells
Practical IoT Device Authentication with ICMetrics

Workshop IoT-SECFOR, Tuesday, 27.08.2019, 08:30-09:15

Abstract: The digital revolution has transformed the way we create, destroy, share, process and manage information, bringing many benefits in its wake with an ever increasing number of embedded consumer and communication devices at the heart of this revolution. However, such technology has also increased the opportunities for fraud and other related crimes to be committed. Therefore, as the adoption of IoT devices expands, it becomes vital to ensure the integrity and authenticity of such devices and to manage, control access to and verify their identity. ICmetrics represents a robust and flexible approach for generating unique identifiers for a range of IoT devices based on their determinable operating characteristics enabling secure encrypted communication between devices potentially significantly reducing both fraudulent activity such as eavesdropping and device cloning. This talk introduces the technical challenges associated with ICmetric technology and explores some of the practical considerations associated with its successful commercial exploitation, showing how a robust and flexible approach may be created suitable for practical exploitation.

Gareth Howells is currently a Professor of Secure Electronic Systems at the University of Kent and Founder, Director and Chief Technology Officer of Metrarc Ltd, a University spin-out company. He has been involved in research relating to pattern recognition and image processing for over 30 years and has published over 200 papers in the technical literature, co-editing two books and contributing to several other edited publications. In total, he has been successful in obtaining thirty-five separate research awards totalling over £5.4M from a variety of separate awarding bodies as part of projects with a total aggregate funding of over £10M.

Asma Adnane
Trust and Security in Internet of Vehicles (IoV)

Workshop IoT-SECFOR, Tuesday, 27.08.2019, 12:20-13:20

Abstract: Vehicular Ad-hoc NETwork (VANET) is vital transportation technology that enables vehicles to be connected to each other and to the road infrastructure, it facilitates a big range of applications designed with a principal objective on assisting the driver (applications such as collision avoidance, accident avoidance and traffic information)

Nowadays, Vehicles capabilities have been extended to allow connectivity to different sort of devices such as cellular networks, sensors, and smart phones, creating a bigger network called Internet of Vehicles (IoV) giving the opportunity for more applications (infontainment, traffic optimization and safety). All these applications require a secure, reliable and trusted information dissemination in the network. In case of IoV, ensuring such network security is extremely difficult due to its large-scale and open nature, making it susceptible to diverse range of attacks including man-in-the-middle (MITM), replay, jamming and eavesdropping attacks.

Trust establishment among vehicles can increase network security by identifying dishonest vehicles and revoking messages with malicious or inconsistent content. To this end, various Trust Models (TMs) are developed. These TMs evaluate trust based on the received information (data), the sending entity or both through different mechanisms. This talk reviews the different aspects of trust and presents a comparative study of the three TMs. An evaluation of these TMs against the different trust, security and quality-of-service related benchmarks will be discussed.

Asma is a lecturer in the Computer Science department of Loughborough University. Before joining Loughborough, Asma was a senior lecturer in the University of Derby (2013-2018) and a KTP associate at the university of Leicester and Crowdlab – Leicester (2011-2013).

Her main research focus is on networks and security. She had been involved in research related to the multipath routing performance in ad hoc networks, and in different applications of trust management for secured routing in ad hoc networks.

Location privacy from a statistical perspective
Dr George Theodorakopoulos, Cardiff University, UK

Workshop LPW, 27.08.2019, 12.20-13.20

Abstract : One way to view privacy in general, and location privacy in particular, is as a statistical inference problem: The adversary makes noisy observations of the user’s true information (location) and then tries to infer the actual value. This leads naturally to a game between the user and the adversary, in which the user may also be constrained in the amount of noise that can be added. This talk will explore past and current results in this area, and contrast the statistical point of view with other approaches to location privacy.

George Theodorakopoulos received the Diploma degree from the National Technical University of Athens, Greece, in 2002, and the M.S. and Ph.D. degrees from the University of Maryland, College Park, MD, USA, in 2004 and 2007, all in electrical and computer engineering. He is a Senior Lecturer at the School of Computer Science and Informatics, Cardiff University, which he joined in 2012. From 2007 to 2011, he was a Senior Researcher at the Ecole Polytechnique Federale de Lausanne (EPFL), Switzerland. He is a coauthor (with John Baras) of the book Path Problems in Networks (Morgan & Claypool, 2010). He received the Best Paper award at the ACM Workshop on Wireless Security, October 2004, for “Trust evaluation in ad-hoc networks” and the 2007 IEEE ComSoc Leonard Abraham prize for “On trust models and trust evaluation metrics for ad hoc networks.” He coauthored “Quantifying Location Privacy,” which was runner-up for the 2012 PET Award (Award for Outstanding Research in Privacy Enhancing Technologies).

