3rd Round of TROOPERS16 Talks Accepted

Here at TROOPERS HQ we are well into the Holiday (read TROOPERS) Spirit so we thought we would publish another round of talks! The current agenda can be found here.

Happy Holidays!



2nd Day Keynote

Bio: Ben Zevenbergen joined the Oxford Internet Institute to pursue a DPhil on the intersection of privacy law, technology, social science, and the Internet. He runs a side project that aims to establish ethics guidelines for Internet research, as well as working in multidisciplinary teams such as the EU funded Network of Excellence in Internet Science. He has worked on legal, political and policy aspects of the information society for several years. Most recently he was a policy advisor to an MEP in the European Parliament, working on Europe’s Digital Agenda. Previously Ben worked as an ICT/IP lawyer and policy consultant in the Netherlands. Bendert holds a degree in law, specialising in Information Law.


Marie Moe: Unpatchable: Living with a vulnerable implanted device

Gradually we are all becoming more and more dependent on machines, we will be able to live longer with an increased quality of life due to machines integrated into our body. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device can have fatal consequences. This talk is about my personal experience with being the host of an unpatchable medical implant, and how this has forced me to become a human part of the “Internet-of-Things”.

My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Bio: Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.


Jacob Torrey: Towards a LangSec-aware SDLC

The keynote of TROOPERS’15 by Prof. Sergey Bratus highlighted the findings of language-theoretical security (LangSec) vis-a-vis how many classes of vulnerabilities stem from computational and grammar complexity. This talk is aimed at software developers and project managers who are looking to enhance their SDLC with LangSec-supported practices. Actionable techniques, tools and methods will be provided to integrate LangSec findings into the software your organizations develop to reduce the defect rate and improve security. Also highlighted will be major development organizations that have developed coding best-practices that are well-aligned with LangSec, thus showing the empirical benefits to these changes to the SDLC.

Bio: Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He can be found posting goofy stuff to his Twitter: @JacobTorrey when not out in the mountains or tending to his critters..

The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization (2015)
Virtual Machine Introspection (2016)

David Batanero: TelcoSecDay: New Age Phreacking: Magic tricks for wholesale fraud.

Every day we make millions of calls routed through a number of wholesale providers, which we can take advantage of. We will discuss how the wholesale world operates, analyzing diverse types of fraud which can be performed through intermediate carriers to obtain a monetary benefit, some of them legally.

Bio:David Batanero enjoys telecommunications. He is currently the anti-fraud manager in a multi-national telecommunications company where he plays with the bad guys and carries out research. He has given talks at G-Con II/III, in Mexico in 2003/2004, at uCon, in Brazil in 2009, at t2 in Finland in 2009, at EISI III in Colombia in 2009 and at Ekoparty in Argentina in 2015. Ever since he was young, he has enjoyed disassembling and toying with any device he comes across, even if he might end up with left-over components when it needs to put it back together again. He is a tireless traveler, though his goddaughter calls him the “crazy uncle.”