Conference Overview
Korea University IoTcube Conference 2024
(August 27(Tue) @Korea University Hana Square)
☞ Pre-Registration (Conference by August 21(Wed), Training session by August 14(Wed)):
https://fairpass.co.kr/RunEventInfo?eventcode=2276
ㅡ
ㅁ Overview of 2024
|
Celebrating its 8th year, the IoTcube Conference introduces and shares applications of the 'IoTcube.net' technology, an automated security vulnerability analysis platform launched in 2016 through joint research by Korea, the US, the UK, and Switzerland. For 2024, the conference will feature two tracks: SBOM technology and Security in cross industries. Starting with a special lecture by domestic and international experts on supply chain security, the conference will include a Korea University SBOM training session to engage with those interested in security and explore solutions.
|
- Date
- August 27(Tue) 10:00-18:00 KST (Registration from 9:20 AM)
- Location
- Hana Square Auditorium and Multimedia Room, Korea University, Seoul, South Korea (Hybrid online)
- Participation
- [Conference] Pre-registration by August 21(Wed), free
- [Training Session] Pre-registration by August 14(Wed), 200,000KRW
- ※For simultaneous participation in both the conference and training session, pre-register for both. The event will be conducted in Korean.
- ※Certificate of participation issued for the conference
· Hosts: Korea University Center for Software Security and Assurance (CSSA), Training Center for Security Experts in Cross Industries (TCSEC), BK21 FOUR R&E Center for Computer Science and Engineering, National Center of Excellence in SW
· Sponsors: Ministry of Science and ICT, Seoul Metropolitan Government, Korea Internet & Security Agency (KISA)
· Contact: jihyeonlee@korea.ac.kr, +82-2-3290-4502 / kt.jeon@philicplan.com, +82-2-6953-4818
ㅡ
ㅁ Program for 2024
※Announcement on Non-Disclosure of Presentation Materials
| August 27 (Tue) @ Korea University Hana Square and Online Hybrid | |||
|---|---|---|---|
|
Schedule (KST) |
Main Event @Hana Square Auditorium | ||
| 9:20~10:00 | Registration | ||
|
10:00~10:30 (30') |
[Keynote Speech 1] Michael Lieberman (CTO and Co-Founder, Kusari & Governing Board, OpenSSF) “The Cycle of Supply Chain Security: From SBOM and SLSA to GUAC and Back” |
||
|
10:30~11:00 (30') |
[Keynote Speech 2] Yuseung Kim (Head of Security Labs at Telecommunication Networks, Samsung Electronics) "Am I Doing It Right?: An Examination of Supply Chain Security Practices" |
||
| (20') | Short Break | ||
|
11:20~12:00 (40') |
Welcome Remarks (Jounghyun Kim, Professor, Korea University)
*video address: Dr. Allan Friedman (Senior Advisor and Strategist, CISA),
Prof. Adrian Perrig (ETH Zurich)
[Opening Speech] Heejo Lee (Professor, Korea University) "The Present and Future of the Automated Vulnerability Analysis Platform IoTcube(https://iotcube.net)" |
||
| 12:00~13:00 | Lunch (on your own) | ||
| 트랙명(좌장) |
Track A: SBOM technology (Moderator: Sanghyo Song, Adjunct Professor, Soongsil University IT College) @Korea University Hana Square Auditorium |
Track B: Security in cross industries (Moderator: Jaeyoung Jang, KISA Chief Researcher) @Korea University Hana Square Multimedia Room |
|
|
13:00~13:30 (30') |
Hakjoo Oh (Professor, Korea University) "Automatic Software Error Correction Using Static Analysis" |
Homun Lim (Vice President, KT) "Recent Network Attack Trends and Countermeasures" |
|
|
13:30~14:00 (30') |
Sang Kil Cha (Professor, KAIST) "Binary Function Extraction and Future Challenges" |
Sanggyoo Sim (Executive VP, AUTOCRYPT) "Automotive Cybersecurity Technology and Regulations" |
|
|
14:00~14:30 (30') |
Seonghun Kim (General Researcher, Korea Internet & Security Agency(KISA)) "Current Status and Future Direction of Supply Chain Security Policies in Korea" |
