Domanda: sarà trasmesso in streaming.??? Ae tocca lavorare e non saprei come fare altrimenti.
Grazie! Marco Bettini -- Solo il 10% di UNIX e' in codice assembly il resto e' C!! Only about 10 % of UNIX is assembly code the rest is C!! Il 01 set 2016 12:30, "Stefano Zanero" <[email protected]> ha scritto: > The Internet of Broken Things > > Politecnico di Milano - aula Osvaldo De Donato > September 7th 2016 > > The Internet of Things is upon us: by 2020, estimates say over 50 > billion devices will be connected to some form of local or global > network. Unfortunately, it seems that the Things we want to network are > broken and insecure. What are the challenges across different domains > (automotive, avionics, industrial controls)? What are the potential > solutions, from a regulatory and technical standpoint? > > FREE EVENT - REGISTRATION REQUIRED: > https://calendario.eventi.polimi.it/iscrizioni.php?id_evento=1954&lang=it > > We gratefully acknowledge the support of Cisco Systems, UNICRI, > Politecnico di Milano, Uninsubria, Tech and Law > > 09.30 doors open > > 10.00 Introduction and greeting - prof. Donatella Sciuto, vice-rector of > Politecnico di Milano > > 10.15 Automotive security: challenges and perspectives - Eric Evenchick, > Linklayer Labs > > 11.15 break > > 11.30 Real-life experiences in avionics security assessment - Andrea > Barisani, Inverse Path > > 12.30 networking lunch (sponsored by Cisco Systems) > > 14.00 Security in Industry 4.0: Control Systems and Robots - Prof. > Stefano Zanero, Politecnico di Milano > > 14.45 The bad, the ugly and the weird about IoT - Gianluca Varisco, > Rocket Internet > > 15.30 Legal Framework and Policy Perspectives - Prof. Giuseppe Vaciago, > University of Como - Uninsubria; Dr. Francesca Bosco, UNICRI > > 16.30 Roundtable discussion: the State of Security in IoT > Eric Evenchick, Linklayer Labs > Francesca Bosco, UNICRI > Fabio Guasconi, UNINFO > Andrea Barisani, Inverse Path > Story Tweedie-Yates, Cisco Systems > > Moderator: Giuseppe Vaciago, Uninsubria > > ***** > > > Eric Evenchick, “Automotive Security: Challenges and Perspectives” > > Abstract: > In recent years, cars have become more computerized, connected, and more > vulnerable to attack. Cars are also integrating more autonomous > features, increasing the damage potential of attacks. Recently, we have > seen a range of attacks on automotive systems presented by researchers. > > In this seminar, we will provide an introduction to automotive control > systems and vehicle networks. Using this knowledge, we'll take a look > into the history of automotive security, and some notable attacks that > have been demonstrated. After looking at the past, we'll cover the > challenges of the industry today and looking into the future. We will > use this knowledge to discuss at the current and future risk posed to > vehicle owners and OEMs. > > Attendees can expect to receive a crash course in automotive systems, > which will help their understanding of automotive security topics. The > attack examples serve as case studies, which detail the mistakes made > and how they can be > prevented. > > Bio: > Eric Evenchick is the founder of Linklayer Labs, a company focused on > embedded systems and automotive security. Linklayer aims to help > companies understand the risks present in embedded devices, identify > countermeasures, and implement security functionality. > Eric has worked on automotive firmware at Tesla Motors and Faraday > Future, where he was primarily responsible for over-the-air firmware > update capabilities and security design. His experience in automotive > began with research in alternative fuel vehicles at the University of > Waterloo, in conjunction with the US Environmental Protection Agency and > General Motors. Here, Eric led the team performing electrical and > control systems integration of fuel cell and hybrid vehicle prototypes. > The CANtact device, an open-source hardware tool for CAN networks, was > released by Eric at Blackhat Asia 2015. In 2015, Eric also developed > BLEKey, a hardware tool for bypassing the most popular electronic access > control systems. BLEKey was presented at Blackhat USA and Europe. > > Andrea Barisani, “Real-life experiences in avionics security assessment” > > Abstract: > The session aims to provide insights on real-life experiences gathered > from the security assessment of modern avionics systems. Particular > focus is placed on explaining how the interaction between safety and > security is assessed and how responsible teams can interact and to > combine their diverse set of skills.An example technical overview of the > classes of systems, interfaces and audit methodologies is given to > precisely demonstrate how work in this area is laid out and executed, > and to emphasize its importance in the transportation industry. Finally > the unique culture of safety in modern aviation is compared to > similar safety-critical areas, such as the automotive field, to > highlight the differences and similarities. > > Bio: > Andrea Barisani is an internationally recognized security researcher and > founder of Inverse Path information security consultancy firm. Since > owning his first Commodore-64 he has never stopped studying new > technologies, developing unconventional attack vectors and exploring > what makes things tick… and break. > > His experiences focus on large-scale infrastructure administration and > defense, forensic analysis, penetration testing and code auditing with > particular focus on safety critical environments, with more than 14 > years of professional experience in security consulting. > > Being an active member of the international Open Source and security > community he contributed to several projects, books and open standards. > He is the founder of the oCERT effort, the Open Source Computer Security > Incident Response