11 Sep 2020: Paolo Falcarin is a steering committee member of the First Edition of the International Workshop on Software Attacks and Defenses (SAD 2020) online workshop, co-located with Euro S&P conference. The SAD workshop comes from the merging of two previous workshops on software protection: SSPREW and SPRO.
1 March 2020: Ameer al-Nemrat has been invited to speak on Al-Jazeera Television.
15 Nov 2019: The 3rd edition of the Software Protection (SPRO-2019) workshop in London, co-located with CCS-2019, has been organized by Paolo Falcarin and Michael Zunke (Thales Group) with more than 40 participants from academia and industry.
9-12 Sep 2019: Paolo Falcarin and Shareeful Islam have been invited to the 2019 UK-Russia workshop on AI for Software Engineering at the University of York, sponsored by the British Council.
31 Oct 2018: Paolo Falcarin was an invited speaker at the IET Conference on Cyber Security and Systems Safety 2018 London.
June 2018: Paolo Falcarin was an invited speaker at the Infosecurity London conference in 2018.
15 Oct 2017: Paolo Falcarin was an invited speaker at the OWASP- Italy conference 2017 to talk about the ASPIRE project results.
25 May 2017: Andres Baravalle invited talk at BCS Southampton "Mining the Dark Web: From The Silk Road to Now".
12 Jan 2017: The ASPIRE project has been awarded "excellent" after the final review at the EU Commission in Brussels.
26 Dec 2016: Ameer al Nemrat's research about digital forensics on smartphones appears in The Times.
1 Nov 2016: Andres Baravalle's Dark Web research on The Guardian.
14 Jun 2016: Gaofeng Zhang, Paolo Falcarin and ASPIRE co authors received the Best Paper Award at the International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2016).
19 May 2015: The 1st International workshop on Software Protection (SPRO-2015) was chaired by Paolo Falcarin at Florence, co-located with ICSE-2015.
27 February 2013
Speakers: Scott Hale and Joshua Melville, Oxford Internet Institute, University of Oxford
Title: “The InteractiveVis project”
Abstract: The InteractiveVis project (http://blogs.oii.ox.ac.uk/vis/) developed open-source tools to ease the creation of interactive visualisations for geospatial and network data using native web technologies (HTML5, CSS3, and SVG). We report on the project, other existing tools, the projects' outputs, and the potential of such visualizations for use in teaching, research, and dissemination of research in electronic formats (online and e-book).
Speaker Bio: Scott A. Hale and Joshua R. Melville are research assistants and doctoral candidates at the Oxford Internet Institute, University of Oxford. Scott is interested in how the design of a social media platform affects the amount of information discovered and shared across language divides on that platform. He is further interested in what the effects are of increased information sharing across languages for platforms and users. Joshua is a Sociologist whose work is broadly focused on problems with the capture and representation of social network data. Specifically, his research uses novel visual techniques to capture the personal networks of social care service-users to better understand their decision making.
10 October 2012
Speakers: Dr. Chafika BENZAID, University of Sciences and Technology Houari Boumediene, Algiers (ALGERIA)
Title: “Fast Verification of an ID-based Signature Scheme for Broadcast Authentication in Wireless Sensor Networks”
Abstract: In wireless sensor networks, message broadcast is an efficient and a common communication paradigm that allows a multitude of users to join in and disseminate messages into the network dynamically in order to obtain information of their interest. Unfortunately, sensor networks are very susceptible for attacks. Due to the nature of wireless communication in sensor networks, adversaries can easily eavesdrop on the traffic, inject bogus data messages or alter the contents of legitimate messages during multihop forwarding. Hence, authentication mechanisms must be provided to ensure that communication at all times is performed between the correct entities. Although, symmetric-key based μTESLA-like schemes were employed due to their energy efficiency, they all suffer from DoS attacks resulting from the nature of delayed message authentication. Recently, several public-key-based schemes have been proposed to achieve immediate broadcast authentication with significantly improved security strength. While the public key-based schemes obviate the security vulnerability inherent to μTESLA-like schemes, their signature verification is time-consuming. Thus, speeding up signature verification is a problem of considerable practical importance, especially in resource-constrained environments. In this talk, we will present an accelerated verification of vBNN-IBS; a pairing-free identity-based signature with reduced signature size.
Speaker Bio: Chafika BENZAID is an assistant professor and research fellow in the Computer Sciences department at University of Sciences and Technology Houari Boumediene, Algiers, Algeria. She obtained her Ph.D degree in Computer Sciences from University of Sciences and Technology Houari Boumediene in 2009. Her current research interests are in sensor and social networks, with emphases on time synchronization and network security issues. She is an ACM professional member. She serves as a TPC member for several international conferences and as a reviewer for several international journals (JPDC, IJCNDS) and conferences.
3 October 2012
Speaker: Wesley Chun, Sr Developer Advocate (Google Inc., USA)
Title: “What is Google App Engine and our Cloud Platform?”