Pyeongju Ahn (Master's Course Student, Korea University) "B2FUZZ: Discovering Bluetooth L2CAP and RFCOMM Vulnerabilities via Adaptive Stateful Fuzzing" |
|
| (15') | Short Break | Track B closing | |
|
14:45~15:15 (30') |
Jin Park (COO, Labrador Labs) "Software Supply Chain Security and leverage SBOM" |
Training Session Participant Registration Confirmation "SBOM Practical Training: Essential Tools for Secure Software" ※The training session from 15:00 to 18:00 is only for paid registrants. |
|
|
15:15~16:15 (60') |
Panel Discussion (Moderator: Jong Kim, Research Professor, Korea University)
- Choonsik Park (Research Professor, Korea University), Weesang Eom(Vice President, LG Electronics), |
15:10~16:00 (50') *KMS Technology/Tool: Black Duck |
|
|
(15') |
Track A closing |
16:00~16:50 (50') SBOM Practical Training with Korea University Research Tools *Tool: HatBOM/Hmark |
|
|
16:30~17:10 (40') |
[Graduate Students Only Track] Jonghyun Jeong (Ph.D student, Korea University) "Special Lecture by Graduates: SW Security" |
17:00~17:50 (50') SBOM Practical Training with Tools *Labrador Labs/Tool: Labrador Scanner |
|
| 17:20 Graduate Students Track closing | 18:00 Training Session closing | ||
ㅡ
ㅁ SBOM Practical Training: Essential Tools for Secure Software (Limited to 30 participants)
· Purpose: With the increasing importance of software supply chain security, interest in SBOM generation and management methods is growing among domestic companies. This training course aims to strengthen the software security management system for industry professionals interested in SBOM generation through domestic and international tools.
· Date/Location: August 27(Tue) 15:00-18:00 @Hana Square Multimedia Room, Korea University
· Application and Fee: Pre-registration by August 14 → Lottery selection → Payment details provided to selected participants → Participation confirmed upon payment / 200,000 KRW
※Priority will be given to applicants from companies with practical needs for SBOM generation and management. Please state the reason for your application in the registration form.
· Preparation: Bring a personal laptop for the training
☞ Training Session Application (~August 14): https://fairpass.co.kr/RunEventInfo?eventcode=2276
※Pre-registration is required for both the conference and training session if attending both
| No | Participating Companies | Training Content |
|---|---|---|
|
1 |
SBOM Practical Training with Tools
(KMS Technology/Tool: Black Duck)
|
- Explanation of SBOM concepts and domestic/international standards
- Introduction to SBOM generation and management methods
- Introduction to open-source vulnerability and license-checking tools
- Practical training on source code inspection using 'Black Duck': Open-source compliance and SBOM generation
|
| 2 |
SBOM Practical Training with Korea University Research Tools
(Korea University/ Tool: HatBOM/Hmark)
|
- Introduction to research trends related to SBOM (Code Clone, Package Manager, Vulnerability Detection)
- Introduction to HatBOM and Hmark (Vuddy): Research and technical implementation
- Practical training on component detection and vulnerability management using HatBOM and Hmark (Vuddy)
|
| 3 |
SBOM Practical Training with Tools
(Labrador Labs/Tool: Labrador Scanner)
|
- Current status and trends of open-source usage
- Introduction to SBOM concepts and trends (domestic/international regulations)
- Introduction to automated SBOM generation and management tool 'Labrador'
- Practical training on SBOM generation and open-source risk (vulnerabilities, licenses) detection and management using Labrador Scanner
|
※ This training will be conducted in groups of 3-4 participants, not individually.
