09:00 –09:30 Gathering
09:30 –09:40 Opening Remarks
Oded Cohn, VP, Director, IBM Research – Haifa
09:40 –10:20 Title: Emerging Paradigms in Cyber Security
Dr. Nimrod Kozlovski, Jerusalem Venture Partners (JVP) Labs, & Partner and head of Tech Regulation, HFN
Watch the video
abstract: TBD
Bio: Nimrod is focused on early stage investments in startups at JVP, Israeli lead Venture Capital. He brings to JVP labs a deep expertise in the areas of Cyber Security, Digital Innovation, Ad-Tech and Big Data. In this capacity, he contributes his knowledge to JVP portfolio companies, especially as a board member of CoroNet, ScadaFence and Secbi and formerly Morphisec.
With a strong legal and technological background, Nimrod also heads the Tech Regulation practice at HFN, Israel lead international law firm. He is an expert on regulatory, policy and legal aspects of digital innovation and consults to startup, multi-national companies and governments.
Co-founder of two start-ups, PLYmedia and Altal Security, Nimrod also co-launched the Information Security and Cyber Security program as part of the MBA in Information Technologies in Tel Aviv University and teach classes on Cyber Security, Big Data, Innovation and Internet Law.
He received his doctor degree in law (JD) from Yale Law School and conducted his Post-Doc research in computer science on proactive security at Yale School of Computer Sciences. In the Israel Defense Forces, Nimrod served as Captain in the Electronic Warfare unit. Nimrod was an adjunct professor at New York Law School and has written books and articles on Internet Law, Cyber Crime and Digital Law Enforcement and Copyright Law.
With a strong legal and technological background, Nimrod also heads the Tech Regulation practice at HFN, Israel lead international law firm. He is an expert on regulatory, policy and legal aspects of digital innovation and consults to startup, multi-national companies and governments.
Co-founder of two start-ups, PLYmedia and Altal Security, Nimrod also co-launched the Information Security and Cyber Security program as part of the MBA in Information Technologies in Tel Aviv University and teach classes on Cyber Security, Big Data, Innovation and Internet Law.
He received his doctor degree in law (JD) from Yale Law School and conducted his Post-Doc research in computer science on proactive security at Yale School of Computer Sciences. In the Israel Defense Forces, Nimrod served as Captain in the Electronic Warfare unit. Nimrod was an adjunct professor at New York Law School and has written books and articles on Internet Law, Cyber Crime and Digital Law Enforcement and Copyright Law.
10:20 –10:50 Title: Fight Malware vs. Fighting Diseases
Amos Marom, VP Trusteer, IBM Security
abstract: TBD
Bio: Over the past 30 years, Amos has served as a high tech executive for multinational companies including, IBM, Swiftness, SanDisk, NICE, Comverse and BMC. Starting as a technical person, Amos developed into a leading director of product management and made his way to lead multiple business units in Security, Telecom, Call Center, Storage and systems management.
Amos hold a technical degree from the IDF computer school MMRM, BA in Economics from Tel-Aviv University and an MBA from Northwestern University Kellogg school of Management / Tel-Aviv University Recanati School.
Amos hold a technical degree from the IDF computer school MMRM, BA in Economics from Tel-Aviv University and an MBA from Northwestern University Kellogg school of Management / Tel-Aviv University Recanati School.
10:50 –11:20 Title: IoT Security - Challenges & Opportunities
Dr. Erez Waisbard, Nokia Bell Labs
Presentation
abstract: The Internet of Things (IoT) carries a big promise to connect everything in our lives. This promise also introduces one of the biggest security challenges. In this talk I will present the challenges that IoT security brings and why the well established Internet security infrastructure is not suited for IoT. I will also outline how some of the latest cryptographic advances, such as MPC and Blockchain can be used to address these challenges.
Bio: Erez joined Nokia Bell Labs in 2016 after working for 20 years at various security and networking companies. In his last role as a security architect at Cisco, Erez focused on IoT and content protection. In this role Erez was a co-inventor of a new content scrambling algorithm for Pay-TV systems (CSA-3).
