SlideShare ist ein Scribd-Unternehmen logo

Singapore International Cyberweek 2020

Abhik Roychoudhury
Abhik Roychoudhury

Opening remarks given at Cybersecurity R & D workshop at Singapore International Cyberweek 2020.

Technologie
1 von 32
Trustworthy Systems to Trusted AI Prof. Abhik Roychoudhury Provost’s Chair Professor National University of Singapore 1 Cybersecurity R&D Workshop 2020
Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems and Trusted AI 2
Encourage problem-inspired research Singapore Cybersecurity Consortium (SGCSC) Est. 1 September 2016 A nation-wide platform for engagement between industry, academia, and government towards greater awareness, adoption, and translation of cybersecurity technologies Upgrade capabilities through technology adoption Grow an innovation ecosystem Industry Academia Agencies 3 About
Singapore public agencies Open participation Industry members Singapore-registered companies with interest or expertise in cybersecurity are eligible to apply for membership Agencies Industry Academia Institutes of Higher Learning and Research Institutes Open participation 4 Structure Structure
S I LV E R P L AT I N U M G O L D 5 Industry Members As of 15 Sep 2020
National Satellites of Excellence Local and International Research Grants National Cybersecurity R&D Laboratory & iTrust Labs Singapore Cybersecurity Consortium Cybersecurity Postgraduate Scholarship National Cybersecurity R&D (NCR) Programme https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme SGCSC, a component of the NCR programme, helps members gain awareness and exposure to various resources and support for cybersecurity R&D available under the programme. 6 Ecosystem
Annual WILD & CRAZY IDEAS DAY Research ideas Problem statements Annual CYBERSECURITY CAMP Workshop on trending topics Industry applications Hands-on learning MEMBER RATE Quarterly TECHNOLOGY TALKS Latest technologies and trends Project showcases EXPOSURE OPPORTUNITIES SPECIAL INTEREST GROUPS Knowledge and idea exchange R&D partnership exploration MEMBER ONLY Annual SEED GRANT CALL Funding for joint R&D (Industry-Academia pair) Approx. $100 – 150K 1- to 1.5-year projects MEMBER ONLY CYBERSECURITY TRACK Pre- / early start-up mentorship Business + Technical discussions Training and tech update Discussions to alleviate pain points in existing work Dream up new projects – Translation-oriented research Maturity slope 7 Activities
Seed Grant 2020 Award Deep Learning-based Side Channel Attacks on SoC Architecture for Hardware Assurance EarAuth: Designing Usable Security for the Next Billion Users (NBUs): A Novel Multi-Factor Authentication Solution using Smart Earables This project enables comprehensive and inexpensive security evaluation for IoT devices. This project aims to develop an authentication framework using smart wearables around the ear, to enable password-less logins for swift usability. CONGRATULATIONS!!
Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems & Trusted AI 9
Trustworthy software 10 Creativity Precision+ - Solving differential equations for an examination - Painting a landscape of the lush greenery or a landscape. Compare these activities with crafting software systems
Engendering Trust Formal Verification • Formally verified Software Stack • Verified Operating Systems: seL4 project • Verified file systems: BesFS, work at NUS Trust from COTS 11
Chronological Evolution of Capabilities Point Projects MINDEF, MoE… [2009-12, 2011-14, 2013-15] Targeted Capability NCR 1 TSUNAMi (2015 –20) National Satellite of Excellence (2019- ) 12
Our Capability Stack 13 Security Testing and Analysis (TSUNAMi, NRF NCR) Formal Verification of Systems (Securify, NRF NCR) [Core] Certified Trustworthy Systems – Call 1 Regression analysis (MoE) Symbolic analysis (DIRP, DSO) [App] Secure Smart Nation – Call 2 Modeling and Verification (FSTD) Scalable MC (NTU) 20092015201820192020 [App] Challenge from Call 2 National Satellite of Excellence
Vulnerability Discovery Binary Hardening Verification Data Protection 14 Agency Collaboration … Industry Collaboration … Education – Universities, … Research Outputs – Publications, Tools, Academic Collaboration, Exchanges, Seminars, Workshops Enhancing local capabilities Overall Outlook
15 Malware &Rootkit Analysis Internet File System Account & Protection Kernel & Process Function Call System Call Program & Service strace Buffer Overflow Fuzzing Binary Analysis gdb SPIKE BitBlaze/QEMU ls, cd, mv, ps, vi, … Password Cracking john Scanning ping, traceroute, nmap Sniffing WireShark Spoofing & Session Hijacking netwox nc Denial of Service VM simulation Firewall & NAT iptables Web attacks: SQL injection, CSRF, XSS TamperData, Paros Proxy System Security Software Security Network Security Web Security Education: module at NUS
National Satellite of Excellence The NSoE-TSS aims to enhance Singapore's national capabilities in trustworthy smart system infrastructures. We seek to build on our combined strengths in software security, and smart systems to build consolidated technologies, related to software assurance for smart systems. The certification can take on a range of flavours including functionality certification, checking against crashes and vulnerabilities, measuring and certifying resilience against malicious inputs and environments, as well as checking and certifying for absence of information leakage via extra- functional mechanisms such as side channels. https://www.comp.nus.edu.sg/~nsoe-tss/index.htm
