SEMINAR: SECURE SYSTEMS ENGINEERING. Introduction October 20, 2016
|
|
- Maurice Shelton
- 5 years ago
- Views:
Transcription
1 SEMINAR: SECURE SYSTEMS ENGINEERING Introduction October 20, 2016
2 OUTLINE 1. Basic Requirements 2. Preliminary Dates 3. Seminar Guidelines 4. Presentation of the Topics
3 Basic Requirements Completion of a seminar thesis in English 20 pages written in LaTeX We provided a template Design and run a presentation Presentation is 30 min, to be held in a block seminar 20 min for the contents 10 min for discussion Reviews Internal peer-review by students also by supervisor
4 Preliminary Dates Thu, , 4:00 p.m.: Topic presentation Thu, , 11:00 a.m.: Seminar guidelines & introduction to scientific working The following dates have their deadline 23:59 MEZ: Thu, : Outline and literature references (student) Thu, : Seminar thesis for review (student) Fr, : Assignment of peer reviews (supervisors) Fr, : Completed peer-review (student) Su, : Presentation for supervisor feedback (student) Su, : Supervisor feedback: presentation (supervisors) Su, : Camera-ready version of thesis (student) Su, : Supervisor feedback: thesis (supervisors) Su, : Final hand-in of thesis (student) Presentations (block seminar):
5 Seminar Guidelines Thursday, , 11:00 a.m. in ZM Presentation of seminar guidelines and rules Introduction into scientific working Participation is mandatory Topic Selection Doodle poll Choose exactly three topics Each topic will be drawn from all applicants Poll will be opened today at 6 p.m. and will be closed on Monday, October 24 th at 4 p.m. You will be informed via which topic you are assigned Please confirm this mail until Tuesday, October 25 th at 6 p.m.
6 OUTLINE 1. Basic Requirements 2. Preliminary Dates 3. Seminar Guidelines 4. Presentation of the Topics
7 Model-driven Security for Embedded Systems Supervisor: Johannes Geismann 1 When designing safe and secure embedded systems not only software but also hardware has to be considered Model-driven approaches are used to assist designers and developers in early development steps SysML-Sec is a method for this task Your task: Give a comprehensive overview Which threats / attacks are considered? Which viewpoints are covered? What are the assumptions/limitations made in this approach? Compare to related approaches Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model-Driven Environment for Developing Secure Embedded Systems", Proceedings of the 8th conference on the security of network architecture and information systems (SARSSI'2013), Mont de Marsan, France, sept Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model Driven Approach for Designing Safe and Secure Systems", Special session on Security and Privacy in Model Based Engineering, 3rd International Conference on Model-Driven Engineering and Software Development (Modelsward), Angers, France, Feb Software Engineering
8 Modelling of Cryptographic Algorithms Stefan Krüger 2 In Summary: Candidates Task: Compare two modelling languages in terms of their suitability for cryptography One student: Comparison based on papers Two students: Papers + Creating a model of subdomain in both languages Supervisor: Stefan Krüger stefan.krueger@upb.de [Boucher et al., Introducing TVL, a Textbased Feature Modelling Language, VaMos 2010] [Nadi et al., Variability Modeling of Cryptographic Components (Clafer Experience Report), VaMos 2016] [Bak et al., Unifying Class and Feature Modelling, SoSyM 2014]
9 Architecture-based Intrusion Detection David Schubert 3 UserClient Database Code typically has flaws that can be exploited Finding all these flaws manually or by automated analyses is hard and expensive A second line of defense are runtime approaches that monitor the running system and aim at detecting intrusions (deviations from normal system behavior) These approaches are categorized by their information source Literature: Yuan, Eric, and Malek, Sam. "Mining Software Component Interactions to Detect Security Threats at the Architectural Level." DOI /WICSA Lazarevic, Aleksandar, Vipin Kumar, and Jaideep Srivastava. "Intrusion detection: A survey." DOI / _2 Your Task: 1. Recap the approach by Yuan and Malek 2. Emphazise the (dis)advantages compared to classical host and network-based intrusion detection 9 Software Engineering
