09:00 – 09:30 Gathering
09:30 – 09:45 Opening Remarks
Moshe Levinger, DGM, Computing as a Service Department, IBM Research - Haifa
Bio: Moshe Levinger joined the IBM Research lab in Haifa in 1992 after completing his MSc degree in the field of 'Natural Language Processing' at the Technion Institute in Israel. He worked in the area of h/w verification throughout these years, first as a technical leader and then at various management positions. During these 23 years in IBM, Moshe has led the development of new technologies and tools spanning the various disciplines in h/w verification, including: test generation, functional coverage, checking as well as formal verification. Moshe is managing today the 'Computing as a Service' area (150+ researchers) within the IBM Haifa Research lab, focusing on developing advanced technologies and solutions in the domains of h/w and s/w Quality, Security and Cloud Platforms.
09:45 – 10:25 Privacy vs. Cyber Security on The National Level
Major Gen. (Res.) Professor Isaac Ben-Israel, Tel Aviv University
Bio: Isaac Ben-Israel was born in Tel Aviv, Israel in 1949. He studied mathematics, physics, and philosophy at Tel Aviv University, receiving his PhD in 1988. He joined the Israel Air Force (IAF) after graduating high school (1967) and served continuously up to his retirement (2002). He headed the IAF Operations Research Branch, the Analysis and Assessment Division of IAF Intelligence, and was the Head of Military R&D in the Israel Defense Forces and the Ministry of Defense (1991-1997). In January 1998, he was promoted to major general and appointed as director of the Defense R&D Directorate in the Israeli Ministry of Defense. After retirement from the IDF, Ben-Israel joined Tel Aviv University as a professor, and served as the head of the Curiel Center for International Studies, the Program for Security Studies Teaching at the Security Studies Program, and the Cohn Institute for the History and Philosophy of Sciences and Ideas.
He has also served as the executive director of the Interdisciplinary Centre for Technological Analysis and Forecasting at Tel-Aviv University (ICTAF), the deputy director of the Hartog School of Government and Policy in Tel Aviv University, and a member of Jaffe Centre for Strategic Studies.
He founded and heads the Yuval Ne’eman Workshop for Science, Technology and Security and the Blavatnik Interdisciplinary Cyber Research Center, both at Tel Aviv University. He was a member of the board of trustees of the Ariel University Center and a member of the advisory council of the Neaman Institute for Advanced Studies in Science and Technology at the Technion. He also served as the chairman of the Israel National R&D Council and is now the chairman of the Israel Space Agency.
10:25 – 10:50 Changing the Cybercrime Game with New Technologies
Limor Kessem, Executive Security Advisor, CISM, IBM
Over the past decade, financial cybercrime has evolved to become the business of organized crime groups with a vast global reach and intricate money laundering networks. Fighting these organizations happens on many levels, the lowest one being dismantling their malicious code and clever devises.
Cybercrime continually evolves on the technological level, and this talk will explore the application of new technologies to fight a trillion dollar clandestine economy.
Bio: Limor Kessem is a Global Executive Security Advisor at IBM Security. She is one of the top female cyber intelligence experts in the world. A seasoned security advocate, public speaker, and a regular blogger on the cutting-edge IBM Security Intelligence blog, Limor is considered an authority on emerging cybercrime threats and a champion for women in security. She speaks in security events worldwide, conducts live webinars on all things fraud and cybercrime, and authors a large variety of threat intelligence and thought leadership pieces on the cybersecurity issues that occupy CISOs and security professionals in today’s threat landscape. You can find Limor on Twitter as @iCyberFighter and read some of her blogs on iCyberFighter.com.
10:50 – 11:10 Break
11:10 – 11:35 IoT Computing Paradigm Shift - Next Generation IoT Security
Fady Copty, IBM Research - Haifa
Abstract: The security industry has been focusing on adapting classic security solutions to IoT security, and solving network security and authentication problems—while largely ignoring IoT end-point security problems. Attacks like Mirai Bot prove that IoT security will pose serious new cyber-physical threats on IoT systems. It is predicted that, within a few years, around 250,000 IoT applications will be deployed. Clearly, it is not scalable to adapt the classic security paradigm that is based on acquiring expert knowledge of the device SW and translating it into tools that are installed on the device. The majority of IoT devices have very strict power consumption, CPU power, and memory limitations. This makes standard encryption impossible, and allows many attack surfaces. In this talk we will discuss how IoT characteristics present a rare opportunity to break the attackers’ scale-up model by shifting our computing paradigms into a new dimension that will disrupt the cyber-security industry and force it to operate in a radically new way.
Bio: Fady is a staff member at IBM Research - Haifa, where he leads research in advanced security defense technologies. Before focusing on security research, Fady worked on the formal verification of IBM POWER processors, for which he received an IBM Outstanding Technical Achievement Award in 2013. Before joining IBM in 2008, he worked at Intel on the development of formal verification algorithms and tools; he received several awards for the successful pilot of BMC (Bounded Model Checking). Fady received his BSc in computer science from the Technion - Israel Institution of Technology, where he graduated cum laude. He also has a BFA in cinema and television from Tel-Aviv University.
