Keynote Speakers 2020

We are proud to announce the confirmed keynote speakers:

ARES Keynotes

Children need Cyber Security Education too
Karen Renaud, Abertay University, UK

Tuesday, August 25, 2020, 11:00 – 12:45, Zoom Room A

Abstract: The majority of cyber security awareness and training is targeted at adults, mostly those in employment. Some efforts target teenagers. All of these awareness drives might be coming too late. Children are using passwords from age 4 – what are they learning, and who is teaching them?  I’ll start off by explaining why we can’t just leave young children to come up with their own ways of managing passwords and learning other cyber-related skills. At Abertay, we have been carrying out research into coming up with better ways of teaching the right principles, from the outset. I look forward to telling you all about it.

Karen Renaud is a Scottish computing Scientist working on all aspects of Human-Centred Security and Privacy. She was educated at the Universities of Pretoria, South Africa and Glasgow. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. Her research approach is multi-disciplinary, essentially learning from other, more established, fields and harnessing methods and techniques from other disciplines to understand and influence cyber security behaviours.

Title: Security, the Elusive Goal of Privacy, and the Surprising Difficulties around Corona Tracing
Thorsten Strufe, KASTEL, Karlsruhe Institute of Technology, Germany

Wednesday, August 26, 2020, 13:00 – 14:30, Zoom Room A

watch the video here:

Abstract : System developers and admins have been struggling with building secure systems for a long time. While academics understand the traditional CIA goals well, industry is clearly better at assembling and maintaining hundreds of thousands of lines of code under the prime directive, that things have to work. To make matters worse, the last few years now have seen the importance of privacy increasing, a related, yet orthogonal goal. It seems to be even more difficult to grasp, unfortunately even for both academia and industry. I’ll give a little intro to the paradigm shift from classic security to privacy in this talk. Looking at the recent use case of contact tracing, we will then take a tour through obscure claims, vivid academic and corporate campaigning, and the observation that even large tech companies and arrived security experts can get things wrong, all this in the attempt to provide some really simple functionality.

Thorsten Strufe is Professor for practical IT Security at KIT, Honorary Professor for Privacy and Network Security at TU Dresden, Deputy Spokesman of the Cluster of Excellence for Tactile Internet (CeTI, Centre for the Tactile Internet with Human-in-the-Loop) and PI of the Research Training Group RoSI and the 5G-Lab Germany. He is concerned with the questions of how to not only make web services and smart phone applications secure, but also how to protect the privacy of their users. To this end, his group measures and analyzes usage data on a large scale and develops algorithms and protocols both for decentralizing the systems and for securing the underlying networks and detecting anomalies at different levels (misconfigurations, attacks, fake news).

His research contributed, among other things, to uncovering and publicising data protection problems in social media (profile cloning, “Safebook”), simplifying privacy settings in social media (“Facebook Privacy Watcher”), investigating and reducing data protection problems in the use of printers (“DFD Printer Anonymisation”), as well as formally investigating anonymisation networks and making their actual protection against new attacks formally verifiable.

CD-MAKE Keynotes

Explaining the Decisions of Deep Neural Networks and Beyond
Grégoire Montavon, Research Associate TU Berlin, Germany

Friday, August 28, 2020, 14:30 – 15:30, Zoom Room A

watch the video here:

Abstract: Deep neural networks have shown capable of converting large amounts of data into highly predictive nonlinear models. These models are however often perceived as black-boxes. In recent years, important efforts have been made to provide human-interpretable explanations of their predictions, in particular, determining which input features these models use to support their decisions. In this talk, we present recent work to extract explanations from complex nonlinear models such as deep neural networks used for image classification. Several recent directions are then presented to extend the approach beyond single predictions, towards explaining whole datasets or unsupervised learning models.

Grégoire Montavon received a Masters degree in Communication Systems from École Polytechnique Fédérale de Lausanne in 2009 and a Ph.D. degree in Machine Learning from the Technische Universität Berlin in 2013. He is currently a Research Associate in the Machine Learning Group at TU Berlin. His research interests include interpretable machine learning and deep neural networks.

