Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
 
(126 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Cybersecurity Challenges ==
+
== Privacy for Mobile Apps ==
  
'''DATE:'''  Monday 4 December 2017
+
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 +
|-
 +
| '''TIME:'''&nbsp; 29 April 2020, 14:00h<br />'''Place:'''&nbsp;  Virtual seminar room: email josang@mn.uio.no to get the address, <br /><br />'''AGENDA:'''<br />
 +
14:00h Welcome to AF''Security'''s virtual seminar room<br />14:05h Invited talk:
 +
| <center>[[File:logo-Karlstad.png|150px|link=https://wiki.uio.no/mn/ifi/AFSecurity/]]</center>
 +
|}
 +
* '''TITLE:''' &nbsp;''Privacy for mobile apps: Technical, regulatory and human challenges'' <br />'''SPEAKER:''' &nbsp;''Nurul Momen''&nbsp; (Karlstad University) <br />'''ABSTRACT:'''  What is the most intimate device that you possess? If the answer is your mobile phone, you'd probably be interested in finding out how apps behave. In one end, we have a powerful device capable of collecting, monitoring, processing, transmitting data and in other end, this device is connected to hundreds of services through apps. Undeniably, users are being subjected to privacy exploitation due to the obvious reason - surveillance capitalism. We intend to turn the table around by simply asking - how do the apps behave?
  
'''LOCATION:'''&nbsp; Seminar room Python (room 2269), Ole Johan Dahl's House.
+
14:45h Discussion<br />
  
'''AGENDA:'''
+
'''BIO:''' &nbsp; Nurul Momen is a Ph.D. candidate in the Department of Computer Science and Mathematics at Karlstad University, Sweden. His research interests focus on privacy-enhancing technologies, transparency, usability, mobile communications, and data protection, particularly the security and privacy aspects of access-control models for mobile operating systems. Momen received an M.S. in security and an M.S. in privacy from the double-degree program at the Technical University of Berlin, Germany, and the University of Trento, Italy. Contact him at nurul.momen@kau.se.<br />
  
14:00h Welcome at IFI
+
{| border="0" cellpadding="1" cellspacing="1" width="90%"
 
 
14:15h Invited Talks:
 
 
 
* '''The Usual Insecurity of Things''',&nbsp; ''Keith Martin'',&nbsp; ''Prof. at Royal Holloway College, University of London.''<br/> While the Internet of Things is used to describe a host of new lightweight technologies, when it comes to security it pays to focus less on the novelty of IoT, and more on what IoT applications have in common with previous technologies that have learned about security the hard way (by first getting it wrong). It's time to go back to basics, and reflect on what security means in cyberspace. Only once this is understood, can we hope to secure any type of application that resides there.
 
* '''System-wide Probabilistic Vulnerability Assessment Using Attack Graphs''',&nbsp; ''Mathias Eckstedt'',&nbsp; ''Prof. at Royal Institute of Technology (KTH), Stockholm.''<br />IT-systems are today highly complex and interconnected into large systems-of-systems. With the ongoing digitalization systems are becoming even more all encompassing and integrated. Ensuring a high-level of security in such system environments is a challenge that thus requires a holistic approach addressing multiple and a diverse set of attack surfaces and potential attack vectors. This presentation describes previous and ongoing work with combining probabilistic attack graphs and system architecture modelling as a means to produce design and maintenance support for security engineering of system architectures.
 
* '''Cybersecurity in the Norwegian Energy Sector''',&nbsp; ''Janne Hagen'',&nbsp; ''Chief Engineer at the Norwegian Water Resources and Energy Directorate (NVE).''<br />Norway has been awarded the title as being one of the world’s most digitized countries. However, with technological innovation comes cyber risks. In 2015, the Norwegian Digital Vulnerability Committee assessed the Norwegian society's digital vulnerabilities and recommended how the government could improve and coordinate emergency preparedness in the digitalized society. NVE has recently evaluated and reviewed current regulation on cyber security in the energy sector. A huge dilemma is that digital innovations, like for instance smart cities and more automation, impose new cyber risks and challenge the trustworthiness of digital systems. The presentation outlines Norway’s position with emphasis on protection of the energy sector against cyber threats and digital risks.
 