11:35 – 12:00 IoT Goes Nuclear: Creating a ZigBee Chain Reaction
Eyal Ronen, Weizmann Institute of Science
Abstract: In this talk, we describe a new type of attack on IoT devices, which exploits their ad-hoc networking capabilities via the ZigBee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms.
We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the ZigBee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby WiFi transmissions.
Bio: Eyal is a PhD student of Prof. Adi Shamir at the Department of Computer Science and Applied Mathematics of the Weizmann Institute of Science. His research interests are general and hardware security and applied cryptography. His research focus is security of IoT devices.
12:00 - 12:20 Break
12:20 – 12:45 Remote Attacks on Cars – The Weakest Wireless-link in the Chain
Dvir Reznik, Sr. Marketing Manager, Automotive Cyber Security - TowerSec, HARMAN
Recent concepts of automotive security usually deal with protecting the vehicle’s internal systems from cyber-attack. The first step from an attacker perceptive, however, is getting a hold of an entry point to the vehicle, to enable moving forward with the attack.
Some demonstrations of cyber-attacks on cars started with manipulating the communication channel of the telematics / IVI units and moving on to running an exploit on the target system, leveraging the adversary’s access to the communication channel.
The well recognized concept of “Defense In Depth” should be considered in defending automobiles from cyber-attacks as well.
In his presentation, Ori will cover the following topics:
- What are possible ways of a potential attacker to Perform Out-of-Bound (OOB) attacks in order to compromise a communication channel
- How can OOB be leveraged to enable exploitation of application-specific vulnerabilities
- Present real-life examples of using OOB attacks to compromise a vehicle remotely
- Propose security measures for addressing the attack surface of OOB attacks
Bio: Dvir Reznik is Senior Marketing Manager, Automotive Cyber Security at HARMAN, a wholly-owned subsidiary of Samsung Electronics Co., Ltd. HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, cyber security solutions, audio and visual products, enterprise automation solutions and services supporting the Internet of Things. Dvir joined HARMAN with the acquisition of TowerSec where he held the same position.
Dvir is a seasoned marketing leader with hands-on experience taking B2B & B2C products to global markets. With over 15 years of experience from both startup companies and enterprises, Dvir specializes in developing marketing strategies, analyzing go-to-market tactics and building multi-layered marketing campaigns to reach the right stakeholders.
Before joining TowerSec, Dvir worked as a freelance CMO for global startup companies, including Zooz Payments, SparkBeyond, Meekan (acquired by Doodle in 2016), Bizzabo and SQream Technologies, where he built and executed day-to-day marketing & PR operations. Before that, Dvir served as Marketing Director at Onavo (a Facebook company) and spent 8 years with IBM Israel in various marketing and software sales positions.
Dvir lives with his wife, Dina, their 2 daughters and their dog in Israel and holds a MBA in Marketing and a BA in Finance.
12:45 – 13:10 From Blockchains to BlockDAGs
Yonatan Sompolinsky, Hebrew University of Jerusalem
Abstract: The method of using Directed Acyclic Graph of blocks (=blockDAGs) as an alternative to the chain structure of current public ledgers is increasingly gaining traction. In the talk we will describe the blockDAG paradigm, why these protocols are the natural next step to scale up blockchain, and what makes a good blockDAG protocol.
One solution within the blockDAG space is the SPECTRE protocol. We will go over the operations of SPECTRE and explain what consensus properties it achieves.
As time permits, we will additionally discuss the tradeoffs that manifest when implementing and deploying scalable blockDAG protocols in a real system -- some of which are not inherently related to blockDAGs as such.
Bio: Yonatan Sompolinsky is a PhD student (final year) at the Computer Science department of The Hebrew University of Jerusalem, coauthor of GHOST, Inclusive, and SPECTRE protocols, and Chief Scientist at DAGlabs.
13:10 – 14:15 Lunch
14:15 – 14:40 DeepCAPTCHA: Immutable Adversarial Examples, with Applications to CAPTCHA Generation
Dr. Margarita Osadchy, The University of Haifa
Abstract: Recent advances in Deep Learning (DL) allow for solving complex AI problems that used to be considered very hard. While this progress has advanced many fields, it is considered to be bad news for CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), the security of which rests on the difficulty of some learning problems.
In this work, we introduce DeepCAPTCHA, a new and secure CAPTCHA scheme based on adversarial examples, an inherit limitation of current Deep Learning networks.
These adversarial examples are constructed inputs, either synthesized from scratch or computed by adding a small and specific perturbation called adversarial noise to correctly classified items, causing the targeted DL network to misclassify them. We show that plain adversarial noise is insufficient to achieve secure CAPTCHA schemes, which leads us to introduce immutable adversarial noise -- an adversarial noise that is resistant to removal attempts. We implement a proof-of-concept system, and its analysis shows that the scheme offers high security and good usability compared to the best previously existing CAPTCHAs.