The “sound” of ML implementation. A round trip in the “last mile” and its challenges.
Federico Cabitza, PhD, Associate Professor, University of Milano-Bicocca, Italy

Thursday, August 27, 2020, 13:15 – 14:45, Zoom Room A

Watch the video here:

Abstract: Achieving a pragmatic, or even an ecological validation (Cabitza and Zeitoun, 2019) of medical AI systems that nevertheless exhibit very high (statistical) accuracy has been observed to be more complicated than initially expected (Coiera et al. 2018): in fact, most of the challenges that make technically sound systems perform poorly in real-world settings lie in the so called “last mile of implementation” (Coiera, 2019). This evocative concept expresses the semantic difference between developing medical machine learning (or medical AI) and the mere application of machine learning techniques to medical data. Moreover, we will make the point that this “last mile”, although apparently short, is not a flat and regular path, but rather presents two chasms: the hiatus of human trust, and the hiatus of machine experience. The former one requires to focus on usability and causability (Holzinger et al 2019), while the latter ones requires data governance and to focus on data work, including practice of “data awareness” and “data hygiene”. I will discuss these notions, report about some researches performed in the above “last mile” and propose some ways to see how we can bridge across this “sound” spanning between development and deployment of medical AI, or at least navigate in it without too much trouble and the danger of sinking.

Federico Cabitza received his Master in IT Engineering at the Politecnico of Milan in 2001 with an experimental thesis on subsymbolic AI. In 2007, he received a PhD in Informatics from the University of Milano-Bicocca, with a thesis on Electronic Patient Record and coordination in hospital setting. Currently, he is an Associate Professor at the University of Milano-Bicocca (Milan, Italy) where he teaches Human-Computer Interaction and where he coordinates the research activities of the MUDI Lab (Modelling Uncertainty, Decisions and Interaction). Since 2016 he has also had a research appointment with the IRCCS Orthopaedics Institute Galeazzi in Milano (Italy). He is stable PC member of several international conferences and editor of the International Journal of Medical Informatics (IJMI, ISSN: 1386-5056), the Annals of Translational Medicine (Ann Transl Med; ATM; Print ISSN 2305-5839; Online ISSN 2305-5847) and the Journal of Medical Artificial Intelligence (ISSN 2617-2496). He is the author of more than 130 research publications to date, in international conference proceedings, edited books and scientific journals, including the JAMA, CSCW Journal, Computers in Biology and Medicine, Behaviour and Information Technology, International Journal of Human Computer Studies, Computers in Human Behavior, International Journal of Approximate Reasoning, and the Journal of Visual Languages and Computing.

Workshop Keynotes

Structural equation modeling in cybersecurity research
Dr. Simon L. R. Vrhovec, Assistant Professor at the University of Maribor, Slovenia

Workshop IWSMR: Tuesday, August 25, 2020, IWSMR 17:15 – 18:45, Zoom Room B

Abstract: Structural equation modeling (SEM) is one of the most prominent data analysis methods across a variety of different disciplines. SEM is however only occasionally applied in cybersecurity research (e.g. for determining cybercrime victimization and cybersecurity behavior factors). This may be attributed to several factors from poor awareness of SEM among cybersecurity researchers to different measurement challenges. This keynote focuses on the basics of covariance-based structural equation modeling (CB-SEM) through the analysis of a typical dataset. The presented SEM analysis will involve validation of a measurement instrument with a confirmatory factor analysis (CFA) and test of a research model with path analysis. The structure of a typical measurement instrument and issues with measurement common in cybersecurity research will be discussed. The limitations of CB-SEM and alternatives, such as PLS-SEM, will also be outlined.