10 Secure Isolation of Native Code for Java Andreas Dann General Risk: Java, Python, C#, JS, etc. Security Risk: Malicious/Buggy 4 Real-Problem: Web-Server, Android, Plugins Java Application 3 rd Party Library Outside of Language Security Solution: SFI, Process, Approaches: Robusta, Siefers J. et al., 2010 DOI: / JVM-Portable Sandboxing, Sun, M., 2012 DOI: / _48 JNICodejail, Hassanshai B., 2013 DOI: / Your Task: Compare Approaches What is the concept? What threats are mitigated? What are drawbacks? Your Conclusion? 10 Software Engineering
11 Static Analysis using LLVM Supervisor: Philipp Schubert 5 Static analyses can be used for automated bug detection and code optimization Static analysis builds on compiler infrastructure and vice versa Your task Familiarize yourself with the powerful compiler technology LLVM (C/C++ based) Give an overview on LLVMs capabilities What is the concept? What are the benefits? What are the drawbacks? What are the characteristics of the used IR? Compare the LLVM project to related approaches Two students: comprehensive comparison with Graal & Truffle project Learning outcomes Understand basic concepts of compiler technology & static analysis Gain deeper understanding of how programming languages are processed Chris Lattner and Vikram Adve LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization (CGO '04). IEEE Computer Society, Washington, DC, USA, Software Engineering
12 Graal & Truffle Compiler Technology Supervisor: Philipp Schubert 6 Static analyses can be used for automated bug detection and code optimization Several compiler projects exist (specific advantages / disadvantages) Your task Familiarize yourself with the Graal & Truffle project (Java based) What is the concept of Graal & Truffle? What are the benefits? What are the drawbacks? What are the characteristics of the used IR? Compare the Graal project to related approaches Two students: comprehensive comparison with the LLVM project Learning outcomes Understand basic concepts of compiler technology & static analysis Gain deeper understanding of how programming languages work 12 Software Engineering
13 Security Risks in Android s Inter-App Communication Supervisor: Goran Piskachev 7 Android Apps can exchange messages to make a re-use of some functionalities provided by components in other applications For example, a review app for restaurants can ask the map application to display the location of the restaurant Problem: The Android passing message system which enables the Inter-App communication may be attacked if it is used incorrectly. The messages can be sniffed, modified, or stolen. Approach: Analysis of Android applications and automatic detection of known vulnerabilities related to the Inter-App communication Your task: Give an overview and classification of attacks to the Inter-App communication Evaluate at least two analysis tools using your classification Literature: Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner Analyzing inter-application communication in Android. In Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11). ACM, New York, NY, USA, Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis. In Proceedings of the 22nd USENIX conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA,
14 Surveying Requirements Specification Approaches for Information Flow Security Supervisor: Christopher Gerking 8 Secure Information Flow of Cyber-Physical Systems (CPS) is critical Problem: How to specify Information Flow Requirements? Your Task: review existing Approaches for Security Requirements Specification, asses their Applicability in the Context of Information Flow Security for CPS Literature Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Engineering 15(1), 7 40 (2010) Meland, P.H., Tøndel, I.A., Jaatun, M.G.: Security requirements for the rest of us: A survey. IEEE Software 25(1), (2008) Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Computer Standards Interfaces 32(4), (2010) 14 Software Engineering
