15:20 - 16:30 Auditorium
At the One Conference of 2017 the Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T) Cyber Security Division (CSD), the Dutch Research Council NWO and the National Cyber Security Center (NCSC) announced a bilateral call for collaborative cybersecurity research projects conducted by joint US-NL teams. In November 2018 these collaborating parties jointly announced the results of the call for proposals. Out of a series of applications five project proposals received joint U.S-Netherlands funding. Five US-NL research teams were formed to develop solutions for Distributed Denial of Service (DDoS) and Industrial Controls Systems (ICS) Security.
US-NL showcase DDoS and SCADA research
At the November 24 FUSION Event in Utrecht the US-NL showcase will lead the attendees through these DDoS and SCADA research projects. Attendees will be informed about progress, outcome, expectations and possible follow-up plans of each of these projects. The teams were asked to also elaborate on the added value of the collaboration (e.g. how team members on both sides of the Atlantic overcame the disadvantages associated with the restrictions associated with the corona pandemic).
Jan Piet Barthel (NWO) and tba (NCSC)
15.25h MADDVIPR Project: Three Years Later
Presentation: Raffaele Sommese (UT) Q&A: Raffaele Sommese & Anna Sperotto
- MADDVIPR - Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention
University of California, San Diego (UCSD) and University of Twente - The research teams will analyze the DDoS attacks focused on exploitation of DNS. Attack sources, targets, and characteristics observed in DDoS attack traffic will be analyzed and an assessment of vulnerabilities and single points of failure that threaten the resilience of the DNS under DDoS attack will be conducted. By combining these two perspectives, actionable intelligence will be used to improve the resilience of the DNS against attacks, while facilitating prevention of DNS attacks.
15.37h MINIONS: MitigatINg IOt-based DDoS attacks via DNS
Presentation: Elsa Turcios Rodríguez (TUD) Q&A: Elsa Turcios Rodríguez & Carlos Hernandez Ganan
- MINIONS - MitigatINg IOt-based DDoS attacks via DNS
New York University (NYU) and Delft University of Technology - The research team will design and create a prototype to implement DDoS countermeasures and remediation for in-home networks and Internet of Things (IoT) devices, primarily from attacks using Domain Name System (DNS).
SIDN Labs is research partner in MINIONS
15.49h Network Monitoring of Industrial Control Systems: state of affairs
Presentation: Sandro Etalle
- DEPICT - Deep packet intelligence for industrial control systems
University of Texas at Dallas, Dallas, Texas and Technische Universiteit Eindhoven - The research team will create new tools, algorithms, and software to improve the situational awareness of security analysts for ICS. The results will enable security analysts and operators to identify and mitigate threats, and the impact of cyber-attacks.
- FORESCOUT is research partner in DEPICT
16.01h Planning Anycast for Anti-DDoS Leandro Bertholdo
Presentation: Leandro Bertholdo Q&A: Leandro Bertholdo & Aiko Pras
- PAADDoS - Planning Anycast for Anti-DDoS
University of Southern California - Information Sciences Institute, Marina del Rey and University of Twente - The research team will define a framework to counter the IoT DDoS threat by creating tools to reconfigure anycast capabilities in DNS servers and content delivery networks (CDNs). This framework will be used to create tools to manage anycast before and during DDoS attacks, and evaluate operational DNS systems.
SIDN Labs is research partner in PAADDoS
16.13h TROPICS Timely and RObust Patching of Industrial Control Systems
Presentation: Herbert Bos
- TROPICS - Timely and RObust Patching of Industrial Control Systems
University of California, Santa Barbara and Vrije Universiteit (VU) Amsterdam - The research team will develop a methodology for making patching decisions for ICS software. The methodology will first make a determination of the severity of the vulnerability to be patched. The severity will drive a decision on how immediate a patch should be applied. Next an analysis of the impact of applying a patch will be made with an emphasis on determining how the patch will affect stability or functionality of the software. Lastly, novel methods to apply the hardening only to vulnerable execution paths will be developed.
16.25h Final remarks
Jan Piet Barthel (NWO)