SAINT Workshop 2018

The H2020 SAINT project organises its 1st workshop on Tuesday, March 20th 2018 in Athens.

The main objective of this workshop is to bring together several EU cyber security and privacy related projects, to assist in the exchange of knowledge and ideas and promote inter-project collaboration.

Date: 20.03.2018

Venue: NCSR “Demokritos” , Institute of Informatics & Telecommunications Building (No 26)
Patriarchou Gregoriou E & 27 Neapoleos str, Agia Paraskevi, Athens, Greece

For more information about the venue , the location and other helpful details click here.

Workshop Agenda

(Download here)

09:00 – 09:30 | Arrivals & Coffee

09:30 – 09:40 | NCSR “Demokritos” welcome
Welcome by the SAINT Coordinator Stelios C.A. Thomopoulos,
Director of the Institute of Informatics & Telecommunications of NCSR “Demokritos”

09:40 – 10:00 | Invited Speaker
“Looking into the crystal ball for cybersecurity”
Fabio Di Franco – ENISA

10:00 – 11:10 | SAINT Project
“SAINT Overview”, Andreas Zalonis – NCSR “Demokritos”
“Comparative Metrics of Cybercrime & Cyber Security”, Jart Armin – CyberDefcon
“Applied economic research on factors influencing firms’ production cost and their incentives to cooperate”
John Bothos – NCSR “Demokritos”
“Automated analysis of cybersecurity related information sources and indicators”
V. Vlachos and Y. Stamatiou – CTI “Diophantus”

11.10 – 11.30 | Coffee Break

Invited Cyber Security Projects

11.30 – 11.55 | SISSDEN
“The SISSDEN project: threat intelligence from worldwide sensor network”
Edgardo Montes de Oca – Montimage

11:55 – 12:20 | CYBECO
“The CYBECO Project – Supporting cyber insurance from a behavioural choice perspective”
Aitor Couce Vieira – ICMAT

12:20 – 12:45 | ANASTACIA
“Anastacia: Security and Trust Assessment in CPS / IOT Architectures”
Panagiotis Gouvas, Giannis Ledakis – Ubitech

12:45 – 13:40 | Lunch Break

13:40 – 14:05 | KONFIDO
“Securing cross-border exchange of eHealth data in the EU”
Ioannis Komnios – EXUS Software Ltd

14:05 – 14:30 | SHIELD
“An integrated cybersecurity solution based on virtual security infrastructures and open big data analytics”
Georgios Gardikis – Space Hellas

14:30 – 14:55 | DOGANA
“DOGANA: how to measure the modern Social Engineering-enabled threat landscape”
Roberto Puricelli – CEFRIEL

14:55-15:20 | CIPSEC
“Enhancing Critical Infrastructure Protection with innovative SECurity framework”
Sotiris Ioannidis, Manos Athanatos – FORTH

15:20 – 15:40 | Coffee Break

15:40 – 16:05 | SMESEC
“Cybersecurity for Small and Medium-Sized Enterprises”
Konstantinos Lampropoulos, Apostolos Fournaris – UoPatras

16:05-16:30 | ReCRED
“Device-Centric Authentication for Future Internet”
Christos Xenakis – UniPi

16:30-17:00 | Open Discussion

Presentations

ENISA
“Looking into the crystal ball for cyber security”
Fabio Di Franco

SAINT
“SAINT Overview”
Andreas Zalonis – NCSR “Demokritos”

SAINT project analyses and identifies incentives to improve levels of collaboration and information sharing in order to enhance cyber security. Based on advanced measurement methodologies of cyber-crime metrics and by the use of statistical analysis and econometric modelling, SAINT develops new research approaches in information sharing, behavioral attitudes, market competitiveness and investment efficiency concerning the cyber-security industry.

“Comparative Metrics of Cybercrime & Cyber Security”
Jart Armin – CyberDefcon

The research shown in WP2 comparatively shows wide ranges in results of cybercrime victims within the EU. Much of this variation is due to taxonomies and nomenclature. Although clearly cybercrime and cyber threats present significant risk and costs for individuals and to economies at large within the EU. There would appear to be wide differences within the EU itself, i.e. we can now quantitatively show,to be based in certain EU counties citizens are less likely to be victims of cybercrime and enterprises are less likely to suffer cyberattacks. Why is this? What can we learn from inside the EU itself?

“Applied economic research on factors influencing firms’ production cost and their incentives to cooperate”
John Bothos – NCSR “Demokritos”

With the use of empirical econometric analysis and automated simulation techniques, we examine how internal organisational processes, concerning cooperation between firms, affect their economic performance.

“Automated analysis of cybersecurity related information sources and indicators” (Confidential)
V. Vlachos and Y. Stamatiou – CTI “Diophantus”

In this talk we discuss various publicly available information sources about cybersecurity related activities and indicators, presenting the SAINT tools framework for their automated gathering, archiving and processing. We, also, present currently available versions of the tools along with their data processing and information visualization capabilities.

SISSDEN
“The SISSDEN project: threat intelligence from worldwide sensor network”
Edgardo Montes de Oca – Montimage

SISSDEN is a H2020 project that is deploying and operating a worldwide sensor network of honeypots and darknets. This threat data collection is analysed to obtain no‐cost victim notification and remediation information for organizations such as National CERTs, ISPs, hosting providers and Law Enforcement Agencies such as EC3, but also SMEs and citizens. The work done in this project will be presented, how it can benefit researchers (e.g., from SAINT) and how both organisations and individuals can participate in this global effort and profit from the improved information processing, analysis and exchange of security intelligence, to effectively prevent and counter security breaches.