15 Relaxing Information Flow Restrictions by means of Information Declassification Supervisor: Christopher Gerking 9 Classical Noninterference Policy too strict in Practice Problem: How to relax Information Flow Restrictions? Your Task: study the Theory of Noninterference, give an Overview of existing Approaches for Declassification, demonstrate Advantages and Shortcomings in the context of CPS Literature Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy. pp IEEE Computer Society (1982) Zdancewic, S.: Challenges for information-flow security. In: Workshop on the Programming Language Interference and Dependence (PLID 04) (2004) Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), (2009) 15 Software Engineering
16 A Survey of Static Code Analysis techniques for PLC Programs Supervisor: Faezeh Ghassemi Static code analysis (SCA) is analyzing the code without executing it 10 There are plenty of SCA tools and techniques for languages like Java and C Not many tools/ approaches for PLC programming languages Your task Make a survey of existing static analysis tools and methods for PLC programming languages and explain their capabilities as well as advantages and disadvantages Literature H. Prahofer; F. Angerer; R. Ramler; F. Grillenberger, "Static Code Analysis of IEC Programs: Comprehensive Tool Support and Experiences from Large-Scale Industrial Application," in IEEE Transactions on Industrial Informatics, vol.pp, no.99, pp.1-1 doi: /TII S. Stattelmann, S. Biallas, B. Schlich and S. Kowalewski, "Applying static code analysis on industrial controller code," Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), Barcelona, 2014, pp doi: /ETFA faezeh.ghassemi@iem.fraunhofer.de
17 SECURE TROPOS Integrating Security and Systems Engineering Supervisor: Thorsten Koch 11 Problem Security is a crucial issue for information systems. However, in Software Engineering security is mainly considered as non-function requirements after the definition of the systems. This approach often leads to problems, which translate to security vulnerabilities. Approach The methodology Secure Tropos is proposed to model and analyze security requirements alongside functional requirements. It provides a requirements analysis process that drives system designers from the acquisition of requirements up to their verification to consider security during the whole development process. Your Task Describe the methodology Secure Tropos Especially focus on the possibilities to analyze the specified security requirements Literature Mouratidis, H.; Giorgini, P.; Manson, G.: Integrating Security and Systems engineering: Towards the Modelling of Secure Information Systems in CAiSE 2003 [ [
18 Topic Selection Doodle poll Choose exactly three topics Each topic will be drawn from all applicants Poll will be opened today at 6 p.m. and will be closed on Monday, October 24 th at 4 p.m. Write a mail if you would like to work in a group Names of both students Topic number Important: Both students have to mark this topic in the doodle poll! You will be informed via which topic you are assigned Please confirm this mail until Tuesday, October 25 th at 6 p.m.
Proseminar. (with Eclipse) Jun.-Prof. Dr.-Ing. Steffen Becker. Model-Driven Software Engineering. Software Engineering Group
Proseminar Model-Driven Software Engineering (with Eclipse) Jun.-Prof. Dr.-Ing. Steffen Becker Model-Driven Software Engineering Software Engineering Group 1 Outline Basic Requirements Preliminary Dates
More informationUse of the LLVM framework for the MSIL code generation
Use of the LLVM framework for the code generation Artur PIETREK artur.pietrek@imag.fr VERIMAG Kalray (Montbonnot) DCS seminar March 27, 2009 1 2 3 4 5 6 7 Outline The code generator is a part of the thesis:
More informationPre-Course Meeting Proseminar Network Hacking & Defense
Network Architectures and Services Department Computer Science Technische Universität München Pre-Course Meeting Proseminar Network Hacking & Defense Dr. Holger Kinkelin and Nadine Herold Content q Administrative
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationPreemptive PREventivE Methodology and Tools to protect utilities
Preemptive PREventivE Methodology and Tools to protect utilities 2014 2017 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 1 Preemptive description Project objectives
More informationINFORMATION SESSION. MS Software Engineering, specialization in Cybersecurity
INFORMATION SESSION MS Software Engineering, specialization in Cybersecurity Presenter Afifa Hamad Program Specialist Graduate & Extended Studies Charles W. Davidson College of Engineering San Jose State
