Text

VeriDevOps Research Workshop VI

Time: 9:30-13:30 (CET) Oct.26th. 2023

Location: Hybrid (online and Fagor Arrasate S. Coop. San Andres Auzoa, 20, 20500 Arrasate, Gipuzkoa, Spanien)

 

Agenda

Time

Duration

Topic

Presenter

Organization

9:30

20 mins

VeriDevOps Technical Introduction

Andrey Sadovykh

SOFTEAM

 

Part I: Security Requirements Engineering

9:50

20 mins

A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs.

Eduard Paul Enoiu

Mälardalen University

10:10

20 mins

Natural Language Processing with Machine Learning for Security Requirements Analysis - Practical Approaches.

Andrey Sadovykh

SOFTEAM

10:30

20 mins

Security Requirements Formalization with RQCODE.

Andrey Sadovykh

SOFTEAM

10:50

20 mins

break

/

/

 

Part II: Prevention at Development Time

11:00

20 mins

Vulnerability Detection and Response: Current Status and New Approaches

Jose Luis Flores

IKER

11:20

20 mins

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Gaadha Sudheerbabu

Åbo Akademi University

11:40

20 mins

Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators

Ramon Barakat

FFK

12:00

10 mins

break

/

/

 

Part III: Protection at Operations

12:10

20 mins

CTAM: a tool for Continuous Threat Analysis and Management

Laurens Sion

KUL

12:30

20 mins

EARLY - a tool for real-time security attack detection

Tanwir Ahmad

Åbo Akademi University

12:50

20 mins

A Stream-Based Approach to Intrusion Detection

Sylvain Hallé

UM

13:10

20 mins

Towards Anomaly Detection using Explainable AI

Manh Dung

MI

13:30

10 mins

Conclusions

Andrey Sadovykh

SOFTEAM

About this book


The book aims to provide a comprehensive and systematic overview of the current state of the art and practice in software security analysis, covering topics such as security requirements specification, verification, and continuous monitoring. The book also discusses the challenges and opportunities for future research and practice in this emerging field.

Learn more

Background information and purchase link

Read more

Watch this Workshop

VeriDevOps Technical Introduction

By VeriDevOps project technical leader: Andrey Sadovykh

Part I Security Requirements Engineering

This part of the book explores the recent state-of-the-art updates in taxonomies, and NLP methods applied to Security Requirements Engineering. We delve into the latest advancements and their practical implications in managing security requirements. Moreover, illustrative examples are provided to demonstrate how the methods can be effectively integrated to streamline the security requirement engineering process.

Part II: Prevention at Development Time

This part focuses on preventing vulnerabilities during the software development process, by providing first a survey of existing methods for vulnerability detection and response, followed by two novel approaches for security test generation and vulnerability identification in the source code, suitable for industrial systems. The three chapters included in this part are briefly summarized in the following

Part III: Protection at Operations

rotection at operation involves implementing various techniques to enhance security and mitigate risks in real-time environments. Intrusion detection and anomaly detection are crucial components of protection at operations, aimed at identifying unauthorized or abnormal activities that may indicate security threats. These detections mechanisms utilize techniques such as complex event processing, which involves analyzing and correlating events in real-time to identify patterns and detect potential threats. Additionally, the concept of explainability plays a vital role in protection at operation by providing insights into the decision-making process of detection algorithms, helping security professionals understand and interpret the results. The combination of intrusion detection, anomaly detection, complex event processing, and explainability contributes to a comprehensive approach to ensure robust protection in operational environments.

Meet the speakers

Sylvain Hallé, Ph.D. is a Full Professor in the Department of Computer Science and Mathematics at Université du Québec à Chicoutimi, Canada, since 2010, and is the current holder of the Canada Research Chair on Software Specification, Testing and Verification. Both an ACM and IEEE senior member, Pr. Hallé has won multiple awards in international conferences for his research on software testing and formal methods. The team he leads at Laboratoire d'informatique formelle has produced a number of free software tools that directly apply the results of his research. In addition to the BeepBeep event stream processing engine, let us mention Cornipickle, an automated testing tool for web interfaces, and LabPal, an environment for streamlining the execution of computer experiments and their inclusion within research papers.

Manh-Dung Nguyen is currently a research engineer at Montimage, France. He earned his PhD from CEA LIST and the University of Grenoble Alpes in 2021. He also holds a master's degree in network and telecommunications from the University of Paris Sud, obtained in 2013. His current research emphasizes explainable AI and automated vulnerability detection, with a particular interest in greybox fuzzing.

Jose Luis Flores is a researcher at Ikerlan Technology Research Center within the Cybersecurity in Embedded Systems team. He holds a M.Sc. in Robotics and Advanced Control from the University of the Basque Country. His main interest is related to Artificial Intelligence and Cybersecurity. As such, the main lines he works on in each organization are Embedded System security at Ikerlan, and Machine Learning and Optimization at the university.

Ramon Barakat graduated with a master’s degree in Computer Science from the Technical University of Berlin. He works at the Fraunhofer Institute for Open Communication Systems (FOKUS) where he participates in several industrial and research projects in the field of Software Quality Assurance, Model-based and Security Testing. He is currently working in various research projects on the topics of security and penetration testing and deals mainly with the topics Dynamic and Interactive Application Security Testing (IAST) with a special focus on Fuzzing.

Dr. Ahmad is a post-Doctoral Researcher at Åbo Akademi University. His research focuses on the exploratory testing of cyber-physical systems. He has proposed different methodologies to efficiently discover faults in systems with multidimensional large input spaces using machine learning and evolutionary algorithms. In his recent work, he utilizes a 1-D convolution neural network for early network attack detection.

Dr. Enoiu is a senior lecturer at Mälardalen University in Västerås, Sweden, primarily affiliated with the Software Testing Laboratory and the Formal Modelling and Analysis groups at the Department of Networked and Embedded Systems. His research interests span software engineering and empirical research, especially how to test, maintain, evolve, and assure high-quality software systems.

Dr. Sadovykh is an innovation consultant and a research project manager in Softeam and an Assistant Professor at Innopolis University. He coordinated SOFTEAM’s research activities of the company covering fields such as model-driven development (MDD) and model-based system engineering (MBSE), Business Process Automation (BPA), Cloud and Big Data in application areas such as eGovernment, eHealth, Space and Agro sectors.