Ahmad-Reza Sadeghi is a professor of Computer Science at TU Darmstadt, Germany where he heads the System Security Lab at the Cybersecurity and Privacy Research Center (CYSEC). Since 2012 he is the director of the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS). For his influential research on Trusted Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany. He is the author of more than 300 peer-reviewed scientific publications in the field of IT security and privacy and was, amongst others, Editor-In-Chief of the prestigious IEEE Security and Privacy Magazine. He is also on the advisory board of several large multinational IT-enterprises.

Things, Threats, Trust: Tackling Security & Privacy Challenges in the Brave New IoT World

IoT devices are widely being adopted as new manufacturers of internet-connected devices are entering the market.

Although IoT promises a brave new world, many devices are lacking proper security designs or have flawed implementations, making them vulnerable to various security and privacy threats. We are facing significant challenges specific to IoT, such as emerging large-scale IoT botnet attacks, abuse of voice-based virtual assistants (e.g., Amazon’s Alexa), or novel privacy threats caused by widespread adoption of wireless sensors, actuators and smart home appliances even in presence of properly encrypted communications.

Unfortunately, existing intrusion detection techniques for detecting compromised IoT devices seem ineffective given the massive scale of the IoT device population and enormous diversity of device hardware, operating systems, software frameworks and manufacturers involved.

In this talk, we will present our recent work on addressing various security and privacy challenges in the growing IoT landscape including industry collaborations. In particular, we focus on approaches for identifying IoT devices based on their inherent communication behavior and using these behavior patterns to automatically detect compromised IoT devices effectively.

Dr. Adam Doupé is an Assistant Professor in the School of Computing, Informatics, and Decision Systems Engineering at Arizona State University and is the Associate Director of the Center for Cybersecurity and Digital Forensics in the Global Security Initiate at Arizona State University. Dr. Doupé was awarded the Top 5% Faculty Teaching A ward for the Fulton Schools of Engineering at ASU for 2016, the Fulton Schools of Engineering Best Teacher Award in 2017 and 2018, the Fulton Schools of Engineering Outstanding Assistant Professor Award in 2017, and the NSF CAREER award in 2017. Dr. Doupé has co-authored over 20 peer-reviewed scholarly publications and served on program committees of well-known international security conferences. As a founding member of the Order of the Overflow, Dr. Doupé has organized the DEF CON Capture The Flag competition since 2018.

History and Future of Automated Vulnerability Analysis.

The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, so-called vulnerability researchers, are employed. These human experts are expensive, and, more fundamentally, cannot scale. Therefore, automated vulnerability analysis techniques were created to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically.

In this talk, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often researched separately. From this, I will discuss the future of automated vulnerability analysis, and how

• 2006 - Present Professor, Department of Computer Science and Engineering, Korea University, Seoul, Korea
• 2003 - 2006 Assistant Professor, Department of Computer Engineering, Dongguk University, Seoul, Korea
• 2000 - 2003 Research Professor, Department of Computer Science, KAIST, Daejon, Korea
• 2000 Ph.D. Department of Computer Science, KAIST, Daejon, Korea

Personal Data Protection and Data Anonymization

In this talk I introduce some issues of personal data protection in Korea including the definitions and technical interpretations of Personal Data, Personal Data Protection and Data Anonymization in the context of 'Personal Data Protection Act' of Korea. In addition, recent moves on the revision of 'Personal Data Protection Act' and 'Guidelines for De-identification of Personal Data' will be briefly described.

Yongdae Kim is a professor at School of Electrical Engineering, an affiliated professor at Graduate School of Information Security, and a director at Cyber Security Research Center, all at KAIST. He also provides broad range of consulting to industries and research institute such as Samsung Electronics, Naver, Jiranjikyo, National Security Research Institute. His main research interests include security of cellular network, blockchain, drone and self-driving cars.

What do we expect from 5G Cellular Security?

Every 10 years, new cellular technology has been introduced. In particular, 4G LTE has brought all IP era together with high speed data and voice service. All IP era, on the other hand, opens new opportunity for cellular security researchers, as it makes security analysis much easier. So far, researcher have found about 100 new security vulnerabilities in 4G LTE. In this talk, I will introduce these vulnerabilities and discuss what kind of new and old problems will be introduced in 5G. I will also introduced a simple mechanism to automatically detect part of these vulnerabilities.

• 2017. 10 Founder, AI Spera
• 2015. 3 - present Associate Professor, School of Information Security, Korea University, Korea
• 2016. 3 - 2017. 2 Visiting Professor, Computer Science and Software Engineering, University of Canterbury, New Zealand
• 2010. 3 - 2015. 2 Assistant Professor, School of Information Security, Korea University, Korea
• 2004. 5 - 2010. 2 Technical Director, Head of Information Security Department, NCSOFT
• 1999. 8 – 2002. 5 CEO, Founder, A3 Security Consulting

Data-driven security: IDS implementation case for vehicle

In this talk, I will introduce security problems in CAN bus in the traditional and autonomous vehicle for the first.

Then, I will present a case of IDS implementation for the vehicle, which is designed for the in-vehicle anomaly and attack detection.

Seungwon Shin received the Ph.D. degree in computer engineering from the ECE Department, Texas A&M University (Advisor, Prof. G. Gu and Prof. A. L. Narasimha Reddy). He is currently an Associate Professor with the School of Electrical Engineering, KAIST. Before joining KAIST, he has worked at TmaxSoft and ETRI as a researcher.

His research interests include software defined networking, cloud network, and cyber-threat intelligence.

Unleashing the potential of knowledge extractions for cyber security

In this presentation, we explore the design of a cyber-security knowledge extraction service to assist in the timeliness and scalability with which cyber-security professionals, novice users, and expert systems can compile a situational awareness of their threat landscape.

We explore the potential of exploiting knowledge bases for cyber-security by actually presenting several use cases.

• CEO of GRAYHASH
• Global hacking conference Blackhat reviewer
• Global hacking conference Codeblue / OPCDE reviewer
• Committee member of district public prosecutor's office

Sharing about smart car hacking experience and what's different from traditional hacking?

This presentation talks about our experience of smart car hacking and covers what are easier part and harder part comparing to traditional hacking such as PC/Server/mobile hacks. We shows the attack surface of smart car that pen-testers should care about. Usually, the software stack hacks is not really different and sometimes it's even easier. But IoT/Embedded system hackers should also know hardware hacking to properly audit your target. We'll share how we succeeded and how we failed when we tried to review some smart car platforms.