August 24-26, 2022
MAISON GLAD, Jeju Island, Korea

Invited Talks



 


Invited Talk 1: So Jeong Kim, Senior Research Fellow (Institute for National Security Strategy)
Title: Cyberattack Severity Assessment(CASA) and National Response Matrix(NRM) in Korea                     
Date : August 24, 17:20


Abstract:

 State-sponsored cyber attacks have increased significantly and threaten national security in recent years. In order to maintain and ensure peace in cyberspace, it should be clear that malicious acts are paid for when they occur. However, due to the intrinsic characteristics of cyberspace, it is difficult to establish guidelines and procedures in proportion to the impact of a cyber attack. In particular, the Republic of Korea(ROK) has never taken public proportional response measures against numerous attacks over the past 20 years. But ROK is also trying to change its will to secure cyber attack deterrence and prepare an active response through the 「National Cybersecurity Strategy 2019」. In this talk, we propose a cyber attack severity assessment methodology and national response matrix to enable active response in the event of a cyber attack. We analyze the scale and impact of cyber threats caused by more than 20 attacks that ROK has suffered, and propose guidelines and procedures for proportional response accordingly. Therefore, we contribute to securing cyber attack deterrence by establishing the national standard for external responses against cyber attacks and actively imposing costs on malicious cyber attackers through CASA & NRM.
 

Biography:
 
 Dr. SO JEONG KIM is a senior research fellow of the Institute for the National Security Strategy. Before joining INSS, she worked at the NSR(National Security Research Institute) from 2004 to Feb. of 2022 as team lead. 
Since joining NSR in 2004, she led the cybersecurity policy team and provides recommendations on cybersecurity policy and regulatory issues. She was involved in drafting South Korea’s National Cyber Security Strategy, published in April 2019. She was also involved in the 4th and 5th UN Group of Governmental Experts as an adviser, and the MERIDIAN process as an adviser and organizer. 
When she was at the NSR has been hosted the international Conference on cybersecurity policy and strategy, the GCPR(Global Conference on Peace Regime) since 2014, too. Her main research area is various policy issues regarding national cybersecurity policy such as international nor setting processes, CBMs, CIIP, law and regulations, cybersecurity evaluation methodology development and comparision, etc. Her recent paper is about the evaluation of cyber attack severiety and proposing national response matrix.

 

 

 

 


Invited Talk 2: Sooel Son, Associate Professor,
School of Computing (SoC) and Graduate School of Information Security (GSIS), KAIST

Title: Two approaches for identifying web vulnerabilities: subgraph isomorphism and reinforcement learning              
Date : August 25, 9:30


Abstract:

 Web services have become integral parts of our daily lives, processing diverse types of private information. At the same time, web vulnerabilities in these services impose serious threats that endanger the security and privacy of service clients. In this talk, I will present two recent works on identifying web vulnerabilities. I will start by introducing a scalable way of identifying web vulnerabilities using subgraph isomorphism. From 7,174 web applications, we identified 2,464 potential vulnerabilities, including 42 CVEs, by identifying vulnerable subgraphs matching applications with known vulnerabilities. Also, I will present a novel penetration testing method using reinforcement learning to find reflected cross-site scripting vulnerabilities. By leveraging an intelligent agent, we enable the pentesting tool to generate context-aware payloads to exploit vulnerabilities. Our experimental results show that our tool outperforms other state-of-the-art tools in terms of finding more vulnerabilities and sending fewer attack requests.
 

Biography:
 
 Dr. Sooel Son is an associate professor in the School of Computing (SoC) and Graduate School of Information Security (GSIS) at KAIST. He received a Computer Science Ph.D. from The University of Texas at Austin. His research focuses on web security and privacy problems. He is interested in analyzing Web applications, finding web vulnerabilities, and implementing new systems to find such vulnerabilities  

 

 

 


Invited Talk 3: Dan Dongseong Kim, Associate Professor (University of Queensland)
Title: Moving Target Defense (MTD): Recent Advances and Future Challenges                     
Date : August 26, 9:30


Abstract:

 Moving Target Defense (MTD) is a promising defense technique and has been researched recently a lot. The main purpose of MTD is to confuse attackers by changing the attack surface of various systems and networks. This talk will cover the following topics:
1) Introduction to MTD including a brief intro to security fundamentals, and an introduction to security assessment;
2) recent advances in MTD techniques including i) three dimensions of MTD (when, how, and what to trigger), ii) MTD techniques in a horizontal/vertical manner, iii) MTD metrics and MTD-related security and economic metrics, and iv) The state of the art MTD techniques (with my own research highlights);
3) Some practical examples of MTD design and implementation; and finally
4) MTD challenges and future directions.

 

Biography:
 
 Dr. Dan Dongseong Kim is an Associate Professor (softly equivalent to a Reader in the UK; a full professor in the US) in Cyber Security at The University of Queensland (UQ), Brisbane, Australia since 2019. Prior to UQ, he was a faculty member in Cyber Security in the Department of Computer Science and Software Engineering at the University of Canterbury (UC), Christchurch, New Zealand from 2011 to 2018. From 2008 to 2011, he was a postdoc at Duke University in the US. He was a visiting scholar at the University of Maryland, College Park, Maryland in the US in 2007. His research interests are in Cyber Security and Dependability for various systems and networks. More information is available at his UQ webpage: https://researchers.uq.edu.au/researcher/23703.