Bio: Dr. Margarita Osadchy is a Senior Lecturer at the Department of Computer Science at the University of Haifa. Her main research interests are machine learning, deep learning, computer vision, and cyber security. She was one of the pioneers of deep learning and her work on secure computation of face identification won a Best Paper Award in IEEE Symposium on Security & Privacy.
Margarita has been a PI on many projects, including grants from the Israeli Ministry of Science, Israeli Science Foundation (ISF), Israel's Department of Defense Research & Development (MAFAT), and the Israeli Ministry of Industry and Trade (MAGNET program). Furthermore, Margarita is a member of the scientific steering committee of the Center for Cyber Law and Policy at the University of Haifa.
Previously, she was a visiting research scientist at the NEC Research Institute and a postdoctoral fellow in the Department of Computer Science at the Technion-Israel Institute of Technology. She received her PhD with honors in computer science from the University of Haifa.
14:40 – 15:05 Blood Tests & De Identification
Aline Attias, Israel Ministry of Health - Digital Health and IT
Abstract: Israeli healthcare organizations generate daily vast amounts of medical and administrative data, both structured and unstructured. This data harness great potential for research and analytics to improve public health, revise medical procedures, develop new drugs, prevent disease, bottleneck analysis and fact-based policymaking.
The ministry of health has built a repository which links diverse data sources from medical fields as well as other medical oriented data such as social, environmental or behavioral info. The platform offers cloud-based virtual research rooms with de-identified data sets, state of the art software and data science services to qualified researchers.
This talk describes some of the concerns in de-identifying clinical data encountered, and address some of the challenges ahead.
Bio: Big Data platform manager at the Israeli Ministry of Health. Headed building of the platform version 1.0 and currently expanding data sharing and facilitating new research. Aline also helps consolidating efforts regarding national aspects of this endeavor such as regulation, privacy best practices, innovation promotion among other things.
Since 1995 Aline served in various IT positions including designing, consulting, establishing and managing large-scale business intelligence initiatives for major firms in Israel and abroad. Between 2010 and 2014 she directed the Business Intelligence and Data Infrastructure Department of the Phoenix Insurance Co. Main expertise are data modeling, data infrastructure and commercial risk management. Ms. Attias holds a BSc. degree in Information Systems Engineering, received from the Technion and MA in Management from Boston University.
15:05 – 15:30 Practical solutions for GDPR compliance
Abigail Goldsteen, IBM Research - Haifa
Abstract: In May 2018, the new European General Data Protection Regulation (GDPR) will go into effect and companies all over the world who collect and process personal data will be affected. This talk will give a closer look at the technical implications of GDPR for companies that deal with personal data and the challenges they may face to comply, and introduce a tool called Data Policy and Consent Management (DPCM) that can aid in this process. DPCM enables authoring purposes and relevant policies, collecting and storing data subject consent, deciding whether a data access should be allowed, and creating audit trails for proving compliance.
Bio: Mrs. Abigail Goldsteen is a research staff member in IBM Research - Haifa, in the Data Security and Privacy group. She received her B.Sc. in Computer Science and Bioinformatics from the Technion – Israel Institute of Technology, in 2008. Since joining IBM in 2007, she has worked on and led several projects in the areas of data privacy, classification, and clinical decision support. She currently leads the Data Policy and Consent Management project that supplies organizations with tools and methods to help them adhere to GDPR requirements.
15:30 – 15:55 SeM: A CPU Architecture Extension for Secure Remote Computing
Ofir Shwartz, Electrical Engineering Department, Technion
Abstract: In shared (multi-user) computing environments, platform software (OS, Hypervisor, VMM etc.) and most of the hardware cannot always be trusted (e.g., public clouds), so ensuring the confidentiality and integrity of a user’s program (code and data) is critical. It is highly desirable to do so efficiently while accepting existing application binaries, being able to use the services of untrusted software, not modifying the OS, and with minimal intervention in the system's flow.
We present the Secure Machine (SeM), a CPU architecture extension that, unlike previous approaches, does all this. Using novel fine-grained cache and register protection managed by a CPU-resident, publicly identifiable hardware Security Management Unit (SMU), we address both software attacks and off-chip hardware attacks. SeM accepts existing application binaries, which are automatically instrumented, and only incurs negligible performance, power, and area overheads relative to an unprotected platform. SeM supports parallel programs and multiple compute nodes, as well as to heterogeneous systems (GPUs, Smart-NIC, etc.).
In this talk we will present the basics of SeM, and also focus on the challenges and techniques used for cloud environments.
Bio: Ofir Shwartz is in his final steps of acquiring his Ph.D. at the Department of Electrical Engineering - Technion Israel Institute of Technology, where he also acquired his Master and B.Sc. degrees. During his Ph.D. studies, he also served as a research fellow of the Hasso Plattner Institute (Germany). Shwartz was a member of the design and architecture team at EZchip Technologies developing performance critical systems, and before worked at companies such as Intel Corporation and Zoran Microelectronics. His main research interests are Computer Systems, Security, System and Chip Architecture, Communication, Cloud Computing.
16:00 - 17:00 Networking and refreshments
The program is subject to change.