Dr. Simon L. R. Vrhovec is an Assistant Professor at the University of Maribor, Slovenia. He received his Ph.D. degree in Computer and Information Science from the University of Ljubljana in 2015. He co-chaired the Central European Cybersecurity Conference (CECC) in 2018 and 2019. Since 2019, he is a Steering Committee member of the European Interdisciplinary Cybersecurity Conference (EICC). He is a member of Editorial Boards of the Journal of Cyber Security and Mobility and International Journal of Cyber Forensics and Advanced Threat Investigations. He is or has been a Guest Editor for special issues of IEEE Security & Privacy, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), and Journal of Universal Computer Science (J.UCS). His research interests are in human factors in cybersecurity, secure software development and agile methods, resistance to change, and medical informatics.

Reviewing the DevSecOps community surveys: What we learned in the last 6 years on how to be a DevSecOps Elite
Hasan Yasar, Software Engineering Institute, Carnegie Mellon University

Workshop SSE: Thursday, August 27, 2020, SSE I 15:15 – 16:45, Zoom Room C

Watch the video here:

Abstract : We’ve spent six years studying the secure coding practices of DevOps and the continuous delivery organizations by surveying over 20,000 software professionals.  We’ve analyzed their staffing practices, educational priorities, automation choices, security tools usage and various software development processes that improve their cybersecurity preparedness. Our study has also uncovered details of where automation fails, awareness falls short and breaches happen.

We know, as a collective team, how to produce the highest quality of software by following a DevOps methodology. This methodology helps us enforce security checks at each phase in a SDLC.  We learned many lessons on how automation help improve security. For example, how happy developers vs grumpy developers effect better software security. More specifically, recent surveys point out that mature DevOps practices are 3.6x more likely to consider security as a top concern and 2x more likely to have automated governance and compliance. Mature DevOps practices are constantly testing, deploying, and validating that the software meets every requirement and allows for fast recovery in the event of a problem.

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI’s clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

His current areas of professional interest include the following:

  • secure software development including threat modeling, risk management framework and software assurance model
  • secure DevOps process, methodologies and implementation
  • software development methodologies (Agile, Safe, DevOps)
  • cloud based application development, deployment and operations
  • software architecture, design, develop and management of large-scale enterprise systems

Track me if you can: Abusing the DNS infrastructure to prevent (botnet) takedowns
Davide Ariu, CEO at Pluribus, Italy

Workshop IWCC: Tuesday, August 25, 2020, IWCC I 13:45 – 15:15, Zoom Room C

Abstract: The Domain Name System (DNS) represents one of the main pillars of the Internet infrastructure. It provides not only a facility of translation from domain names to IP addresses (and vice-versa). Instead, it represents the cornerstone on which many services are built, including services supporting cyber-security applications.

Unfortunately, such a robust infrastructure represents a key asset also for cyber-criminals, since the most significant fraction of the cyber-attacks nowadays involves a form of abuse of a domain name or the DNS service. Thus, monitoring and analyzing the DNS traffic represents a fundamental step toward prompt detection and reaction to cyber-attacks.

During this talk, a quick overview of widespread threats affecting the DNS service will be offered. The talk will briefly recap the fundamentals of the DNS system, and will then show examples of real attacks where the DNS is either abused or opportunistically used. Then it will cover three main families of attacks, namely domain fluxing, IP fluxing, and cybersquatting. For each family, details of the attack techniques will be provided, together with some possible detection approaches recently proposed in the literature.

Davide Ariu is the CEO of Pluribus One (, a producer of cyber-security solutions empowered by secure and explainable AI.
He has a background as a computer security researcher, given that he has been working since 2005 on applications of machine learning to computer security. He is affiliated, since then, with the Pattern Recognition and Applications Laboratory of the University of Cagliari (
In 2010 he got a PhD in Computer and Information Security after also a visiting period at the Georgia Tech Information Security Center.
On such topics, he has published about 30 papers in peer-reviewed conferences, journals, and workshops. He regularly serves as a reviewer for international conferences and journals, including, among the others, the IEEE Transactions on Information Forensics and Security, Elsevier Computer Networks, and Elsevier Computers and Security. He is ACM and IEEE member.
From 2012 to 2016, he has been among the organizers of the Summer School on Computer Security and Privacy “Building Trust in The Information Age” (
In recent years, he participated in more than 10 EU funded research project, with coordinating duties in the context of the projects CyberROAD ( and ILLBuster ( He currently covers the role of Innovation Manager for the SIMARGL project ( In 2015 he co-founded Pluribus One, which currently represents the primary focus of his activity.

Targeted image steganalysis using the embedding algorithm in the detection method
Prof. David Megías, Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), Universitat Oberta de Catalunya (UOC)

Workshop CUING: Wednesday, August 26, 2020, CUING I 11:00 – 12:30, Zoom Room C

Watch the video here:

Abstract : It is increasingly common to use steganography for malicious purposes, either to maintain secret communications between members of criminal and terrorist groups, or as a means to deploy cyberattacks or infect information systems with malware. For this reason, steganalysis has received growing attention by the research community in the last few years. Steganalysis is the term used to refer to the different techniques that are used to detect statistical anomalies in the potential carriers of steganographic messages in order to identify suspected stego objects.

Images and the network protocols are two of the most frequently used carriers of secret steganographic messages in malicious scenarios. This keynote focuses on image steganalysis and summarizes a research line that has led to different published results in the last few years. The main idea behind the steganalytic methods overviewed in the presentation is to exploit the targeted embedding algorithm itself within the steganalytic method. When appropriately used, the embedding method aimed to be detected can increase the accuracy of current steganalytic methods and even help to predict whether a steganlytic detector will provide a reliable classification of a set of suspected images or not. The pros and cons of this strategy will be discussed, and some ideas for further research will be outlined.

Prof. David Megías is the Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), at the Universitat Oberta de Catalunya (UOC). He received the Ph.D. degree in computer science from the Universitat Autònoma de Barcelona (UAB) in July 2000. Since October 2001, he has been at the UOC with a permanent position (currently as Full Professor). At the UOC, he has held several academic positions, until he was appointed director of the IN3 in April 2015. His current teaching is mostly related to computer networks, information security (watermarking and steganography), and research techniques and methodologies in the field of network and information technologies. His current research interests focus on information security and privacy, and include the security and privacy in multimedia content distribution (mainly in the watermarking and fingerprinting topics), steganography and steganalysis, and privacy concerns in different applications of decentralized networks. He has published research papers in numerous international journals and conferences and has participated in several national joint research projects both as a contributor and as principal investigator. He is also member of the editorial board and programme committees of several journals and conferences in the area of security and privacy.

Machine learning for intelligent sensors
Simin Nadjm-Tehrani, Linköping University, Sweden

Workshop CyberTIM: Friday, August 28, 2020, CyberTIM 11:00 – 13:00, Zoom Room C

Abstract: Intrusion detection systems (IDS) can be considered as one sensor amongst many in enterprises that aim to create threat intelligence based on collected data from their systems. IDS research has a long history but at the same time very hard to evaluate scientifically. In this talk I will describe the major stumbling blocks for evaluation of IDS, including lack of relevant and large datasets, lack of possibility to perform live experiments, and lack of understanding of what the application of machine learning approaches tells us today. Using examples from recent work in the context of critical infrastructures I show that collected data from emulated or virtual test beds may have characteristics far from those observed in data collected from real systems.

Simin Nadjm-Tehrani is a professor in dependable distributed systems at Linköping University and the lab leader for the Real-time Systems Laboratory at Dept. of Computer and Information Science. Her research interests span multiple attributes of dependability, with applications in safety-critical systems, time-critical systems, and security in critical infrastructures. She is the coordinator of the national research centre on Resilient Information and Control Systems ( in Sweden since 2015, a centre supported by the Swedish Civil Contingencies Agency (MSB).

An Overview of Research Directions for Protecting Privacy of Location Data
Gabriel Ghinita, Associate Professor at University of Massachusetts

Workshop LPW: Friday, August 28, 2020, LPW 16:00 – 17:30 Zoom Room A

Abstract : The use of location data has become ubiquitous, given the emergence of mobile apps in the past decade. Numerous services rely on location data to provide customized service to their users. While the benefits of using such data for location-based services, recommender systems or healthcare apps are clear, there are also concerns with respect to protecting individual privacy. Disclosing location traces to an untrusted service can lead to serious privacy violations.

This talk will explore the latest research directions and trends in protecting the privacy of location data. We will investigate three main categories of approaches: (1) differential privacy for releasing statistics on user whereabouts; (2) geo-indistinguishability for location perturbation in online services; and (3) techniques for processing on encrypted location data. These three approaches offer interesting trade-offs with respect to data accuracy, performance, and the nature of data access supported (i.e., aggregate data access vs individual location data use).

Dr. Gabriel Ghinita is an Associate Professor at University of Massachusetts, Boston. During the 2018/19 academic year, he spent one year as a Visiting Associate Professor at University of Southern California. Prior to joining UMB in Fall 2011, he was a Research Associate at the Purdue Cyber Center and Purdue Center for Education and Research in Information Assurance and Security (CERIAS).

Dr. Ghinita’s research focuses on information security and privacy, with emphasis on protecting location data. His 2008 work published in ACM SIGMOD 2008 was the first to support practical nearest-neighbor queries  with  cryptographic-strength  protection,  and  has  more  than  900  citations  to  date  (according  to  Google Scholar). His research work on protecting location privacy received an Outstanding Paper Award at  the  ACM  SIGSPATIAL  2009  conference,  and  a  Distinguished  Paper  Award  at  the  2014  ACM  Conference on Data and Application Security and Privacy (CODASPY)

Internet of Things (IoT) Forensics: Challenges and Opportunities
Kim-Kwang Raymond Choo, University of Texas at San Antonio, USA

Workshop WSDF: Tuesday, August 25, 2020, WSDF I 13:45 – 15:15 Zoom Room A

Abstract: Internet of Things (IoT) devices are becoming commonplace in our society, due to their widespread applications (e.g., environmental monitoring, smart cities, healthcare, surveillance, and battlefields such as Internet of Battlefield Things). Such devices are also generally capable of capturing a broad range of information, including digital artefacts that can facilitate a digital investigation during a cyber security incident (e.g., data breach). While IoT devices are potential evidence acquisition sources, there are a number of challenges associated with IoT forensics and investigations as discussed in this presentation. We also identify a number of opportunities, which hopefully will help to shape future research agenda on IoT forensics. For example, we posit the importance of having a digital forensic black-box, conceptually similar to the cockpit voice recorder (also known as a flight recorder) on aircrafts, to facilitate digital investigations.

Kim Wang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia, and currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA), US. In 2015 he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, Outstanding Associate Editor of 2018 for IEEE Access, British Computer Society’s 2019 Wilkes Award Runner-up, 2019 EURASIP Journal on Wireless Communications and Networking (JWCN) Best Paper Award, Korea Information Processing Society’s Journal of Information Processing Systems (JIPS) Survey Paper Award (Gold) 2019, IEEE Blockchain 2019 Outstanding Paper Award, International Conference on Information Security and Cryptology (Inscrypt 2019) Best Student Paper Award, IEEE TrustCom 2018 Best Paper Award, ESORICS 2015 Best Research Paper Award, 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, 2008 Australia Day Achievement Medallion, and British Computer Society’s Wilkes Award in 2008.

