The 2021 IEEE Conference on Dependable and Secure Computing
Aizuwakamatsu, Fukushima, Japan | 30 Jan - 2 Feb, 2021
Aizuwakamatsu, Fukushima, Japan | 30 Jan - 2 Feb, 2021
Abstract: Critical infrastructure becomes a strategic target in the midst of a cyber-war. Governments are investing significantly in response to the risks and challenges while researchers and vendors are aggressively developing and marketing new technologies aimed at protecting critical infrastructure. In this talk, I will briefly describe the framework and features of a cyber-physical system (CPS) which serves as the core to provide critical services in different industrial domains. Then I will discuss the challenges we face and the approaches we can take to defend against cyber attacks. After that I will present a few novel technologies developed in iTrust for defending attacks to CPS. I will further introduce the fully operational CPS testbeds in iTrust, and show how the testbeds are used to validate the security technologies so that the owners and operators of critical infrastructure can be confident that the technologies to be deployed will actually protect their systems in the event of a cyber-war.
Bio: Jianying Zhou is a professor and co-center director for iTrust at Singapore University of Technology and Design (SUTD). He received PhD in Information Security from Royal Holloway, University of London. His research interests are in applied cryptography and network security, cyber-physical system security, mobile and wireless security. He has published 200+ referred papers at international conferences and journals with 10,000+ citations, and received ESORICS'15 best paper award. He is a co-founder & steering committee co-chair of ACNS. He is also steering committee chair of ACM AsiaCCS and ACM CPSS. He received the ESORICS Outstanding Contribution Award in 2020, in recognition of contributions to the community.
Abstract: Perimeter defense, such as firewalls and intrusion detection systems (IDS), provides the first layer of enterprise protection, but can be evaded. According to a recent study, it took an average company 170 days to detect an Advanced Persistent Threat (APT). This is due to the lack of visibility in the cyberspace. In this talk, we will investigate tactics, techniques and procedures (TTPs) most commonly used against an enterprise’s attack surface by attack groups. Understanding your adversaries to prioritize defenses with comprehensive security strategy can effectively reduce business operational risk. Aside from preventative security controls, modern cybersecurity frameworks need to incorporate threat hunting using cybersecurity telemetry to enable early detection of threats that evade the security controls being used.
Bio: Shiuhpyng Winston Shieh received his Ph.D. degree from the University of Maryland, College Park, and is currently a University Chair Professor of National Chiao Tung University (NCTU). He has served as the advisor to the National Security Council of Taiwan, the chair of Computer Science Department, NCTU, and President of Chinese Cryptology and Information Security Association (CCISA). Being actively involved in IEEE, he has served as EICs of both IEEE Reliability and RS Newsletter, Reliability Society Vice President, Fellow Evaluation Committee Chair, Editor of IEEE Trans. on Reliability, IEEE Trans. on Dependable and Secure Computing, and founding STC Chair of IEEE Conference on Dependable and Secure Computing. In ACM, he has served as ACM SIGSAC Awards Committee member, Associate Editor of ACM Trans on Information and System Security, and founding STC and TPC chairs of ACM Symposium on Information, Computer and Communications Security (ASIACCS). Along with Virgil Gligor of Carnegie Mellon University, he invented the first US patent in intrusion detection, and has published over 200 technical papers, patents, and books. Being well recognized in the network security field, Shieh received many awards, e.g., IEEE Reliability Society Engineer of the Year Award, Taiwan’s Ministry of Science and Technology Outstanding Research Award, Outstanding Information Award. He is an IEEE Fellow, and ACM Distinguished Scientist. His research interests include enterprise security, intrusion detection, threat hunting, and user behavior analytics. Contact him at ssp@cs.nctu.edu.tw.
Abstract: Recent years have seen a growing interest among users in the migration of their applications to the Cloud computing environments. However, due to high complexity, Cloud-based services often experience a large number of failures and security breaches, and consequently, impose numerous challenges on the dependability and resilience of users’ applications. Unfortunately, current dependability and resilience solutions focus either on the infrastructure itself or on application analysis, but fail to consider the complex inter-dependencies between system components and application tasks. This aspect is highly crucial especially when Cloud environments are used, as it is increasingly considered nowadays, in critical applications.
