Giancarlo Fortino (SM’12) is Full Professor of Computer Engineering at the Dept. of Informatics, Modeling, Electronics and Systems (DIMES) of the University of Calabria (Unical), Rende (CS), Italy. He has a Ph. D. degree and Laurea (MSc+BSc) degree in Computer Engineering from Unical. He is High-end Foreign Expert of China (term 2015-2018), Guest Professor at the Wuhan University of Technology (China), High-end Expert of HUST (China), and Senior Research Fellow at the Italian National Research Council – ICAR Institute. He has been also Visiting Researcher and Professor at the International Computer Science Institute (Berkeley, USA) and at the Queensland University of Technology (Australia), respectively. He is in the list of Top Italian Scientists (TIS) by VIA-academy, with h-index=37 and 5000+ citations according to GS. He is the director of the SPEME (Smart, Pervasive and Mobile Systems Engineering) Lab at DIMES, Unical and co-director of two joint-labs on IoT technologies established with Wuhan University of Technology and Shanghai Maritime University, respectively. His main research interests include Internet of Things computing and technology, agent-based computing, body area networks, wireless sensor networks, pervasive and cloud computing, multimedia networks, and mobile health systems. He participated to many local, national and international research projects and currently is the deputy coordinator and scientific & technical project manager of the EU-funded H2020 INTER-IoT project. He authored over 375 publications in journals, conferences and books. He chaired more the 90 Int’l conferences/workshops as co-chair, organized more than 40 special issues in well-known ISI-impacted Int’l Journals, and participated in the TPC of over 450 conferences. He is the founding editor of the Springer Book Series on “Internet of Things: Technology, Communications and Computing”, and currently serves (as associate editor) in the editorial board of IEEE Transactions on Affective Computing, IEEE Transactions on Human-Machine Systems, IEEE IoT Journal, Sensors Journal, IEEE Access, Journal of Networks and Computer Applications, Engineering Applications of Artificial Intelligence, Information Fusion. He is the recipient of the 2014 Andrew P. Sage SMC Transactions Paper award. He is co-founder and CEO of SenSysCal S.r.l., a spin-off of Unical, developing innovative IoT-based systems for e-health and domotics. He is the Chair of the IEEE SMC Italian Chapter, Member-at-large of the IEEE SMCS BoG, Member of the IEEE Press Board of Directors, and founding chair of the IEEE SMC Technical Committee on “Interactive and Wearable Computing and Devices”.
Talk Title: The Role of Trust in Internet of Things Ecosystems: State-of-the-Art and Research Challenges
Prof. Alessandro Armando received his M.Eng. and his PhD in Computer Engineering at the Univeristy of Genova. His appointments include a position as research fellow at the University of Edinburgh and one at INRIA-Lorraine (France). He is Full Professor at the University of Genova where he teaches Computer Security and has founded and coordinated a Master in Cybersecurity and Data Protection. In 2011 he founded (and led until 2016) the Security & Trust Research Unit of the Bruno Kessler Foundation in Trento. He has been coordinator and/or team leader in several national and EU research projects, including the AVISPA, AVANTSSAR, SpaCIoS and SECENTIS projects. He contributed to the discovery of an authentication flaw in the SAML 2.0 Web-browser SSO Profile and of a serious man-in-the-middle attack on the SAML-based SSO for Google Apps. He is currently serving as vice director of the CINI National Cybersecurity Laboratory.
Scott Cadzow has over the past 20 years become a recognized standards development expert, primarily for security standards, in a number of international standards development organizations including ETSI, ITU-T and ISO. Scott has also contributed to reports from ENISA on network resilience, supply chain integrity and on measures to counter internet bullying. More recently Scott has been involved in a number of projects under the FP7/CIP/H2020 umbrella looking at security and privacy aspects of smart cities. This has led Scott to take a wider view at the whole interoperability conundrum and to address the need to look more deeply at the problems we will face with the IoT and dynamic self-configuring equipment in the world of GDPR, NIS and the CyberSecurity acts to come.
