Workshop description

ADaCoR promotes technical achievements in the field of data collection for security applications. The 3-day workshop first provides keynotes or tutorials and presents results of current research projects. It then seeks to present uses case of experiences by industrial stakeholders. To foster dialogue between research and industry organisations, each day ends with a long moderated panel discussion between all speakers and the audience on current issues and solutions.

Each day is dedicated to a specific topic:

Day 1 addresses data collection for security incident and risk management. Collection of both social and technical data is covered, which is followed by the techniques and tools to share data. Based on the data that is collected, we present techniques for attack generation and security assessment. We will cover risk assessment tools like MONARC and TRICK Service and techniques such as Attack-Defence trees, ROSI, etc.

Day 2 addresses data collection for Internet of Things. The day starts by presenting the concepts of Everything as a Service, the research project bIoTope, and issues on Big Data. Data can be used for modelling, analysis or for the development of IoT applications. At the optimisation level, data is also used for integration, as well as for security purposes. Concrete applications of the use of data are presented, such as smart home management and smartmeters.

Day 3 addresses data protection aspects of data collection. Data protection shall be considered since the design stage of applications. We consider the new regulations on data protection and their impacts. We explain and illustrate the concept of “Privacy by design”. We also address the certification of applications making use of private data. The presentations during the second half of the day will be in French language.

Sponsors

FP7-TREsPASS, H2020-bIoTope, University of Luxembourg, itrust consulting

General Chair

Miguel Martins, itrust consulting

Committee

Carlo Harpes, itrust consulting
François Thill, Luxembourg Ministry of Economy
Georges Wantz, CNPD – Luxembourg National Commission for Data Protection
Sjouke Mauw, University of Luxembourg
Sylvain Kubler, University of Luxembourg

Registration

Price: Free of charge. The registration includes free:

• access to workshop sessions
• lunch with drinks
• coffee breaks
• participation to the ADaCoR mini-lottery at the end of each day

Topic – Technical Chair

Day 1 (April 19th): Data collection for security incident and risk management – François Thill, Luxembourg Ministry of Economy
Day 2 (April 20th): Data collection for Internet of Things – Sylvain Kubler, University of Luxembourg
Day 3 (April 21st): Data protection aspects of data collection – Georges Wantz, CNPD – Luxembourg National Commission for Data Protection

Call for contributions

Please send your presentation proposals to the Committee, 1 page maximum.
The Committee will review all contributions and select the most relevant.
Selected authors will be invited to submit their full presentations.

Important dates

Submission of ideas: February 29th
Full program available: April 7th
Delivery of full presentations: April 15th
Workshop: April 19th-21st

Agenda

To stimulate conviviality and friendly atmosphere, one lucky participant will win a prize on our ADaCoR mini-lottery at the end of each day of the workshop.
The winners of the ADaCoR mini-lottery were Mr Alain Wetz (Gouvernement du Luxembourg), Mr Nicolas Debeffe (LuxTrust) and Ms Andra Lezza (University of Luxembourg). Congratulations to the winners!

Presentations

Day 1: Data collection for security incident and risk management

François Thill (Ministry of Economy): The importance of data in cyber security governance
Carlo Harpes (itrust consulting): TRICK Service, a risk assessment tool
Christian Probst (TU Denmark): Data provenance and attack generation
Sjouke Mauw (University of Luxembourg): Attack trees and security assessment
Axel Tanner (IBM Zurich): Collecting infrastructure data in virtualized environments
Alexandre Dulaunoy (CIRCL): Practical information sharing in cyber security using MISP
Gérard Wagener (CIRCL): Design and implementation of AIL: Automated analysis of unstructured and structured information to discover information leaks
Summary of panel discussion

Day 2: Data collection for Internet of Things

Sylvain Kubler (University of Luxembourg): Data Publication & Discovery using open IoT standards
Hervé Hansen (Hansen & Muller): Fungibility and the blockchain
Yves Le Traon (University of Luxembourg): Model-driven Analytics for Cyber-Physical Systems
Sasan Jafarnejad (University of Luxembourg): Lessons learned from “Car Hacking” for fun and science
Stan Beeks (vyzVoice): IoT: Integration, Application and Security aspects
André Melzer (University of Luxembourg): Social engineering by chocolate – Reciprocity increases the willingness to communicate personal data
Paul Hoffmann (Luxmetering): Status of smartmetering deployment in Luxembourg
Steve Muller (itrust consulting): Risk Monitoring in Industrial Control Systems
Summary of panel discussion

Day 3: Data protection aspects of data collection

Georges Wantz (National Commission for Data Protection): The GDPR and its impact
Alain Herrmann (National Commission for Data Protection): Privacy by Design, Data Protection by Design
Pascal Steichen (CLUSIL): Privacy by Design, From a Coders Perspective
Carlo Harpes (itrust consulting): Upcoming ISO standards in support of Privacy
Gérard Caye (ANSSI): La politique de sécurité de l’information de l’État luxembourgeois
Matthieu Aubigny (itrust consulting): Certification EuroPriSe – European Privacy Seal
Alain Grosjean (Bonn & Schmitt Avocats): Dans la perspective du règlement européen: Comment assurer la mise en conformité et la traçabilité (principe d’accountability)
Summary of panel discussion