Title: Next Generation Security for Cyber Physical Systems
Abstract: Driven by the Industry 4.0 movement, businesses are innovating rapidly and applying accessible technologies to accelerate wealth creation and societal development. Decades of robotics research is now becoming easier to implement as enterprises start to exploit the potential benefits of Cyber Physical Systems (CPS). The interconnected nature of CPS thus presents significant challenges for the secure distribution of data, especially since it is essential that physical actuation must be safe and cause no harm to humans. This talk explores the landscape of security issues from the context of CPS, considers emerging approaches to privacy preservation, and novel approaches for distributed ledger technologies, and identifies pertinent opportunities for research and industrial communities to investigate.
Professor Richard Hill is Head of the Department of Computer Science, and Director of
the Centre for Industrial Analytics, at the University of Huddersfield, UK. Professor
Hill has published over 200 peer-reviewed articles and has been the recipient of several
best paper awards, having been recognised by the IEEE for outstanding research leadership
in the areas of Big Data, predictive analytics, the Internet of Things, Cyber Physical
Systems security and Industry 4.0, and has specific interests in digital manufacturing.
Title: Intelligent Software Vulnerability Detection
Abstract: Attacks toward software infrastructures have caused substantial damage to our modern society and economy. New software security vulnerabilities are discovered on an almost daily basis. It is important to detect software vulnerabilities early because late corrections of errors could cost up to 200 times as much more or even cause more severe damage. In this talk, I will present the latest advances in intelligent software vulnerability detection. Specifically, I will present a study on recurring software vulnerabilities and the techniques to detect and prevent prior-known software vulnerabilities. Moreover, the advances of Artificial Intelligence and Machine Learning have opened up the new chapter of software vulnerability detection. Along with the topic of AI/ML-powered security vulnerability detection, I will also present how the explainable AI (XAI) can improve the usability of such detection. Finally, I will explain the automated techniques in assessing the impact of potential software vulnerabilities and the human-in-the-loop XAI vulnerability detection framework that leverages the explainable AI to combine Artificial Intelligence (AI) and Intelligence Assistant (IA) in amplifying human intelligence in the vulnerability detection process.
Dr. Tien N. Nguyen is a Professor in the Computer Science Department at the University of Texas at Dallas. His research interests include program
analysis, software security, machine learning for software engineering, and software mining. In the past ten years, he has been awarded 4 ACM SIGSOFT
Distinguished Paper Awards, one IEEE Technical Committee on Software Engineering (TCSE) Distinguished Paper Award, and one Most Impact Paper Award at
the top-tier, international software engineering conferences including ICSE, FSE, and ASE. He is ranked 3rd by csrankings.org among the researchers
that have published the most at the top-tier software engineering conferences. Since 2007, his research has been supported by 16 external grants
including 9 NSF grants from US National Science Foundation, one National Security Agency (NSA) grant, and several grants from industry including ABB
Software Research Grant Program, Litton Industry, IBM research, Amazon, and Agile Alliance Academic Program. He has served as the Program Chair of the
32nd ACM/IEEE International Conference on Automated Software Engineering (ASE 2017), and 4 times as the Chair of the Formal Demonstration Tracks at
ICSE and FSE. He has served on Program Committees and Program Boards of top-tier software engineering conferences including ICSE, FSE, ASE, OOPSLA,
and ECOOP. He has received several awards for excellence in research including the Litton Professorship Medallion Award (Iowa State University),
Graduate of the Last Decade (University of Wisconsin), etc.
Title: Security-Aware Task Execution across the Edge-Cloud Continuum
Abstract: Fog computing brings the cloud closer to a user with the help of micro data centers, leading to lower response times for delay sensitive applications. This talk describes a mechanism for executing tasks on micro data centres based on their credentials and properties, supporting both batch and interactive applications whilst also taking account of deadline constraints. Task execution and application orchestration is supported across a micro data centre and a cloud data centre taking account of network delay and security tags. Jobs submitted by a user are tagged as: private, semi-private and public, and data centres classified as: trusted, semi-trusted and untrusted. Tasks can also be executed as private jobs on a user's local micro data centre or pre-trusted cloud data centre. A security and performance-aware distributed orchestration architecture and protocol is described that can also be used to support dynamic deployment of tasks on mobile devices using similar security mechanisms, e.g. over the air updates on mobile devices.
