Vorträge im Rahmen des Besetzungsverfahrens
der Laufbahnstelle
„Security Engineering“

Montag 13. Juli 2020, 09:00 Uhr
Dr. Clemens Sauerwein (Universität Innsbruck)
Lehrevortrag „Injection Vulnerabilities in Web Applications“ (20 Minuten) und anschließend
der Forschungsvortrag mit dem Titel: From Shared Threat Data to Actionable Threat Intelligence

Abstract:
The increasingly persistent and sophisticated threat actors along with the sheer speed at
which cyber-attacks unfold, have made timely decision-making imperative for an
organisation's security. Therefore, persons responsible for security employ a large variety of
data sources concerning, emerging attacks, attackers’ course of actions or indicators of
compromise, in order to promptly put appropriate countermeasures in place. These sources
range from unstructured publicly available threat information to inter-organizational cyber
threat intelligence sharing platforms. However, while research in the field is relatively new
and practice mainly focuses on the collection of threat data, there is a profound lack of
systematic approaches to automatically analyse and process threat data in order to produce
and disseminate actionable threat intelligence. Moreover, there is no common understanding
how shared threat intelligence systematically supports internal information security processes
and improves an organisation’s security. In this talk, I present my past, current and future work
to address these challenges by combining research in the fields of data analytics and
information systems. My overall vision is the development of an innovative and holistic
approach that systematically generates actionable threat intelligence from heterogeneous
threat data sources to automatically trigger information security processes and predict future
cyber threats.

Montag 13. Juli 2020, 13:00 Uhr
Dr. Arun Babu Puthuparambil (Indian Institute of Science, Bangalore)
Lehrevortrag „Injection Vulnerabilities in Web Applications“ (20 Minuten) und anschließend
der Forschungsvortrag mit dem Titel: Brute-force resistant Cryptography

Abstract:
Cyber-physical systems are expected to have high security; however, most of the low-powered
devices being used have computational and memory constraints. Hence the light-weight
cryptographic algorithms have gained popularity. However, such algorithms are also lightweight
for an attacker.
We present Freestyle, a randomized and variable round version of ChaCha cipher to resist
offline key-guessing attacks. We demonstrate the use of hash based halting condition where
a decryption attempt with an incorrect key is likely to take longer time to halt. This makes
Freestyle resistant to key-guessing attacks i.e. brute-force and dictionary based attacks.
Freestyle demonstrates a novel approach for ciphertext randomization by using random
number of rounds for each block of message, where the exact number of rounds are unknown
to the receiver in advance. Freestyle provides the possibility of generating up to 2^256
different ciphertexts for a given key, nonce, and message; thus resisting key and nonce reuse
attacks. Due to its inherent random behavior, Freestyle makes cryptanalysis through knownplaintext,
chosen-plaintext, and chosen-ciphertext difficult in practice

Dienstag 14. Juli 2020, 09:00 Uhr
Dr. Mohammad Ghafari (Universität Bern)
Lehrevortrag „Injection Vulnerabilities in Web Applications“ (20 Minuten) und anschließend
der Forschungsvortrag mit dem Titel: Software and security: towards a happy marriage

Abstract:
The neglect of quality concerns such as security are dominant in code examples available
online, and tools that detect such issues in software are often hard to use for developers and
require expertise to work with. In this talk, I will shortly explore the challenges that software
developers encounter to engineer robust and secure software systems and discuss a few
mechanisms to circumvent these challenges.

Dienstag 14. Juli 2020, 13:00 Uhr
Dr. Thaimoor Muhammad Khan (University of Greenwich)
Lehrevortrag „Injection Vulnerabilities in Web Applications“ (20 Minuten) und anschließend
der Forschungsvortrag mit dem Titel: Certified and Interpretable End-to-End Secure Real-time Computing Systems

Abstract:
In this talk, we introduce a novel design methodology to develop certified and interpretable
secure computing systems based on their functional and non-functional behaviour. The
novelty of the methodology arises from the fact that it unifies prospective (i.e., formal
verification based) and retrospective (i.e., artificial intelligence and machine learning based)
inference techniques by overcoming their limitations. The methodology develops inference
techniques that are abstract (i.e., security, privacy and policy aware) and practical (i.e., realtime
inconsistency detection). Importantly, the methodology will operate at both design-time
and run-time and will be able to detect precedented and unprecedented threats and risks that
may have cascading effects on one hand, and will be able to recover from threats if possible
otherwise will mitigate impact of the threats on the other hand.
Finally we introduce our recent development in this direction that has 3 independent, but
complementary, components that employ novel approaches and techniques in the
development of secure systems.

Aufgrund der Umstände (COVID 19) finden der öffentliche Vortrag und die
anschließende Diskussion per Streaming sowie Videokonferenz statt.
Bei Interesse melden Sie sich bitte per E-Mail an informatik@uibk.ac.at