Fabio Martinelli
George Spanoudakis
Louis Marinos
  • Fabio Martinelli, Hybrid approaches for malware detection in android systems.
    ABSTRACT: The talk is about BRIDEMAID, a framework which exploits an hybrid approach based on static and dynamic analysis techniques for accurate detection of Android malware. The static analysis is based on n-grams matching, whilst the dynamic analysis is based on multi-level monitoring of device, app and user behavior. This combination allows a high detection accuracy..
    Fabio Martinelli is a Director of Research of Institute of Informatics and Telematics (IIT) of the Italian National Research Council (CNR). His main research interests involve security and privacy in distributed and mobile systems and foundations of security and trust. He founded and chaired the WG on Security and Trust management (STM) of the European Research Consortium in Informatics and Mathematics (ERCIM). He is currently chair of the WG 11.14 in secure engineering of the International Federation of Information Processing (IFIP). He usually manages R&D projects on information and communication security and in particular, He is currently the Project Coordinator of the EU Network on Cyber Security (NeCS) and the C3ISP project on information sharing and analytics. He is the co-chair of the Italian technological platform in homeland security (SERIT) and chaired the WG3 on Research and Innovation of the Network and Information Security (NIS) Platform promoted by the European Commission. He also acts as First director in the Board of the European Cyber Security Organization (ECSO).
  •  

  • George Spanoudakis, Managing Security Service Level Agreements.
    ABSTRACT: With the fast growth of cloud and big data analytics platforms, organisations rely mostly on cloud  and recently on Big Data Analytics services (BDA services), in order to support their business services. To securely use these services, service clients sign Service Level Agreements (SLAs) with service providers, regarding a particular service provision. Typically, SLAs define the properties that need to be preserved during the provision of a service (i.e., security and quality of service properties) and actions that will be applied if the service provision violates the defined properties (e.g., penalties or re-negotiation). Whilst significant research has focused on monitoring SLAs during the provision of services, the exploration and validation of the potential consequences of SLAs for the involved parties prior to putting them in operation is not addressed by existing research. This presentation provides an overview of a newly implemented framework that supports SLA validation, based on model checking. In particular, validation is based on the translation of SLAs expressed in WS-Agreement into models of the probabilistic model checker PRISM and the validation of SLA properties using the model checking capabilities of this tool. The framework supports also the specification of SLAs using generic security properties and service asset models and their subsequent translation into operational forms that can be monitored. Ongoing work focuses on adapting automatically the SLAs when the deployment of BDA services on cloud infrastructures changes.
    George Spanoudakis (BSc, MSc, PhD) is full Professor in the School of Mathematics, Computer Science and Engineering at City University of London and Director of the University’s Research Centre on Adaptive Computing Systems (CeNACS). He is also a visiting Research Professor at the University of Cyprus. Prior to his current posts, he has also held visiting positions at several institutions including the London School of Economics, the Universities of Malaga and Essen, and the Foundation of Research and Technology, Hellas. His research interests are in the field of software systems engineering with a focus on service oriented and cloud computing, and software systems security. Within the wider field of his research, he has published more than 160 peer-reviewed scientific papers and books and has attracted research funding in excess of €8m, including R&D projects funded by the EU, national research councils and the industry. Currently he is the technical coordinator of two Horizon2020 projects involving: (a) the collection and analysis of real-time health data (EVOTION) and (b) the development and management of cyber insurance policies. His research activity has involved extensive collaboration with the industry. Prof. Spanoudakis has served in the program committees of more than 180 international conferences and workshops. He is also a member of the editorial boards of 10 international journals. Beyond research, he has been providing advisory services to private companies, universities, public funding and standardization bodies in the UK and overseas.
  • Louis Marinos, Cyber Threat Intelligence at ENISA: Course of Action.
    ABSTRACT: Quite some developments have already taken place in the area of Threat Intelligence. New strategic positioning from European Commission, new developments in the related market, various trends within organisations and various discussions among experts. With this talk, we will focus on the most important elements of Cyber Threat Intelligence and we will discuss the whereabouts of current and upcoming developments. With this presentation, audience will become an overview based on experience from EU organisations and related stakeholders.
    Dr. L. Marinos is senior expert at ENISA in the area of Risk and Threat Management with extensive experience in the management and operation of security and the coordination of European expert groups. Currently, he is responsible for Projects in the area of Emerging Threat Landscape. He is the author and main responsible of the ENISA Threat Landscape. His expertise is on:
    • Threat Analysis, Risk analysis, Risk Management and Business Continuity Planning, including SMEs, Member States and Critical Information Infrastructure Protection.
    • Assessment and management of Emerging and Future Risks, Threats and trends hereof.
    • Integration of Risk Management with operational and governance processes.
    • Strategic consulting in the area of security for major firms in the financial, telecommunication and commercial sectors.
    • Security management with regard to critical business areas, such as financial institutions, B2B and telecommunications.