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationA Model Transformation from Misuse Cases to Secure Tropos
A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed 1, Raimundas Matulevičius 1, and Haralambos Mouratidis 2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee
More informationCritical Infrastructures and Cyber Protection Center (CICPC) Professional Development Programs. FISMA Compliance Review Program Sample Syllabus FISMA
Critical Infrastructures and Cyber Protection Center (CICPC) Professional Development Programs FISMA Compliance Review Program Sample Syllabus FISMA ICP-086-Pxx (class dates) Live on Weekdays Lunchbox
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationThe SPARKS Project Motivation, Objectives and Results
The SPARKS Project Motivation, Objectives and Results Paul Smith paul.smith@ait.ac.at AIT Austrian Institute of Technology SEGRID Project Workshop 14 th November, 2016, Barcelona, Spain The SPARKS Project
More informationAdvisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431
Cyber Security I - CoSci 411 Los Angeles Mission College - Spring 2018 Instructor: Javier Rios E-mail: rios.javier@gmail.com E-mail communications will be will receive a response within 24 hours. Advisory:
More informationOntology- and Bayesian- based Information Security Risk Management
Ontology- and Bayesian- based Information Security Risk Management Stefan Fenz sfenz@securit 4 th ETSI Security Workshop 13 14 January 2009 ETSI, Sophia Antipolis, France Motivation Almost every business
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationOklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017
Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017 ITD 3443 Network Security Students will provide Cyber Defense while understanding Cyber Threats. Their attack types
More informationSI - Computer Security
Coordinating unit: 270 - FIB - Barcelona School of Informatics Teaching unit: 701 - AC - Department of Computer Architecture Academic year: Degree: 2017 BACHELOR'S DEGREE IN INFORMATICS ENGINEERING (Syllabus
More informationCourse Curriculum for Master Degree in Network Engineering and Security
Course Curriculum for Master Degree in Network Engineering and Security The Master Degree in Network Engineering and Security is awarded by the Faculty of Graduate Studies at Jordan University of Science
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationsend application for a topic until Wednesday, October 25, 1pm
Overview of topics (today) send application for a topic until Wednesday, October 25, 1pm First milestone (mid/end November) prototype/part of software summary of research (literature and related systems/tools)
More informationExperience Security, Risk, and Governance
Experience Security, Risk, and Governance Agenda and recommended event path 26 28 March Vienna, Austria Contents 3 Welcome 4 Overview 5 Evening Programs 6 Sessions at-a-glance 11 Digital Transformation
More informationITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS
ITT Technical Institute CS420 Application Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites:
More informationDegree Branch / Specialization College University CSE SONA COLLEGE OF TECHNOLOGY : ASSISTANT PROFESSOR (SENIOR GRADE) ASSISTANT PROFESSOR
FACULTY PROFILE Name Designation Email ID : NISHA SOMS : ASSISTANT PROFESSOR (SENIOR GRADE) : nishasoms.cse@srit.org Area of Specialization : Wireless Ad Hoc Networks, Mobile Computing Cryptography and
More informationMORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015
MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015 CATALOG DESCRIPTION ONLINE EEGR.483 INTRODUCTION TO SECURITY MANAGEMENT CREDITS: 3 THIS COURSE IS A
More informationSecure Programming Lecture 1: Introduction
Secure Programming Lecture 1: Introduction David Aspinall, Informatics Edinburgh 15th January 2018 Orientation This course is Secure Programming. More accurately: it is about Software Security. Aimed at
More informationSeminar Model-Based Quality Engineering
Seminar Model-Based Quality Engineering Jun.-Prof. Dr.-Ing. Steffen Becker Model-Driven Software Engineering Software Engineering Group WS13/14, Seminar Model-Based Quality Engineering - Jun.-Prof. S.