Strengthening Cyber Security in Europe – ECHO project approach
Wim Mees, Royal Military Academy, Belgium & Nikolai Stoianov, Deputy Director of the Bulgarian Defence Institute

Workshop CSA: Tuesday, August 26, 2020, CSA I 11:00 – 12:30, Zoom Room D

Watch the video here:

ARES EU Symposium Workshop Keynotes

Semi-Automated Cyber Threat Intelligence (ACT)
Dr. Martin Eian, Head of Research at mnemonic, Norway

Workshop NG-SOC: Tuesday, August 25, 2020, NG-SOC I 09:00 – 10:30, Zoom Room D

Abstract: The ACT platform is an open source, scalable graph database with support for granular access control and workflow management. ACT enables advanced threat enrichment, threat analysis, visualization, process automation, lossless information sharing, and powerful graph analytics. Its modular design and APIs facilitate implementing new workers for enrichment, analysis, information sharing, and countermeasures. This presentation will explain why we built ACT, how we did it, the challenges we faced, and the lessons we learned.

In 2014, we decided that we needed a platform that would let us collect and organize our knowledge of threats, facilitate analysis and sharing, and make it easy to retrieve that knowledge when needed. We spent too much time on manual processes, copy-pasting information between different systems. A lot of our knowledge was in unstructured form, which made it difficult and time consuming to figure out if we had relevant knowledge that could help us decide how to handle security alerts and security incidents. We evaluated the existing threat intelligence platforms, concluded that they could not easily be adapted to meet our needs, and decided to research and develop a new platform: ACT. The ACT platform is the product of a 3-year collaborative research project between the private sector, security agencies, CERTs and universities.

Dr. Martin Eian is the Head of Research at mnemonic. He has more than 15 years of work experience in IT security, IT operations, and information security research roles. In addition to his position at mnemonic, he is a member of the Europol EC3 Advisory Group on Internet Security.

Is 5G secure? Facts, myths, challenges and approaches to security
Jordi Mongay Batalla, National Institute of Telecommunications, Poland

Workshop 5G-NS: Thursday, August 27, 2020, 5G-NS I 15:15 – 16:45, Zoom Room D

Abstract: The development of the 5G network is associated with innovative technical elements. Its functions are quite different from those known from the 4G network and include advanced mechanisms at both radio and core. Some of the new functionalities are specially susceptible to security threats. A good example is network slicing, which is based on virtualization and third party management. The analysis of the new functionalities from the point of view of security challenges, is crucial to understand how much secure the network is. In this context, the issue of how 5G hardware and software providers have responded to the challenge of ensuring security and how other network users (including public authorities) can address this challenge by providing risk assessment plans is becoming increasingly important.

Jordi Mogay Batalla (MSc by Polytechnic of Valencia, Spain; PhD and DSc by Warsaw University of Technology, Poland. ORCID: 0000-0002-1489-5138) is Deputy Director of Research at National Institute of Telecommunications, Poland. He is also with Warsaw University of Technology, where he is an Associate Professor in the Department of Computer Network and Services. Jordi Mongay Batalla took part (coordination and/or participation) in more than 30 national and international ICT research projects (including EU ICT Programmes). His research interest focuses mainly on Technologies (5G and 6G, Network Faunctions: Network services chain, Security, AI) and Applications (DLT and blockchain, Internet of Things, Smart Cities, multimedia) for the Future Internet. He is editor of four books and author of more than 150 papers published in books, international journals (IEEE ComMag, IEEE WCM, IEEE JSAC, ACM CSUR, etc.) and conference proceedings and patents (Polish and European Patent Offices). He is/ has been guest editor and member of Editorial Board in more than 10 international journals. Currently Dr. Mongay Batalla is an adviser in different international and national technical groups. He is a technical adviser of the Polish Government for 5G cybersecurity law, a technical adviser of Polish Ministry of Infrastructure for autonomous automotive and others. He is also a technical member of the European Blockchain Services Infrastructure (European Commission) and is a member of Hyperledger platform (a TheLinuxFoundation project). He is Member of the Polish Normalization Committee and collaborates actively with ITU-T Standardisation Groups (SG-12). He is an IEEE Member since 2010.