Omer Rana is a Professor of Performance Engineering and the Dean of International for the Physical
Sciences and Engineering College at Cardiff University. He has research interests in high performance
distributed computing (particularly cloud and edge computing) and intelligent systems. He is a visitor
professor at the Department of Computer Science and Engineering at Shanghai Jiao Tong University (China)
and was previously a visiting professor at Princess Noura University in Riyadh (Saudi Arabia).
He contributed to the UK eScience programme as deputy director of the Welsh eScience Centre.
Rana has contributed to specification and standardisation activities via the Open Grid Forum and
worked as a software developer with London-based Marshall Bio-Technology Limited prior to joining Cardiff
University, where he developed specialist software to support biotech instrumentation. He contributed to
public understanding of science, via the Wellcome Trust funded “Science Line“, in collaboration with
BBC and Channel 4. Rana holds a PhD in “Neural Computing and Parallel Architectures“ from Imperial
College (London University, UK), an MSc in Microelectronics (University of Southampton, UK) and a BEng
in Information Systems Eng. from Imperial College (London University, UK).
Title: State and Issues of Non-Fungible Token from Technical Point of View
Abstract: We survey recent development of NFTs (Non Fungible Tokens), which is a non-fungible digital token that records ownership certificates on the blockchain on unique and irreplaceable digital assets such as art, music, and collector's items, and gives them unique value. Now NFT is attracting attention as a technology that creates new trading markets and businesses. Note that, in contrast to NFT, digital tokens of substitutable assets such as virtual currencies and security tokens are called FTs (Fungible Tokens). This talk discusses technical issues of NFT, especially on its trust and security. The speaker has studied e-provenance from the last 20 years, which was before blockchain, and reports what is new of NFT comparing to e-provenance from technical perspective.
Dr. Kouichi Sakurai is a Full Professor in the Department of Informatics at Kyushu University.
Dr. Sakurai directs the Laboratory for Information Technology and Multimedia Security and he is
working also with CyberSecurity Center. He had been working also with the Institute of Systems &
Information Technologies and Nanotechnologies, as the chief of Information Security laboratory,
for promoting research co-oporations among the industry, university and government under the theme
"Enhancing IT-security in social systems". He has been successful in generating such co-operation
between Japan, China and Korea for security technologies as the leader of a Cooperative International
Research Project supported by the National Institute of Information and Communications Technology
(NICT) during 2005-2006. Moreover, in March 2006, he established research co-oporations under a
Memorandum of Understanding in the field of information security with Professor Bimal Kumar Roy,
the first time Japan has partnered with The Cryptology Research Society of India (CRSI). He is
working also with Department of Advanced security of Advanced Telecommunications Research Institute
International and was involved in a NEDO-SIP-project on supply chain security. Professor Sakurai
has published more than 400 academic papers around cryptography and cybersecurity
Title: Achieving Scalability and Interpretability Simultaneously in Detecting Multi-granularity Vulnerabilities.
Abstract: Since deep learning (DL) can automatically learn features from source code, it has been widely used to detect source code vulnerability. To achieve scalable vulnerability scanning, some prior studies intend to process the source code directly by treating them as text. To achieve accurate vulnerability detection , other approaches consider distilling the program semantics into graph representations and using them to detect vulnerability. In practice, text-based techniques are scalable but not accurate due to the lack of program semantics. Graph-based methods are accurate but not scalable since graph analysis is typically time-consuming. Inspired by existing DL-based image classification which has the ability to analyze millions of images accurately, we prefer to use these techniques to achieve both scalability and accuracy on scanning large-scale source code vulnerabilities. Specifically, we propose a novel idea that can efficiently convert the source code of a function into an image while preserving the program details. In this way, heavyweight function-level graph analysis is transformed into succinct image classification. In practice, since our analysis objects are images, we can leverage some deep visualization techniques such as Class Activation Map to interpret our detection results. However, function-level vulnerability detection may contain many vulnerability-unrelated statements which can confuse the interpretation. To make our interpretation more precise, we apply slice-level vulnerability analysis to filter vulnerability-unrelated statements as much as possible and employ an attention mechanism to obtain the weight of each remained slice. The combination of slice-level with function-level vulnerability analysis can improve our detection and interpretation..
Deqing Zou received the Ph.D. degree at Huazhong University of Science and Technology (HUST), in 2004.
He is currently the executive dean of School of Cyber Science and Engineering, Huazhong University of
Science and Technology (HUST), Wuhan, China. His main research interests include system security, trusted
computing, virtualization and cloud security. He has published many papers on prestigious conferences/
journals including NDSS, ASE, ICSE, TDSC, TIFS and so on. He is on the editorial boards of four
international journals, and has served as PC chair/PC member of more than 40 international conferences.