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationMINIMUM SECURITY CONTROLS SUMMARY
APPENDIX D MINIMUM SECURITY CONTROLS SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS The following table lists the minimum security controls, or security control baselines, for
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationIntroducing Cyber Resiliency Concerns Into Engineering Education
Introducing Cyber Resiliency Concerns Into Engineering Education Mr. Tom McDermott Georgia Tech Research Institute Mr. Barry Horowitz University of Virginia NDIA 20 th Annual Systems Engineering Conference
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationSystem Approach for Single Keyword Search for Encrypted data files Guarantees in Public Infrastructure Clouds
System Approach for Single Keyword Search for Encrypted data files Guarantees in Public Infrastructure s B.Nandan 1, M.Haripriya 2, N.Tejaswi 3, N. Sai Kishore 4 Associate Professor, Department of CSE,
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationAdvanced Compiler Construction
CS 526 Advanced Compiler Construction http://misailo.cs.illinois.edu/courses/cs526 Goals of the Course Develop a fundamental understanding of the major approaches to program analysis and optimization Understand
More informationSystems Security Research in SIIS Lab
Systems and Internet Infrastructure Security (SIIS) Laboratory 1 Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania
More informationDROPLET, A BLOCKS BASED EDITOR FOR TEXT CODE. David Anthony Bau Phillips Exeter Academy 20 Main Street, Exeter, NH
DROPLET, A BLOCKS BASED EDITOR FOR TEXT CODE David Anthony Bau Phillips Exeter Academy 20 Main Street, Exeter, NH 781 795 2906 dab1998@gmail.com ABSTRACT Droplet is a new programming editor, created by
More informationBachelor of Information Technology (Network Security)
Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationDifferential Privacy. Seminar: Robust Data Mining Techniques. Thomas Edlich. July 16, 2017
Differential Privacy Seminar: Robust Techniques Thomas Edlich Technische Universität München Department of Informatics kdd.in.tum.de July 16, 2017 Outline 1. Introduction 2. Definition and Features of
More informationSeminar Column-Oriented Database Management Systems
Seminar Column-Oriented Database Management Systems Summer Term 2012 Lehrgebiet Informationssysteme Weiping Qu qu@cs.uni-kl.de AG Datenbanken und Informationssysteme AG Heterogene Informationssysteme Goals
More informationSTUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES
STUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES REJO MATHEW Department of Information Technology, NMIMS University, MPSTME, Mumbai, Maharashtra 400056, India rejo.mathew@nmims.edu
More informationSystematic generation of attack scenarios against industrial systems
Systematic generation of attack scenarios against industrial systems Maxime Puys, Marie-Laure Potet and Jean-Louis Roch VERIMAG, University of Grenoble Alpes / Grenoble-INP, France Firstname.Name@imag.fr
More informationAppSec in a DevOps World
AppSec in a DevOps World Peter Chestna Director of Developer Engagement 1 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Who am I? 27 Years Software Development Experience 12 Years Application Security
More informationKick-Off. and presentation of available topics
Kick-Off and presentation of available topics 1 SECUSO Research Group Kick-Off 21.10.2016 You are in the right room if...... you want to participate in our Usable Security and Privacy lab... you are interested
More informationPIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
W I S S E N T E C H N I K L E I D E N S C H A F T PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices IAIK, Graz University of Technology, Austria www.iaik.tugraz.at 2 Outline Introduction
More informationLearning, teaching, playing with compiler construction - A web based host platform for target virtual machines
Learning, teaching, playing with compiler construction - A web based host platform for target virtual machines Nuno Gaspar Departamento de Informática, Universidade da Beira Interior, Covilhã, Portugal
More informationNOTE: COURSE CONTENT MAY BE CHANGED, TERM TO TERM, WITHOUT NOTICE.