Team. > > He is a well known international speaker, having presented at BlackHat, > CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among > many other conferences, speaking about innovative research on automotive > hacking, side-channel attacks, payment systems, embedded systems > security and many other topics. > > Stefano Zanero, “Security in Industry 4.0: Control Systems and Robots” > > Abstract: > This talk will explore the significant challenges in securing computer > systems that are interconnected to (and control) physical industrial > systems. We will explore how the interactions between the digital and > the physical world creates unique challenges. We will explore how the > physical control of processes generates further attack strategies, > potentially violating safety constraints and endangering personnel and > the environment. > > Bio: > Stefano Zanero received a PhD in Computer Engineering from Politecnico > di Milano, where he is currently an associate professor with the > Dipartimento di Elettronica, Informazione e Bioingegneria. His research > focuses on malware analysis, security of cyber-physical systems, and > systems security. Besides teaching “Computer Security” and “Computer > Forensics” at Politecnico, he has an extensive speaking and training > experience in Italy and abroad. He co-authored over 60 scientific papers > and books. He is a Senior Member of the IEEE, the IEEE Computer Society > (for which he is a member of the Board of Governors), and a lifetime > senior member of the ACM. Stefano co-founded the Italian chapter of ISSA > (Information System Security Association). He has been named a Fellow of > ISSA and sits in its International Board of Directors. Stefano is also a > co-founder and chairman of Secure Network, a leading information > security consulting firm based in Milan and in London; co-founder of > 18Months, a cloud-based ticketing solutions provider; co-founder of > BankSealer, a FinTech startup focused on banking fraud detection. > > Gianluca Varisco, “The bad, the ugly and the weird about IoT” > > Abstract: The Internet of Things isn’t coming, it is already here. IoT > is at the peak of the hype cycle - what they call the 'Peak of Inflated > Expectations’. Every IT organization wants to ride the IoT wave. As with > all new technologies, the battle over standards is always a struggle. > The unresolved problem of software updates and short vendor support > cycle combined with the lack of effort into systems security and > application security makes these devices an easy target. Internet > accessible embedded systems are being compromised via vulnerabilities > (like Shellshock) or because of their weak default configuration. As > more things from the IoT start trickling into people’s homes, this talk > will try to shine a light into this bizarre and scary future with a > steady stream of funny and smart (as in clever, not internet-connected) > jokes. Think about misconfigured cameras, televisions, home routers, > baby monitors, toys and spammy refrigerators! > Bio: Gianluca Varisco is the VP of Security at Rocket Internet SE, > responsible for overseeing the security architecture and compliance of > the company's massive, globally distributed network. All aspects of > corporate security, including information protection, ID management, > network security, threat analysis, emergency response, security policy, > and IT audit/compliance programs fall under his purview. Gianluca has > over 8 years of experience in developing and managing information > systems. Prior to Rocket Internet, he held engineering roles at Red Hat, > Lastminute.com Group, PrivateWave. > > > > > Giuseppe Vaciago and Francesca Bosco, “Legal Framework and Policy > Perspectives” > > Abstract: > Increasingly, the types of devices connected to the internet are > proliferating at a rapid pace.The development of the IoT opens up a > multitude of doors for efficient, streamlined device management and > operation, paving the way for major advances in technology. This advance > brings with it a labyrinth of privacy and security issues that our laws > have currently challenges to address. > This session intends to explore the impact of the new NIS Directive on > the IoT world and to discuss possible policies on safety and security of > the IoT, analyzing some concrete examples in the Italian context. > > > Bio: Giuseppe Vaciago is a lawyer and a member of the Milan Bar since > 2002. Holding a PhD in Digital Forensics he is for several years > teaching Information Technology Law at the University of Milan and > University of Insubria (Varese and Como). He has been visiting scholar > at Fordham Law School and Stanford Law School (Centre for Internet and > Society). He is a fellow member of Cybercrime Institute, Nexa Center and > he is co-founder of Tech and Law Center of Milan and member of the > Editorial Board of Digital Investigation Journal. > > > Bio: Francesca Bosco is Project Officer within the Emerging Crimes Unit > in UNICRI. She earned a law degree in International Law and joined > UNICRI in 2006 as a member of the Emerging Crimes Unit. She is > responsible for cybercrime and cybersecurity related projects, both at > the European and at international level. She is member of the Advisory > Groups on Internet Security Expert Group of the EC3, member of the > Internet & Human Rights Centre of the European University Viadrina and > co-founder of the Tech and Law Center. > > -- > Cordiali saluti, > Stefano Zanero > > Politecnico di Milano - Dip. Elettronica, Informazione e Bioingegneria > Via Ponzio, 34/5 I-20133 Milano - ITALY > Tel. +39 02 2399-4017 > Fax. +39 02 2399-3411 > E-mail: [email protected] > Web: http://home.deib.polimi.it/zanero/ > ________________________________________________________ > http://www.sikurezza.org - Italian Security Mailing List > >