Talk Title: Bridging the Gaps: Security, Privacy and Safety Together
Whilst common use of the terms security, privacy and safety often have semantic and conceptual overlap and some degree of uncertainty when any of these terms appear in a requirement it is also true to suggest that there are strong links. The purpose of the presentation in this workshop is to contextualization what is expected of engineers and their associated teams of designers, managers and financiers in building systems that are safe, that are privacy preserving and that are secure. The paper/presentation will look to concrete steps to use specific tools from the CIA toolkit of security to enable each of safety and privacy. The result will be a network of bridges that safely allow crossing from sector to sector.
Dr. John Callahan is Chief Technology Officer (CTO) at Veridium, a leading biometric authentication company. Dr. Callahan recently served as the Associate Director for Information Dominance at the US Navy’s Office of Naval Research Global (ONRG) London UK office from 2010-2014 via an Intergovernmental Personnel Act (IPA) assignment from the Johns Hopkins University Applied Physics Laboratory (JHUAPL) in Laurel, Maryland USA. From 2000-2006, Dr. Callahan served as VP of Engineering and CTO of BDMetrics, Inc. and Sphere.com where he managed social networking systems for the world’s largest trade shows such as the Consumer Electronics Show (CES), PackExpo, and National Association of Broadcasters (NAB). Prior to 2001, he was a tenured Associate Professor in the Department of Computer Science and Electrical Engineering at West Virginia University (WVU) in Morgantown, WV USA and research director at the NASA Independent verification and Validation (IV&V) Facility in Fairmont, WV USA. He completed his PhD in Computer Science at the University of Maryland, College Park USA. Dr. Callahan has worked for Xerox Corporation in Palo Alto, CA USA, NASA Goddard Space Flight Center in Greenbelt, MD USA, and IBM Corporation.
Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative organizations developing microelectronic products and software applications. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), silicon IP, and software integrity solutions in addressing technology challenges of the public sector, aerospace and defense, and critical infrastructure. He participates in relevant consortia, public-private collaboration groups, trade associations, standards groups, and R&D projects to assist in accelerating technology adoption.
Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. He led efforts to enhance capabilities to mitigate software supply chain risks via software security and quality test technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain.
Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems. He has participated in industry consortia such as ITI, SAFECode, NDIA and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.
Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served in the US Department of Homeland Security Office of Cybersecurity and Communications as the Director for Software & Supply Chain Assurance, and he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.
Jarzombek is a retired Lt Colonel in the US Air Force, a Certified Secure Software Lifecycle Professional (CSSLP) and project management professional. He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas – Austin.
Talk Title: Cybersecurity for Software: High Assurance Practices for Mitigating IoT Risks
As the cyber landscape evolves and external dependencies grow more complex, managing risks attributable to exploitable software in IoT includes requirements for security and quality with ‘sufficient’ test regimes throughout the software supply chain. IoT is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure. With IoT increasingly dependent upon third-party software, software composition analysis and other forms of testing are used to determine ‘fitness for use’ and trustworthiness of assets. Standards for measuring and sharing information about software security and quality are used in tools and services that detect weaknesses and vulnerabilities. Test and certification programs provide means upon which organizations use to reduce risk exposures attributable to exploitable software. Ultimately, addressing software supply chain dependencies and leveraging high assurance test regimes enable enterprises to provide more responsive mitigations.
Learning Objectives – Attendees will learn how:
- External dependencies contribute risks in the form of technical debt throughout the IoT software supply chain;
- Standards can be used to convey expectations and measure IoT software security and quality;
- Software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
- Testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT.
Hsiao-Ying Lin, a senior researcher in Shield Lab, conducts connected car security research in Huawei International, a firm aiming at building a better connected world. Her research interests include embedded system security, applied cryptography and security issues in automotive areas. Before devoting her work fulltime to Huawei International, Hsiao-Ying served as a senior engineer focusing on smartphone platform security in MediaTek Inc. (a fabless semiconductor company), and an assistant research fellow in Intelligent Information and Communications Research Center in National Chiao Tung University. She received the MS and PhD degrees in computer science from National Chiao Tung University, Taiwan, in 2005 and 2010, respectively.
