Why do we need cyber resilience say, further to cybersecurity? Because the threat landscape of present-day computer and network systems became too uncertain, dynamic, and polymorphic to be addressed in a static way by isolated disciplines such as security or dependability.

Resilient computing is the emerging paradigm encompassing the necessary body of knowledge to perform this evolution and reach the goal of cyber resilience. In a nutshell, it is based on modelling, architecting and designing computer systems to achieve the following: built-in baseline defence against virtually any quality of threat, be it accidental faults, design errors, cyber-attacks or unexpected operating conditions; incremental and automatic prevention, tolerance and recovery from threats; automated adaptation to a dynamic range of threat severity; unattended and sustainable operation.

For these reasons, resilient computing will be a game changer in the craft of designing robust computer systems of today and the future. This is especially true of critical information infrastructures (CII), where the cost of failure may have to consider new risks of computer-borne physical damage, arising from the interconnection of the Internet-Cloud-Web complex with Cyber-Physical and Internet-of-Things Systems (OT), both using vulnerable controllers and gadgets and exposed to combined accidental and malicious threats.

Having been part of teams that pioneered distributed fault and intrusion tolerance and resilient computing, I believe that the organisations mastering this paradigm will be at the forefront of cyberspace technology. In my talk, I will motivate this vision by the need for more effective defences than we have today in classic cybersecurity or dependability approaches, and will describe some results from the later years in my teams.

Paulo Esteves-Verissimo is a professor at KAUST University (KSA) and Director of its Resilient Computing and Cybersecurity Center, and research fellow of SnT at the Univ. of Luxembourg (UNILU). Previously, he has been a professor and FNR PEARL Chair at UNILU and Head of the CritiX lab.

He was a member of the Sci&Tech. Comm. of ECSO EU Cyber Security Org., Chair of IFIP WG 10.4 on Dependable Comp. and F/T, and vice-Chair of the Steer. Comm. of the DSN conference. He is Fellow of IEEE and of ACM, and associate editor of the IEEE TETC journal, author of over 200 peer-refereed publications and co-author of 5 books. He is currently interested in resilient computing, in areas like: SDN-based infrastructures; autonomous vehicles; distributed control systems; digital health and genomics; or blockchain and cryptocurrencies.

Find his works on GSC: https://scholar.google.com/citations?user=aMHx8aUAAAAJ&hl=en.

The ever-increasing complexity of computing systems, emerging technologies such as IoT and AI, and advancing attack capabilities pose a variety of (new) challenges on the design and implementation of security concepts, methods and mechanisms for computing systems.

This talk provides an overview of our journey through the system security research universe. We point out (painful) lessons learned in advancing state-of-the-art software security and hardware-assisted security both in academic research and industry collaborations. We also briefly present our insights gained throughout one of the world’s largest hardware security competitions that we have been conducting with industry partners since 2018. Finally, we discuss our future vision and new research directions in systems security, in particular in the light of the serious threat of software-exploitable hardware vulnerabilities that put all critical systems at risk.

Ahmad-Reza Sadeghi is a professor of Computer Science and the head of the System Security Lab at Technical University of Darmstadt, Germany. He has been leading several Collaborative Research Labs with Intel since 2012, and with Huawei since 2019. For his influential research on Trusted and Trustworthy Computing he received the renowned German "Karl Heinz Beckurts" award that honors excellent scientific achievements with high impact on industrial innovations in Germany.

In 2018, he received the ACM SIGSAC Outstanding Contributions Award for dedicated for pioneering contributions in content protection, mobile security and hardware-assisted security. In 2021, he was honored with Intel Academic Leadership Award at USENIX Security conference for his influential research on cybersecurity and in particular on hardware security. He is also the recipient of the prestigious European Research Council (ERC) Advanced Grant.

The modern advancement of science and technology has seen the birth of AI. With the increased trust people have in their devices and machines, they have also granted them access to more information and data. Not everyone is comfortable with this, and, as it turns out, not every machine may be completely trustworthy, either. While most agree that any distrust or skepticism towards AI is unfounded, significant research has been conducted to address such concerns. Ignoring these vulnerabilities would be negligent when developing a master plan for the future.

The concern about privacy attacks on machine learning models boils down to a simple question: "What are the risks of private information being exposed during AI training or inference?" That signals the need for people who build AI algorithms to account for this from their early stages of development.

This talk highlights challenges and opportunities for trustworthy AI with a focus on privacy attacks and countermeasures. Moreover, we will explore inference attacks against machine learning models and frameworks (e.g., federated learning), and set out the requirements for privacy-preserving AI systems.

Giuseppe Ateniese is a Professor, Eminent Scholar in Cybersecurity and CCI Faculty Fellow in the Department of Computer Science and the Department of Cyber Security Engineering at George Mason University. He was Farber Endowed Chair in Computer Science and Department Chair at Stevens Institute of Technology. In addition, he was with Sapienza-University of Rome (Italy), Assistant/Associate Professor at Johns Hopkins University (USA), and one of the JHU Information Security Institute founders.

He was a researcher at IBM Zurich Research lab (Switzerland) and scientist at the Information Sciences Institute of the University of Southern California (USA). He also briefly worked as visiting professor at Microsoft in Redmond (USA). He received the NSF CAREER Award for his research in privacy and security, and the Google Faculty Research Award, the IBM Faculty Award, and the IEEE CISTC Technical Recognition Award for his research on cloud security. He has contributed to areas such as proxy re-cryptography, anonymous communication, two-party computation, secure storage, and provable data possession. He is currently working on privacy-preserving machine learning and decentralized secure computing based on the blockchain technology.

This talk will present a general perspective and framework on IoT security, as well as some examples of research being pursued in this arena with my colleagues, particularly with respect to access control in this emerging domain.

Ravi Sandhu is Professor of Computer Science, Executive Director of the Institute for Cyber Security and Lead PI of the NSF Center for Security and Privacy Enhanced Cloud Computing at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM, AAAS and the National Academy of Inventors. He has received numerous awards from IEEE, ACM, NSA, NIST and IFIP, including the 2018 IEEE Innovation in Societal Infrastructure award for seminal work on role-based access control (RBAC).