|
|
Speaker: Professor Fabio Massacci
Topic: An Empirical Study of the Attack Potential of Vulnerabilities.
Abstract: Vulnerability exploitation is reportedly one of the main attack vectors against computer systems. Characterisation and assessment of vulnerabilities is therefore central to any IT security management activity. In particular, identifying ex-ante which vulnerabilities are most likely to be exploited (i.e. represent higher risk) is an open issue. In this paper we identify trends of volume of attacks in terms of impact of the vulnerability, and complexity. As a result, we derive two possible “organizing principles” for vulnerability assessment and characterization that may prove useful to be integrated in current security management protocols and best practices. Over this notion we introduce an ‘attack potential’ estimator that reliably estimates the potential volume of attacks the vulnerability may receive in the wild. Our estimator can be used as an aid for vulnerability prioritization when deciding which vulnerability to fix first. This is a joint work with Luca Allodi and Tudor Dimitras.
-
Bio:
Fabio Massacci is a full professor at the University of Trento (IT). He has a Ph.D. in Computing from the University of Rome La Sapienza in 1998. He has been in Cambridge (UK), Toulouse (FR) and Siena (IT). He has published more than 250 articles in peer reviewed journals and conferences and his h-index is 35. His current research interest is in empirical methods for cyber security. He was the European Coordinator of the project SECONOMICS (www.seconomics.org) on socio-economic aspects of security. He is now working on the SESAR EMFASE project on empirical validation of security risk assessment in aviation. With Luca Allodi he contributed to a more scientific approach for vulnerability risk assessment for the CVSS standard.
-
In the recent past, Fabio Massacci have been
- Vice-director for Education ICTLabs - Trento Node - European Institute for Innovation and Technology (1 year and was enough).
- Guest Scientist at SINTEF (Enforce and DIGIT Project) for 6 years.
- deputy rector for ICT procurement (7 years, 2 rectors, 2 general directors, managing 70+ staff members and 3MEuro/yearly budget, being a "customer" of IT was invaluable).
-
Research interests:
-
Past research:
-
Homepage: http://disi.unitn.it/~massacci/
|
|
|
|
Speaker: Professor Benjamin Nguyen
(He cannot attend because of an injury.)
Topic: The Asymmetric Architecture : a privacy by design distributed computing architecture.
-
Bio:
Benjamin Nguyen is Professor at INSA Centre Val de Loire, member of the Laboratoire d'Informatique Fondamentale d'Orléans, Security and Distributed Systems (SDS) team since 2014. He is alumnus of ENS Cachan. He received his Ph.D. from University of Paris-Sud in 2003, joined University of Versailles St-Quentin-en-Yvelines, Parallélisme, Réseaux, Systèmes et Modélisation (PRiSM) in 2004, and INRIA-Secured and Mobile Information Systems (SMIS) team in 2010. He received his habilitation from UVSQ in 2013. His research has covered semi-structured databases, data management and integration, and multi-disciplinary applications of database technology. His current research interests revolve around privacy protection in distributed data-centric applications.
-
Current Interests: Benjamin Nguyen's current research focuses on Privacy & Security in Information Management Systems and Applications. More specifically, he is interested in:
-
Methods to enforce existing privacy models using secure hardware devices.
-
Design and implementation of large scale privacy-by-design personal information management applications (in general interdisciplinary research).
-
Models to represent, quantify and enforce limited data collection.
-
Past Interests:
-
Semi-structured Databases (XML), their query languages (XQuery), and in particular temporal/privacy aspects.
-
Peer-to-peer (P2P) XML databases, and their confidentiality/security aspects.
-
Ontologies
-
Email: benjamin.nguyen@insa-cvl.fr
|
|
|
|
Speaker: Associate Professor Pedro Antunes
Topic: Modelling Sensible Business Processes.
Abstract: In this paper we develop the concept of sensible business process, which appears in opposition to the more traditional concept of mechanistic business process that is currently supported by most business process modelling languages and tools. A sensible business process is founded on a rich model and affords predominant human control. Having previously developed a modelling tool supporting this concept, in this paper we report on a set of experiments with the tool. The obtained results show that the approach 1) captures richer in-formation about business processes; 2) contributes to knowledge sharing in or-ganisations; and 3) generates better process models.
-
Introduction:
Pedro is mainly interested in understanding the mutual influences between humans, technology and organisations using theory, models and tools developed in the fields of computer science, management, design, and cognitive science.
-
Recent research:
- Crowdsourcing strategies for business process analysis, design and execution
- Representation of complex collaborative processes
- Humanistic business process management
- Organisational resilience
- Geocollaboration
- Team cognition, awareness and attention management
- Methods and tools for collaborative systems evaluation
-
Homepage: http://www.victoria.ac.nz/sim/about/staff/pedro-antunes
-
Email: pedro.antunes@vuw.ac.nz
|
|
|
|
Speaker: Univ.-Prof. Dr. Dieter Kranzlmüller
Topic: Extreme Scale Computing vs. Energy Efficiency - A Challenge for Computer Science?
Abstract: The supercomputer SuperMUC is a world-class powerful high-performance computing infrastructure hosted at the Leibniz Supercomputing Centre (LRZ) in Garching near Munich. In total, SuperMUC phase 1 and 2 provide more than 230.000 compute cores and a theoretical peak performance of more than 6 Petaflop/s. Developing applications for SuperMUC is a non-trivial task for users, as both, scalability as well as energy efficiency need to be taken into consideration. Both characteristics are challenging and sometimes conflicting goals for computer science. We describe results from a series of extreme scaling workshops at LRZ, where users utilize large numbers of core for their applications while operating in the innovative cooling environment of LRZ. In addition, we provide a peak view onto the partnership initiative piCS, which applies the lessons learned to a wide range of different applications. Examples from environmental computing will be provided.
-
Bio:
Dieter Kranzlmüller is full professor of computer science at the Ludwig-Maximilians-Universitaet Muenchen (LMU), director of the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences and Humanities, and member of the board of the Center for Digital Technology & Management (CDTM). He is founding member of the Executive Board of the EGI.eu Organisation and German representative on the European Grid Initiative (EGI) Council. He chairs the MNM-Team (Munich Network Management Team), which is engaged in networks and distributed systems in general, and networks, grids, clouds and HPC in particular.
-
Homepage: http://www.nm.ifi.lmu.de/~kranzlm/
-
Email: kranzlmueller@ifi.lmu.de
|