We are proud to announce the confirmed speakers of ARES 2014:

Bart Preneel

Katholieke Universiteit Leuven, Belgium

Mass surveillance and cryptology

Abstract: The implications of the Snowden revelations have brought to the light interesting research challenges in the area of information security and cryptology. It has become clear that nation states do not limit themselves to large scale passive eavesdropping, but have moved towards sophisticated traffic analysis techniques and active attacks on networks and end systems. Moreover, in the next years one can expect a deployment of ever more sophisticated techniques by a growing number of actors. The awareness of these threats has resulted in an increased interest in the implementation of cryptographic mechanisms; a key question is whether the current cryptographic mechanisms are adequate to protect against these advanced opponents. We will also discuss which areas pose the largest challenges and which defenses have the best chances to be effective.

BPProf. Bart Preneel is a full professor at the KU Leuven; he heads the COSIC research group, that is a member of the iMinds Security Department. He was visiting professor at five universities in Europe. He has authored more than 400 scientific publications and is inventor of 4 patents. His main research interests are cryptography, information security and privacy. Bart Preneel has coordinated the Network of Excellence ECRYPT, has served as panel member and chair for the European Research Council and has been president of the IACR (International Association for Cryptologic Research). He is a member of the Permanent Stakeholders group of ENISA (European Network and Information Security Agency) and of the Academia Europaea. He has been invited speaker at more than 90 conferences in 40 countries. In 2014 he received the RSA Award for Excellence in the Field of Mathematics.

Volkmar Lotz

SAP Research, Germany

Monitoring Threats and Vulnerabilities in Complex IT Landscapes

Abstract: Even when applying current best practices and technologies to secure software and IT landscapes, it would be inappropriate to assume that there are no remaining vulnerabilities and that there will be no attempts to exploit them. Hence, complementing security technology and management with means to detect and monitor vulnerabilities and attacks is an essential element in a comprehensive security strategy. In this talk, we investigate into two major challenges that monitoring solutions need to address in industrial-scale business application environments: the large amount of data that need to be processed to be able to, for instance, detect complex attacks spanning a number of components and layers, and the small amount of time that is available to react to, for instance, the discovery of zero-day exploits. We sketch a solution that exploits advanced in-memory database technology and an event stream processer to enable threat detection in real time over billions of events.

We present a second solution that addresses the prolongation of the time window to react to the publication of vulnerabilities in third party components used by an application. It has turned out that potential vulnerabilities are announced and discussed much earlier in social media than in the official channels like ver=ndor sites or vulnerability registries. Monitoring and analysing such media leads to a significant gain in response time.

Volkmar LotzVolkmar Lotz has more than 25 years experience in industrial research on Security and Software Engineering. He is heading SAP’s Product Security Research, a group of 35+ researchers investigating into applied research and innovative security solutions for modern software platforms, networked enterprises and cloud-based applications, covering the whole development and product life cycle. The group defines and executes SAP’s security research agenda in alignment with SAP’s business strategy and global research trends. Volkmar’s current research interests include Service Security, Data-centric Security, Security Engineering, Formal Methods and Compliance. Volkmar has published numerous scientific papers in his area of interest and is regularly serving on Programme Committees of internationally renowned conferences. He has been supervising various European projects, including large-scale integrated projects. Volkmar holds a diploma in Computer Science from the University of Kaiserslautern.

Allison Mankin

Director of Verisign Labs, Verisign, Inc., US

Change, Innovation, and Resilience in the DNS Ecosystem: a Verisign Labs Perspective

Abstract: Despite having marked the 30th anniversary in 2013, the Internet’s Domain Name System (DNS) is in a period of great innovation, which applications are leveraging as the Internet evolves. In particular, with the emergence of DNS-enabled Authentication of Named Entities, or DANE, applications have new forms of access to global-scale security capabilities. This talk will analyze DNS innovation. One focus will be on modernized, specifically the extensible getdns application interface (getdnsapi.net) developed by Verisign Labs and Amsterdam-based NLNet Labs. Another focus will be on the emerging capabilities for privacy-enhanced access to DNS. In general, this keynote will present a long term view of the DNS Ecosystem, as seen from the research lab of Verisign.

Allison Mankin is the Director of Verisign Labs, a research organization focusing on medium- to long-term evolution, measurement and security of Internet infrastructure, especially DNS. She has been active in Internet research and engineering for over 25 years, including having served at the Internet Engineering Task Force as an area director for 10 of those years. She is best known for having co-led the IPng Selection Process at IETF (long ago).  Her more recent work has been primarily in the areas of DNS, TCP, and their security.