Abstract: This talk gives an overview of App Engine, its services/features, current metrics, and provide some example user profiles. Google's various education initiatives for developers as well as what programs are available for academic institutions will be presented. It also introduces some of our other
cloud products, all of which may be of interest to not only faculty & lecturers for use in course curricula, but also in research labs interested in cloud computing. In particular google supports to higher educational institutions.
Speaker Bio: Wesley J. CHUN, MSCS, is the author of bestselling "Core Python" book series, the "Python Fundamentals" companion video lectures, co-author of "Python Web Development with Django", and has written for Linux Journal, CNET, and InformIT. In addition to being a software architect & Developer Advocate at Google, he runs CyberWeb, a consultancy specializing in Python education & engineering. Wesley has over 25 years of programming, teaching, and writing experience, including more than a decade of Python. While at Yahoo!, he helped create Yahoo! Mail and Yahoo! People Search using Python. Wesley holds degrees in Computer Science, Mathematics, and Music from the University of California.
26 September 2012
Speaker: Prof. Christian Collberg (University of Arizona, USA)
Title: “Protecting Distributed Applications Through Software Diversity and Renewability”
Abstract: Remote Man-at-the-end (R-MATE) attacks occur in distributed applications where an adversary has physical access to an untrusted client device and can obtain an advantage from inspecting, reverse engineering, or tampering with the hardware itself or the software it contains. In this talk the speaker will give an overview of R-MATE scenarios and present a system for protecting against attacks on untrusted clients. In our system the trusted server overwhelms the client's analytical abilities by continuously and automatically generating and pushing to him diverse variants of the client code. The diversity subsystem employs a set of primitive code transformations that provide temporal, spatial, and semantic diversity in order to generate an ever-changing attack target for the adversary, making tampering difficult without this being detected by the server.
Speaker Bio: Christian Collberg received a BSc in Computer Science and Numerical Analysis and a Ph.D. in Computer Science from Lund University, Sweden. He is currently an Associate Professor in the Department of Computer Science at the University of Arizona and has also worked at the University of Auckland, New Zealand, and holds a position a the Chinese Academy of Sciences in Beijing, China. Prof. Collberg is the author of the first comprehensive textbook on software protection, "Surreptitious Software: Obfuscation Watermarking, and Tamperproofing for Software Protection," published in Addison-Wesley's computer security series. Prof. Collberg is a leading researcher in the intellectual property protection of software, and also maintains an interest in compiler and programming language research. In his spare time he writes songs, sings, and plays guitar for The undecidables and hopes one day to finish up his Great Swedish Novel.
4 June 2011
Speaker: Brecht Wyseur (Nagravision, Switzerland)
Title: “Secure delivery of interactive content on digital TV”
Abstract: Nagravision, a Kudelski Group company based in Cheseaux-sur-Lausanne, Switzerland, is a world leader in digital security and convergent media solutions for the delivery of digital security and convergent media solutions for the delivery of digital and interactive content with a group-wide 2011 annual revenue of 1 billion CHF, 3000 employees operating from 26 offices worldwide. Nagra is a leading supplier of open conditional access systems, DRM and integrated on-demand solutions for content providers and digital TV operators over broadcast, broadband and mobile platforms. Its technologies are currently deployed by 120+ leading Pay-TV operators worldwide securing content delivered to over 101M active smart cards and devices.
Speaker Bio: Dr Brecht Wyseur is a cryptography expert at Nagravision S.A., Switzerland, where he works on software security aspects for Conditional Access Systems and Digital Rights Systems. His main research interests are in the area of cryptography with a particular focus on white-box cryptography. He holds a PhD in electrical engineering from the KULeuven, Belgium, advised by Prof. Bart Preneel.
5 May 2011
Speaker: Cataldo Basile (Politecnico di Torino, Turin, Italy)
Title: “A Geometric model of policies for conflict analysis and refinement”
Abstract: A security policy is the high-level administration of security in networked computer systems. Ideally, the system admin would specify the policy “make everything secure”, press a button and all access-control rules are created automatically. In reality, security policies are implemented with sets of rules, that may contain inconsistencies and conflicts as the 85% of breakdowns/attacks are caused by wrong configurations caused by human mistakes.
In this talk, the speaker will present a formal model to analyse set of rules for discovering such conflicts and inconsistencies automatically.
15 March 2011
Speaker: Mariano Ceccato (FBK Reserach Centre, Trento, Italy)
Title: “Towards Security testing with taint analysis and genetic algorithms”
Abstract: Cross-site Scripting (XSS) is considered the major threat to the security of web applications. Removing vulnerabilities from existing websites is a manual and expensive task. Stati analysis is a valuable support for security review by suggesting vulnerable points to be checked manually.
In this talk, the speaker will present a preliminary investigation on the integration of static analysis with genetic algorithms, providing input vectors that expose actual vulnerabilities to be used as test cases in security testing.