CURRENTLY OFFERED TUTORIALS: 

Click below on the ID of a tutorial to see its detail:

Title of the tutorial:

   Linking Business goals to Information Security plans and activities (ID: Goals)
Tutor: Georges Ataya
   Academic Director for Executive Education in IT and Information Security
   Managing Partner, ICT Control advisor, Belgium
   Past International Vice President of ISACA
   (Bio: see Keynotes)
Abstract of the tutorial: Defining stakeholders drivers and business goals and as a result Identifying Information Security objectives and related goals is an essential step for adequate planning of the Information security activities. The tutorial shall present the enablers and the processes that are required to reach those goals.
Proposed duration: Half-day tutorial will run for a total of about 3 hours
Intended audience: Information Security or IT professionals, Internal Auditors
Prerequisite knowledge: Involvement in Informations security activites
Detailed outline: TBA
Tutorial goals: Adequate planning of information security

Schedule: Sessions AM-2 & PM-1 on Nov. 28th.

 

Title of the tutorial:

   Addressing Security Challenges in WiMAX Environment (ID: Wimax)
Tutors:
   Arif Sarı (bio) & Behnam Rahnama (bio)
   European University of Lefke, TRNC
Abstract of the tutorial: The primary motivation for this tutorial is to focus on issues of WiMAX security problems and analyzes of vulnerabilities on IEEE 802.16, which is a new and promised topic in telecommunication and wireless networks. Mobile WiMAX system based on the IEEE 802.16e-2005 amendment has more improved security features than previous IEEE 802.16d-based WiMAX network system. WiMAX authentication is achieved by using public key interchange protocol privacy key management and it is supported by RSA cryptography exchange and RSA based authentication applies X.509 certificate together with RSA encryption. In this tutorial we identify potential security requirements for future WiMAX environment and propose promising security technologies to address these requirements through the integration of specific security algorithms into WiMAX environment to enhance security. We expect this call for interest to motivate planning for evolution of 802.16 against security challenges.
Proposed duration: Half-day tutorial will run for a total of about 3 hours
Intended audience:
The target audience for this tutorial are
  • Researchers
  • Educators
  • Top Managers (CEOs, CMOs, Directors, GMs)
  • PhD students
  • MBA/ M.Sc. Students
Prerequisite knowledge: Attendees are suggested to have background in Wireless Networks, WiMAX and IEEE 802.16 security standards.
Detailed outline:
  1. Security Scheme of WiMAX (10 minutes)
  2. Authentication & Authorization and Traffic Encryption (20 minutes)
  3. Vulnerabilities in IEEE 802.16 (30 minutes)
  4. Taxonomy of Wireless Attacks (20 minutes)
  5. Proposed Algorithms for WiMAX Security (20 minutes)
Tutorial goals: This tutorial is designed to provide specific information about IEEE 802.16 WiMAX security issues for a diverse group of individuals and organizations working to eliminate potential security concerns about WiMAX technology.

Schedule: Sessions PM-1 & PM-2 on Nov. 25th.

 

Title of the tutorial:

   Improbable Differential Cryptanalysis (ID: Crypt)
Tutor:
   Cihangir Tezcan (bio).
   Middle East Technical University,Department of Mathematics and Institute of Applied Mathematics, Department of Cryptography, Turkey
Abstract of the tutorial: Improbable differential attack is a recently proposed statistical differential attack in which a given differential of a block cipher is less probable than a random permutation. We showed the power of this method by providing the best attacks on CLEFIA, which is a block cipher developed by SONY Corporation. In this tutorial, after an introduction to block ciphers and cryptanalysis, we will discuss the improbable differential cryptanalysis and attacks on CLEFIA. Moreover, we recently proposed a new evaluation criteria for S-boxes called undisturbed bits and we will discuss how these bits are helpful for improbable differential attacks by reviewing the improbable differential attacks on block ciphers PRESENT and SERPENT.
Proposed duration: Half-day tutorial will run for a total of about 3 hours
Intended audience:
People interested in block ciphers, design and analysis of block ciphers, and recent advances in block cipher cryptanalysis
Prerequisite knowledge: None (knowledge of block ciphers and differential cryptanalysis is a plus).
Detailed outline:
  1. Introduction to block ciphers
  2. Introduction to differential cryptanalysis)
  3. Improbable differential cryptanalysis
  4. Improbable differential attacks on CLEFIA
  5. Undisturbed bits
  6. Improbable differential attacks on PRESENT and SERPENT using undisturbed bits
Tutorial goals: This tutorial mainly focuses on providing information about block cipher security against improbable differential cryptanalysis.