Mission 17 Technology • Deep tech. capabilities for software sys. certification • Functional and non-functional properties Innovation • Show-case innovative uses of certified software sys. for secure smart nation • Deployment scenarios Policy • Enhance and aid regulatory processes for critical software systems • Feedback to public agencies
Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems & Trusted AI: Capabilities • Spectre Attacks • Fuzz Testing • Fuzzing for DNNs • Self-Healing Systems 18
Defense against Spectre attacks 19 Taint Sources list Code repair <TB , RS, LS> <TB, RS> <TB> … Binary New Binary Source code Taint analysis BAP Spectre Detector Report Assembly code (.s) Assemble & link Repaired assembly code (.s) Compile Code Matcher Disassembly code (.asm) Objdump • Spectre attacks exploit the vulnerabilities of a program to steal the sensitive data through speculative execution. • oo7 is a static analysis framework that can mitigate Spectre attacks by detecting potentially vulnerable code snippets in program binaries and protecting them against the attack. Spectre variant 1 The detection condition of Spectre variant 1 oo7
Fuzzing 20 � Model-Based Blackbox Fuzzing Input model Peach, Spike … Seed Input � � � Pass al l check s Sat i sf y so m e check s Sat i sf y so m e check s Mutated Inputs Mutators Test suite Mutated files Input Queue EnqueueDequeue ProgramInput
AFLFast • Design power schedules to regulate the “energy” to gravitate path exploration towards low-frequency paths • Integrated into AFL Fuzzer, used in DARPA CGC. • Intuition is simple – deprioritize the common paths, works directly on binaries. 21 if (condition1) return // frequented by inputs else if (condition2) exit // frequented by many inputs else …. • Directed Fuzzing as an optimization problem (No constraint so • Program analysis moved to instrumentation time to retain efficiency of greybox fuzzing. • Distance to targets efficiently computed at runtime. • Find global minimum using search meta-heuristic – Simulated An • Results: outperforms KATCH and BugRedux. 17 CVEs assign • Application: patch testing, crash reproduction, information flow Mutators Test suite Mutated files Input Queue EnqueueDequeue
Deployment 22 Independent evaluation found crashes 19x faster on DARPA Cyber Grand Challenge (CGC) binaries Integrated into main-line of AFL fuzzer within a year of publication (CCS16), which is used on a daily basis by corporations for finding vulnerabilities
Model Training and Model Robustness � � 0 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 2.21 1.72 1.23 0.74 0.49 0.25 0.00 2.21 1.72 1.23 0.74 0.49 0.25 0.00 7.47 5.69 4.80 3.03 2.14 1.25 0.53 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 rotaterotate translate translate rotate translate � � -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 2.21 1.72 1.23 0.74 0.49 0.25 0.00 2.21 1.72 1.23 0.74 0.49 0.25 0.00 7.47 5.69 4.80 3.03 2.14 1.25 0.53 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 rotaterotate translate translate rotate translate • Neural Network can be fooled with simple special transformation (rotation, translate) rotate by labels are different Adversarial learning Program synthesis Complete features Complete specifications Test case generation Data augmentation • Model training can be regarded as AI-based program synthesis. Given a set of specs (training data), it generates a program (model) satisfying all the specs. 23
Mutator Mutated inputs } Selector model Seed pool Fuzz-based Data Augmentation to Improve Robustness • Generate representative perturbations using genetic algorithm to augment training data • The goal is to maximize the diversity of samples in the distribution Dataset Standard Acc Random Augment Sensei GTSRB 1.9% 73.3% 88.2% CIFAR-10 1.8% 73.3% 81.5% • Result in terms of robust accuracy[*] [*] Exploring the Landscape of Spatial Robustness. L. Engstrom, B. Tran, D. Tsipras, L. Schmidt, and A. Madry ICML 19’ 24 Training data- set (Seeds) Interesting inputs
Intelligent software! 25 In the absence of formal specifications, analyze the buggy program and its artifacts to glean a specification about what could have gone wrong! Specification Inference (application: self-healing) Buggy Program Tests
(very Non-exhaustive) History of AI Symbolic AI • 1958 LISP • 1965 Resolution theorem proving • 1970 Prolog • 1982-92 Fifth Generation Comp Sys • 1995 - … Advances in SAT, SMT solving • 2005 - … Symbolic Execution Biologically inspired AI • 1959 Perceptron • 1970 - … Genetic Algorithm • 1980 -… Neural Networks • 1992 Genetic Programming • 1997 Deep Blue • 2012 AlexNet work on CNN 26
GENETIC programming 27 Lift semantic features from correct patches and use learning to rank them.
Symbolic AI approach 28
Genetic approach may not work here 29
Inference 30
The future for autonomous systems? 31 Can autonomous software test and repair itself autonomously to cater for corner cases? Can autonomous software repair itself subject to changes in environment?
https://sgcsc.sg/ cyber@comp.nus.edu.sg https://www.facebook.com/sgcsc/ 32

