Conferences – Matris

Reinhard Kugler @WeAreDevelopers 2024

Bernhard Garn — Sat, 31 Aug 2024 08:48:57 +0000

This year’s WeAreDevelopers Congress 2024, held in Berlin from July 17th to 19th with intriguing sessions covering the latest trends and advancements across the industry. Reinhard Kugler, lead of the MARC team, contributed to the congress with his standout presentations titled “A Hitchhiker’s Guide to Container Security in Embedded Systems – Make and Break an Automotive Container Platform.”

Exploring Container Security in Automotive Systems

Reinhard began his presentation by reflecting on the evolution of automotive software. What was once a tightly sealed black box has now transformed into what he aptly described as a “tablet on wheels.” In today’s vehicles, nearly every function—from the engine’s performance to door locking and lane assist—is managed by a complex web of software-driven control units. While these systems are engineering marvels, they also introduce significant challenges, particularly when it comes to software maintenance and updates.

Reinhard walked the audience through the complexities of these systems, explaining how the increasing sophistication has made maintaining and updating automotive software a daunting task. Unlike the straightforward updates on phones or computers, updating a car’s software is like orchestrating a symphony—every component needs to be in perfect harmony. As the number of these interconnected components grows, so does the complexity of managing them effectively.

Introducing Containers and Kubernetes in Vehicles

Reinhard then introduced the innovative concept of using containers and Kubernetes within vehicles as a solution to these challenges. This approach represents a significant shift towards a more unified, containerized platform, which could help the automotive industry address the difficulties of managing complex software systems. By adopting this technology, the industry can create a more flexible, secure, and maintainable environment within vehicles. However, as Reinhard pointed out, this transition also introduces new challenges, particularly concerning security.

Live Hacking: Building and Securing Embedded Containers

One of the highlights of Reinhard’s presentation was a live hacking demonstration where he built embedded containers from scratch. He showcased how these containers can be integrated with critical vehicle systems like CAN bus, temperature sensors, and door actuators. Reinhard emphasized the importance of securing these components as the industry moves toward a software-defined vehicle architecture, offering practical insights into mitigating security risks while implementing this technology.

Looking Forward: The Future of Automotive Security

Reinhard Kugler’s session at WeAreDevelopers Congress 2024 highlighted the ongoing evolution in the automotive industry, where the intersection of software and hardware is becoming increasingly significant. His exploration of container security within embedded systems is particularly relevant as the industry prepares for greater integration of software-driven solutions. As vehicles become more complex and interconnected, the insights shared in Reinhard’s session will be crucial in guiding the future of automotive security and innovation.

Related Links:
We Are Developers Official Website: https://www.wearedevelopers.com/world-congress

Reinhard Kugler @WeAreDevelopers 2024
Copyright: Ivana Spiridonovic

Take a look at Reinhard’s talk: A Hitchiker’s Guide to Container Security in Embedded Systems by Reinhard Kugler

International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) – A Recap

Bernhard Garn — Wed, 14 Aug 2024 12:17:24 +0000

The International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) took place from July 30 to August 1, 2024, in Vienna, Austria, alongside the 19th International Conference on Availability, Reliability, and Security (ARES 2024). Hosted by the University of Vienna’s Faculty of Computer Science, this event brought together leading experts to explore the complex challenges posed by disasters, both natural and man-made.

Exploring the Complexities of Disasters

Disasters occur when hazards—whether natural or man-made—overwhelm our ability to manage them, leading to devastating outcomes. The rising frequency and severity of disasters around the globe, even in regions previously considered safe, have starkly highlighted the gaps in our disaster preparedness and response systems. The COVID-19 pandemic, in particular, served as a harsh reminder of these vulnerabilities, exposing critical weaknesses in how we prepare for and manage crises. As the pandemic’s effects continue to ripple through our lives, it has become clear that understanding the dynamic nature of disasters is more crucial than ever. This ongoing theme has been at the heart of the DoD series and remains a focal point in the 2024 edition.

Expanding the Horizon: Emerging Hybrid Threats

This year, DoD 2024 expanded its scope to tackle the emerging issue of hybrid threats—complex challenges arising from the growing integration of cyber and physical domains. These threats go beyond the traditional cyber-physical systems, presenting new risks that our current disaster management frameworks must adapt to. The impact of hybrid threats on modern societies is profound, adding layers of complexity to disaster risk management and response efforts. As these threats evolve, they challenge the very foundations of how we protect our communities in an increasingly interconnected world.

Day 1 (July 30th): Setting the Stage

The workshop kicked off with an opening speech by Bernhard Garn, followed by remarks from Professor Panos Pardalos, Chair of the Steering Committee, and General Chair Dimitris Simos.

Professor Tina Wakolbinger kicked off the first session with her presentation, ‘Combining Perspectives of SCM and IB to Address the Literature’s Void of Ad-Hoc Strategic Change in Times of Disruptions’. Her talk, which was a collaborative effort with Lydia Novoszel, Björn Schmeisser, and Jan Fisch, explored the intersection of supply chain management and international business, offering fresh insights into strategic changes during disruptions.

The afternoon session transitioned into a military perspective on hybrid threats, with Professors Abram Trosky and Larry Goodson presenting ‘Hybrid Warfare, the Escalation Paradox, and Manmade Disasters in the Anthropocene’. This was followed by a presentation from Hannah Schuster, who discussed the innovative use of knowledge graphs in crisis management in her talk, ‘Building Incident-Centric Knowledge Graphs: Enhancing Crisis Management with Data-Driven Insights’. The day’s discussions concluded with Professor Fuad Aleskerov’s exploration of decision-making in response to volcanic eruptions, as presented in ‘Evaluation of the Regional Situation Under Volcanic Eruption and Corresponding Decisions’.

The evening brought participants together for the official ARES opening ceremony, followed by a welcome reception that provided an opportunity to network and reflect on the day’s insights.

Day 2 (July 31st): Diving Deeper into Disaster Dynamics

The second day of the workshop opened with a compelling plenary talk by Professor Panos Pardalos, whose presentation on the ‘Dynamics of Disasters’ covered a broad spectrum of topics related to disaster management. His exploration of emerging threats and critical trends captivated the audience, sparking a lively Q&A session that underscored the importance of these discussions.

In the next session, Benjamin Schuster took the stage to discuss how smart city digital twins can enhance disaster resilience. His talk, ‘Piloting Effects of Cyber-Physical Attacks and Their Cascading Effects Using Community-Based Digital Ecosystems for Disaster Resilience Utilizing Smart City Digital Twin (SCDT) Technology’, highlighted the potential of digital ecosystems to bolster disaster preparedness. This was complemented by Vincenzo Sammartino’s presentation on the use of security twins—a specialized form of digital twins focused on the security of ICT/OT infrastructure—to improve intrusion detection and system robustness. The session continued with Lydia Novoszel’s analysis of Austrian Micro Data Center (AMDC) data in her presentation ‘Role of Inventory Amid Crisis’, providing a detailed look at inventory management during recent crises.

The afternoon session featured a presentation by Rifqi Irvansyah, who examined the status of school buildings in Banda Aceh City 19 years after the devastating tsunami. His talk, titled ‘Feasibility of School Buildings in Banda Aceh City 19 Years After the Tsunami’, offered a insightful reflection on long-term recovery and resilience. This was followed by a collaborative presentation from Antonis Troumpoukis and Klaus Kieseberg on ‘Exploring Constraint-Based Approaches for Disaster Scenario Generation’. The day concluded with a remote presentation by Helene Jacot Des Combes, who discussed updates to the UNDRR/ISC Hazard Information Profiles in her talk, ‘The UNDRR/ISC Hazard Information Profiles – Standardized Hazard Definition and Information to Support Hazard Understanding and Data Analytics’.

Day 3 (August 1st): Bridging Knowledge and Practice

The final day of DoD 2024 began with an invited talk by Professor Georg Pflug, who presented on ‘Modeling and Analyzing Statistical Dependence of Catastrophic Events’. His exploration of multi-hazard and multi-risk catastrophic events from a statistical perspective was both insightful and thought-provoking, leading to an engaging Q&A session with the audience.

Next, Ana Rocha delivered a remote presentation on an optimization approach for scheduling firefighting vehicles. Her talk, ‘An Optimization-Simulation Approach to Scheduling Firefighting Vehicles’, presented collaborative research that highlighted innovative strategies for improving emergency response. Following this, the MATRIS Research Group introduced the ‘MATRIS Disaster Games’, an interactive session where participants engaged in games designed to simulate the temporal effects of disaster events and the dangers posed by cyber threats. Moderated by Klaus Kieseberg and Bernhard Garn, this session provided a unique, hands-on learning experience.

The final technical session of DoD 2024 featured a range of compelling presentations. Marianne Azer discussed ethical considerations in technology during her talk on ‘Ethics in Technology Challenges: The Edward Snowden Case and Privacy Perspectives’. This was followed by Stefan Pickl’s exploration of modern railway security in ‘On Track for Resilience: Assessing and Enhancing Railway Security in the Digital Age’. The workshop concluded with a remote presentation by Maryna Zharikova, who presented a ‘Framework for Hybrid Risk Analysis’, offering valuable insights into managing hybrid risks in today’s complex environment.

In the evening, participants attended the ARES keynote together before embarking on a scenic tram ride through Vienna, culminating in a memorable conference dinner that provided a fitting end to the event.

Closing with Appreciation

DOD 2024 has once again proven to be a vital forum for discussing the latest research and developments in disaster dynamics and management, providing valuable insights into how we can better prepare for and respond to both traditional and emerging threats.

We extend our heartfelt thanks to all the presenters and participants who made DoD 2024 a success. Your contributions were the heart of this year’s workshop, and it was our pleasure to host you in Vienna. We look forward to continuing these vital discussions and collaborations in future editions of DoD.

Conference Chairs

Panos Pardalos

(University of Florida,
USA)

Steering Committee Chair

Dimitris Simos

(SBA Research,
AUT)

General Chair

Bernhard Garn

(SBA Research,
AUT)

Software Engineer

Stefan Pickl

(University of Bundeswehr Munich, GER)

PC co-Chair

Ilias S. Kotsireas

(Wilfrid Laurier University, CA)

Proceedings Chair

Izem Chaloupka

(SBA Research,
AUT)

Publicity Chair

Poster @HotSoS 2024

Bernhard Garn — Fri, 05 Apr 2024 09:59:00 +0000

Description:

This year’s Hot Topics in the Science of Security Symposium (HotSoS 2024) was hosted by the NSA and took place virtually between April 2-4. Representing the CST team of MATRIS Research Group, Dominik Schreiber presented a poster titled “A Combinatorial Perspective towards Security Testing of Anonymity Networks”. This work was co-authored by Dimitris E. Simos, Bernhard Garn, and Manuel Leithner from MATRIS, together with their long-term collaborators D. Richard Kuhn (NIST, USA) and Raghu Kacker (NIST, USA), outlining the vision of the team for applying the methods and techniques from the field of combinatorial security testing to anonymity networks, in particular to the well-known Tor network, aiming at deriving new security guarantees based on the underlying properties of the mathematical artifacts used to build combinatorial test sets. During the poster session, several interesting questions and research challenges related to Tor experienced by the CST team were the highlights of the discussion with the audience.

DEFSYS team members Ceren, Marlene, and Klaus also joined the conference as participants and engaged in the current hot topics via the online conference platform provided by the NSA.

About the Conference:
The HotSoS Symposium is a research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner. The eleventh annual event was virtually held April 2-4, 2024. HotSoS brings together researchers from diverse disciplines to promote the advancement of work related to the science of security. The program included presentations of already published work in security and privacy, particularly that which examines the scientific foundations of trustworthy systems. Additionally, the symposium accepts work-in-progress manuscripts for presentations. Student presentations were once again a part of the conference, while a session was reserved for a poster competition. The Science of Security (SoS) emphasizes advancing research methods and the development of new research results. This dual focus is intended to improve the confidence we gain from scientific results and the capacity and efficiency through which we address increasingly technical problems.

Conference Name:

Hot Topics in the Science of Security (HotSoS) Symposium 2024

Conference Duration:

2-4 April, 2024

Conference Location:

Virtual

MATRIS @ Fachtagung Katastrophenforschung

Bernhard Garn — Tue, 12 Sep 2023 14:05:01 +0000

Description:

On the 11th of September, Klaus Kieseberg from the MATRIS group attended the Fachtagung Katastrophenschutz 2023, where researchers and stakeholders joined together to exchange ideas and insights from the practitioners’ side in disaster management. In the ensuing discussions during the day, Klaus took the opportunity to promote the disaster research activities of the MATRIS research group. The innovative methodology and focus of these research activities attracted the attention of numerous attendees, leading to research-oriented discussions.

About the event: The Fachtagung Katastrophenschutz 2023 was organized by the Disaster Competence Network Austria (DCNA) and took place from September 11th to September 12th in Leoben, Austria.

The event, which aims to bring together the science and practice of disaster management, featured several enlightening talks, presenting current research projects as well as research results alongside possibilities for exploitation from a practitioner’s side.

Conference Name:

Fachtagung Katastrophenforschung 2023

Conference Duration:

11-12 September, 2023

Conference Location:

Styria, Austria

MATRIS @MARBLE 2023

Bernhard Garn — Thu, 13 Jul 2023 10:33:53 +0000

Marlene Koelbing
Copyright: MATRIS

Description:

Marlene Koelbing from the DEFSYS team of MATRIS attended the 4th International Conference on Mathematical Research and Blockchain Economy (MARBLE) for a talk about a paper on a mathematical approach to the use of integer partitions for smurfing in cryptocurrencies (by Bernhard Garn, Klaus Kieseberg, Ceren Culha, Marlene Koelbing, and Dimitris Simos). In her talk, she showed how to utilize the integer partitions to generate splittings of money amounts to avoid falling under regulations. Furthermore, she proposed a proactive offensive approach for anti-money laundering, in contrast to the common ex-post analysis of transaction data. The talk continued later with a Q&A session, leading to an engaging discussion.

About the conference: MARBLE focuses on mathematical research for the blockchain economy that takes place on a yearly basis. It gives opportunities for mathematicians, computer scientists, and economists from both academia and industry to present their research and exchange ideas, fostering knowledge exchange between academia, research organizations, and the industry.

Conference Name:

MARBLE 2023 (The 4th International Conference on Mathematical Research and Blockchain Economy)

Conference Duration:

11-13 July, 2023

Conference Location:

London, United Kingdom

Plenary Talk @ DoD 2023

Bernhard Garn — Wed, 05 Jul 2023 11:28:00 +0000

Dimitris Simos
Copyright: MATRIS

Description:

Yesterday, Dimitris Simos gave a plenary talk on “Disaster scenarios with discrete sequences: Using combinatorics for enhanced disaster preparedness” at the 6^th International Conference on Dynamics of Disasters (DoD 2023). Klaus Kieseberg and Bernhard Garn from the DEFSYS team also participated in the talk, showcasing the research activities of MATRIS together with external collaborators on the generation of disaster scenarios as well as demonstrating their instantiation for both disaster simulations and disaster management exercises. Disaster preparation for both man-made and non-man-made disasters is crucial in order to achieve resilience and such preparation can be carried out in multiple forms, such as exercises, scenario analysis, and simulation.

Dimitris E. Simos, Bernhard Garn, Klaus Kieseberg
Copyright: MATRIS

In the plenary, the speakers explored the application of combinatorial methods to disaster scenario generation in order to guarantee diversity, severity, and efficiency. The generated scenarios can be implemented regardless of the types of disasters e.g. fire, floods, cyber disasters in disaster management, and the corresponding operational measures from concerned stakeholders, such as simulations or serious games (Planspiele). The speakers further illustrated the instantiation of an overall disaster modelling framework with examples from two different disaster domains.

DoD 2023 Plenary Speakers, Organizers & Participants
Copyright: Anna Nagurney

About the conference: DoD 2023 is held in Piraeus, Greece from July 3-6, 2023, and focuses on the study of dynamics of disasters from various scientific perspectives, which is an important and worthwhile endeavor, with significant benefits for the whole environment.

Conference Name:

The 6th International Conference on Dynamics of Disasters (DoD 2023)

Conference Duration:

3-6 July, 2023

Conference Location:

Athens, Greece

Dimitris E. Simos & Bernhard Garn served as chairs in IWCT 2023

Bernhard Garn — Tue, 16 May 2023 15:21:51 +0000

Dimitris Simos
Copyright: MATRIS

Description:

On Sunday, April 16, 2023, the 12th International Workshop on Combinatorial Testing (IWCT 2023) was held co-located with the 16th IEEE International Conference on Software Testing, Verification and Validation (ICST) 2023 in Dublin, Ireland. Angelo Gargantini (University of Bergamo) and Bernhard Garn (MATRIS Research Group, SBA Research) served as Co-Program Committee Chairs and Dimitris Simos (Group lead of MATRIS Research Group) served as General Chair of the workshop.

IWCT is one of the prime scientific venues focusing exclusively on combinatorial testing (CT), where theorists and practitioners of CT come together to present and discuss their newest results and the latest developments of interest in the wider software testing community. After three years of virtual editions, this year’s physical event was particularly enjoyed by the workshop participants.

This year, a total of 13 publications were accepted, seven of which in the category full paper, two in the category short paper and four in the category journal-first paper.

The workshop started with a keynote given by Rachel Tzoref-Brill titled “Combinatorial Testing: From Theory to Practice” describing different real-world challenges in the application of CT in practice as well as corresponding solutions for overcoming these challenges. Solving these challenges led to wide use of CT across IBM testing services. Rachel’s keynote was closely followed by the participants and her expert view enriched the program of IWCT considerably.

Rachel Tzoref-Brill
Copyright: MATRIS

MATRIS was not only involved in the program organization of the workshop, but also contributed several submissions to IWCT that were subsequently accepted and presented at the workshop. From the MATRIS Research Group, Bernhard Garn, Ludwig Kampel, Manuel Leithner, Michael Wagner and Dimitris Simos joined the workshop in Dublin.

After the scheduled talks, Manuel Leithner, Michael Wagner and Andrea Bombarda from the University of Bergamo presented the results of this year’s CT tool competition, which was hosted for the second time as part of IWCT. Six different combinatorial test generation tools were tested on 240 benchmark instances, split up into 10 different tracks, and evaluated based on their execution time and the size of the generated test sets. The data of the competition has been make publicly available at ZENODO. Just like last year, the tool CAgen by the MATRIS research group ended up performing the best out of all evaluated tools, followed by ACTS and caopt on ranks 2 and 3, respectively.

Michael Wagner, Manuel Leithner & Andrea Bombarda
Copyright: MATRIS

Our congratulations go to the authors of the original ACTS paper (Linbin Yu and Yu Lei from the University of Texas at Arlington; Raghu Kacker and Richard Kuhn from US NIST), which was published in ICST ten years ago, for their win in this year’s most influential paper prize this year. It is great to see their influential work being acknowledged by the wider software testing community and we are proud of our collaboration with these well-known scientists from US NIST and University of Texas at Arlington.

Yu Lei, Dimitris E. Simos & Raghu Kacker
Copyright: MATRIS

Related Links:
ICST2023: https://conf.researchr.org/home/icst-2023

Keynote – Rachel Tzoref-Brill: https://research.ibm.com/people/rachel-brill

CT-COMP: Objective | ct-competition (fmselab.github.io)

ZENODO https://zenodo.org/record/7852557

Conference Name:

International Workshop on Combinatorial Testing (IWCT 2023)

Conference Duration:

16 April, 2023

Conference Location:

Dublin, Ireland

MATRIS @Hagenberg Security Forum

Bernhard Garn — Tue, 02 May 2023 15:37:27 +0000

Description:

This year’s Hagenberg Forum has started with Reinhard Kugler’s opening talk. In this talk, Reinhard displayed current challenges in the automotive domain and addressed how to get started in the security testing of electronic control units. Furthermore, he showcased vulnerabilities and testing methods used in automotive applications, focusing on CAN-hacking, diagnostic protocols, fuzzing, and physical attacks. By introducing fundamental insights, the talk aimed to improve the knowledge of automotive security of IT professionals and embedded engineers who plan to enter the sector.

SBA Research Booth at the Security Forum Hagenberg 2023
Copyright: Nicolas Petri

About the conference: Security Forum Hagenberg takes place on a yearly basis and continues for two days during the springtime in Austria. Around 300 participants visit the forum each year from German-speaking countries: Austria, Germany, and Switzerland, while these visitors have the possibility to participate in technical and management-focused sessions.

Conference Name:

Security Forum Hagenberg 2023

Conference Duration:

25-26 April, 2023

Conference Location:

Hagenberg, Austria

Container Security: Buy it, use it, break it, fix it – Container internals and breakouts (with 30% more AWS EKS!)

Bernhard Garn — Thu, 20 Apr 2023 11:04:45 +0000

Description:

On the 13th of April, SBA Research hosted a seminar for the Vienna DevOps & Security Meetup group with a topical focus on Cloud Native technologies, DevOps, and Security.

Reinhard Kugler, a security expert of MATRIS, contributed to this Meetup with an intriguing talk. He explained the hands-on approach to the internals of containers while addressing the required implementations for security measures to achieve sufficient isolation of containers in terms of AWS, EKS, and Docker. Moreover, he made an in-depth analysis of the moving parts of containers and described how an attacker could leverage them. He also showcased infamous misconfigurations leading to complete control over the hosting node and, ultimately, to other containers. The talk continued with an engaging discussion.

The content of the talk:

Namespaces and Control Groups
Mount and Network Namespace
Docker and AWS EKS Implementation
Capabilities and Root
Device Nodes and EBPF Device Control

Seminar Name:

Cloud Native, Kubernetes and Security Meetup

Seminar Date:

13 April, 2023

Seminar Location:

SBA Research – Vienna, Austria

MATRIS of SBA Research talks at ITSecX

Bernhard Garn — Thu, 15 Dec 2022 15:01:21 +0000

Description:

On the 13th of April, SBA Research hosted a seminar for the Vienna DevOps & Security Meetup group with a topical focus on Cloud Native technologies, DevOps, and Security.

The content of the talk:

Namespaces and Control Groups
Mount and Network Namespace
Docker and AWS EKS Implementation
Capabilities and Root
Device Nodes and EBPF Device Control

Seminar Name:

Cloud Native, Kubernetes and Security Meetup

Seminar Date:

13 April, 2023

Seminar Location:

SBA Research – Vienna, Austria