Schedule: Sessions AM-1 & AM-2 on Nov. 25th.

 

Title of the tutorial:

   Insecurities within the Browsers: Issues and Challenges (ID: Browser)
Tutors (bios):

M.S.Gaur
   Professor, Computer Engg. MNIT Jaipur, India.
Vijay Laxmi
   Associate Professor, Computer Engg. MNIT Jaipur, India.
Dhiren Patel
   Professor of Computer Engineering, NIT Surat, India
Anil Saini
   MNIT, Jaipur, India
Abstract of the tutorial: The browser allows users to view and interact with content on the web pages. An attack on the browser provides an unauthorized access, damage or disruption of the user information within or outside the browser.

Application level attacks are also possible through/from website infecting host machine running the browser (e.g. XSS, SQL/OS command injections, Click jacking etc.).

This tutorial encompasses the solution directives to address above challenges.

  1. The Browser Exploitation Framework (BeEF) to test the browser security and augment it.
  2. Cloud based Security as a Service to detect websites with malware and vulnerabilities

The BeEF is designed to showcase browser weaknesses as well as perform attacks both on and through the web browser. Using social engineering and script-based techniques, we demonstrate various attack vectors used to inject BeEF hook into the browser. In addition to that, we also examine the security of browser after enforcing security policies on it.

Considering the bleak prospects of current smartphones at defending themselves against complex attacks through weblinks, we present an approach where a cloud service can assist in, effectively alerting against such possible breach scenarios.
Proposed duration: Half-day tutorial will run for a total of about 3 hours
Intended audience: The target audience for this tutorial is: Security Researchers, PhD Students, and People who altogether trust the web browser security.
Prerequisite knowledge: Involvement in Informations security activites
Detailed outline:

  1. Introduction to BeEF.
  2. Browser Attacks.
  3. Attacker Tricks.
  4. Browser Security tools and policies
  5. Application level attacks
  6. Attack detection and Alert framework
  7. Browser and Webapp Security as a Service from Cloud.

Tutorial goals: The attack on web browser is becoming a potential threat to personal and financial information. Over the years, the attackers had been trying to compromise the web browser through various attack vectors. The social engineering and script-based attacks are most commonly used attack vectors. The focus of this tutorial is towards understanding the major attack vectors used by the attackers. The demonstration of the attack vectors shows that, how a user can be fooled by an attacker to upload malicious payload on the machine. Once the browser is hooked, the attacker can deploy attacks, like, steal information, hijack session, steal cookies etc. This tutorial will show the attacker’s power after hooking the victim browser.

The browser developers have implemented various security policies and tools to protect browser from attacker. The browser security tools and policies should ensure that the attacker is not able to get inside. However, the attackers are smart enough to find security vulnerabilities in these tools and policies. This tutorial will discuss some of the attacker tricks which can defeat browser security tools and policies. This tutorial will be helpful for the people who shares and accesses personal and financial information over internet.

This tutorial will show them how an attacker can enter into browser to steal information. In addition to that, this tutorial will discuss that, how an attacker can defeat security policies of browser.

Finally, the tutorial covers how the cloud service can defend against certain attack scenarios.

Schedule: Sessions AM-1 & AM-2 on Nov. 25th.