Empfohlen

Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - LuxembourgAbhik Roychoudhury
 
APSEC2020 Keynote
APSEC2020 KeynoteAPSEC2020 Keynote
APSEC2020 KeynoteAbhik Roychoudhury
 
Automated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAutomated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
 
NUS PhD e-open day 2020
NUS PhD e-open day 2020NUS PhD e-open day 2020
NUS PhD e-open day 2020Abhik Roychoudhury
 
Dagstuhl2021
Dagstuhl2021Dagstuhl2021
Dagstuhl2021Abhik Roychoudhury
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynoteAbhik Roychoudhury
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 

Empfohlen

Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - LuxembourgAbhik Roychoudhury
 
APSEC2020 Keynote
APSEC2020 KeynoteAPSEC2020 Keynote
APSEC2020 KeynoteAbhik Roychoudhury
 
Automated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAutomated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
 
NUS PhD e-open day 2020
NUS PhD e-open day 2020NUS PhD e-open day 2020
NUS PhD e-open day 2020Abhik Roychoudhury
 
Dagstuhl2021
Dagstuhl2021Dagstuhl2021
Dagstuhl2021Abhik Roychoudhury
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynoteAbhik Roychoudhury
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 
Symbexecsearch
SymbexecsearchSymbexecsearch
SymbexecsearchAbhik Roychoudhury
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAbhik Roychoudhury
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017Abhik Roychoudhury
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik Roychoudhury
 
ICPC08b.ppt
ICPC08b.pptICPC08b.ppt
ICPC08b.pptPtidej Team
 
Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016Gael Varoquaux
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use caseinovex GmbH
 
Make2win 線上課程分析
Make2win 線上課程分析Make2win 線上課程分析
Make2win 線上課程分析NTC.im(Notch Training Center)
 
CSMR13b.ppt
CSMR13b.pptCSMR13b.ppt
CSMR13b.pptPtidej Team
 
Programas y Pruebas en Dafny
Programas y Pruebas en DafnyProgramas y Pruebas en Dafny
Programas y Pruebas en DafnyFacultad de Informática UCM
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Sangmin Park
 
Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?Felix Z. Hoffmann
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSung Kim
 
A Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal PropertiesA Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal PropertiesLionel Briand
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2gregoryg
 
Effective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent SoftwareEffective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent SoftwareSangmin Park
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptPtidej Team
 
The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...Ali Ouni
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaHamilton Oliveira
 

Weitere ähnliche Inhalte

Was ist angesagt?

Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAbhik Roychoudhury
 
Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016Gael Varoquaux
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use caseinovex GmbH
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Sangmin Park
 
Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?Felix Z. Hoffmann
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSung Kim
 
A Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal PropertiesA Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal PropertiesLionel Briand
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2gregoryg
 
Effective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent SoftwareEffective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent SoftwareSangmin Park
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptPtidej Team
 
The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...Ali Ouni
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 

Was ist angesagt? (20)

Symbexecsearch
SymbexecsearchSymbexecsearch
Symbexecsearch
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer School
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
 
ICPC08b.ppt
ICPC08b.pptICPC08b.ppt
ICPC08b.ppt
 
Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016Scikit-learn: the state of the union 2016
Scikit-learn: the state of the union 2016
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use case
 
Make2win 線上課程分析
Make2win 線上課程分析Make2win 線上課程分析
Make2win 線上課程分析
 
CSMR13b.ppt
CSMR13b.pptCSMR13b.ppt
CSMR13b.ppt
 
Programas y Pruebas en Dafny
Programas y Pruebas en DafnyProgramas y Pruebas en Dafny
Programas y Pruebas en Dafny
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
 
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...
 
Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?Open & reproducible research - What can we do in practice?
Open & reproducible research - What can we do in practice?
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled Datasets
 
A Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal PropertiesA Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
A Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2
 
Effective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent SoftwareEffective Fault-Localization Techniques for Concurrent Software
Effective Fault-Localization Techniques for Concurrent Software
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.ppt
 
The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch Construction
 

Ähnlich wie Singapore International Cyberweek 2020

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaHamilton Oliveira
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...scoopnewsgroup
 
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...South Tyrol Free Software Conference
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...Curiosity Software Ireland
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesJacopo Nardiello
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Canada
 

Ähnlich wie Singapore International Cyberweek 2020 (20)

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
 
BlueHat v18 || Scaling security scanning
BlueHat v18 || Scaling security scanningBlueHat v18 || Scaling security scanning
BlueHat v18 || Scaling security scanning
 
HEENA ARORA
HEENA ARORAHEENA ARORA
HEENA ARORA
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
 
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...
Curiosity and fourTheorem present: From Coverage Guesswork to Targeted Test G...
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Resume-thilaga
Resume-thilagaResume-thilaga
Resume-thilaga
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on Kubernetes
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
2020 safecomp-sep18
2020 safecomp-sep182020 safecomp-sep18
2020 safecomp-sep18
 
CIE_overview
CIE_overviewCIE_overview
CIE_overview
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 

Mehr von Abhik Roychoudhury

Art of Computer Science Research Planning
Art of Computer Science Research PlanningArt of Computer Science Research Planning
Art of Computer Science Research PlanningAbhik Roychoudhury
 

Mehr von Abhik Roychoudhury (8)

16May_ICSE_MIP_APR_2023.pptx
16May_ICSE_MIP_APR_2023.pptx16May_ICSE_MIP_APR_2023.pptx
16May_ICSE_MIP_APR_2023.pptx
 
IFIP2023-Abhik.pptx
IFIP2023-Abhik.pptxIFIP2023-Abhik.pptx
IFIP2023-Abhik.pptx
 
Fuzzing.pptx
Fuzzing.pptxFuzzing.pptx
Fuzzing.pptx
 
Art of Computer Science Research Planning
Art of Computer Science Research PlanningArt of Computer Science Research Planning
Art of Computer Science Research Planning
 
Issta13 workshop on debugging
Issta13 workshop on debuggingIssta13 workshop on debugging
Issta13 workshop on debugging
 
Repair dagstuhl
Repair dagstuhlRepair dagstuhl
Repair dagstuhl
 
PAS 2012
PAS 2012PAS 2012
PAS 2012
 
Pas oct12
Pas oct12Pas oct12
Pas oct12
 

Kürzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Singapore International Cyberweek 2020