* '''Improving Cybersecurity by Building Security Into your Devops Pipeline''',&nbsp; ''Tord Persokrud'',&nbsp; ''Chief Security Analyst at Conax.''<br />As we are moving towards faster release cycles for products and services it is important to integrate tools and practices into your development process to create hacker-resistant software. Not everyone can afford to run a fully-fledged Secure Developement Lifecycle program with one security guy per developer. In Conax we have defined a more minimal approach and I will share some experiences and ideas from how we have approached this challenge.
 
* '''Defending Critical Infrastructure from Espionage and Sabotage''',&nbsp; ''Frode Hommedal'',&nbsp; ''Head of Telenor SOC and CERT.''<br />This presentation is about how you can structure your analysis to increase the chances of success when attempting to evict an advanced attacker. It's my thoughts on how to think when deciding how and when to respond and attempt to evict a mission driven attacker from your infrastructure. This is a continuation of my previous work on the Cyber Threat Intelligence Matrix.
 
 
 
16:00h Panel and Discussion
 
 
 
 
 
'''SPEAKER BIOS:'''
 
* '''Keith Martin''' is Professor and a former Director of the Information Security Group at Royal Holloway College, University of London.
 
* '''Mathias Ekstedt''' is Professor in Industrial Information and Control Systems at KTH Royal Institute of Technology, Sweden. His research interests include software, systems, and enterprise architecture modeling and analyses with respect to information and cyber security. In particular the research is applied in the power industry and information systems related to physical monitoring and control. He is currently engaged in the EU FP7 project SEGRID (security for smart electricity grids) and the nationally funded Resilient Information and Control Systems (RICS) center. He is also co-founder of foreseeti, a start-up company developing a tool for cyber security modeling and analysis.
 
* '''Janne Hagen''' (Bio T.B.A.)
 
* '''Tord Persokrud''' works as Chief Security Analyst at Conax AS which develops technology and operates services that enable secure content revenues for 400 operators representing 140 million pay-TV consumers in 85 countries globally over broadcast, broadband and connected devices.
 
* '''Frode Hommedal''' is a senior incident responder and analyst. He is currently head of incident response and security analytics at Telenor CERT, where he’s part of the team that is establishing the global CERT/SOC capability of Telenor, Norway’s biggest telco, with over 200 million customers and presence in South-East Asia, Easter Europe and the Nordics. He has previously worked seven years for the Norwegian national CSIRT, NorCERT, mostly with targeted intrusions. One of Frode’s main interests is modelling CSIRTs to improve performance.
 
 
 
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 
 
|-
 
|-
| AFSecurity is organised by the University of Oslo [http://www.mn.uio.no/ifi/english/research/networks/securitylab/ SecurityLab]
+
| [[File:AFSecurity-small.png|250px]]
| [[File:Logo-UiO-SecurityLab-colour.jpg|200px]]
+
| AF''Security'' is organised by the UiO Research Group on [https://www.mn.uio.no/ifi/english/research/groups/sec/ Digital Security]
 +
| [[File:Sec-light-360.png|250px|link=https://www.mn.uio.no/ifi/english/research/groups/sec/]]
 
|}
 
|}

Latest revision as of 16:02, 24 April 2020

Privacy for Mobile Apps

TIME:  29 April 2020, 14:00h
Place:  Virtual seminar room: email josang@mn.uio.no to get the address,

AGENDA:

14:00h Welcome to AFSecurity's virtual seminar room
14:05h Invited talk:

Logo-Karlstad.png
  • TITLE:  Privacy for mobile apps: Technical, regulatory and human challenges
    SPEAKER:  Nurul Momen  (Karlstad University)
    ABSTRACT: What is the most intimate device that you possess? If the answer is your mobile phone, you'd probably be interested in finding out how apps behave. In one end, we have a powerful device capable of collecting, monitoring, processing, transmitting data and in other end, this device is connected to hundreds of services through apps. Undeniably, users are being subjected to privacy exploitation due to the obvious reason - surveillance capitalism. We intend to turn the table around by simply asking - how do the apps behave?

14:45h Discussion

BIO:   Nurul Momen is a Ph.D. candidate in the Department of Computer Science and Mathematics at Karlstad University, Sweden. His research interests focus on privacy-enhancing technologies, transparency, usability, mobile communications, and data protection, particularly the security and privacy aspects of access-control models for mobile operating systems. Momen received an M.S. in security and an M.S. in privacy from the double-degree program at the Technical University of Berlin, Germany, and the University of Trento, Italy. Contact him at nurul.momen@kau.se.

AFSecurity-small.png AFSecurity is organised by the UiO Research Group on Digital Security Sec-light-360.png