This talk will discuss a user-centric, dependability- and resilience-driven framework that considers the following aspects. 1) Deploying and protecting users' applications in the Cloud infrastructure so as to minimize their exposure to the vulnerabilities in the network. This allows users to run their applications in the Cloud in the most secure manner possible. 2) Offering fault tolerance and resilience as a service to the users who need to deploy their applications in the Cloud. This approach allows an application to obtain required fault tolerance and resilience properties from a third party in a transparent manner, and increase its reliability and availability.
Bio: Vincenzo Piuri has received his Ph.D. in computer engineering at Polytechnic of Milan, Italy (1989). He is Full Professor in computer engineering at the University of Milan, Italy (since 2000). He has been Associate Professor at Polytechnic of Milan, Italy and Visiting Professor at the University of Texas at Austin, USA, and visiting researcher at George Mason University, USA.
His main research interests are: artificial intelligence, computational intelligence, intelligent systems, machine learning, pattern analysis and recognition, signal and image processing, biometrics, intelligent measurement systems, industrial applications, digital processing architectures, fault tolerance, cloud computing infrastructures, and internet-of-things. Original results have been published in 400+ papers in international journals, proceedings of international conferences, books, and book chapters.
He is Fellow of the IEEE, Distinguished Scientist of ACM, and Senior Member of INNS. He is President of the IEEE Systems Council (2020-21) and IEEE Region 8 Director-elect (2021-22), and has been IEEE Vice President for Technical Activities (2015), IEEE Director, President of the IEEE Computational Intelligence Society, Vice President for Education of the IEEE Biometrics Council, Vice President for Publications of the IEEE Instrumentation and Measurement Society and the IEEE Systems Council, and Vice President for Membership of the IEEE Computational Intelligence Society.
He has been Editor-in-Chief of the IEEE Systems Journal (2013-19). He is Associate Editor of the IEEE Transactions on Cloud Computing and has been Associate Editor of the IEEE Transactions on Computers, the IEEE Transactions on Neural Networks, the IEEE Transactions on Instrumentation and Measurement, and IEEE Access.
Abstract: One-way functions have been playing a fundamental role in modern cryptography, based on which important constructions and results are obtained. This talk introduces computationally-independent pair of one-way functions, which was motivated from Koyama’s initiated work on two move interactive proofs of computational power [“Direct Demonstration of the Power to Break Public-Key Cryptosystems", AUSCRYPT’90]. The speaker’s previous work [“Theory and application of computationally independent one-way functions: Interactive proof of ability - Revisited” ICMC’19] were focusing mainly on (non) one-way property of the pairwise one-way functions as an independency and remarked a connection with a side-channel model by Komargodski [Leakage Resilient One-Way Functions: The Auxiliary-Input Setting", TCC’16], whereas this talk discusses their non-malleability. Also we revisit Koyama’s approach with recent developments of cryptographic theory and applications.
Bio: Kouichi Sakurai received the B.S. degree in mathematics from the Faculty of Science, Kyushu University in 1986. He received the M.S. degree in applied science in 1988, and the Doctorate in engineering in 1993 from the Faculty of Engineering, Kyushu University. He was engaged in research and development on cryptography at the Computer and Information Systems Laboratory at Mitsubishi Electric Corporation from 1988 to 1994. From 1994, he worked for the Dept. of Computer Science of Kyushu University in the capacity of associate professor, and became a full professor there in 2002. Now he is also working also with Adaptive Communications Research Laboratories, Advanced Telecommunications Research Institute International (ATR) as a visiting researcher with information security. Professor Sakurai has published more than 400 academic papers around cryptography and information security (See: http://www.informatik.uni-trier.de/~ley/db/indices/a-tree/s/Sakurai:Kouichi.html)