You are viewing content from a past/completed QCon -

Track: Security: Attacking and Defending

Location: Bayview AB

Day of week:

Security is about the arm race between attacking and defending parties. As technology score big impacts through reaching large populations, security becomes a paramount need to prevent, or at least to limit miscreants from leveraging technology for evil purposes. In this track, world-renowned researchers forecast what’s coming, present what’s the reality and how we should take actions, connect dots here and there. As a security expert, you may find these topics interesting and inspiring. As an engineer, this is a good track to further your understanding of security challenges and countermeasures. As a business person, you may have a feeling of where the industry is headed. Come and learn about exciting advancements in the security field.

Track Host: Hui Xue

Director of Threat Research @ShapeSecurity

Hui Xue is the Director of Threat Research at Shape Security where he leads research on defending online businesses against fraudsters. His research interests include big data anti-fraud, mobile security, browser security, system security, etc. He published on top system and security conferences including OSDI, NDSS, Usenix Security, ASPLOS, BlackHat and Virus Bulletin. His research headlined US-CERT, Forbes, Bloomberg, Reuters, Yahoo, etc. He is an inventor for multiple patents and an Apple-acknowledged contributor to multiple security improvements for iOS. He obtained his Ph.D. from University of Illinois at Urbana Champaign.

From Threat Hunting to Crowd Defense

In this talk, I will first review practices and weapons to fight against cyber attackers, from repeat offenders to advanced targeted attackers where threat intelligence and artificial intelligence are well expected to change the game rule. However, at the real world, there are many victims suffering from very stupid mistakes. Through a couple of examples, I will talk about TI and AI in real practices, and crowd defense - a way to integrate defense measures against both targeted and untargeted attacks, avoiding being the low hanging fruit. Finally, I will conclude with best practices around TI based crowd defense and corresponding challenges that need collective efforts.

Richard Zhao, Chief Technology Officer, SVP Research @NSFOCUS

Control Flow Integrity Using Hardware Counters

Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using hardware features that exist in modern processor architectures, and real-time CFI policy enforcement, we hope to prove that our approach is effective and suitable for practical use, while staying resistant to bypass.

Jamie Butler, Chief Technology Officer @Endgame
Cody Pierce, Director of Vulnerability Research @Endgame

AI & Security: Lessons and Challenges

In this talk, I will first present recent results in the area of secure deep learning, in particular, adversarial deep learning---how deep learning systems could be easily fooled and what we need to do to address the issues. I will also talk about how AI and deep learning can help enable new capabilities in security applications. Finally, I will conclude with key challenges and future directions at the intersection of AI and Security: how AI and deep learning can enable better security, and how Security can enable better AI.

Prof. Dawn Song, Professor @UCBerkeley, Researching Deep Learning & Security

Towards Memory Safety in Intel SGX Enclave

Intel SGX is the next-generation trusted computing infrastructure. Rust programming language is an ideal choice for system programming and it guarantees memory safety. In this talk, we show Rust SGX SDK, which combines Intel SGX together with Rust. Developer could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.

Dr. Yu Ding, Security Scientist @Baidu X-Lab

The Security Challenges & Issues From SGX Practice

Intel® Software Guard Extensions (Intel® SGX) provides a trusted execution environment with hardware root of trust, brings powerful capability to build secure applications to solve data security problems. However applying SGX technology correctly and writing secure code are still a challenge.

In this talk, we want to present challenges and issues we saw with applying SGX to protect sensitive data in product. We will broadly discuss open problems including how to write ecall functions correctly, how to avoid potential side channel attack, what are the architecture issues when we apply secure AI with Intel® SGX.

Xiaoning Li, Chief Security Architect @Alibaba Cloud

Security: Attacking and Defending Open Space

Open Space is a kind of unconference, a simple way to run productive meetings for 5 to 2000 or more people, and a powerful way to lead any kind of organization in everyday practice and extraordinary change.

Last Year's Tracks

  • Monday, 16 November

  • Paths to Production: Deployment Pipelines as a Competitive Advantage

    Deployment pipelines allow us to push to production at ever increasing volume. Paths to production looks at how some of software's most well known shops continuous deliver code.

  • Java, The Platform

    Mobile, Micro, Modular: The platform continues to evolve and change. Discover how the platform continues to drive us forward.

  • Security for Engineers

    How to build secure, yet usable, systems from the engineer's perspective.

  • Modern Data Engineering

    The innovations necessary to build towards a fully automated decentralized data warehouse.

  • Machine Learning for the Software Engineer

    AI and machine learning are more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice by Software Engineers.

  • Inclusion & Diversity in Tech

    The road map to an inclusive and diverse tech organization. *Diversity & Inclusion defined as the inclusion of all individuals in an within tech, regardless of gender, religion, ethnicity, race, age, sexual orientation, and physical or mental fitness.

  • Tuesday, 17 November

  • Architectures You've Always Wondered About

    How do they do it? In QCon's marquee Architectures track, we learn what it takes to operate at large scale from well-known names in our industry. You will take away hard-earned architectural lessons on scalability, reliability, throughput, and performance.

  • Architecting for Confidence: Building Resilient Systems

    Your system will fail. Build systems with the confidence to know when they do and you won’t.

  • Remotely Productive: Remote Teams & Software

    More and more companies are moving to remote work. How do you build, work on, and lead teams remotely?

  • Operating Microservices

    Building and operating distributed systems is hard, and microservices are no different. Learn strategies for not just building a service but operating them at scale.

  • Distributed Systems for Developers

    Computer science in practice. An applied track that fuses together the human side of computer science with the technical choices that are made along the way

  • The Future of APIs

    Web-based API continue to evolve. The track provides the what, how, and why of future APIs, including GraphQL, Backend for Frontend, gRPC, & ReST

  • Wednesday, 18 November

  • Resurgence of Functional Programming

    What was once a paradigm shift in how we thought of programming languages is now main stream in nearly all modern languages. Hear how software shops are infusing concepts like pure functions and immutablity into their architectures and design choices.

  • Social Responsibility: Implications of Building Modern Software

    Software has an ever increasing impact on individuals and society. Understanding these implications helps build software that works for all users

  • Non-Technical Skills for Technical Folks

    To be an effective engineer, requires more than great coding skills. Learn the subtle arts of the tech lead, including empathy, communication, and organization.

  • Clientside: From WASM to Browser Applications

    Dive into some of the technologies that can be leveraged to ultimately deliver a more impactful interaction between the user and client.

  • Languages of Infra

    More than just Infrastructure as a Service, today we have libraries, languages, and platforms that help us define our infra. Languages of Infra explore languages and libraries being used today to build modern cloud native architectures.

  • Mechanical Sympathy: The Software/Hardware Divide

    Understanding the Hardware Makes You a Better Developer

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.