CSIS 341 NOTE: COURSE CONTENT MAY BE CHANGED, TERM TO TERM, WITHOUT NOTICE. THE INFORMATION BELOW IS PROVIDED AS A GUIDE FOR COURSE SELECTION AND IS NOT BINDING IN ANY FORM, AND SHOULD NOT BE USED TO PURCHASE
More informationSECURE INTEGRATION OF CRYPTOGRAPHIC SOFTWARE
SECURE INTEGRATION OF CRYPTOGRAPHIC SOFTWARE Speaker: Stefan Krüger Folie 1 When a Developer Uses a Crypto API Uses Electronic Codebook (ECB) Folie 2 The Average Developer is no Crypto Expert 88% of Android
More information6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are
PROGRAM Objective Cyber Security is the most sought after domain, and NASSCOM projects a requirment of over 1 million trained professionals by 2025. Tevel training program is an industry & employability
More informationIT Security in Large IT Infrastructures SS18 Lecture 00: Preliminary Discussion
IT Security in Large IT Infrastructures SS18 Lecture 00: Preliminary Discussion Florian Fankhauser Christian Schanes Christian Brem Franz Mairhofer INSO Industrial Software Institute of Information Systems
More informationVisual Amortization Analysis of Recompilation Strategies
2010 14th International Information Conference Visualisation Information Visualisation Visual Amortization Analysis of Recompilation Strategies Stephan Zimmer and Stephan Diehl (Authors) Computer Science
More informationLessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week G Security Adrian Dabrowski
Lessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week 2017 5G Security Adrian Dabrowski adrian.dabrowski@tuwien.ac.at @atrox_at Co-Authors: David Rupprecht, Thorsten Holz, Edgar Weippl,
More informationStavros Nikolaou. 413 Gates Hall URL: Ithaca, NY, 14853, USA Date of Birth: December, 1987
413 Gates Hall +1 6073795409 Department of Computer Science Cornell University email: snikolaou@cs.cornell.edu URL: www.cs.cornell.edu/~snikolaou Ithaca, NY, 14853, USA Date of Birth: December, 1987 Education
More informationECET 590 Special Problems in Electrical & Computer Engineering Technology (SmartGrid Technology)
ECET 590 Special Problems in Electrical & Computer Engineering Technology (SmartGrid Technology) Spring 2010 Paul I-Hai Lin, Professor of Electrical and Computer Engineering Technology Indiana University-Purdue
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationOVERVIEW OF SUBJECT REQUIREMENTS
Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students
More informationWriting a good seminar paper Seminar in Software and Service Engineering
Writing a good seminar paper Seminar in Software and Service Engineering 24.10.2017 Marjo Kauppinen and Marko Nieminen Department of Computer Science Outline Learning goals of the course Structure of good
More informationTraining Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 04-08 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training
More informationTowards Systematic Usability Verification
Towards Systematic Usability Verification Max Möllers RWTH Aachen University 52056 Aachen, Germany max@cs.rwth-aachen.de Jonathan Diehl RWTH Aachen University 52056 Aachen, Germany diehl@cs.rwth-aachen.de
More informationImplementation of Handling Android Application using SMS (Short Message Service)
Implementation of Handling Android Application using SMS (Short Message Service) Sagar Pise 1, Raj Moundekar 2, Rakshita Meshram 3, Sakshi Mohadikar 4, Roshni Durugwar 5, Dinesh Banabakode 6 1TeamLeader
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationAn object of research has changed System events System renewal Mathematical computer tools reliability dependability
Preface The conference DepCoS - RELCOMEX '06 is organized by the Institute of Computer Engineering, Control and Robotics (previously the Institute of Engineering Cybernetics), Wroclaw University of Technology.
More informationSECURITY PATTERN DETECTION AN ANDROID APPLICATION
SECURITY PATTERN DETECTION AN ANDROID APPLICATION Ahmad Talha Siddiqui* Dr. Munesh Chandra Trivedi** Abstract: The Android platform has about 100 applications level permissions that govern access to resources.
More informationAutomatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android Alexandre Bartel, Jacques Klein, Yves Le Traon, Martin Monperrus To cite this version: Alexandre
More informationCompiling Techniques
Lecture 1: Introduction 20 September 2016 Table of contents 1 2 3 Essential Facts Lecturer: (christophe.dubach@ed.ac.uk) Office hours: Thursdays 11am-12pm Textbook (not strictly required): Keith Cooper
More informationCS 553: Algorithmic Language Compilers (PLDI) Graduate Students and Super Undergraduates... Logistics. Plan for Today
Graduate Students and Super Undergraduates... CS 553: Algorithmic Language Compilers (PLDI) look for other sources of information make decisions, because all research problems are under-specified evaluate
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationA Java Based Component Identification Tool for Measuring Circuit Protections. James D. Parham J. Todd McDonald Michael R. Grimaila Yong C.
A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J. Todd McDonald Michael R. Grimaila Yong C. Kim 1 Background Program Protection Software (programs) are the
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationCYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
More informationProduct Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd
Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd Symantec Endpoint Protection Product Roadmap 1 Safe Harbor Disclaimer Any information regarding pre-release Symantec offerings,
More informationAn Open Source Java Framework for Biometric Web Authentication based on BioAPI
An Open Source Java Framework for Biometric Web Authentication based on BioAPI Elisardo González Agulla, Enrique Otero Muras, José Luis Alba Castro, and Carmen García Mateo Department of Signal Theory
More informationConstruction of Trusted Computing Platform Based on Android System
American Journal of Mobile Systems, Applications and Services Vol. 1, No.1, 2015, pp. 54-58 http://www.aiscience.org/journal/ajmsas Construction of Trusted Computing Platform Based on Android System Hui
More information( It will be applied from Fall)
İZMİR INSTITUTE OF TECHNOLOGY GRADUATE SCHOOL OF ENGINEERING AND SCIENCES DEPARTMENT OF COMPUTER ENGINEERING MASTER OF SCIENCE PROGRAM IN COMPUTER ENGINEERING Core Courses ECTS *CENG 590 Seminar (0-2)
More informationInformation Assurance A Key Imperative
Information Assurance A Key Imperative Jaideep Srivastava Army High Performance Computing Research Center Department of Computer Science University of Minnesota Project Participants: V. Kumar, A. Lazarevic,
More informationAspects of Enhancing Security in Software Development Life Cycle
Advances in Computational Sciences and Technology ISSN 0973-6107 Volume 10, Number 2 (2017) pp. 203-210 Research India Publications http://www.ripublication.com Aspects of Enhancing Security in Software
More informationAndroid. Studies on Risk Level Evaluation Schemes using APK Metadata
Computer Security Symposium 2015 21-23 October 2015 Android 184-8795 4-2-1 takeshi takahashi@nict.go.jp 102-0083 2-6-7 RK 4F Android Android Package (APK) APK ( ) APK Web APK area under curve APK Studies
More informationHuman Biases Meet Cybersecurity of Embedded and Networked Systems
Human Biases Meet Cybersecurity of Embedded and Networked Systems Saurabh Bagchi and Shreyas Sundaram School of Electrical and Computer Engineering CERIAS Purdue University Vision for Security of Embedded
More informationMaster & Doctor of Philosophy Programs in Computer Science
Master & Doctor of Philosophy Programs in Computer Science Research Fields Pattern Recognition Data Analysis Internet of Things and Network Communication Machine Learning Web Semantic and Ontology For
More informationHigh Performance Computing using a Parallella Board Cluster PROJECT PROPOSAL. March 24, 2015
High Performance Computing using a Parallella Board Cluster PROJECT PROPOSAL March 24, Michael Johan Kruger Rhodes University Computer Science Department g12k5549@campus.ru.ac.za Principle Investigator
More informationNaval Postgraduate School Department of Computer Science Graduation Checklist for MSCS Degree 6203P Subspecialty Code (Revised: FALL AY17)
