We are looking forward to your upcoming visit to our Facebook office in London! We have a great day planned with our security teams working in areas including end-to-end encryption, account recovery, infrastructure, and anti-malware. We look forward to discussing these subjects and their related research challenges with you.
Please see below for the agenda, as well as participants (both Facebook employees and our external guests). Please let us know if you have any questions.
Alex Stamos is the Chief Security Officer at Facebook, where he leads a team of people around the world focused on ensuring the safety of the billions of people who use Facebook and its family of services. He is also committed to bringing more openness and collaboration to the security community, and to building solutions that keep people safe in the circumstances they face every day. Alex is a noted expert in global scale infrastructure, designing trustworthy systems, and mobile security. He is a frequently requested speaker at conferences and industry events, including Black Hat, RSA, DEF CON, Milken Global, Amazon ZonCon, Microsoft Blue Hat, FS-ISAC, and Infragard. Before Facebook, Alex served as the CISO of Yahoo, where he led the security team to develop innovative security technology and products. He was also the co-founder of security consultancy iSEC Partners, a company that helped hundreds of companies build secure and safe systems. Alex holds a bachelor's degree in Electrical Engineering and Computer Science from the University of California, Berkeley.
Jen Weedon leads a team of security intel analysts dedicated to protecting the security of Facebook's users and disrupting malicious activity. Previously, she led FireEye’s Strategic Analysis team, where she advised private sector and government organizations on global cyber security risks. Jen has been analyzing and consulting at the intersection of cybersecurity, international relations, and business risk for almost a decade. She also a Foreign Policy Interrupted fellow, a program aimed at increasing the diversity of voices - particularly women's voices-- in media around foreign policy matters. Jen holds a bachelor's degree in Government from Smith College and a master's degree in International Law and Security Studies from the Fletcher School of Law and Diplomacy at Tufts University.
Huseyin Kerem Cevahir is a software engineer on Site Integrity team at Facebook. Kerem currently leads anti - fake accounts engineering efforts. He previously focused on clustering and robust real-time cluster classification systems for two years. Prior to Facebook, Kerem spent five years in MyDLP and Labris working on development of a Data Leakage Prevention and a Unified Threat Management products respectively.
Rodrigo Paim is a software engineer in Site Integrity team at Facebook. He joined the company in 2015 and has been working on classification of URLs and malware detection and fighting. Prior to that, he received a master's degree in Mathematical Engineering from ENSTA ParisTech and a bachelor's degree in Computer Engineering from Federal University of Rio de Janeiro.
Felix is an iOS engineer at Facebook in London. He has been focused on the iOS implementation of end-to-end encrypted conversations in Messenger and feels very passionate about software security and architecture. Before joining Facebook in 2015, he got his Master of Science in IT Systems Engineering at Hasso Plattner Institute with a focus on internet security and user centered design.
Oleg is a Software Engineer at Facebook in London. He works on Web and Mobile products for the global Facebook audience. Oleg is passionate about shipping products that improve people's experiences. Before joining Facebook in 2015, he had enjoyed more than ten years in the industry, and before that he received a Masters of Software Engineering from the National Aerospace University.
Dr. Alice Hutchings is a Senior Research Associate at the Computer
Laboratory, University of Cambridge. A criminologist, her research
interests include understanding cybercrime offenders, and the prevention and disruption of online crime. She is a researcher in the Cambridge Cybercrime Centre, a multi-disciplinary initiative combining expertise from the University of Cambridge's Computer Laboratory, Institute of
Criminology and Faculty of Law.
Prof. Andrew Martin undertakes research and teaching in the area of Systems Security, in the University of Oxford. He was instrumental in setting up the University's Cyber Security Network and helps to lead it, heading Oxford's EPSRC/GCHQ-recognised Academic Centre of Excellence in Cyber Security Research. He directs the Centre for Doctoral Training in Cyber Security, which admits 16 students each year for inter-disciplinary education and research. His recent research focus has been on the technologies of Trusted Computing, exploring how they can be applied in large-scale distributed systems, particularly cloud computing, mobile devices, and the internet of things. He has published extensively in this area, hosting several related international events in Oxford and speaking on the subject all over the world.
Khaled Yakdan is a PhD candidate in the Usable Security And Privacy research group at the university of Bonn. My research mainly focuses on binary code decompilation and reverse engineering. Here, I develop methods to effectively recover high-level abstractions from binary code in order to produce well-readable decompiled code. Next to that, I also work on identification of vulnerabilities in binary code. Previously, I worked for the Fraunhofer FKIE institute and my tasks included analyzing malware
both for research and law enforcement.
Dr Steven J. Murdoch is a Royal Society University Research Fellow in the Information Security Research Group of University College London, working on developing metrics for security and privacy. His research interests include authentication/passwords, banking security, anonymous communications, censorship resistance and covert channels. He has worked with the OpenNet Initiative, investigating Internet censorship, and for the Tor Project, on improving the security and usability of the Tor anonymity system. His current research on developing methods to understand complex system security is supported by the Royal Society. He is also working on analysing the security of banking systems, especially Chip & PIN/EMV, and is Innovation Security Architect of Cronto, an online authentication technology provider and part of the VASCO group.
Andrei Sabelfeld's research ranges from theory to practice of information security and privacy, with web security and location privacy as the areas of particular interest. He has been active in world-leading research environments in Europe and the US. Today, he leads a team of researchers at Chalmers University of Technology in Gothenburg, Sweden, engaged in a number of EU and national projects and collaborations with industry including Google, Microsoft, and SAP.