ㅡ
ㅁ Speakers for 2024
- Main Event
| Photo | Speaker Introduction | Lecture Description |
|---|---|---|
|
Michael Lieberman |
Mike Lieberman is CTO and Co-Founder of Kusari, a software supply chain Security company. His background is in financial services working at hedge funds like Bridgewater Associates, and banks like MUFG and Citi. He is also heavily involved in open source where he's a technical advisory council and governing board member of OpenSSF, a tech lead for the CNCF technical advisory group for security and a maintainer of multiple open projects like SLSA and GUAC. |
"The Cycle of Supply Chain Security: From SBOM and SLSA to GUAC and Back" - Supply chain security is a journey not a destination. We will take a look at how the practices you are doing today help you and your organization to iterate on securing your software supply chain. We will explore how you can go from a baseline understanding of your software, to a new understanding through tools and techniques like SBOMs, SLSA, OpenVEX, and GUAC. |
|
Yuseung Kim (Head of Security Labs at Telecommunication Networks, Samsung Electronics) |
Yuseung Kim has been working on the analysis of threats in mission-critical systems including telecommunication systems, medical devices, connected-automated vehicles, mobility services, and the development of countermeasures. Dr. Kim received PhD in Electrical and Computer Engineering from Carnegie Mellon University with a dissertation titled “Securing Wi-Fi Access By Using Location-Aware Controls”. He was a member of the Mobile, Embedded, Wireless Security group led by Dr. Patrick Tague. |
"Am I Doing It Right?: An Examination of Supply Chain Security Practices" - The question whether an organization should consider supply chain security is no longer relevant as we have witnessed major security incidents on the complex software supply chain over the past few years. These events prompted industry, academia, and government entities to work collectively towards providing transparency, accountability, and control over the supply chain of software products. In order to expedite the adoption of appropriate measures such as SBOM, it would be beneficial to examine the prevailing perceptions regarding supply chain security within the domain to preclude any potential misconceptions. |
|
Heejo Lee (Professor, Korea University) |
Heejo Lee is a professor in the Department of Computer Science and Engineering and the director of the Center for Software Security and Assurance (CSSA) at Korea University, South Korea. He is one of the leading cybersecurity experts in the country, with research interests that include software security, open-source security, and automated vulnerability analysis. |
"The Present and Future of the Automated Vulnerability Analysis Platform IoTcube(https://iotcube.net)" - Launched in 2016 by CSSA, 'https://iotcube.net' is an automated vulnerability analysis platform enhancing software security. We will explore the current state and future of IoTcube. Future improvements will focus on expanding development environment compatibility, and SBOM management for securing software supply chains. |
- Track A
| Photo | Speaker Introduction | Lecture Description | |||
|---|---|---|---|---|---|
|
Moderator: Sanghyo Song, Adjunct Professor (Soongsil University IT College) |
Sanghyo Song is an adjunct professor at Soongsil University. Since 2023, he has been serving as a standards committee member for the TTA Open Source Software Group (PG602) and a member of the Digital Government Subcommittee of the Ministry of the Interior and Safety's Policy Committee. He served as president of the Korea Open Source Software Association from 2011 to 2014 and is an expert in government IT consulting, data, and open-source software. |
Track A: SBOM technology moderator
|
|||
|
Hakjoo Oh (Professor, Korea University) |
Hakhjoo Oh has been a professor at Korea University since 2015. His main research areas are programming languages and software engineering. He has won several best paper awards at top conferences like ICSE and is researching program analysis techniques and automatic vulnerability patching. |
"Automatic Software Error Correction Using Static Analysis" - Sharing techniques for automatically correcting runtime errors frequently occurring in C/C++/Java/Python languages and verifying the correctness of the fixes. |
|||
|
Sang Kil Cha (Professor, KAIST) |
Sang Kil Cha is a leading professor at the Graduate School of Information Security and the head of the Cyber Security Research Center (CSRC) at the KAIST. He is the first Korean to receive the IEEE Security & Privacy Test-of-Time Award (2022) and has also been honored with Distinguished Paper Awards at top software engineering conferences such as ICSE, FSE, and ASE. He is an expert in software security and program analysis. |
"Binary Function Extraction and Future Challenges" - Identifying functions in binaries is essential for SBOM but very challenging. This lecture will discuss these challenges and introduce the latest technologies from KAIST's FunProbe. |
|||
|
Seonghun Kim (General Researcher, Korea Internet & Security Agency(KISA)) |
Seonghoon Kim is a general researcher at the Korea Internet & Security Agency (KISA), working on strengthening supply chain security across various industries by researching and implementing policy and technical solutions. He focuses on providing a reliable and secure supply chain environment through guidelines and technical support. |
"Current Status and Future Direction of Supply Chain Security Policies in Korea" - Introducing various domestic and international supply chain security policies, including the plans for 2024, covering technology research, demonstration, and guidelines. |
|||
|
Jin Park (COO, Labrador Labs) |
Jinwan Park is the COO of Labrador Labs, a domestic SCA solution developer. He has extensive experience in open-source governance and license compliance consulting and will share practical experiences in SBOM response.