 

Title of the tutorial:

   Security Vulnerabilities and Mitigation Techniques of Web Applications (ID: WebApp)
Tutor:

Hossain Shahriar (bio)
   Department of Computer Science, Kennesaw State University, GA, USA.
Abstract of the tutorial: Web applications are implemented in different languages and contain vulnerabilities at both the code and runtime environment levels, which may lead to serious security breaches such as stealing of confidential information and session hijacking. To be able to protect against security breaches, it is necessary to understand the detailed steps of attacks. In the recent years, many mitigation techniques have been proposed. Security experts need to have a solid understanding of the pros and cons of mitigation techniques to choose the right one based on their need.
This tutorial will provide an overview of some common web application security vulnerabilities including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, and Clickjacking. Then, we discuss two popular mitigation approaches: security testing and runtime monitoring.
Proposed duration: Half-day tutorial will run for a total of about 3 hours
Intended audience: The tutorial is intended for security researchers, security testers, and application developers intend to follow best practices of software security.
Prerequisite knowledge: Participants are expected to have some familiarity with web application development and programming in client-side (JavaScript) and server-side (JSP, PHP) scripting languages.
Detailed outline: The detailed structure and estimated time of discussion is shown below.

  • Introduction (10 min)
    • Motivation and background
  • Web security vulnerabilities (50 min)
    • SQL Injection, Cross-Site Scripting
    • Cross-Site Request Forgery, Clickjacking
  • Security testing (30 min)
    • Taxonomy of web security testing approaches
    • Test case generation technique
  • Security monitors (30)
    • Classification of monitors
    • Monitoring objectives
  • Summary

Tutorial goals: The tutorial is addressing contemporary security breaches in web applications and some detection techniques. The discussion addresses a broad spectrum of potential attendees of ACM SIN 2013. The tutorial will benefit security tester and researcher, software developer, and graduate students.

Schedule: Sessions PM-1 & PM-2 on Nov. 25th.

 

CALL FOR TUTORIAL PROPOSALS:
 
Proposals are invited to organize tutorials in conjunction with SIN 2013. 
Note that the instructor of an accepted tutorial will receive free registration to SIN 2013 Conference and, if a tutorial is actually run, accommodation for one tutorial speaker will be covered by the conference.
 
Tutorial Topics
 
Proposals on contemporary topics and recent developments in the field of security in information, networks, and systems in the conference themes are especially welcome; detailed fields of interest are listed in the conference website at http://www.sinconf.org/. 
 
Submission Details
 
A proposal should consist of a tutorial outline and background information on the presenter(s). Tutorial outline should be limited to 2 pages and contain the following information:
 
1. Title of the tutorial: The title will appear in the conference program if the proposal is accepted.
2. Abstract of the tutorial: This abstract will be used to advertise the proposal, for instance, on the conference’s web site prior to the conference. The abstract should be 250-word long at the most.
3. Proposed duration: Half-day tutorials will run for a total of about 3 hours; full day tutorials will run for about 6 hours.
4. Intended audience: to whom is the tutorial of interest.
5. Prerequisite knowledge: what the attendees should already know. 
6. Detailed outline: The topics covered in the tutorial will be listed and briefly discussed in the outline, along with the amount of time planned for each topic.
7. Tutorial goals: This is a one-page discussion of the tutorial’s goals and benefits to prospective participants.
 
Background information on the presenter(s) should be limited to 1-2 pages and contain:
 
1. Names, affiliations, homepages and contact details.
2. Short biographies.
3. Information about previous tutorials given by the same presenters (title, location, number of attendees, etc.). 
 
Tutorial proposals should be submitted to SIN 2013 Submission Site (https://cmt.research.microsoft.com/SIN2013/).
 
Important Dates
 
Tutorial submissions:  30 June 2013 (soft date)
Acceptance notices:    15 July 2013 
Camera-ready copy of tutorial handouts: 15 October 2013 
Tutorial Dates:           25 November 2013
 
Download the call for tutorials.