Keynotes

Prof. Daphne Yao

Department of Computer Science
Virginia Tech, USA

Title: Deployable Security Beyond Detection Accuracy: Gaps, Successes, and Opportunities

Bio:

Dr. Danfeng (Daphne) Yao is a Professor of Computer Science at Virginia Tech. She is a Turner Faculty Fellow and CACI Faculty Fellow. Her research interests include building cyber defenses, as well as machine learning for digital health, with a shared focus on accuracy and deployment. Her tool CryptoGuard helps large software companies and Apache projects harden their cryptographic code. Her patents on anomaly detection are extremely influential in the industry, cited by patents from major cybersecurity firms and technology companies, including FireEye, Symantec, Qualcomm, Cisco, IBM, SAP, Boeing, and Palo Alto Networks. Dr. Yao is an IEEE Fellow for her contributions to enterprise data security and high-precision vulnerability screening. She received the prestigious ACM CODASPY Lasting Research Award. She is also an ACM Distinguished Scientist. Previously, she received the NSF CAREER Award and ARO Young Investigator Award. Dr. Yao is the ACM SIGSAC Vice Chair and has been a member of the ACM SIGSAC executive committee since 2017. Daphne received her Ph.D. from Brown University (Computer Science), Master’s from Princeton University (Chemistry) and Indiana University (Computer Science), B.S. from Peking University in China (Chemistry).

Abstract:

Security defenses addressing real-world needs and gaps are extremely valuable. However, such research is often deemed as not novel by academia. This talk aims to encourage our community to re-examine this long-held belief. I will first use the evolution of anomaly-based intrusion detection approaches over the last 35 years to illustrate the multi-faceted challenges associated with building deployable advanced defenses. I will discuss the real-time deployability of popular graph-based forensic approaches for advanced persistent threats (APT) and whether or not lightweight graph-free solutions could be achieved. I will also share my research journey designing and producing a high-precision tool CryptoGuard for scanning cryptographic vulnerabilities in large Java projects. That work led us to publish multiple benchmarks used for systematically assessing state-of-the-art academic and commercial solutions, as well as helping a large software company integrate our detection into their code screening routine. This talk will also discuss the impact of large language models (LLM) on software security and point out the urgent need for systematically characterizing LLM’s security capabilities, e.g., for security code and exploit generation. Broadening research styles by promoting deployment-inspired work will drive our field toward maturity.

Kenneth Rohde

Cyber Security Research and Development Department
Idaho National Laboratory, USA

Title: TBA

Bio:
Kenneth Rohde is a member of the Cyber Security Research and Development Department at the Idaho National Laboratory (INL) in Idaho Falls, Idaho. Mr. Rohde has over 20 years of experience in cybersecurity associated with Industrial Control Systems (ICS) assessments and training. His most recent research work focuses on Electric Vehicles (EVs) and the associated grid infrastructure to support high-power and distributed EV charging systems. This work is sponsored by the Department of Energy (DOE) Vehicle Technologies Office (VTO) and the Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

Abstract:
An overview of the history of cybersecurity at INL and how it has evolved with today’s Critical Infrastructure, including the advancement of Electric Vehicles (EVs) and the EV charging infrastructure. Recent and future research efforts are included to demonstrate the current state of the art and where this technology might progress. With maybe a little Fear, Uncertainty, and Doubt (FUD) mixed in…