Program at a glance

July 8

Workshop (in Italian): La protezione delle infrastrutture critiche da attacchi cyber
DIMVA welcome reception with poster session

July 9

Registration with light breakfast
Welcome speech
Keynote - The Equation Group
Coffee break
Session 1 - Attacks
Lunch break
Session 2 - Attack Detection
Coffee break
Session 3 - Binary Analysis and Mobile Malware Protection
Social event

July 10

PoliCTF Kickstart
Keynote - Security as a Target: Anti-Virus, Threat-Intelligence, and the Malware Industrial Complex
Coffee break
Session 4 - Social Networks and Large-scale Attacks
Session 5 - Web and Mobile Security
Coffee break
Session 6 - Provenance and Data Sharing
Closing remarks

Detailed program

July 8

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

(special session in Italian)

Il workshop è dedicato alle aziende che operano nel settore delle infrastrutture critiche, ed è volto a offrire una panoramica completa sulle attuali minacce cyber alle reti di computer utilizzate in ambito di controllo industriale (ICS/SCADA), alle soluzioni tecnologiche e alle metodologie ad oggi impiegate nelle aziende.

Esponenti e rappresentanti di solution provider e vendor di primaria importanza nazionale ed internazionale presenteranno la propria esperienza in merito agli strumenti e le tecniche più efficaci per prevenire le minacce e contrastare e mitigare attacchi cyber.

L’evento sarà moderato dal Professor Dr Sandro Etalle, ordinario della cattedra di Security presso la facoltà di Mathematics and Computer Science della Technical University di Eindhoven (Paesi Bassi).

Di seguito l'agenda provvisoria dell'evento:

  • 12:00–12:30 Benvenuto e registrazione
  • 12:30–13:30 Pranzo
  • 13:30–14:00 Valerio del Nobile, System Engineer, Check Point Software Technologies: "Le infrastrutture critiche sono a rischio! Check Point ha la soluzione"
  • 14:00–14:30 Maglan, Ing. Paolo Lezzi, CEO e Dott. Luca Martignon, Maglan Europe Expert, "Skyfall – Attacking Satellite Systems"
  • 14:30–15:00 Alberto Volpatto, Security Engineer & Team Leader, Secure Network: "Down the SCADA (security) Rabbit Hole"
  • 15:00–15:30 Coffee break
  • 15:30–16:00 Damiano Bolzoni, CEO & co-founder, SecurityMatters: "Un nuovo Stuxnet? È solo un terzo dei problemi…"
  • 16:00–16:30 Angelo Luca Barba, Marketing Manager Cyber Security, Selex ES, "Un approccio evolutivo alla protezione cyber di infrastrutture critiche e reti di controllo industriale"
  • 16:30–17:00 Vodafone Italia: Corradino Corradi, ICT Security&Fraud Manager, "Il contributo di Vodafone alla difesa delle infrastrutture critiche nazionali"
  • 17:50–18:00 Panel – chiusura lavori
  • 18:00 Ricevimento di apertura della conferenza (aperto anche ai partecipanti del workshop)

La partecipazione al workshop è gratuita, ma è richiesta registrazione.

La partecipazione alla conferenza principale, opzionale, richiede invece una registrazione separata.

July 9

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Remember to bring your printed (or PDF) ticket at the reception desk.

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Speaker: Vicente Diaz, Kaspersky Lab’s Global Research & Analysis Team

Abstract: The Equation Group, as far as I know, might have been active for almost two decades. For many years they have interacted with other powerful groups, such as the Stuxnet and Flame groups; always from a position of superiority, as they had access to exploits earlier than the others.

To infect their victims, the Equation Group uses a powerful arsenal of "implants". Still, they have used a very unique technique never seen to run their malware before and that could be considered as invisible to the operating system by directly planting it in the HD firmware.

Speaker Bio: Vicente joined Kaspersky Lab’s Global Research & Analysis Team in November 2010. He specializes in Threat Intelligence and Big Data applied to malware campaigns and advanced cyber espionage threats. In the past he did research in different areas such as banking Trojans, social networking threats, cybercriminal ‘partner networks’ and mobile malware. Prior to joining Kaspersky Lab, Vicente worked as a Software Developer for IT&C and Actaris, after which he took up a research position at the Technical University of Catalonia (UPC). He then entered the field of IT security, working for a number of leading companies for more than 5 years. Vicente is the author of several software tools and is active on the conference circuit. He holds a MsC in Artificial Intelligence.

During this talk we will review the most notable milestones in the evolution of APT attacks, and detail what we consider the probably most advanced threat known to date - courtesy of the Equation Group.

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Gianluca Stringhini, University College, London

Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks, Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge and Engin Kirda

“Nice Boots!” - A Large-Scale Analysis of Bootkits and New Ways to Stop Them, Bernhard Grill, Andrei Bacs, Christian Platzer and Herbert Bos

C5: Cross-Cores Cache Covert Channel, Clémentine Maurice, Christoph Neumann, Olivier Heen and Aurélien Francillon.

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Michael Meier, Universität Bonn

Intrusion Detection for Airborne Communication using PHY-Layer Information (short paper), Martin Strohmeier, Vincent Lenders and Ivan Martinovic

That Ain't You: Blocking Spearphishing Through Behavioral Modelling, Gianluca Stringhini and Olivier Thonnard

Robust and Effective Malware Detection through Quantitative Data Flow Graph Metrics, Tobias Wüchner, Martín Ochoa and Alexander Pretschner

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Manuel Egele, Boston University

Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries, Mario Polino, Andrea Scorti, Federico Maggi and Stefano Zanero

Fine-Grained Control-Flow Integrity Through Binary Hardening, Mathias Payer, Antonio Barresi and Thomas Gross

Powerslave: Analyzing the Energy Consumption of Mobile Antivirus Software, Iasonas Polakis, Michalis Diamantaris, Thanasis Petsas, Federico Maggi and Sotiris Ioannidis

Location: Cascina "La Lodovica", Via Lodovica, 5, Vimercate MB, Italy

The social event will take place at "La Lodovica" Country House, one of the beautiful private houses in the area that every year welcome visitors from all over the World. This year, La Lodovica hosts an exhibition of Leonardo Da Vinci, featuring models of his inventions and replicas of his notes, including the famous "Codici di Leonardo". The social event will begin with a visit of the exhibition and will continue with a nice dinner in the house.

La Lodovica is located in Oreno, a tiny medieval village in the hearth of Brianza, one of the nicest rural areas outside Milano. Despite its small size, Oreno has a very ancient history, beginning from the Roman era, when a small village named "Borgonovo" used to exist. The area was initially occupied by the Celtics and later on was invaded by the Romans, which transformed it from a mostly wooded land to an inhabited environment. After the Celts and Romans invasions, this ancient village was donated to the glorious Captain Ennio Elio, thus renamed Ora Ennii and then Oreno. Few sacred altars and sarcophagus were found to prove the village's origins. Gian Giacomo Caprotti da Oreno, better known as Salaì ("The Devil", lit. "The little unclean one"), was pupil of Leonardo da Vinci from 1490 to 1518. Salaì entered Leonardo's household at the age of 10. He created paintings under the name of Andrea Salaì. He was described as one of Leonardo's students and lifelong servant and is the presumed model for Leonardo's paintings St. John the Baptist and Bacchus. As ages went by, after the Middle Age, the town reached the Aristocratic time, when Carlo Borromeo turned it into a Parish (1567). In mid 1500 the land of the area was cleaned and a lot of clay was discovered under earth. The bricks built with this material firstly served to construct the first old Country House: Cascina La Cavallera. In 1830 Oreno was inhabited by about 1350 people (950 adults and 400 kids). In 1857 the local Church was founded. Finally in 1929 Oreno's municipality was annexed to Vimercate.

Transportation: A private bus will bring the participants to the location from Piazza Leonardo da Vinci 32 at 18:00. If you wish to come on your own, you can find the address on the conference map.

Registration: if you have purchased a "Full Pass" ticket, access to the social event is included. Should you need to purchase extra tickets, choose the "Dinner-only companion ticket" on the registration page.

July 10

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Speaker: Morgan Marquis-Boire, University of Toronto and First Look Media

Speaker Bio: Morgan Marquis-Boire is a Senior Researcher at the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He is the Director of Security for First Look Media and a contributing writer for The Intercept. Prior to this, he worked on the security team at Google. He is a Special Advisor to the Electronic Frontier Foundation in San Francisco and an Advisor to the United Nations Inter-regional Crime and Justice Research Institute. In addition to this, he serves as a member of the Free Press Foundation advisory board. A native of New Zealand, he was one of the original founders of the KiwiCON Hacker conference. His research on surveillance and the digital targeting of activists and journalists has been featured in numerous print and online publications.

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Sven Dietrich, John Jay College of Criminal Justice

The Role of Cloud Services in Malicious Software: Trends and Insights, Xiao Han, Nizar Kheir and Davide Balzarotti

Capturing DDoS Attack Dynamics behind the Scenes (short paper), An Wang, Aziz Mohaisen, Wentao Chang and Songqing Chen

Quit Playing Games With My Heart: Understanding Online Dating Scams, Jingmin Huang, Gianluca Stringhini and Peng Yong

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Jason S. Polakis, Columbia University

More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations, Ethan Shernan, Henry Carter, Dave Tian, Patrick Traynor and Kevin Butler

May I? - Content Security Policy Endorsement for Browser Extensions, Daniel Hausknecht, Jonas Magazinius, Andrei Sabelfeld

On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users, Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda and Giovanni Vigna

Location: Aula Rogers, Via Andrea Maria Ampère, 2, Milano

Session chair: Stefano Zanero, Politecnico di Milano

Identifying Intrusion Infections via Probabilistic Inference on Bayesian Network, Yuan Yang, Zhongmin Cai, Weixuan Mao and Zhihai Yang

Controlled Data Sharing for Collaborative Predictive Blacklisting, Julien Freudiger, Emiliano De Cristofaro and Alex Brito

Gold Sponsors

Reply - Communication Valley

Silver Sponsors

Kaspersky Academy
Trend Micro
Security Matters

Interested in sponsoring DIMVA? Write us an email!

Academic Sponsors

CINI Cyber Security National Lab
CINI Cyber Security National Lab

EXPO 2015 S2D2