  • 1. Trustworthy Systems to Trusted AI Prof. Abhik Roychoudhury Provost’s Chair Professor National University of Singapore 1 Cybersecurity R&D Workshop 2020
  • 2. Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems and Trusted AI 2
  • 3. Encourage problem-inspired research Singapore Cybersecurity Consortium (SGCSC) Est. 1 September 2016 A nation-wide platform for engagement between industry, academia, and government towards greater awareness, adoption, and translation of cybersecurity technologies Upgrade capabilities through technology adoption Grow an innovation ecosystem Industry Academia Agencies 3 About
  • 4. Singapore public agencies Open participation Industry members Singapore-registered companies with interest or expertise in cybersecurity are eligible to apply for membership Agencies Industry Academia Institutes of Higher Learning and Research Institutes Open participation 4 Structure Structure
  • 5. S I LV E R P L AT I N U M G O L D 5 Industry Members As of 15 Sep 2020
  • 6. National Satellites of Excellence Local and International Research Grants National Cybersecurity R&D Laboratory & iTrust Labs Singapore Cybersecurity Consortium Cybersecurity Postgraduate Scholarship National Cybersecurity R&D (NCR) Programme https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme SGCSC, a component of the NCR programme, helps members gain awareness and exposure to various resources and support for cybersecurity R&D available under the programme. 6 Ecosystem
  • 7. Annual WILD & CRAZY IDEAS DAY Research ideas Problem statements Annual CYBERSECURITY CAMP Workshop on trending topics Industry applications Hands-on learning MEMBER RATE Quarterly TECHNOLOGY TALKS Latest technologies and trends Project showcases EXPOSURE OPPORTUNITIES SPECIAL INTEREST GROUPS Knowledge and idea exchange R&D partnership exploration MEMBER ONLY Annual SEED GRANT CALL Funding for joint R&D (Industry-Academia pair) Approx. $100 – 150K 1- to 1.5-year projects MEMBER ONLY CYBERSECURITY TRACK Pre- / early start-up mentorship Business + Technical discussions Training and tech update Discussions to alleviate pain points in existing work Dream up new projects – Translation-oriented research Maturity slope 7 Activities
  • 8. Seed Grant 2020 Award Deep Learning-based Side Channel Attacks on SoC Architecture for Hardware Assurance EarAuth: Designing Usable Security for the Next Billion Users (NBUs): A Novel Multi-Factor Authentication Solution using Smart Earables This project enables comprehensive and inexpensive security evaluation for IoT devices. This project aims to develop an authentication framework using smart wearables around the ear, to enable password-less logins for swift usability. CONGRATULATIONS!!
  • 9. Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems & Trusted AI 9
  • 10. Trustworthy software 10 Creativity Precision+ - Solving differential equations for an examination - Painting a landscape of the lush greenery or a landscape. Compare these activities with crafting software systems
  • 11. Engendering Trust Formal Verification • Formally verified Software Stack • Verified Operating Systems: seL4 project • Verified file systems: BesFS, work at NUS Trust from COTS 11
  • 12. Chronological Evolution of Capabilities Point Projects MINDEF, MoE… [2009-12, 2011-14, 2013-15] Targeted Capability NCR 1 TSUNAMi (2015 –20) National Satellite of Excellence (2019- ) 12
  • 13. Our Capability Stack 13 Security Testing and Analysis (TSUNAMi, NRF NCR) Formal Verification of Systems (Securify, NRF NCR) [Core] Certified Trustworthy Systems – Call 1 Regression analysis (MoE) Symbolic analysis (DIRP, DSO) [App] Secure Smart Nation – Call 2 Modeling and Verification (FSTD) Scalable MC (NTU) 20092015201820192020 [App] Challenge from Call 2 National Satellite of Excellence
  • 14. Vulnerability Discovery Binary Hardening Verification Data Protection 14 Agency Collaboration … Industry Collaboration … Education – Universities, … Research Outputs – Publications, Tools, Academic Collaboration, Exchanges, Seminars, Workshops Enhancing local capabilities Overall Outlook
  • 15. 15 Malware &Rootkit Analysis Internet File System Account & Protection Kernel & Process Function Call System Call Program & Service strace Buffer Overflow Fuzzing Binary Analysis gdb SPIKE BitBlaze/QEMU ls, cd, mv, ps, vi, … Password Cracking john Scanning ping, traceroute, nmap Sniffing WireShark Spoofing & Session Hijacking netwox nc Denial of Service VM simulation Firewall & NAT iptables Web attacks: SQL injection, CSRF, XSS TamperData, Paros Proxy System Security Software Security Network Security Web Security Education: module at NUS
  • 16. National Satellite of Excellence The NSoE-TSS aims to enhance Singapore's national capabilities in trustworthy smart system infrastructures. We seek to build on our combined strengths in software security, and smart systems to build consolidated technologies, related to software assurance for smart systems. The certification can take on a range of flavours including functionality certification, checking against crashes and vulnerabilities, measuring and certifying resilience against malicious inputs and environments, as well as checking and certifying for absence of information leakage via extra- functional mechanisms such as side channels. https://www.comp.nus.edu.sg/~nsoe-tss/index.htm
