NERD Summer School
RWTH Computer Science Center (Informatikzentrum)
Street Address: Mies-van-der-Rohe-Straße 35
|Morning Session (9:30am-12pm||In this session, we explore user authentication. This includes an overview of the different authentication approaches and how to compare them along different metrics. We will also cover the psychology, usability, and security factors to consider when conducting research in user authentication. Finally, we will explore best practices in conducting user studies involving authentication, and discuss current recommendations.
Sonia Chiasson is the Canada Research Chair in User-Centric Cybersecurity and an Associate Professor in the School of Computer Science at Carleton University in Ottawa, Canada. Prof. Chiasson is the deputy Scientific Director of SERENE-RISC, a national network created to
|Afternoon Session (1:30pm – 4:00pm)||In this session, we explore usable privacy. The session will start with an interactive discussion of the definition of privacy, then will move on to the contextual nature of privacy, and the apparent disconnect between the stated privacy wishes of users and their actions in protecting their privacy. The session will close with an exploration of current usable privacy practices, as well as examining their applicability to new platforms such as the Internet of Things.
Heather Crawford is an Assistant Professor in the Department of Computer Engineering and Sciences at Florida Institute of Technology in Melbourne, Florida, USA. Dr. Crawford has conducted research in the areas of usable authentication on mobile and wearable devices. Her main research interests remain in the usable security and privacy field with a focus on their applicability to IoT, as well as research in the security of Quantum Computing. Dr. Crawford has won several Teaching Excellence Awards at Florida Tech, and enjoys teaching a variety of graduate and undergraduate courses.
|5pm||Reception and Poster Session|
IT Security Education
|Morning Session (9:30am-12pm)||This session will look at best practice and innovative methods for cyber security education at the university level. I’ll start off by looking a “gamification” and the use of Capture The Flag competitions, reviewing there strengths and weaknesses, and presenting a range of good (and a few bad) examples of how others have used these ideas in cyber security courses. Next, I will present some of our own work on building an easy to deploy, self contained CTF VM, and on adding a story to this to make it more engaging to students.
I’ll also discuss a phishing education VM we have developed and how IoT devices can be used in cyber security education. I’ll end by discussing how real computer games can make excellent material for advanced cyber security exercises.
Tom Chothia a Reader in cyber security at the University of Birmingham. His work focuses on the development of formal and automated methods, and their application to finding vulnerabilities in real world systems. He runs research projects on the security of financial systems, industrial control systems and firmware analysis.
|Afternoon Session (1:30pm – 4:00pm)||This session will explore issues in IT security from a human-centered security perspective, examining challenges faced by end-users. Following this, a variety of gamification and games-based learning techniques will be discussed. The two topics will then be brought together, allowing participants to investigate how gamification techniques can be applied to the domain of security awareness.
Objectives of the session:
Lynsay Shepherd is a Lecturer in Usable Security at Abertay University, Dundee, and works within the Division of Cyber Security, in the School of Design and Informatics. Dr Shepherd holds a PhD in Usable Security, an MSc in Internet Computing, and a BSc (Hons) in
|Evening Programm||Guided City Tour|
IT Security Standardization
|Morning Session (9:30am-12pm||Until very recently, all major security protocol standards (for example, for secure web browsing) were developed with little to no input from academia. However, this situation is now rapidly changing, with the ultimate goal of deploying more secure standards. Prime examples are the recently deployed TLS 1.3 protocol and the ongoing development of the MLS secure messaging protocol. In this session I will explain through several examples how we as academics are trying to assist in the development of these standards. In particular, I will show how the developments in automated analysis tools and pen-and-paper proof methodologies play a crucial role in making the communications of the future more secure. As running examples we will use the TLS 1.3 protocol, which you are probably using in your browser right now, and the MLS protocol for secure group messaging, which is currently under development.
During the last ten years in this area, we encountered many deep technical problems and challenges, some of which we have yet to solve. But we also encountered problems of a different nature: how to interact with standardisation bodies, such as ISO, IETF, 3GPP (5G), and IEEE? The answers are sometimes funny, and sometimes sad, but we are heading in the right direction
Cas Cremers is faculty member at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany. He obtained his PhD in 2006 from Eindhoven University of Technology in the Netherlands. From 2006 to 2013 he was a postdoctoral researcher, and senior researcher and lecturer, at ETH Zurich in Switzerland. In 2013 he moved to the University of Oxford as an Associate Professor. In 2015 he became (full) Professor of Information security at the University of Oxford. In 2018 he joined the CISPA Helmholtz Center for Information Security in Germany.
|Afternoon Session (1:30pm – 4:00pm)||One of the major challenges ahead of us in applied cryptography is the migration of asymmetric cryptography from RSA/DH/ECDH-based systems to primitives that remain secure in the presentence of quantum adversaries. To tackle this challenge, NIST issued a call for proposals in 2016 and by the deadline in 2017 collected 69 submissions. In January 2019, NIST announced a set of 26 round-2 candidate schemes. In my talk I will give my personal view on this standardization effort; as I am a co-submitter of 7 schemes, this view is certainly going to be biased. Also, it is going to be from a crypto-engineering rather than a cryptanalysis point of view.
Peter Schwabe is an associate professor at Radboud University Nijmegen. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research area is applied cryptography; in particular the optimization of cryptographic and cryptanalytic algorithms in software. The target architectures of this software range from high-end desktop and server CPUs through parallel architectures such as the Cell Broadband Engine and graphics processing units to embedded processors such as ARM and AVR.
|Morning Session (9:30am-12pm||There is a near-constant barrage of major breaches of computer security, most recently CapitolOne as late July 2019; it is painfully clear that this challenge is important and far from solved. And the challenge is growing, as there is an ever-growing variety of languages and platforms that must be secured, for which code is developed and tested in an ever-wider variety of environments and with ever more tools. Static program analysis is a promising approach address these concerns, which has already shown results in both academic tools such as FlowDroid and CogniCrypt as well as commercial tools such as AppScan and Coverity. But the range of platforms, languages and tools each can require a different analysis implementations for any security analysis. Thus it is a daunting task to broadly support a broad range of developers to write secure code for the wide range of platforms in diverse languages using a wide range of tools.
In this tutorial, we walk the attendees through how this works in practice. We start with a technical overview of the WALA framework and its support for analysis of mobile code. Then, we briefly present the different platforms, including writing a common concrete app. Finally, we interactively create an analysis algorithm, using the foundations from the first part, and apply it to an app written in the second part across all platforms.Julian Dolby / IBM Research is a Research Staff Member at IBM’s Thomas J. Watson Research Center since 2000. He works on a range of topics, including static program analysis, software testing, the semantic web (AI) and programming technology support for machine learning.
|Afternoon Session (1:30pm – 4:00pm)|
Want to attend all or some days of the Summer School? Register here: