History
PST 2024, AustraliaPST 2023, Denmark
PST 2022, Canada
PST 2021, New Zealand
PST 2019, Canada
PST 2018, UK
PST 2017, Canada
PST 2016, New Zealand
PST 2015, Turkey
PST 2014, Canada
PST 2013, Catalonia
PST 2012, France
PST 2011, Canada
PST 2010, Canada
PST 2009, Canada
PST 2008, Canada
PST 2007, Canada
PST 2006, Canada
PST 2005, Canada
PST 2004, Canada
Industry Summit Speakers
Abhay Raman
Biography:
Abhay Raman is Senior Vice President and Chief Security Officer at Sun Life. In this role, he is accountable globally for all aspects of Cyber & Physical security, Crisis, and Technology Risk Management. He is committed to continually improving Sun Life’s security posture as the organization advances its digital transformation, artificial intelligence, and innovation agenda. Prior to taking on his current role, he led the global data and analytics teams, developing and executing Sun Life’s strategy to enable data & AI capability globally. He was an advisory partner at EY prior to joining Sun Life and has lived and worked in many countries around the world.
He is the Chair of the Board at the Canadian Cyber Threat Exchange (CCTX), and a board director at Victims Services Toronto. He is also an Executive-in-Residence with the TMU Cybersecurity Accelerator, an active advisor to the 'Cyber Right Now' Campaign and the Canadian Forum for Digital Infrastructure Resilience (CFDIR). Abhay is well published and regularly speaks at conferences on technology, security, artificial intelligence, and talent development in technology.
He is the Chair of the Board at the Canadian Cyber Threat Exchange (CCTX), and a board director at Victims Services Toronto. He is also an Executive-in-Residence with the TMU Cybersecurity Accelerator, an active advisor to the 'Cyber Right Now' Campaign and the Canadian Forum for Digital Infrastructure Resilience (CFDIR). Abhay is well published and regularly speaks at conferences on technology, security, artificial intelligence, and talent development in technology.
Dr. Ahmed Al-Rawi
Biography:
Dr. Ahmed Al-Rawi is an Associate Professor of News, Social Media, and Public Communication at the School of Communication at Simon Fraser University. He is also the founder and director of the Disinformation Project, and his research interests are related to news, global communication, misinformation, and social media with emphasis on Canada and the Middle East.
Dr. Argyri Panezi
Biography:
Dr. Argyri Panezi (she/her) is the T2 CRC in Digital Information Law and Policy at UNB, an affiliated member of the Canadian Institute for Cybersecurity. In her role as the Director of UNB's Legal Innovation Laboratory she is also involved in policymaking in New Brunswick, working in collaboration with the judiciary, government, and civil society actors. Argyri's research explores the effects that disruptive technologies have on citizens, institutions and the law.
Chris Lynam
Biography:
Chris Lynam is currently the Director General of the National Cybercrime Coordination Centre and the Canadian Anti-Fraud Centre within the RCMP. He led extensive work and consultations with other government departments, law enforcement partners across Canada and the private sector to conceptualize and design a national cybercrime coordination mechanism for Canada. He previously worked for Public Safety Canada and within the Security and Intelligence Secretariat of the Privy Council Office where he was part of the team that supported the National Security Advisor to the Prime Minister. Outside the RCMP, he is a member of the Primary Reserve and served as the Lieutenant-Colonel Commanding of the Governor General’s Foot Guards, an Infantry Regiment based in Ottawa.
Colin MacSween
Biography:
Colin MacSween is the Director General, National Cyber Security within the National and Cyber Security Branch at Public Safety Canada. Colin has previously worked with the Department of National Defence, the Canada Border Services Agency and, most recently, the Canadian Security Intelligence Service. Colin holds a Master of Public Administration from Dalhousie University.
Dan A. Doran
Biography:
Dan Doran joined the Canadian Forces in 1998 as a Royal Canadian Engineer, attending the Royal Military College of Canada. He graduated in 2002 with a bachelor’s degree in civil engineering. Dan spent the next eight years as a regular force officer, subsequently transferring to the Army Reserve. Over his career, Dan served with several regiments in addition to deployments to Afghanistan, Sudan, and the Democratic Republic of Congo. In his current reserve role, Dan serves as the Senior Advisor to the Office of the Chief Military Engineer.
Dan began his civilian career in 2010, working as a real property leader at McGill University. In 2019, Dan moved to WSP, a global engineering consulting firm, where he led their defence and security practice, its Future Ready team in addition to its thought leadership program. In August 2023, Dan moved to KPMG, where he was the Director and the National Practice Lead, Defence and Security. In 2025, Dan moved from KPMG to ADGA Group Consulting where he is their Vice President, Business Development and Marketing. In addition to his regular duties, Dan is also seconded part-time as the Climate Security and Defence Lead for the Sustainable Markets Initiative, the flagship non-profit organization of King Charles III.
In addition to his bachelor’ degree, Dan holds master’s degrees in both Human Security and Peacebuilding (Royal Roads) and Business Administration (Concordia). He is also a professional engineer (eng.), project management professional (PMP) and human resource professional (CRHA). Dan sits on boards of the Vimy Foundation and Canadian Military Engineers Association. He is also an Honorary Patron for the International Forum for Peace, Security and Prosperity (IFPSP) and volunteers with several other organizations.
Dan began his civilian career in 2010, working as a real property leader at McGill University. In 2019, Dan moved to WSP, a global engineering consulting firm, where he led their defence and security practice, its Future Ready team in addition to its thought leadership program. In August 2023, Dan moved to KPMG, where he was the Director and the National Practice Lead, Defence and Security. In 2025, Dan moved from KPMG to ADGA Group Consulting where he is their Vice President, Business Development and Marketing. In addition to his regular duties, Dan is also seconded part-time as the Climate Security and Defence Lead for the Sustainable Markets Initiative, the flagship non-profit organization of King Charles III.
In addition to his bachelor’ degree, Dan holds master’s degrees in both Human Security and Peacebuilding (Royal Roads) and Business Administration (Concordia). He is also a professional engineer (eng.), project management professional (PMP) and human resource professional (CRHA). Dan sits on boards of the Vimy Foundation and Canadian Military Engineers Association. He is also an Honorary Patron for the International Forum for Peace, Security and Prosperity (IFPSP) and volunteers with several other organizations.
Elaine Hum
Biography:
Elaine Hum is a recognized leader with over 20 years of experience in strategy, partnerships, and cross-sector collaboration. Her work spans finance, government, academia, and nonprofits, where she has collaborated with leaders to provide strategic guidance and shape effective cybersecurity policies.
In 2023, Elaine was honored as one of IT World Canada's Top Women in Cybersecurity, highlighting her significant contributions to the field. Currently, as the Director of Cybersecurity Partnerships at Scotiabank, she is the chief architect of the Bank's Cybersecurity Partnership Program—a strategic initiative focused on attracting diverse talent from equity-deserving groups and fostering innovation through leading-edge R&D collaborations.
Elaine is an active leader within the cybersecurity community. She serves on advisory boards, speaks regularly at IT security forums, and participates in expert panels. Her commitment to giving back is evident through her volunteer work as a mentor and coach, where she empowers and inspires the next generation of technology leaders by sharing her expertise and experience.
In 2023, Elaine was honored as one of IT World Canada's Top Women in Cybersecurity, highlighting her significant contributions to the field. Currently, as the Director of Cybersecurity Partnerships at Scotiabank, she is the chief architect of the Bank's Cybersecurity Partnership Program—a strategic initiative focused on attracting diverse talent from equity-deserving groups and fostering innovation through leading-edge R&D collaborations.
Elaine is an active leader within the cybersecurity community. She serves on advisory boards, speaks regularly at IT security forums, and participates in expert panels. Her commitment to giving back is evident through her volunteer work as a mentor and coach, where she empowers and inspires the next generation of technology leaders by sharing her expertise and experience.
Igor Opushnyev
Biography:
Igor Opushnyev is a Principal Software Engineer/Architect at Mastercard since 2018. He has almost 30 years of experience in software engineering, with a strong focus on cybersecurity and secure systems design. Along the way, he’s been named as the principal inventor or co-inventor on 11 patents in cybersecurity. Igor enjoys sharing what he’s learned and connecting with others who are just as excited about tech and innovation.
Jennifer M. Sloan
Biography:
A former public servant and political-staffer-turned-diplomat, Jennifer Sloan made her foray into the private sector and currently leads government affairs and stakeholder engagement for Mastercard Canada.
Earlier in her career, she was the Director of Communications for one of the longest serving Industry Ministers in Canada and continued in this role as he moved to Foreign Affairs, then Deputy Prime Minister and Minister of Finance. She continued this work when she was appointed to the Consulate General of Canada in NYC.
A passionate advocate for social impact, Jennifer developed the Mastercard Changeworks™ program, a grassroots initiative that partners with the not-for-profit sector in Canada to improve their technology and data capabilities. She’s a Vital Voices Global Ambassador and serves on numerous corporate and association boards including Immediate past Chair of the Canadian American Business Council (CABC); Immediate past Chair of Music Canada; Director Indigenous Prosperity Foundation (IPF); Director Women’s College Hospital; and Director of the Board of Trust of the Grady College of Journalism and Communication at the University of Georgia.
A Mastercard CEO Force for Good Recipient, Jennifer also received a 2019 North America President’s Award; 2023 North American Partnership Award; Top 100 Lobbyists in Canada, the Hill Times; bestowed the Henry W. Grady Alumni Award at the University of Georgia; and National Colby Award for Public service, Sigma Kappa. Jennifer has a Bachelor of Arts degree in journalism from the University of Georgia in Athens, Georgia.
Earlier in her career, she was the Director of Communications for one of the longest serving Industry Ministers in Canada and continued in this role as he moved to Foreign Affairs, then Deputy Prime Minister and Minister of Finance. She continued this work when she was appointed to the Consulate General of Canada in NYC.
A passionate advocate for social impact, Jennifer developed the Mastercard Changeworks™ program, a grassroots initiative that partners with the not-for-profit sector in Canada to improve their technology and data capabilities. She’s a Vital Voices Global Ambassador and serves on numerous corporate and association boards including Immediate past Chair of the Canadian American Business Council (CABC); Immediate past Chair of Music Canada; Director Indigenous Prosperity Foundation (IPF); Director Women’s College Hospital; and Director of the Board of Trust of the Grady College of Journalism and Communication at the University of Georgia.
A Mastercard CEO Force for Good Recipient, Jennifer also received a 2019 North America President’s Award; 2023 North American Partnership Award; Top 100 Lobbyists in Canada, the Hill Times; bestowed the Henry W. Grady Alumni Award at the University of Georgia; and National Colby Award for Public service, Sigma Kappa. Jennifer has a Bachelor of Arts degree in journalism from the University of Georgia in Athens, Georgia.
Kelly Anderson
Biography:
Kelly Anderson (BScS University of Ottawa, MA Norman Patterson School of International Affairs) currently serves as Director for International Cyber and Critical Technology Policy at Global Affairs Canada
Ms. Anderson joined the Department of Foreign Affairs and International Trade in 1997.
At Headquarters, she has worked in a variety of assignments including Deputy Director for NATO, OSCE and European Defence Cooperation; Deputy Director for Conventional, Chemical and Biological Weapons; and, as Deputy Director for Space Policy and Regulation.
She has served overseas at the Canadian Embassies in Belgrade, Serbia and Washington, DC. She was Deputy Permanent Representative of Canada to the Conference on Disarmament in Geneva from 2011-2014 and, most recently, served as Counsellor and Head of the Foreign Policy and Diplomacy section of the Canadian Embassy to Austria.
Ms. Anderson joined the Department of Foreign Affairs and International Trade in 1997.
At Headquarters, she has worked in a variety of assignments including Deputy Director for NATO, OSCE and European Defence Cooperation; Deputy Director for Conventional, Chemical and Biological Weapons; and, as Deputy Director for Space Policy and Regulation.
She has served overseas at the Canadian Embassies in Belgrade, Serbia and Washington, DC. She was Deputy Permanent Representative of Canada to the Conference on Disarmament in Geneva from 2011-2014 and, most recently, served as Counsellor and Head of the Foreign Policy and Diplomacy section of the Canadian Embassy to Austria.
Kostia Nikolaiev
Biography:
Kostiantyn (Kostia) Nikolaiev is a seasoned Product Manager with over 15 years of cross-functional experience in technology and software development. Currently at Mastercard, he leads initiatives in identity verification and fraud detection. Kostiantyn has held leadership roles across diverse sectors including gaming, fintech, and B2B SaaS, and has a strong track record of building and scaling product teams, launching innovative solutions, and driving business growth. He holds a Master’s degree in Mathematics and Computer Science and is a Certified Scrum Product Owner (CSPO).