CYBECO
“The CYBECO Project – Supporting cyber insurance from a behavioural choice perspective”
Aitor Couce Vieira – ICMAT

The CYBECO project consortium is researching and developing a new framework for managing cybersecurity risks, focusing on cyber insurance and behavioral aspects. The aim is to provide knowledge and a toolkit to advise major organizations in the selection of cybersecurity controls and cyber insurance.

ANASTACIA
“Anastacia: Security and Trust Assessment in CPS / IOT Architectures”
Panagiotis Gouvas, Giannis Ledakis – Ubitech

The main objective of the ANASTACIA project is to address cyber-security concerns by researching, developing and demonstrating a holistic solution enabling trust and security by-design for Cyber Physical Systems (CPS) based on IoT and Cloud architectures. ANASTACIA is developing a trustworthy-by-design security framework which will address all the phases of the ICT Systems Development Lifecycle (SDL) and will be able to take autonomous decisions through the use of new networking technologies such as Software Defined Networking (SDN) and Network Function Virtualisation (NFV) and intelligent and dynamic security enforcement and monitoring methodologies and tools. The project vision and the current developments in the project will be presented.

KONFIDO
“Securing cross-border exchange of eHealth data in the EU”
Ioannis Komnios – EXUS Software Ltd

For the last decade, the European Commission has been working on the facilitation of cross-border exchange of eHealth data in the EU. A core open source service infrastructure, OpenNCP, is currently under development. The KONFIDO project aims to enhance security of cross-border eHealth data exchanges through the development of a toolkit based on emerging technologies that include blockchain, Software Guard Extensions, photonic technologies and homomorphic encryption. In this presentation, we will introduce the KONFIDO architecture, along with the impact of the employed technologies on the case studies under investigation.

SHIELD
“An integrated cybersecurity solution based on virtual security infrastructures and open big data analytics”
Georgios Gardikis – Space Hellas

Securing against intruders and other threats through a NFV-enabled environment. SHIELD targets at the design and development of a novel cybersecurity framework, which offers security-as-a-Service in an evolved telco environment. The SHIELD framework leverages NFV (Network Functions Virtualization) and SDN (Software-Defined Networking) for virtualization and dynamic placement of virtualized security appliances in the network (virtual Network Security Functions – vNSFs), Big Data analytics for real-time incident detection and mitigation, as well as attestation techniques for securing both the infrastructure and the services.

DOGANA
“DOGANA: how to measure the modern Social Engineering-enabled threat landscape”
Roberto Puricelli – CEFRIEL

DOGANA (aDvanced sOcial enGineering And vulNerability Assessment) is a H2020 project which proposes an holistic, open, standard and legally backed framework for measuring and mitigating human factor vulnerabilities. The underlying concept of DOGANA is that Social-Driven Vulnerability Assessments (SDVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering attack techniques.The talk reports how thanks to DOGANA an organization obtains insights on the extent of the social engineering enabled threat landscape, presenting also concrete sectorial results.

CIPSEC
“Enhancing Critical Infrastructure Protection with innovative SECurity framework”
Sotiris Ioannidis, Manos Athanatos – FORTH

In recent years, the majority of the world’s Critical Infrastructures CIs evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt many of the recent advances of the Information and Communication Technologies (ICT) field. This adaptation however, was rather hasty and without thorough evaluation of its impact on security. The main aim of CIPSEC is to create a unified security framework that orchestrates state-of-the-art heterogeneous security products to offer high levels of protection in IT (information technology) and OT (operational technology) departments of CIs. As part of this framework CIPSEC will offer a complete security ecosystem of additional services that can support the proposed technical solutions to work reliably and at professional quality.

SMESEC
“Cybersecurity for Small and Medium-Sized Enterprises”
Konstantinos Lampropoulos, Apostolos Fournaris – UoPatras

Small and medium-sized enterprises (SME) are the new big target for cyber attacks. Reports show that 60% of SMEs have experienced such an attack. The challenge is that 68% of SMEs have no systematic approach to ensuring cybersecurity and counter such attacks. 40% would struggle to recover from data loss, and 20% would not be able to. The SMESEC consortium is proposing to develop a cost-effective suite of cyber-security tools. The suite supports SMEs in managing network information security risks and threats and identifying opportunities for implementing secure, innovative technologies for the digital market. As a benefit, the framework shall allow SMEs not only look at cyber-security as an obstacle but also as an opportunity for business.

ReCRED
“Device-Centric Authentication for Future Internet”
Christos Xenakis – UniPi

From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control.
ReCRED is a European project (H2020 program) that aims to design and implement mechanisms that anchor all access control (AC) needs to mobile devices that users habitually use and carry. It aims to build integrated next generation access control (AC) solution that: i) solves the problems that stem from the weaknesses of the current authentication methods, ii) is aligned with current technological trends and capabilities, iii) offers a unifying access control framework that is suitable for a multitude of use cases that involve online and physical authentication and authorization via an off-the-shelf mobile device and iv) is attainable and feasible to implement in the existing products under the scope and timeframe of the project.