SPRINGER
LNCS

Hasler Stiftung

    GOLD SPONSORS     FortifyIQ
Newae
Riscure
SECURE-IC

    SILVER SPONSORS     PQSHIELD
Rambus

Keynotes

Keynote 1: Colin O’Flynn, Tracking a Three Billion Dollar Bug with Electromagnetic Fault Injection

Abstract

Hacks and attacks that have resulted in real-world damage and loss are well known. Books have been written about some of the high-profile attacks, and the proliferation of security conferences shows the strong motivation of researchers to find the next generation of attacks and defences. But if the end goal is to help humanity - where does product safety fall in this? This talk will explore a product safety incident that cost at estimated three billion dollars (at least two billion of that in fines and lawsuit settlements), yet there have been limited public papers and research results. The core issue was a claim of insufficiently safe software in the electronic throttle system, which could have caused a car to accelerate without user input (‘unintended acceleration’). As part of previous analysis of the problem, the NASA Engineering & Safety Center (NESC) attempted to create unintended acceleration events but failed to do so. Colin will discuss his own effort to recreate this failure, done through the lens of a hardware security researcher, and using tools the hardware security researcher will be familiar with. Lessons learned from the safety fields will also be covered, many of which cover topics such as fault modes and reporting errors in various digital devices that will be of interest to the hardware security community.

Short Bio

Keynote 2: Davide Ariu, Security Aspects of CPSs: a dive into Threat Modelling

Abstract

Since the detection of the Stuxnet and Duqu malware in 2010 and 2011, which were reported being the first malwares targeting SCADA and Industrial Control Systems, cyber attacks have significantly broadened their scope, regularly targeting not only "pure IT/ICT systems" but also Cyber Physical Systems. Nowadays attacks are regularly reported against transportation systems, energy plants, water treatment plants, or in the health sector, just to name a few. One of the biggest challenges in protecting such systems is represented by their complexity, because they are often the result of the interconnection among different systems, being in practice Cyber Physical Systems of Systems (CPSoS). The definition of a CPSoS implies a diversity of potential threats that can compromise the integrity of the system, targeting different aspects ranging from purely cyber-related vulnerabilities to the safety of the system as a whole. In such context, a fundamental step toward the development of a solid and (cost-) effective cyber-defense strategy is to perform since the early design stages of the systems a Threat Model step, which allows to identify and correct the design flaws which may impair the security and eventually the safety of the systems themselfes. During this lecture an introduction to threat modelling will be provided, with an overview of the possible Threat Modelling methodologies which can be applied to CPSoS and a discussion of the biggest challenges their application actually raises.

Short Bio

Davide Ariu is the CEO of Pluribus One, a producer of cyber-security solutions empowered by secure and explainable AI. He has a background as a computer security researcher, given that he has been working since 2005 on applications of machine learning to computer security. He is affiliated, since then, with the Pattern Recognition and Applications Laboratory of the University of Cagliari. In 2010 he got a PhD in Computer and Information Security after also a visiting period at the Georgia Tech Information Security Center. On such topics, he has published about 30 papers in peer-reviewed conferences, journals, and workshops. He regularly serves as a reviewer for international conferences and journals, including, among the others, the IEEE Transactions on Information Forensics and Security, Elsevier Computer Networks, and Elsevier Computers and Security. He is ACM and IEEE member. From 2012 to 2016, he has been among the organizers of the Summer School on Computer Security and Privacy "Building Trust in The Information Age". In recent years, he participated in more than 10 EU funded research project, with coordinating duties in the context of the projects CyberROAD and ILLBuster. He currently covers the role of Innovation Manager for the SIMARGL project. In 2015 he co-founded Pluribus One, which currently represents the primary focus of his activity.

Massimo Alioto

 Moved to the 2021 edition of COSADE.

Alberto Sangiovanni Vincentelli

Moved to the 2021 edition of COSADE.

Organized by
Univesità della Svizzera italiana