Track: Security: Attacking and Defending

Location: Bayview AB

Day of week:

Security is about the arm race between attacking and defending parties. As technology score big impacts through reaching large populations, security becomes a paramount need to prevent, or at least to limit miscreants from leveraging technology for evil purposes. In this track, world-renowned researchers forecast what’s coming, present what’s the reality and how we should take actions, connect dots here and there. As a security expert, you may find these topics interesting and inspiring. As an engineer, this is a good track to further your understanding of security challenges and countermeasures. As a business person, you may have a feeling of where the industry is headed. Come and learn about exciting advancements in the security field.

Track Host: Hui Xue

Director of Threat Research @ShapeSecurity

Hui Xue is the Director of Threat Research at Shape Security where he leads research on defending online businesses against fraudsters. His research interests include big data anti-fraud, mobile security, browser security, system security, etc. He published on top system and security conferences including OSDI, NDSS, Usenix Security, ASPLOS, BlackHat and Virus Bulletin. His research headlined US-CERT, Forbes, Bloomberg, Reuters, Yahoo, etc. He is an inventor for multiple patents and an Apple-acknowledged contributor to multiple security improvements for iOS. He obtained his Ph.D. from University of Illinois at Urbana Champaign.

From Threat Hunting to Crowd Defense

In this talk, I will first review practices and weapons to fight against cyber attackers, from repeat offenders to advanced targeted attackers where threat intelligence and artificial intelligence are well expected to change the game rule. However, at the real world, there are many victims suffering from very stupid mistakes. Through a couple of examples, I will talk about TI and AI in real practices, and crowd defense - a way to integrate defense measures against both targeted and untargeted attacks, avoiding being the low hanging fruit. Finally, I will conclude with best practices around TI based crowd defense and corresponding challenges that need collective efforts.

Richard Zhao, Chief Technology Officer, SVP Research @NSFOCUS

Control Flow Integrity Using Hardware Counters

Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using hardware features that exist in modern processor architectures, and real-time CFI policy enforcement, we hope to prove that our approach is effective and suitable for practical use, while staying resistant to bypass.

Jamie Butler, Chief Technology Officer @Endgame
Cody Pierce, Director of Vulnerability Research @Endgame

AI & Security: Lessons and Challenges

In this talk, I will first present recent results in the area of secure deep learning, in particular, adversarial deep learning---how deep learning systems could be easily fooled and what we need to do to address the issues. I will also talk about how AI and deep learning can help enable new capabilities in security applications. Finally, I will conclude with key challenges and future directions at the intersection of AI and Security: how AI and deep learning can enable better security, and how Security can enable better AI.

Prof. Dawn Song, Professor @UCBerkeley, Researching Deep Learning & Security

Towards Memory Safety in Intel SGX Enclave

Intel SGX is the next-generation trusted computing infrastructure. Rust programming language is an ideal choice for system programming and it guarantees memory safety. In this talk, we show Rust SGX SDK, which combines Intel SGX together with Rust. Developer could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.

Dr. Yu Ding, Security Scientist @Baidu X-Lab

The Security Challenges & Issues From SGX Practice

Intel® Software Guard Extensions (Intel® SGX) provides a trusted execution environment with hardware root of trust, brings powerful capability to build secure applications to solve data security problems. However applying SGX technology correctly and writing secure code are still a challenge.

In this talk, we want to present challenges and issues we saw with applying SGX to protect sensitive data in product. We will broadly discuss open problems including how to write ecall functions correctly, how to avoid potential side channel attack, what are the architecture issues when we apply secure AI with Intel® SGX.

Xiaoning Li, Chief Security Architect @Alibaba Cloud

Security: Attacking and Defending Open Space

Open Space is a kind of unconference, a simple way to run productive meetings for 5 to 2000 or more people, and a powerful way to lead any kind of organization in everyday practice and extraordinary change.

Last Year's Tracks

Schedule

Follow QCon

Contact

Menu

QCons around the World

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.