|
"Software Supply Chain Security and leverage SBOM" - Presenting real-world examples of safe software supply chain operations through proper SBOM utilization. |
|||
- Panel Discussion
|
"Panel Discussion: Activation Plans for SBOM Systemization for Software Supply Chain Security"
- Conducting a panel discussion on the necessary requirements for SBOM popularization/systemization across policy institutions, companies, and researchers.
|
|||||
|---|---|---|---|---|---|
|
Chair: Jong Kim (Research Professor, Korea University, Former Professor at POSTECH) |
Weesang Eom (Vice President, LG Electronics) |
Manhee Lee (Professor, Hannam University) |
|||
|
Choonsik Park (Research Professor, Korea University) |
Hyangjin Lee (Director, KISA) |
TBD |
|||
- Track B
| Photo | Speaker Introduction | Lecture Description |
|---|---|---|
|
Moderator: Jaeyoung Jang, (KISA Chief Researcher) |
Jaeyoung Jang has been with the Korea Internet & Security Agency (KISA) since 2003, building experience in privacy, location information, and spam response. Recently, he has been responsible for investigating personal information leaks and exposures. His main research interests include information protection, privacy policies, AI protection policies, privacy protection and learning behavior, and the development of a privacy cycle model.
|
Track B: Security in cross industries moderator |
|
Homun Lim (Vice President, KT) |
Homun Lim is a network security expert at KT, leading responses to various cyberattacks such as DDoS and phishing. His main areas of expertise are artificial intelligence, SOAR, and network security solutions. |
"Recent Network Attack Trends and Countermeasures" - Introducing recent trends in sophisticated DDoS attacks and efficient countermeasures. |
|
Sanggyoo Sim (Executive VP, AUTOCRYPT) |
Sanggyoo Sim is the CTO of Autocrypt, having graduated with a Ph.D. in Electrical and Computer Engineering from POSTECH. He has held positions at Samsung Electronics Software Research Center and as CTO of Penta Security. |
"Automotive Cybersecurity Technology and Regulations" - Key contents of the UN Regulation 155 on automotive cybersecurity regulations and new cybersecurity issues arising from the evolution of automotive technologies. |
|
Pyeongju Ahn (Master's Course Student, Korea University) |
Pyeongju Ahn is a master's student at Korea University's Computer Security Lab (CCS), researching protocol fuzzing and open-source security. She will present a paper on Bluetooth vulnerability detection at the ESORICS '24 conference. |
"B2FUZZ: Discovering Bluetooth L2CAP and RFCOMM Vulnerabilities via Adaptive Stateful Fuzzing" - Introducing research on detecting vulnerabilities in Bluetooth protocols L2CAP and RFCOMM layers using adaptive stateful fuzzing techniques. |
- Students Only
| Photo | Speaker Introduction | Lecture Description |
|---|---|---|
|
Jonghyun Jeong (Ph.D student, Korea University) |
Jonghyun Jeong is a Ph.D. student in the Computer Systems Lab at Korea University. He will share various experiences as an alumnus. |
"Special Lecture by Graduates: SW Security" - Sharing tips on utilizing the master's program at Korea University's Graduate School and developing a career in software security. |