Roberto Minerva. Roberto holds a Ph.D in Computer Science and Telecommunications from Telecom Sud Paris, France, and a Master Degree in Computer Science from Bari University, Italy. He is Maitre de Conference at Institut Mine-Telecom, Telecom Sud Paris. His research topics are: edge computing and 5G, virtualization and SDN, Internet of Things and Artificial Intelligence and Machine Learning. He was the Chairman of the IEEE IoT Initiative, an effort to nurture a technical community and to foster research in IoT. Roberto has been for several years in TIMLab, involved in activities on SDN/NFV, 5G, Big Data, architectures for IoT. He is authors of several papers published in international conferences, books and magazines.
Talk Title: Towards a Data-Driven Society. Challenges and Research Perspectives for a Next Generation Internet Integrating Networking, Data Management and Computing
Data are becoming more and more important for the digital world and the plethora of services and applications. The networks and especially the upcoming Next Generation Internet need to fully support the communication needs and flowing of data.
The speech will focus on some of the technical challenges that will be posed by the increased usage of data over the network such as:
- predicting the IoT flood, but really how much data will be transported
- different interaction paradigms beyond Client-Server and the role of network services
- the NGI network will be transactional for providing security, privacy and data usage fairness
- the edge computing will cooperate or will compete with the cloud? How much edge processing?
These challenges have also important business and social impacts that may determine whether a new fairer Internet capable of being an open environment will be built.
Celia Paulsen is a cybersecurity researcher at the National Institute of Standards and Technology (NIST). Her current research focuses on cyber-supply chain risk management and the intersection with tools such as blockchain and additive manufacturing. She has researched and written many documents related to supply chain risk management, metrics and measures for security, cybersecurity-related definitions, password usability, cybersecurity for small businesses, and related topics. In addition, she has served on and provided expertise to projects such as the National Initiative for Cybersecurity Education where she was the acting industry coordinator. Prior to joining NIST, Celia was an analyst for the National Security Agency in the US Army. She has an MBA in information security from California State University, San Bernardino, and bachelor’s degrees in information technology and business management.
Talk Title: Buzzword Bingo: Blockchain, IoT, and SCRM
Shiuhpyng Winston Shieh
Shiuhpyng Winston Shieh is currently a University Chair Professor of Computer Science Department and the Director of Taiwan Information Security Center at National Chiao Tung University (NCTU). Being actively involved in IEEE, he has served as Reliability Society VP, Editor of IEEE Trans. on Reliability, IEEE Trans. on Dependable and Secure Computing, Steering Committee member of IEEE IoT Magazine, and Associate Editor of ACM Trans on Information and System Security. He has been on the organizing committees of many conferences, such as the founding Steering Committee Chair and Program Chair of ACM Symposium on Information, Computer and Communications Security (AsiaCCS), Founding Steering Committee Chair of IEEE Conference on Dependable and Secure Computing, Program Chair of IEEE Conference on Security and Reliability. Along with Virgil Gligor of Carnegie Mellon University, he invented the first US patent in the intrusion detection field, and has published over 200 technical papers, patents, and books. Dr. Shieh is an IEEE Fellow, and ACM Distinguished Scientist. His research interests include network security, intrusion detection, penetration test, and malware behavior analysis. Contact him at email@example.com.
Talk Title: IoT Penetration Testing for Security Assurance
With fast growth of IoT technology, ubiquitous devices and services gradually take part in our daily life. These devices bring us not only convenience but also new security threats. An IoT ecosystem is composed of IoT devices, gateways, on-line services running on the cloud, and the network infrastructure connecting them. In the ecosystem, an IoT device are often connected to the cloud through a gateway, and they may be all under cyber attacks. In contrast to a conventional cloud where attacks are mainly from the Internet, the IoT cloud may be also exposed to both compromised IoT devices and apps it serves. In addition to defensive mechanisms used to protect the ecosystem, penetration testing has been widely used to offensively discover its vulnerabilities. Due to the complexity and heterogeneity of IoT environments, new penetration test techniques are desirable to cope with three types of penetration tests: interface test, transportation test, and system test. In this talk, we introduce the challenges and opportunities of IoT penetration testing. Case studies for penetration testing against the ecosystem will be also given. Our experiments and analysis showed that offensive methods like penetration testing can complement, not replace, defensive mechanisms in the life cycle of system development for security assurance.