Conference: Nov 5-7, 2018
Workshops: Nov 8–9, 2018
Track: Security: Attacking and Defending
Security is about the arm race between attacking and defending parties. As technology score big impacts through reaching large populations, security becomes a paramount need to prevent, or at least to limit miscreants from leveraging technology for evil purposes. In this track, world-renowned researchers forecast what’s coming, present what’s the reality and how we should take actions, connect dots here and there. As a security expert, you may find these topics interesting and inspiring. As an engineer, this is a good track to further your understanding of security challenges and countermeasures. As a business person, you may have a feeling of where the industry is headed. Come and learn about exciting advancements in the security field.
Hui Xue is the Director of Threat Research at Shape Security where he leads research on defending online businesses against fraudsters. His research interests include big data anti-fraud, mobile security, browser security, system security, etc. He published on top system and security conferences including OSDI, NDSS, Usenix Security, ASPLOS, BlackHat and Virus Bulletin. His research headlined US-CERT, Forbes, Bloomberg, Reuters, Yahoo, etc. He is an inventor for multiple patents and an Apple-acknowledged contributor to multiple security improvements for iOS. He obtained his Ph.D. from University of Illinois at Urbana Champaign.
by Richard Zhao
Chief Technology Officer, SVP Research @NSFOCUS
In this talk, I will first review practices and weapons to fight against cyber attackers, from repeat offenders to advanced targeted attackers where threat intelligence and artificial intelligence are well expected to change the game rule. However, at the real world, there are many victims suffering from very stupid mistakes. Through a couple of examples, I will talk about TI and AI in real practices, and crowd defense - a way to integrate defense measures...
Open Space
Open Space is a kind of unconference, a simple way to run productive meetings for 5 to 2000 or more people, and a powerful way to lead any kind of organization in everyday practice and extraordinary change.
by Jamie Butler
Chief Technology Officer @Endgame
by Cody Pierce
Director of Vulnerability Research @Endgame
Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using...
by Dr. Yu Ding
Security Scientist @Baidu X-Lab
Intel SGX is the next-generation trusted computing infrastructure. Rust programming language is an ideal choice for system programming and it guarantees memory safety. In this talk, we show Rust SGX SDK, which combines Intel SGX together with Rust. Developer could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.
by Prof. Dawn Song
Professor @UCBerkeley, Researching Deep Learning & Security
In this talk, I will first present recent results in the area of secure deep learning, in particular, adversarial deep learning---how deep learning systems could be easily fooled and what we need to do to address the issues. I will also talk about how AI and deep learning can help enable new capabilities in security applications. Finally, I will conclude with key challenges and future directions at the intersection of AI and Security: how AI and deep learning can enable better security, and...
by Xiaoning Li
Chief Security Architect @Alibaba Cloud
Intel® Software Guard Extensions (Intel® SGX) provides a trusted execution environment with hardware root of trust, brings powerful capability to build secure applications to solve data security problems. However applying SGX technology correctly and writing secure code are still a challenge.
In this talk, we want to present challenges and issues we saw with applying SGX to protect sensitive data in product. We will broadly...
.
Tracks
-
Architectures You've Always Wondered About
Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.
-
Going Serverless
Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.
-
Microservices: Patterns and Practices
Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.
-
DevOps: You Build It, You Run It
Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more.
-
The Art of Chaos Engineering
Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?
-
The Whole Engineer
Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.
-
Evolving Java
Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.
-
Security: Attacking and Defending
Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.
-
21st Century Languages
Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.
-
Stream Processing In The Modern Age
Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.
-
Performance Mythbusting
Real world, applied performance proofs across stacks. Hear performance consideratiosn for .NET, Python, & Java. Learn performance use cases with OpenJ9, Instagram, and Netflix.
-
Tools and Culture: What's Beyond a Stack of Containers?
Containers are not just a techology. It's a platform. Push your knowledge.
-
Web as Platform
All things Browser, from JavaScript Frameworks for animation and AR / VR to Web Assembly and from protocol work to open standards evolution.
-
Beyond Being an Individual Contributor
Beyond being an individual contributor. Building and Evolving managers and tech leadership.
-
Building Great Engineering Cultures
Why engineering culture matters. Track features org scaling, memes as a culture tool, Ally skills, and panels on diversity / inclusion.
-
Hardware Frontiers: Changes Affecting Software Developers Today
Topics around: Quantum computing, NVM, SMR, GPU, custom hardware, self-driving cars, and mobile hardware.