Erez academic research focused on Cryptography, both in his M.Sc. studies at the Weizmann Institute of Science and in his Ph.D. studies at the Bar-Ilan university. During the time of his studies Erez taught security and cryptography courses at Bar-Ilan University and the Open University.
Erez academic research focused on Cryptography, both in his M.Sc. studies at the Weizmann Institute of Science and in his Ph.D. studies at the Bar-Ilan university. During the time of his studies Erez taught security and cryptography courses at Bar-Ilan University and the Open University.
11:20 –11:50 Break
11:50 –12:20 Title: Curiouser and Curiouser: A Selection of Malware Obfuscation Techniques Based on Recent Samples
Cindy Eisner, Senior Technical Staff Member at the IBM Haifa Research Laboratory
Watch the video Presentation
abstract: Modern malware uses a variety of techniques to impede human or automated, static or dynamic analysis of its (machine) code. Ranging from the trivial to the ingenious, what these techniques share is a tendency to misuse interfaces and flout coding conventions, in a way that breaks the assumptions of many tools and renders them useless. In this talk I'll present a selection of such techniques, all gleaned from recently analyzed malware samples, and show what they break and how they do it.
Bio: Cindy Eisner is a Senior Technical Staff Member at the IBM Haifa Research Laboratory, where she worked on various aspects of formal technologies, including formal specification and verification and their applications to hardware and software development, for almost 20 years. She was the leader of the technical team that brought IBM's Sugar specification language to IEEE standardization as PSL, and has co-authored numerous papers on practical and theoretical issues in the formal semantics of temporal logic, as well as a book on PSL. For the past few years, Cindy has developed expertise in malware evasion techniques through working on a security analysis project based on formal verification technology.
12:20 –12:50 Title: Federation as a Service: The SUNFISH Experience
Prof. Vladimiro Sassone, Electornic and Computer Science, University of Southampton
Watch the video Presentation
abstract: We introduce the notion of Federation-as-a-Service as introduce in the H2020 project SUNFISH on federated clouds, discuss its implementation over a distributed ledgers infrastructure, and point to some implications and future directions on realizing the Internet-of-Things.
Bio: Vladimiro Sassone is the Royal Academy of Engineering Research Chair in Cyber Security at the University of Southampton, where he leads the Academic Centre of Excellence for Cyber Security Research.
A theoretical computer scientist by formation, Professor Sassone turned to cyber security in 2001. His recent research includes resource access control, trust-and-reputation models, anonymity and privacy, where he pioneered the use game theory to design, understand and analyse collaboration mechanisms in anonymity networks like Tor. Currently he works on the security and application of distributed ledgers as infrastructure for decentralised computation.
A theoretical computer scientist by formation, Professor Sassone turned to cyber security in 2001. His recent research includes resource access control, trust-and-reputation models, anonymity and privacy, where he pioneered the use game theory to design, understand and analyse collaboration mechanisms in anonymity networks like Tor. Currently he works on the security and application of distributed ledgers as infrastructure for decentralised computation.
12:50 –13:20 Title: Responsible Programming in Cloud Platforms
Joel Nider, Systems researcher in the cloud infrastructure team, at the IBM Haifa Research Laboratory
Watch the video Presentation
abstract: TBD
Bio: Joel Nider is a systems researcher in the cloud infrastructure team currently working on systems software for heterogeneous architectures. Before joining IBM Research, he worked as an embedded software developer at SanDisk and Qualcomm, developing leading edge embedded technologies such as SSD, PCIe and SATA. His research interests include microservices, microkernels, microservers, and low power systems. He is a member of ACM SIGOPS.
13:20 –14:45 Lunch
14:45 –15:15 Title: Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
Dr. Aviv Zohar, School of Engineering and Computer Science, Hebrew University
Watch the video Presentation
abstract: As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers and many attack vectors have been uncovered already. One important vector that has received relatively little attention is attacking the currency via the underlying communication infrastructure.
The talk will review several possible attacks that can be used on Bitcoin nodes to disrupt their communication either by manipulating routing advertisements (BGP hijacks), or performing man-in-the-middle attacks on naturally intercepted Bitcoin traffic.
The talk will review several possible attacks that can be used on Bitcoin nodes to disrupt their communication either by manipulating routing advertisements (BGP hijacks), or performing man-in-the-middle attacks on naturally intercepted Bitcoin traffic.
Bio: Aviv Zohar is a Senior Lecturer at the School of Computer Science and Engineering, the Hebrew University of Jerusalem. Prior to joining the Hebrew University in 2012 he was a Postdoc researcher at Microsoft Research in Silicon Valley. His research revolves around the study of multi-agent systems including topics on the border of economics and computer science. Recently he has been studying cryptocurrencies such as Bitcoin and other permissionless distributed ledger systems.
15:15 –15:45 Title: Understanding In-memory Cyber Security Attacks on In-vehicle-infotainment Systems
Assaf Harel, CTO & co-founder of Karamba Security
Watch the video Presentation
abstract: Infotainment systems, running different flavors of Linux and Android are built from millions of lines of code, most of them open source. Although this code is very well maintained and deployed to millions of devices, cyber security attack vectors are found frequently. In this talk we will get into the head of a researcher trying to find vulnerabilities in such systems. We will look for potential vulnerabilities, and explain how they can become exploits. Furthermore, we will exploit one of these vulnerabilities, and explain how does an in-memory attack behave. We will demonstrate how an attacker can gain full access and control to the infotainment system. At last, we will discuss potential ways to protect against such attacks, and how applicable they are to the world of in vehicle infotainment systems.
Bio: Assaf has broad experience with embedded, networking, security and mobile technologies. Assaf was senior R&D Manager at Check Point Software Technologies (NASDAQ:CHKP), overseeing the development of several innovative, emerging endpoint security products and technologies. Assaf served in the elite intelligence unit of the Israeli Defense Forces (IDF). He received a B.Sc. and M.Sc. in Computer Science from the Technion and an MBA from Haifa University.
15:45 –16:15 Break
16:15 –16:45 Title: Humans in Information Security: Neglect, Compliance, and Incentives
Dr. Eran Toch, department of Industrial Engineering, Tel-Aviv University
Watch the video Presentation
abstract: Growing evidence point to the important role that humans play in information security, causing vulnerabilities that can compromise a whole network through erroneous, negligent or misguided behavior. Existing literature points to the challenges in warning users against information security threats, and the limited attention users give to those warnings. In this paper, we investigate how gamification of notifications and their timing can affect users' security behavior. We describe studies in which we test incentive mechanisms that aim to enhance compliance with security systems and foster safer behavior.
Bio: Eran is a member of the faculty of Engineering at Tel-Aviv University, at the department of Industrial Engineering. Eran’s research group is now working on various projects that revolve around computationally analysis of human behavior, and applying this knowledge to solve real-world privacy and security challenges. The group is funded by various agencies, including the EU Horizon 2020 program, DARPA, the Israeli Science Foundation, and the Israeli Ministry of Science. Prior to joining Tel Aviv University, Eran was a post-doc fellow at the Carnegie Mellon University, School of Computer Science. Eran has a Ph.D. from the Technion – Israel Institute of Technology.
16:45 –17:15 Title: Privacy Preserving Plans in Partially Observable Environments
Sarah Keren, PhD Student - Technion
Watch the video Presentation
abstract: Big brother is watching but his eyesight is not all that great, since he only has partial observability of the environment. In such a setting agents may be able to preserve their privacy by hiding their true goal, following paths that may lead to multiple goals. In this work we present a framework that supports the offline analysis of goal recognition settings with non-deterministic system sensor models, in which the observer has partial (and possibly noisy) observability of the agent’s actions, while the agent is assumed to have full observability of his environment. In particular, we propose a new variation of worst case distinctiveness (wcd), a measure that assesses the ability to perform goal recognition within a model. We describe a new efficient way to compute this measure via a novel compilation to classical planning. In addition, we discuss the tools agents have to preserve privacy, by keeping their goal ambiguous as long as possible. Our empirical evaluation shows the feasibility of the proposed solution.
Bio: Phd student at the Faculty of Industrial Engineering and Management at the Technion - Israel Institute of Technology under the supervisition of Prof. Avigdor Gal and Dr. Erez Karpas.
17:30 - 18:30 Networking Reception and Refreshments.