  • 17. Mission 17 Technology • Deep tech. capabilities for software sys. certification • Functional and non-functional properties Innovation • Show-case innovative uses of certified software sys. for secure smart nation • Deployment scenarios Policy • Enhance and aid regulatory processes for critical software systems • Feedback to public agencies
  • 18. Outline • Background: Singapore Cyber-security Consortium • Vision of Trustworthy Systems • Ongoing work on Trustworthy Systems & Trusted AI: Capabilities • Spectre Attacks • Fuzz Testing • Fuzzing for DNNs • Self-Healing Systems 18
  • 19. Defense against Spectre attacks 19 Taint Sources list Code repair <TB , RS, LS> <TB, RS> <TB> … Binary New Binary Source code Taint analysis BAP Spectre Detector Report Assembly code (.s) Assemble & link Repaired assembly code (.s) Compile Code Matcher Disassembly code (.asm) Objdump • Spectre attacks exploit the vulnerabilities of a program to steal the sensitive data through speculative execution. • oo7 is a static analysis framework that can mitigate Spectre attacks by detecting potentially vulnerable code snippets in program binaries and protecting them against the attack. Spectre variant 1 The detection condition of Spectre variant 1 oo7
  • 20. Fuzzing 20 � Model-Based Blackbox Fuzzing Input model Peach, Spike … Seed Input � � � Pass al l check s Sat i sf y so m e check s Sat i sf y so m e check s Mutated Inputs Mutators Test suite Mutated files Input Queue EnqueueDequeue ProgramInput
  • 21. AFLFast • Design power schedules to regulate the “energy” to gravitate path exploration towards low-frequency paths • Integrated into AFL Fuzzer, used in DARPA CGC. • Intuition is simple – deprioritize the common paths, works directly on binaries. 21 if (condition1) return // frequented by inputs else if (condition2) exit // frequented by many inputs else …. • Directed Fuzzing as an optimization problem (No constraint so • Program analysis moved to instrumentation time to retain efficiency of greybox fuzzing. • Distance to targets efficiently computed at runtime. • Find global minimum using search meta-heuristic – Simulated An • Results: outperforms KATCH and BugRedux. 17 CVEs assign • Application: patch testing, crash reproduction, information flow Mutators Test suite Mutated files Input Queue EnqueueDequeue
  • 22. Deployment 22 Independent evaluation found crashes 19x faster on DARPA Cyber Grand Challenge (CGC) binaries Integrated into main-line of AFL fuzzer within a year of publication (CCS16), which is used on a daily basis by corporations for finding vulnerabilities
  • 23. Model Training and Model Robustness � � 0 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 2.21 1.72 1.23 0.74 0.49 0.25 0.00 2.21 1.72 1.23 0.74 0.49 0.25 0.00 7.47 5.69 4.80 3.03 2.14 1.25 0.53 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 rotaterotate translate translate rotate translate � � -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 -30 -20 -10 0 10 20 30 2.21 1.72 1.23 0.74 0.49 0.25 0.00 2.21 1.72 1.23 0.74 0.49 0.25 0.00 7.47 5.69 4.80 3.03 2.14 1.25 0.53 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 -3 -2 -1 0 1 2 3 rotaterotate translate translate rotate translate • Neural Network can be fooled with simple special transformation (rotation, translate) rotate by labels are different Adversarial learning Program synthesis Complete features Complete specifications Test case generation Data augmentation • Model training can be regarded as AI-based program synthesis. Given a set of specs (training data), it generates a program (model) satisfying all the specs. 23
  • 24. Mutator Mutated inputs } Selector model Seed pool Fuzz-based Data Augmentation to Improve Robustness • Generate representative perturbations using genetic algorithm to augment training data • The goal is to maximize the diversity of samples in the distribution Dataset Standard Acc Random Augment Sensei GTSRB 1.9% 73.3% 88.2% CIFAR-10 1.8% 73.3% 81.5% • Result in terms of robust accuracy[*] [*] Exploring the Landscape of Spatial Robustness. L. Engstrom, B. Tran, D. Tsipras, L. Schmidt, and A. Madry ICML 19’ 24 Training data- set (Seeds) Interesting inputs
  • 25. Intelligent software! 25 In the absence of formal specifications, analyze the buggy program and its artifacts to glean a specification about what could have gone wrong! Specification Inference (application: self-healing) Buggy Program Tests
  • 26. (very Non-exhaustive) History of AI Symbolic AI • 1958 LISP • 1965 Resolution theorem proving • 1970 Prolog • 1982-92 Fifth Generation Comp Sys • 1995 - … Advances in SAT, SMT solving • 2005 - … Symbolic Execution Biologically inspired AI • 1959 Perceptron • 1970 - … Genetic Algorithm • 1980 -… Neural Networks • 1992 Genetic Programming • 1997 Deep Blue • 2012 AlexNet work on CNN 26
  • 27. GENETIC programming 27 Lift semantic features from correct patches and use learning to rank them.
  • 29. Genetic approach may not work here 29
  • 31. The future for autonomous systems? 31 Can autonomous software test and repair itself autonomously to cater for corner cases? Can autonomous software repair itself subject to changes in environment?