Securing Software Supply Chains: A Case for New Research in Software Security?
Achim Bruckner, University of Exeter, UK

Workshop SSE, Wednesday, 28.08.2019, 10.30-12.00

Abstract : Today, Software is rarely developed “on the green field”: software developers are “composers” that build new system by combining existing solutions. Custom code is, in many development projects, a curiosity.

As a result, modern software depends on numerous third-party projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. On the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be attacked or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

In this talk, I will argue that the mature tools and techniques for developing secure software do not work well in an environment where software is composed instead of developed. By using real world examples of third-party components, I will make the case that research in secure software engineering needs to re-prioritize topics to be fit for a world of software composition.

Achim is a Professor (Chair for Cybersecurity) and Research Lead at the University of Exeter, UK. Prior to that, he was a Senior Lecturer at the Computer Science Department of The University of Sheffield, UK. He leads a research team in software assurance and security.

Until December 2015, he was the global Security Testing Strategist at SAP SE, were, among others, he defined and implemented the security testing strategy for over 27000 developers world-wide. SAP’s risk-based security testing strategy of SAP that combines static, dynamic, and interactive security testing methods and integrates them deeply into SAP’s Secure Software Development Life Cycle. He also was involved in the security checks for SAP’s outbound and inbound Open Source process.

Internet-wide Measurements to Prevent and Combat Cybercrime: The Case of DNS Zone Poisoning
Dr. Maciej Korczyński, University of Grenoble, France

Workshop IWCC, Wednesday, 28.08.2019, 10:00-10:30

Abstract: Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behavior. Therefore, there is a great need for comprehensive Internet-wide measurements to prevent and combat cybercrime. Critical facts about the Internet security, such as “Which domain registries are abused by the cybercriminals the most?” or “Which Internet Service Providers do not deploy source IP address filtering, facilitating massive DDoS attacks?” remain poorly quantified.

In this talk, we will discuss a number of examples of measurement studies of the domain name space. In particular, we will explore an attack against configuration files of poorly maintained name servers allowing, for example, domain hijacking. We refer to this type of attack as to “zone poisoning”. The attack is as simple as sending a single RFC compliant DNS dynamic update packet to a misconfigured server. In the simplest version of an attack, a miscreant could replace an existing A or MX DNS resource record in a zone file of a server and point the domain name to an IP address under control of an attacker. We will present the global measurement study of the vulnerability. To assess the potential impact of non-secure dynamic updates, we scanned 290 million domains worldwide and found that among the vulnerable domains are governments, banks and health care providers, demonstrating that the threat impacts important services.

Via our study of the zone poisoning attack and subsequent notifications to affected parties and respective intermediaries, we aimed to improve the security of the global DNS ecosystem and test methods to contact affected parties after the introduction of the General Data Protection Regulation.

Maciej Korczyński holds an associate professor position at University of Grenoble in cybersecurity and Internet measurements. He is a member of the Messaging, Malware and Mobile Anti-Abuse Working Group(M3AAWG) and Grenoble Alpes Cybersecurity Institute. He obtained a PhD(2012) in computer science from University of Grenoble. He was a postdoctoral researcher in the Cybersecurity research group at TU Delft (2014-2017), at Rutgers University (2013-2014), and a member of European TMA group dedicated to traffic measurements and network attack detection. He has published research papers in major cybersecurity and networking conferences and journals (IEEE INFOCOM, ACM CCS, RAID, ACM IMC, IEEE Euro S&P, ACM AsiaCCS, PAM, IEEE ComMag). He gave over 30 invited industry talks in the domain of cybersecurity at ICANN, DNS-OARC, M3AAWG, etc. Over the past 10 years, he wrote successful project proposals, and has been working as a principal investigator and a senior researcher in several national and international projects funded by and in collaboration with ICANN, SIDN (registry of .nl domains), AFNIC (registry of .fr domains), the Dutch Ministry of Economics, the National Cyber Security Centre (NCSC), or the Dutch National High Tech Crime Unit. His main research interests include Internet-wide passive and active security measurements, incident data analysis, vulnerability notifications, economics of cybersecurity, attack detection, encrypted traffic classification, and security of Internet protocols such DNS.

Steganography and steganalysis: Lessons learnt the hard way over 15 years of academic practice.
Prof. Julio Hernandez-Castro, University of Kent, UK

Workshop CUING, Tuesday, 27.08.2019, 08:30-09:15

Abstract: In this keynote speech, Prof. Hernandez-Castro will draw on his experience on steganography and steganalysis to presents relevant facts, some experiences, a modicum of insights and plenty of tough lessons.

He will try to offer some recommendations, best practices and discuss what common errors to avoid in the daily chores of an academic practitioner seeking research funds and conducting research targeted to some top venues. He will, additionally, present some recent research results of general interest to the community.