Matthew Smith is a Professor for Usable Security and Privacy at the Rheinische Friedrich-Wilhelms-Universität Bonn, Germany. His research is focused on human factors of security and privacy mechanisms with a wide range of application areas, including TLS and network security, authentication, mobile and app security and, most recently, usable security for developers and administrators. His work has been published at amongst others at IEEE Security and Privacy, ACM CCS, USENIX Security, NDSS, ACM SIGCHI and USENIX SOUPS the Symposium on Usable Security and Privacy. Matthew Smith is also actively involved in the organisation of top academic conferences and is serving on the steering committees of SOUPS and USEC as well as serving as program co-chair for SOUPS 2016 and 2017 and IEEE EuroS&P 2017 and 2018. In 2015 his ERC Starting Grant “Frontiers of Usable Security” was selected for funding.
Pierre Laperdrix is in his final year as a PhD student in the DiverSE team at Inria Rennes. Working under the supervision of Benoit Baudry and Gildas Avoine, his thesis focuses on understanding browser fingerprinting to design good defenses and positive uses of this
technique. As part of his thesis, he developed the AmIUnique.org website
and worked with the Tor organization to improve the Tor browser
fingerprinting defenses. His main domains of interest are security,
privacy and software engineering.
Dr. Joel Reardon is a security and privacy researcher. He did his Master's degree at the University of Waterloo with advisor Ian Goldberg on the topic of improving Tor's transport layer, and his Doctorate at the ETH Zurich with advisors Srdjan Capkun and David Basin on the topic of secure data deletion. He is currently doing a post-doc at UC Berkeley on the topic on usable permission systems and privacy transparency.
Sergio Maffeis is a Senior Lecturer in Computer Security at Imperial
College London. He received his Ph.D. from Imperial and his MSc from
University of Pisa, Italy. His research interests are web security, formal methods, and programming languages. Maffeis' research aims to
develop formal methods describing various components of the Web
ecosystem (such as protocols, programming languages, browsers, servers) and to use such models as a basis for the verification of security
properties of Web applications.
Cas Cremers is Professor of Information Security at the University
of Oxford. He obtained his PhD in 2006 from Eindhoven University of Technology in the Netherlands, after which he was a researcher at ETH Zurich in Switzerland for seven years.
His research involves the application of formal methods and cryptography to the analysis and development of secure systems. The resulting contributions include theoretical foundations, tool
development, and the improvement of widely used security standards. Notably, he worked on the Scyther tool and the Tamarin prover, which he later used to analyse and improve two ISO/IEC
standards and the upcoming IETF TLS 1.3 standard; recently, he worked on a cryptographic analysis of the Signal key exchange protocol.
Dr Shamal Faily is a Senior Lecturer in Systems Security Engineering in the Department of Computing and Informatics at Bournemouth University. His research explores how both security and usability can be designed into software systems. In doing so, his work not only provides assurance that security is incorporated into the design of software, but that the software will continue to be secure when used in different physical, social, and cultural contexts of use. Dr Faily is particularly interested in the role of tool-support in designing secure and usable systems; his research is encapsulated in CAIRIS (Computer Aided Integration of Requirements and Information Security): an open-source security design tool.
Chris Mitchell received his BSc and PhD degrees in Mathematics from Westfield College, University of London in 1975 and 1979 respectively. He was appointed as Professor of Computer Science at Royal Holloway in 1990, having previously worked at Racal Comsec, Salisbury, UK (1979-85) and Hewlett-Packard Laboratories, Bristol, UK (1985-90). After joining Royal Holloway, he co-founded the Information Security Group in 1990, and helped launch the MSc in Information Security in 1992. His research interests lie within information security, focusing on applications of cryptography. He is co-editor-in-chief of Designs, Codes and Cryptography, and section editor for Section D of The Computer Journal.
Frederik Armknecht is professor for cryptography at the University of Mannheim, Germany, since 2010. His research interests include cloud security and security for the Internet of Things. He has numerous publications on the top conferences in cryptography/IT-security and has been involved into several patents. Moreover, he was one of the initiators of TrustED, the international workshop on trustworthy embedded devices. From 2006-2007, he worked as a Research Staff member in the Mobile Internet group at NEC Europe Ltd. in Heidelberg focusing on cryptographic and security issues in various kinds of networks. From 2007-2008, he worked as a postdoc at the Ruhr-University Bochum, Germany where he conducted research on provable security and operating on encrypted data. From 2008-2009, he was an assistant professor at the Ruhr-University Bochum, where he headed the group for cryptographic methods and security models. From 2009-2010, he was a visiting professor at Technische Universität Darmstadt, Germany.
Michel van Eeten is a professor in cybersecurity at Delft University of Technology in the Netherlands. His team analyses large-scale measurement and incident data to identify how the markets for Internet services deal with security risks. He has conducted empirical studies into malware, botnet mitigation, web compromise and the consumer impacts of cybercrime for the ITU, OECD, EU and the Dutch government. He is also a member of the Dutch Cyber Security Council.
Ben Livshits is a Reader (similar to Associate Professor in the American academic system) at Imperial College London and an affiliate professor at the University of Washington. Previously, he was a research scientist at Microsoft Research. Originally from St. Petersburg, Russia, he received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs.
Ross Anderson is Professor of Security Engineering at Cambridge
University. He was one of the founders of the discipline of security
economics, and leads the Cambridge Cybercrime Centre, which collects
and analyses data about online wickedness. He was one of the
designers of the international standards for prepayment electricity
metering and powerline communications; he was one of the inventors of the AES finalist encryption algorithm Serpent; he was also a pioneer of peer-to-peer systems, hardware tamper-resistance and API security. He is a Fellow of the Royal Society, the Royal Academy of Engineering, and the Institute of Physics, and a winner of the Lovelace Medal – the UK's top award in computing. He is best known as the author of the textbook "Security Engineering – A Guide to Building Dependable Distributed Systems"