La journée du lundi 1er février sera réservée aux professionnels (utilisateurs, développeurs, spécialistes en sécurité et administrations), ainsi qu’à la communauté du logiciel libre.
Durant la soirée, se tiendra une conférence avec Richard Stallman (entrée libre).
Il est également prévu de mettre à disposition des stands pour les industriels. Ces derniers auront la possibilité durant les pauses de midi et du soir d’organiser des business lunch. Des salles leur seront mise à disposition.
Il est conseillé de s'inscrire préalablement (l'entrée pour la conférence de Richard Stallman est libre).
Evénements pour les professionnels
Cyril Jaquier: Fail2ban - from personal to community-driven Open or Close
09:50 - 10:40
Fail2ban has been started back in 2004 as a personal project to fight against script kiddies trying to access a home server via SSH brute force. More than 10 years later, it is still maintained and developed by an active community. It helps fighting brute force attacks against many different services.
This talk will present the history of Fail2ban and how many people contributed to make this small tool a fully-featured one used on thousands of servers around the world. An overview of the tool, its architecture and configuration will also be presented.
Frederic Jacobs: (Open Source) Software Supply Chain Security Open or Close
17:00 - 17:50
What are requirements to trust software? The open-source community often claims that being able to read source code makes software safer and more trustworthy. But what guarantees that the code I see on GitHub matches the one that I run on my phone or that I fetch from the repository? This talk explores lessons from writing, maintaining and distributing security-sensitive open source applications.
Stéphane Magnenat: free/libre software in academic research, the case of the Thymio robot Open or Close
I will talk about my experience with free/libre software in the context of academic research. I will briefly present my academic background and my motivation for doing free/libre software. Then I will more specifically present my work in the context of the Thymio II educational robot and the Aseba software framework. Finally, I will discuss the challenges faced by researchers who want to do free/libre software, both at the technical level such as how to ensure maintainance, and at the political and social levels.
Dr. Stéphane Magnenat is a postdoctoral researcher at EPFL. He received his M.Sc. in Computer Science in 2003 and his Ph.D. in Mobile Robotics in 2010, both from EPFL. He worked as associate research scientist at Disney Research Zürich and as a senior researcher at ETH Zürich.
Wolfram Luithardt: Software Complexity Metrics - A new empirical approach applied to the Linux kernel Open or Close
09:00 - 09:50
Software complexity metrics are well known since more than 40 years but still lack of rigorous interpretation. The McCabe cyclomatic complexity (MCC), for example, is used since a long time in different domains, but it is not yet clear, if the results of this metric really reflect the overall complexity of a SW-System. Based on Graph theory, the author presents a novel empirical approach for understanding the structural complexity of functions and gives first results on its application on large Free Software projects as the Linux kernel. With the help of Bayesian Networks, a more general interpretation is given on the risk assessment of software systems.
Wolfram Luithardt received a diploma in physics from the Technical University of Stuttgart/Germany and a PhD in Physical Chemistry from the University of Hamburg/Germany. After some years in space research at the University of Berne he joined some Swiss companies for developing safe and secure embedded systems. Since 2008 he is professor for Technical Informatics and Safety Engineering at the University of Applied Sciences of Western Switzerland where he teaches these domains on an undergraduate and graduate level. Since 2013 he worked on the setup of the Robust and Safe Systems Centre of Fribourg (ROSAS) where new methodologies, tools and technologies in Safety Engineering are developed in close collaboration with some international operating companies.
Pascal Junod: Software application security Open or Close
15:50 - 16:40
Securing a software application does not consist in just cryptographically protecting the network communications or performing a pen-test one week before shipping. It is a long process that has to be started very early. In this talk, we will discuss the important steps that one has to care about during a typical software development lifecycle in order to ensure an acceptable level of security. Additionally, we will describe technical solutions able to protect an application from today’s professional hackers.
Pascal Junod is a professor of computer security at HEIG-VD in Yverdon-les-Bains and one of the founders of strong.codes, a startup active in the domain of software protection. His areas of expertise are industrial cryptography, software security and ethical hacking.
Sergio Alves Domingues: Android Security Open or Close
11:00 - 11:50
With more that 1.4 billion active devices worldwide, Android is now a major platform used not only on smartphones and tablets but also on a wide range of more exotic devices. In this context, Android security is now a hot topic as the system has become a major target for attackers and malware developers. The goal of this talk is to introduce the main aspects of Android security and to present how they rely on underlying Linux kernel.
Sergio Alves Domingues is Chief Technical Officer at SCRT, a swiss company specialised in information security and ethical hacking. Throughout almost 10 years of experience in information security, Sergio has performed a wide range of security audits and penetration tests on many different environments. Over the recent years, these missions frequently involved mobile platforms and specially Android devices.
Daniel Rossier: EmbX: Virtualization tailored to ARM embedded systems Open or Close
13:50 - 14:40
EmbX is the result of nearly ten years of research and covers a large panel of research and industrial projects achieved within the Reconfigurable Embedded Digital Systems Institute of HEIG-VD, in Yverdon. It provides a highly efficient virtualization framework running on ARM (multi-)cores embedded systems dedicated to telecommunication, multimedia, energy, real time devices, etc., and makes possible the use of two (or more) complete isolated operating systems on the same board.
EmbX finds its origin in the XEN hypervisor and has evolved over the years in parallel with the evolution of ARM CPUs (multicore, virtualization support, 64-bit, etc.) staying focused on particular embedded systems requirements, such as device heterogeneity, reactivity, limited resources and security.
The presentation will develop the most important highlights of virtualization with EmbX in the context of embedded systems.
Daniel Rossier, PhD, Professor HES at the University of Applied Sciences (Vaud). Daniel Rossier has been a Professor in Embedded Computing Sciences at the University of Applied Sciences in Yverdon (Switzerland) since 2003. Before his academic involvement, he worked for more than 15 Years as a Software Engineer and a Project Manager in various Swiss Companies, mainly active in the field of telecommunications, multimedia and realtime control. In 2005, he joined the HEIG-VD REDS Institute (Reconfigurable and Embedded Digital Systems). His main research areas are operating systems (RTOS and GPOS), embedded virtualization, ARM technologies, and embedded software execution environments.
He has led and participated in several CTI/KTI and EU research projects (IST, Eurescom, FP) in the field of realtime and self-adaptive network management, low-level software development (drivers, boot code, kernel subsystems) and embedded virtualization.
Daniel Rossier is currently teaching operating systems, embedded computing (ARM programming) and realtime programming at the Bachelor level. In addition, he gives a Master course on the topic of advanced operating systems and embedded execution environments, covering embedded virtualization, driver development and peripheral emulation. He is also a co-founder of Sootech, a start-up developing products with a new paradigm called SOO® (Smart Object Oriented) technology.
Richard Stallman: The Free Software Movement and the GNU/Linux Operating System Open or Close
18:00 - 20:00
Richard Stallman will speak about the goals and philosophy of the Free Software Movement, and the status and history of the GNU operating system, which in combination with the kernel Linux is now used by tens of millions of users world-wide.
Dr. Richard Stallman launched the free software movement in 1983 and started the development of the GNU operating system (see www.gnu.org) in 1984. GNU is free software: everyone has the freedom to copy it and redistribute it, with or without changes. The GNU/Linux system, basically the GNU operating system with Linux added, is used on tens of millions of computers today. Stallman has received the ACM Grace Hopper Award, a MacArthur Foundation fellowship, the Electronic Frontier Foundation's Pioneer Award, and the the Takeda Award for Social/Economic Betterment, as well as several doctorates honoris causa, and has been inducted into the Internet Hall of Fame.