Prof. Julio Hernandez-Castro got a mathematics degree in 1995 from Universidad Complutense in Madrid, Spain, and postgraduate degrees from University of Valladolid and Universidad Carlos III.

In the latter he got his PhD in 2003 and stayed until 2009 in different roles up to the equivalent to Assistant Professor. He moved to the UK in 2009 and after a brief stay at the University of Portsmouth joined the University of Kent in 2012.
In 2017 he became a full professor, thanks in part to his research in the area of steganography and steganalysis over image and video.
He has published his research in this area on relevant venues such as Digital Investigation, IEEE Transactions of Information Forensics and Security (TIFS), etc.
He has a total of 3,800 citations to his over 200 peer-reviewed works, with an h-index of 26 according to Google Scholar.
He is currently working on three projects related to the topic of steganography and steganalysis, funded by Huawei, EPSRC and the EU H2020 program.

Cooperative Security for 5G and the Internet
Prof. Raimo Kantola, Aalto University, Finland

Workshop 5G-NS, Monday, 26.08.2019, 14:45-15:15

Abstract: The talk describes the concept of cooperative security between end-points with network/cloud based assistance. The system has several components such as cooperative firewalls at the edge nodes of the customer networks (we call them Customer Edge Switches), an interworking function called a Realm Gateway for legacy Internet host communications and a system of communications policy management allowing the firewalls to admit only expected traffic to the receivers that may be wireless and battery powered. The first two components are an extension and generalisation of Network Address Translator (NAT). Due to the Interworking function the system can be deployed one network at a time without compulsory changes on hosts. Tools for automating policy generation are a part of the solution. The systems have been implemented following the Software Defined Networking principles, so the firewall has a control plane and a data plane. The control planes can talk to each other or to any other nodes before making the final admit or drop decision. When a policy match is established edge to edge, a host to host flow can take place. Besides the initial signaling, the firewalls can push the restraining commands to each other if the served host is found to be too aggressive at any time during the flow. Evidence collection is ubiquitous and the nodes use reputation methods based on shared evidence when deciding to allocate some resources to serve a remote entity.  The architecture establishes stable IDs for hosts. The IDs are used as a key to the policies, to the collected evidence of behavior as well as an ID of the host that needs to be restrained.

Firewalling itself must use executable rules that are bound to addresses at the Firewall. We expect that the first use cases of the technology can be found in specialised 5G networks but the architecture is generic.

Raimo Kantola is a full tenured professor at Aalto University, Department of Communications and Networking. After some 15 years in Nokia Networks in different roles, he graduated with Doctor of Technology degree at Helsinki University of Technology (TKK) in 1995 and joined the University in 1996 to become a professor in Networking technology. Kantola is a pioneer of international education at Aalto. He was tenured in 2005. When TKK merged to Aalto, Kantola was the first Chairman of the Department of Communications and Networking.

Prof. Kantola’s recent research is in Cooperative Security, Software Defined Networking and 5G.

CTI in Cyber Defence: Challenges and opportunities
Dr. Panayotis Kikiras, European Defense Agency (EDA)

Workshop CyberTIM, Wednesday, 28.08.2019, 10:00-10:30

Abstract : The scope of the presentation will be to explore the role of CTI in Cyber Defence. Concepts like Cyber Kill chain vs Observe-Orient-Decide-Act and the impact of CTI techniques to the optimisation of blue forces OODA cycle will be presented.
In addition, the impact of AI enabled CTI will be discussed along with the envisaged role of CTI as a key tool for future Information Superiority. Finally, The role of European Defence Agency in the EU research landscape will be explained and research and funding opportunities for dual and defence topics will be presented.

Panayotis is currently Head of Unit Technology and Innovation in European Defense Agency in Brussels. Through its work on innovative research the directorate supports EDA Member States in their efforts to cooperate, promote and manage cooperative Research and Technology projects. It identifies dual-use synergies and opportunities with the European Commission and the European Space Agency to enhance civil-military cooperation, interoperability and effective R&T spending. Panayotis before EDA, have been working for AGT International since 2011. He was Vice President of Research leading the enabling technologies research group which conducts research in the areas of Cyber Security, Big Data and Energy Analytics.

He holds a PhD and an MSc in Computer and Electrical Engineering from the Technical University of Athens and an MSc in Management and Economics of Communication Networks from the University of Athens. In the academic field Panayotis was an Adjunct Associate Professor at the University of Thessaly Greece, Department of Computer and Network engineering and Department of Informatics. Panayotis has authored more than 50 peer reviewed papers and a number of technical reports and he is a senior member of IEEE.