Naval Postgraduate School Department of Computer Science Graduation Checklist for MSCS Degree 6203P Subspecialty Code (Revised: FALL AY17) Name/Rank/Service: Month/Year Enrolled: Projected Graduation Date:
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationV Conference on Application Security and Modern Technologies
V Conference on Application Security and Modern Technologies In collaborazione con Venezia, Università Ca Foscari 6 Ottobre 2017 1 Matteo Meucci OWASP Nuovi standard per la sicurezza applicativa 2
More informationImproving SCADA System Security
Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September
More informationA Review on Security in Smart Grids
International Journal of Allied Practice, Research and Review Website: www.ijaprr.com (ISSN 2350-1294) A Review on Security in Smart Grids Jeetu Sharma, Partha Pratim Bhattacharya and V K Jain College
More informationOperations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ
Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016
More informationUNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS
UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS MASSACHUSETTS BAY TRANSPORTATION AUTHORITY v. Plaintiff ZACK ANDERSON, RJ RYAN, ALESSANDRO CHIESA, RONALD L. RIVEST, and the MASSACHUSETTS INSTITUTE
More informationArchitecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788
Architecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788 Outline Introduction - What is the problem? - What is the solution? - Motivating Example - How ABSP addresses these challenges?
More informationAchieving Java Application Security With Parasoft Jtest
Achieving Java Application Security With Parasoft Jtest Cloud computing continues to gain traction as enterprises increasingly embrace the shift to Internet-based environments. Unfortunately, this also
More informationFraude dans la Telephonie
Fraude dans la Telephonie Aurélien Francillon Merve Sahin With Monaco Telecom Also with cooperations: NYU Abu Dhabi Georgia Tech Telecom Paris Tech (Marc Relieu) Telephony Fraud A long-standing problem
More informationCURRICULUM VITAE. DI Dr. Matthias Grimmer Michael-Hainisch-Straße Linz
CURRICULUM VITAE Full Name Address Date of Birth Citizenship Phone Email Website GitHub DI Dr. Michael-Hainisch-Straße 18 4040 Linz March 2, 1989 Austria (+43) 664 784 21 52 contact@matthiasgrimmer.com
More informationOverview of Web Application Security and Setup
Overview of Web Application Security and Setup Section Overview Where to get assistance Assignment #1 Infrastructure Setup Web Security Overview Web Application Evaluation & Testing Application Security
More informationProduct Security Briefing
Product Security Briefing Performed on: Adobe ColdFusion 8 Information Risk Management Plc 8th Floor Kings Building Smith Square London SW1 P3JJ UK T +44 (0)20 7808 6420 F +44 (0)20 7808 6421 Info@irmplc.com
More informationNomair A. Naeem. Personal Data. Education. Teaching Experience. Course Instructor/Sessional
Nomair A. Naeem Personal Data Address: E-mail: Web Page: David R. Cheriton School of Computer Science University of Waterloo 200 University Avenue West Waterloo, ON N2L 3G1, Canada nanaeem@uwaterloo.ca
More information(In)Security of Java SecureRandom Implementations
(In)Security of Java SecureRandom Implementations M. Cornejo 1 S. Ruhault 2 1 École Normale Supérieure, INRIA, Paris, France 2 DI/ENS, ENS-CNRS-INRIA and Oppida, France Journées Codage et Cryptographie,
More informationTCOM 663/CFRS Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Fall, 2010
TCOM 663/CFRS 663 - Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Fall, 2010 Course Syllabus Revised: June. 16, 2010. Instructor Dr. Kafi Hassan
More informationTest Driven Development (TDD), and Working with Legacy Code Using C# Workshop ( 4 days)
Test Driven Development (TDD), and Working with Legacy Code Using C# Workshop ( 4 days) HOTEL DUBAI GRAND April 16 to 19-2018 Monday to Thursday ) (4 days) 9 am to 4 pm ISIDUS TECH TEAM FZE PO Box 9798
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More information