Month: June 2021

Security Engineering and Machine Learning

/ bugejajoseph / Leave a comment

This week I attended the 36th IFIP TC-11 International Information Security and Privacy Conference. The conference was organized by the Department of Informatics at the University of Oslo. During the first day of the conference, there was a keynote on Security Engineering by the celebrated security expert Prof. Dr. Ross Anderson.

He discussed the topic involving the interaction between security engineering and machine learning. He warned us about the things that can go wrong with machine learning systems, including some new attacks and defenses, such as the Taboo Trap, data ordering attacks, sponge attacks, and more.

Outline of Ross Anderson’s keynote (IFIP TC-11).

I especially enjoyed the part of his talk where he mentions the human to machine learning interaction. Coincidentally, this is a topic that I am researching. He discusses cases when robots incorporating machine learning components start mixing with humans, and then some tension and conflict, e.g., robots trying to deceive and bully humans, arises. This is a scenario that we should expect to see more in the future.

I highly recommend you to consider purchasing his brilliant book titled: “Security Engineering: A Guide to Building Dependable Distributed Systems”. This book is filled with actionable advice and latest research on how to design, implement, and test systems to withstand attacks. Certainly, this book has an extremely broad coverage of security in general and absolutely worth the purchase!

Sweden’s cyber range and cyber security

/ bugejajoseph / Leave a comment

On Wednesday, 2nd June, I attended an interesting online program about cybersecurity. This program was organized by the Research Institutes of Sweden (RISE). Its main theme was about the inauguration of RISE’s cyber range and cyber security in Sweden.

A cyber range is a virtual environment that companies can use typically for cyber warfare training. Sweden’s own cyber range was introduced as a multipurpose state-of-the-art cybersecurity research environment, test, and a demo arena. Using RISE’s cyber range it appears that real-world applications, for example, vehicles and automotive systems, could be tested, in a safe environment, against real-world attacks. This is done using a sandboxed virtualised network environment that is managed and operated by professionals.

In addition to cyber range, there were other topics presented from a variety of compelling speakers. Particularly, topics about the Swedish bug bounty, cyber security at the EU level, and cyber security investment opportunities. One delivery (in Swedish) that I think was riveting was an interview with an (unnamed) ethical hacker.

  • Carl Heath (RISE) interview an ethical hacker.

Cyber security is a topic that is becoming increasingly important, especially as more systems are getting interconnected. Unfortunately, there is a shortage of skilled and qualified individuals to fill the increasing demands for cyber security professionals.

From an academic perspective, we have been for years, and especially in recent years, developing and running courses about cybersecurity. However, this year, in Sweden, we are developing something that specifically is meant to help advance cyber security research and competence. More on that in a later post.