Program

You can download the RAID app on your smartphone from here: https://whova.com/portal/raids_202406/.

For more details, check out the detailed program.

Monday 30/09/2024

08:30 - 09:00 Registration
09:00 - 09:30 Opening
09:30 - 10:30 Keynote I


Lorenzo Cavallaro
Trustworthy AI... for Systems Security

Abstract: No day goes by without reading machine learning (ML) success stories across various application areas. Systems security is no exception, where ML’s tantalizing performance leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we’re left in uncharted territory. Is machine learning truly capable of ensuring systems security? In this keynote, we will take malware research as a representative example of a long-studied, thriving, yet challenging subject and, after offering a quick historical perspective, we will illustrate some of the open issues that are affecting learning-based malware models. When relevant, we will also delve into behind-the-scenes aspects to encourage reflection on the reproducibility crisis. Our goal is to foster a deeper understanding of machine learning’s role in systems security along with a discussion on promising directions the research community is and should be pursuing to address such challenges and open problems.

Bio: Lorenzo Cavallaro grew up on pizza, spaghetti, and Phrack, and soon developed a passion for underground and academic research. He is a Full Professor of Computer Science at University College London (UCL), where he leads the Systems Security Research Lab. Lorenzo’s research vision is to enhance the effectiveness of machine learning for systems security in adversarial settings. He works with his team to investigate the interplay among program analysis abstractions, representations, and ML models, and their crucial role in creating Trustworthy AI for Systems Security. Lorenzo publishes at and sits on the Program Committee of leading conferences in computer security and ML, received the Distinguished Paper Award at USENIX Security 2022, and an ICML 2024 Spotlight Paper. He is also Associate Editor of ACM TOPS and IEEE TDSC. In addition to his love for food, Lorenzo finds his Flow in science, music, and family.

10:30 - 11:00 Break
11:00 - 12:30 Web Security and Privacy (Chair: Colin Ife)
12:30 - 14:00 Lunch
14:00 - 15:30 Malware & Unwanted Software (I) (Chair: Simone Aonzo)
15:30 - 16:00 Break
16:00 - 17:30 IDS and Network Security (Chair: Bradley Reaves)
17:30 Welcome Reception at Palazzo della Salute

Tuesday 01/10/2024

09:30 - 10:30 Malware & Unwanted Software (II) (Chair: Gianluca Stringhini)
10:30 - 11:00 Break
11:00 - 12:30 Cyber Crime and Security Measurements (Chair: Martina Lindorfer)
12:30 - 14:00 Lunch
14:00 - 15:30 Software Security (Chair: Christian Rossow)
15:30 - 16:00 Break
16:00 - 17:30 ML and Adversarial Learning for Security (Chair: Fabio Pierazzi)
20:00 Social Dinner at Pedrocchi Cafè & Awards Announcements

Wednesday 02/10/2024

09:30 - 10:30 Keynote II


Marcel Böhme
How to Solve Cybersecurity Once and For All

Abstract: In Pwn2Own this year, a single person (Manfred Paul) demonstrated successful exploits for all major browsers: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. Chrome alone is used by 3.5 *billion* people. Today, thanks to Paul, these major security flaws are fixed. Last year, evidently, the majority of people in the world accessed the internet with the door open to potential attackers—despite decades of research in defensive security, despite an abundance of mitigations, despite dedicated red teams. -- But why? Software is entirely virtual and can be described completely: A program’s source code is meant to formally express the programmer’s intention using the syntactic and semantic rules of the programming language. As the behavior of a software system arises from well-defined instructions, we must be able to formally reason about all its properties. Surely there exists an approach that will forever guarantee the security of our systems. Only, we haven't found it, yet?

In this keynote, I will explore what fundamentally prevents us from making reliable statements about the security of a software system. I will try to substantiate each argument by demonstrating how the corresponding challenge in our defensive strategies is routinely exploited to attack a system despite credible assurances about the absence of security flaws. After the successful deconstruction of the prevalent philosophy, I will introduce a philosophy of vulnerability-guided hardening, where we seek to falsify claims of security using successful attacks as counterexamples.

Bio: Marcel Böhme leads the Software Security research group at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. His group is interested in the automatic discovery of security flaws in software systems at the very large scale. Apart from the development of practical techniques for vulnerability discovery (incl., fuzzing), his group seeks to identify fundamental limits of existing techniques, studies empirical methods (incl. statistical and causal reasoning) for program analysis, and explores the assurances that software testing provides when no bugs are found. Find us at https://mpi-softsec.github.io/.

10:30 - 11:00 Break
11:00 - 12:30 CPS / IoT / Critical Infrastructures Security (Chair: Alessandro Brighente)
12:30 - 14:00 Lunch
14:00 - 16:00 Mobile and Hardware Security (Chair: Pietro Frigo)
16:00 Closing Remarks

Organized by


polyu
polyu

Sponsors


Diamond

KAUST

Platinum

Google