The need of standardisation and reference collections in digital forensics
Christian Hummert, director of digital forensics at the Central Office for Information Technology in the Security Sector (ZITiS), Germany

Workshop IWSMR, Tuesday, 27.08.2019, 08:30-09:15

Abstract : In digital forensics the experts usually have only on try, especially in smartphone, IoT or embedded systems forensics. If a trace in criminal proceedings is destroyed or analyzed incorrectly there are only limited possibilities for repetition of the procedure. In contrast, in good scientific research requires all methods must be reproducible and transparent. In this field of unresolved tension the use of standardization and reference collections can help. There are some endeavours within the European Union to overcome these issues.

Christian Hummert obtained his PhD in computer science from the Friedrich-Schiller University in Jena, Germany. He worked six years as a forensic expert for the Federal Police of Thuringia. In 2015 he was appointed as a Full Professor for IT-Security / Digital Forensics at the Mittweida University of Applied Science. In October 2018 he left university and became the director of digital forensics at the Central Office for Information Technology in the Security Sector (ZITiS) in Germany. His research interests include digital forensics especially forensics of embedded systems and automotive forensics.

Security lifecycles for smart mobility and smart production
Christoph Schmittner, Scientist, Security & Communication Technologies Center for Digital Safety & Security, AIT, Austria

Workshop WISI, Wednesday 28.08.2019, 12:00-13:00

Abstract : Due to the increasing complexity, interconnection and automation of all domains there is an increasing need for secure and dependable systems. Two important domains are smart mobility and smart production. Both domains are tackling these challenges with the development of guidance on how to develop secure systems and interconnect this guidance with existing guidance on the development of safe systems.

This keynote gives an overview about ongoing developments in smart mobility and smart production regarding security and safety standards, describes open challenges and present potential approaches.

Mr. Christoph Schmittner received his M.Sc. in System and Software Engineering at the University of Applied Sciences Regensburg in 2013. His main research area is safety and security co-engineering. He works on safety, security analysis and co-analysis methods, connected and safety critical / fault & intrusion tolerant system architectures, functional safety and cybersecurity standards and inter-dependence of safety and security in critical systems. He is involved in multiple European and National research projects and leads the Austrian participation in ISO/SAE 21434 “road vehicles – cybersecurity engineering”

Authentication of the future – a challenge to privacy?
Peter Kieseberg, FH St.Pölten, Austria

Workshop BASS II, Thursday 29.08.2019, 13:30-15:00

Abstract: Authentication, and especially systems allowing continuous authentication like behavioral approaches, belong to the most important topics in security research, especially in order pt make security usable. Still, several issues regarding privacy have to be taken into account. In this talk we will discuss some important issues surrounding the problem of privacy aware behavioral authentication.

Peter received a master’s degree in Technical Mathematics in Computer Science from the VTU Wien with specializations in cryptography and numerical mathematics. He worked as a consultant in the telecommunication sector for several years before joining SBA Research. Here his main activities lie in the area of project management and acquisition, as well as industrial and academic research. Since 2014 he is also visiting doctoral researcher at the Holzinger Group HCI-KDD and involved in standardization activities at ETSI (TC-CYBER). Since 2017, he is also lecturer at FH. St. Pölten.

Special Talk: Gridradar – a distributed frequency measurement system
Christian Krämer (Gridradar, Germany)

Tuesday, 27.08.2019, 11:10-12:20

Abstract : Set up in 2017 Gridradar is a distributed project recording the electric grid frequency all over Europe. With over 20 GPS synchronized PMU (Phasor measurement units) already located in 6 European countries we measure the grids frequency with 10 samples/s. These measurements are recorded in a database. To date we have recorded around 4 billion data points and are adding roughly 18 million data points each day.

There are two focus areas to what we do. One is the electrical behaviour of the grid whereas the other is a security driven approach. On the electric side of things, we both monitor and analyse the grid behaviour and power flows within the grid. To monitor power flows we use a phase angle subtraction. This tool gives us valuable insight into the grid especially when instabilities such as the massive frequency drop on 10 January 2019 occur. The grid was on the verge to a blackout when this incident happened. Such instabilities speed through the grid at around 1100 km/s, so with enough distance between the fault and an interested party such as financial exchanges, banks or data centers
might be able to brace for impact upon a signal provided by Gridradar before the fault hits the interested party and power drops or the grid blacks out.

The security approach however is to create a tightly woven network to record local frequency scatter allowing ex-postanalysis of audio and video recordings. The background hum heard when walking past a substation is found in audio and video recordings whenever a grid powered device is near. The course of the electric network frequency is pretty stochastic and thus any recordings containing traces of it cannot be manipulated, neither up front nor after realisation. Matching the recorded grid frequency against recorded audio/video content allows fingerprinting to some extent if the recording is long enough. This not only returns a rather precise time of the recording but also provides a mechanism to detect manipulations of recorded content. We found that using measures of dispersion, such as the grid frequency’s standard deviation, will give us regionally repetitive patterns. These regionally different frequency patterns could help give an estimate of not only when but where content was recorded.

Additional information can be found here: