Track: Security: Attacking and Defending

Location: Bayview AB

Day of week: Wednesday

Security is about the arm race between attacking and defending parties. As technology score big impacts through reaching large populations, security becomes a paramount need to prevent, or at least to limit miscreants from leveraging technology for evil purposes. In this track, world-renowned researchers forecast what’s coming, present what’s the reality and how we should take actions, connect dots here and there. As a security expert, you may find these topics interesting and inspiring. As an engineer, this is a good track to further your understanding of security challenges and countermeasures. As a business person, you may have a feeling of where the industry is headed. Come and learn about exciting advancements in the security field.

Track Host:
Hui Xue
Director of Threat Research @ShapeSecurity

Hui Xue is the Director of Threat Research at Shape Security where he leads research on defending online businesses against fraudsters. His research interests include big data anti-fraud, mobile security, browser security, system security, etc. He published on top system and security conferences including OSDI, NDSS, Usenix Security, ASPLOS, BlackHat and Virus Bulletin. His research headlined US-CERT, Forbes, Bloomberg, Reuters, Yahoo, etc. He is an inventor for multiple patents and an Apple-acknowledged contributor to multiple security improvements for iOS. He obtained his Ph.D. from University of Illinois at Urbana Champaign.

10:35am - 11:25am

by Richard Zhao
Chief Technology Officer, SVP Research @NSFOCUS

In this talk, I will first review practices and weapons to fight against cyber attackers, from repeat offenders to advanced targeted attackers where threat intelligence and artificial intelligence are well expected to change the game rule. However, at the real world, there are many victims suffering from very stupid mistakes. Through a couple of examples, I will talk about TI and AI in real practices, and crowd defense - a way to integrate defense measures...

11:50am - 12:40pm

Open Space

Open Space is a kind of unconference, a simple way to run productive meetings for 5 to 2000 or more people, and a powerful way to lead any kind of organization in everyday practice and extraordinary change.

1:40pm - 2:30pm

by Jamie Butler
Chief Technology Officer @Endgame

by Cody Pierce
Director of Vulnerability Research @Endgame

Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using...

2:55pm - 3:45pm

by Dr. Yu Ding
Security Scientist @Baidu X-Lab

Intel SGX is the next-generation trusted computing infrastructure. Rust programming language is an ideal choice for system programming and it guarantees memory safety. In this talk, we show Rust SGX SDK, which combines Intel SGX together with Rust. Developer could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.

4:10pm - 5:00pm

by Prof. Dawn Song
Professor @UCBerkeley, Researching Deep Learning & Security

In this talk, I will first present recent results in the area of secure deep learning, in particular, adversarial deep learning---how deep learning systems could be easily fooled and what we need to do to address the issues. I will also talk about how AI and deep learning can help enable new capabilities in security applications. Finally, I will conclude with key challenges and future directions at the intersection of AI and Security: how AI and deep learning can enable better security, and...

5:25pm - 6:15pm

by Xiaoning Li
Chief Security Architect @Alibaba Cloud

Intel® Software Guard Extensions (Intel® SGX) provides a trusted execution environment with hardware root of trust, brings powerful capability to build secure applications to solve data security problems. However applying SGX technology correctly and writing secure code are still a challenge.

In this talk, we want to present challenges and issues we saw with applying SGX to protect sensitive data in product. We will broadly...



  • Architectures You've Always Wondered About

    Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.

  • Going Serverless

    Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.

  • Microservices: Patterns and Practices

    Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.

  • DevOps: You Build It, You Run It

    Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more. 

  • The Art of Chaos Engineering

    Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?

  • The Whole Engineer

    Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.

  • Evolving Java

    Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.

  • Security: Attacking and Defending

    Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense

  • The Practice & Frontiers of AI

    Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.

  • 21st Century Languages

    Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.

  • Modern CS in the Real World

    Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.

  • Stream Processing In The Modern Age

    Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.