SBA Security Meetup hosted by Dynatrace!

This meeting is organized as an on-site event only! This event will be hosted by Dynatrace, find the information on how to get there down below!

----- WHAT TO EXPECT -----
Talk 1: Security and Privacy by Design in the SDLC: Why, When, How?
By: Catherine Easdon

Talk 2: KomMKonLLM - How to combinatorially generate consistency tests for LLMs
By: Bernhard Garn & Ludwig Kampel

Talk 3: From Ping to Blackout: Active Measurements on Internet Disruptions in Ukraine Kherson
By: Florian Holzbauer

Agenda:

• 18:00 Gathering
• 18:20 Intro
• 18:30 — 19:00 Talk 1
• 19:00 — 19:10 Q&A Talk 1
• 19:10 — 19:30 Talk 2
• 19:30 — 19:35 Q&A Talk 2
• 19:35 — 19:55 Talk 3
• 19:55 — 20:00 Q&A Talk 3
• From 20:00: Socializing, snacks & drinks

Location:
Dynatrace Austria GmbH
THE ICON VIENNA
Tower 24 - 22nd Floor
Wiedner Gürtel 13, 1100 Vienna

The details on how to get up to the meetup is down below.

-----Event & Details-----

Talk 1:
Title: Security and Privacy by Design in the SDLC: Why, When, How?

Abstract: Security and privacy: so important, but so tricky to get right! You've likely encountered some common security controls in the software development lifecycle, such as code scanning, penetration testing, and threat modeling. But why do we use these controls, when are they most effective, and how do you roll them out efficiently at scale? And what even is a privacy control, anyway? In this session, we'll explore what security by design and privacy by design mean in practice for software development and discuss the unique challenges of each.

Bio Catherine Easdon: Cat is an engineer and researcher exploring the intersection of privacy, security, and tech policy. At Dynatrace, she translates law and policy into code to protect users and integrates privacy controls into the SDLC. She also engages on tech policy issues, most recently as a fellow at the Internet Society and at Virtual Routes. Previously, she hacked CPUs for a living in academia, investigating how hardware behavior leaks sensitive data within software. When she's not coding, you'll usually find her knee-deep in snow in the mountains!

Talk language: English

Talk 2:
Titel: KomMKonLLM - How to combinatorially generate consistency tests for LLMs

Abstract:
Consistency testing of Large Language Models (LLMs) targets the problem how to test whether LLMs react reliably to different inputs which have the same semantics. Given that LLMs are quite complex and their internal structure oftentimes is hard to understand, novel innovative ways are required to assess and test their behavior with regard to consistency. To this end, we present the project KomMKonLLM (https://www.netidee.at/kommkonllm), funded as netidee project (2024, call #19), which uses combinatorial black-box testing methods to generate consistency tests for LLMs. In this talk, we will present the underlying methodology of KomMKonLLM, its technical architecture and also give a demo.

Bio: Ludwig Kampel and Bernhard Garn (senior researchers of the MATRIS Research Group at SBA Research)
Their research evolves around all aspects of combinatorial testing, ranging from theoretical works to implementing test generation tools. In particular, they have been working on applying combinatorial methods in security testing. Ludwig and Bernhard have both received doctoral degrees in technical sciences (informatics) from TU Wien. Contact them at KomMKonLLM@sba-research.org and visit https://matris.sba-research.org/ for more information.

Talk language: English

Talk 3:
Titel: From Ping to Blackout: Active Measurements on Internet Disruptions in Ukraine Kherson

Abstract:
In this talk, we explore the motivation, methodology, and findings of our Internet measurement campaign, initiated in response to the war between Russia and Ukraine. Our goal is to assess the conflict’s impact on Internet connectivity, particularly in war-affected regions.
We begin by discussing different types of Internet outages and the methods used to detect them. Next, we examine various outage signals and how they can be inferred from active measurements. Finally, we present real-world data on Internet disruptions affecting Ukrainian ISPs operating in the Kherson region - an oblast that has been at the frontline of war for three years.

Bio Florian Holzbauer (Researcher at SBA Research):
Florian is currently working towards his PhD degree at University of Vienna. During his bachelor studies he focused on penetration testing, evaluating antivirus solutions by writing custom malware and network scanning. In his bachelor thesis he adapted ZMAP to internetwide IPv6 scanning and measured active subnets in austrian IPv6 allocations. During his master studies he joined Team ERIS as a junior researcher. With his supervisor Johanna, they founded an entry point for Internet-measurements in Austria (aim.sba-research.org). He is now pursuing a PhD in that field with the focus on measuring Internet standard adoption and compliance.

How to get up:

• When you arrive in the ICON tower, walk straight to the info point and ask for a visitor's card for Dynatrace (22nd floor). They will explain your way to tower 24.
• Walk through the 1st glass door. At the 2nd glass door, you will need your visitor's card (left side) and hold it against the card reader to open.
• At the turnstiles, hold your visitor card against the card reader, walk through and look at the screen on your slide (while entering).
• The screen will display a letter (A-D) about which elevator you need to take.
• At the elevator, entrance is a small display showing you the floor where it is going. Enter if you see the number 22. You can also hold your card against the bottom of the display to get the elevator letter.

Looking forward to see you!