Dr. Kwasi Boakye-Boateng
Biography:
Dr. Kwasi Boakye-Boateng is the Interim Deputy Director of Research and Training for the Cyber Attribution Data Centre at the Canadian Institute for Cybersecurity (CIC). He also serves as a Research Associate and R&D Team Lead, focusing on cybersecurity for operational technology (OT), industrial control systems (ICS), and mission-critical infrastructure. His research involves developing frameworks to defend civilian and military systems against advanced threats. He has worked with partners including Siemens, IBM, and military-affiliated organizations on detection systems, risk models, and impact assessments. With over a decade of experience in telecommunications, he brings deep expertise in securing communication networks. Dr. Boakye-Boateng holds a Ph.D. in Computer Science from the University of New Brunswick. At UNB, he leads cybersecurity projects in collaboration with CIC’s industry partners.
Paul Hanley
Biography:
Paul Hanley is the Senior Vice President for Cyber Security at Rogers Communications. He is a recognized global expert in Cyber Security, with over 25 years experience in the field, during which time he has successfully played both CISO and Big-4 Senior Partner roles.
While strongly versed in all areas of Cyber Risk and Security, he has particular experience in aligning security functions to the needs of the business, and providing Cyber Security direction for Board level Executives. Paul's key subject matter expertise includes forming and running global security functions, business transformation, and leading large-scale Cyber Security programs in Financial Services.
Paul also has expert knowledge in driving effective Financial Services Cyber Security improvement (including compliance to OSFI Cyber security requirements), Cyber Security Risk Management, Technical Security Architecture Design, IT Risk Management, Cryptography, Disaster Recovery and Business Continuity Planning. Paul regularly provides input into and comments on draft Security Standards and legislation, as well as more specific Government Standards.
Paul has been profiled by SC Magazine, and has served as the guest presenter at a number of high-profile security events. His expertise is regularly sought out for his insights in the Media, both on live television, in the broadsheets as well as in specialist information security press. In his career, Paul has been directly involved with a number of high profile, billion-dollar programs and has built strong business relationships. Paul has also been a CLAS consultant approved by CESG to provide Information Assurance advice to Government departments and other organizations. Paul is passionate about Diversity and Inclusion and is actively involved in multiple initiatives to further progress in the Industry.
While strongly versed in all areas of Cyber Risk and Security, he has particular experience in aligning security functions to the needs of the business, and providing Cyber Security direction for Board level Executives. Paul's key subject matter expertise includes forming and running global security functions, business transformation, and leading large-scale Cyber Security programs in Financial Services.
Paul also has expert knowledge in driving effective Financial Services Cyber Security improvement (including compliance to OSFI Cyber security requirements), Cyber Security Risk Management, Technical Security Architecture Design, IT Risk Management, Cryptography, Disaster Recovery and Business Continuity Planning. Paul regularly provides input into and comments on draft Security Standards and legislation, as well as more specific Government Standards.
Paul has been profiled by SC Magazine, and has served as the guest presenter at a number of high-profile security events. His expertise is regularly sought out for his insights in the Media, both on live television, in the broadsheets as well as in specialist information security press. In his career, Paul has been directly involved with a number of high profile, billion-dollar programs and has built strong business relationships. Paul has also been a CLAS consultant approved by CESG to provide Information Assurance advice to Government departments and other organizations. Paul is passionate about Diversity and Inclusion and is actively involved in multiple initiatives to further progress in the Industry.
Rajiv Gupta
Biography:
Rajiv Gupta is the Head of the Canadian Centre for Cyber Security (the Cyber Centre), a part of the Communications Security Establishment Canada (CSE). As Head, Rajiv leads the Cyber Centre in providing expert advice, guidance and services to the Canadian government, the private sector including Canada’s critical infrastructure sectors and the Canadian public.
Prior to this role, Rajiv served as the Associate Head of the Cyber Centre for three years, where he was responsible for achieving national level cyber security outcomes for Canada through collaborative efforts with industry partners. Previously a software engineer in the telecommunications sector, Rajiv joined CSE in 2007 and has held a number of leadership roles in the cyber security domain, including Director General of Cyber Defence Capabilities where he oversaw the development and operation of sensors, threat discovery analytics, and autonomous defence technologies used to protect Government of Canada networks. Previous to that role, he was the Director of Security Architecture and Risk Mitigation, responsible for security architecture guidance, supply chain and cloud risk assessments for the Government of Canada, and the implementation of a cyber security risk mitigation framework for Canada’s telecommunications sector.
Rajiv holds a bachelor’s degree and a master’s degree in engineering and is a Professional Engineer in the Province of Ontario.
Prior to this role, Rajiv served as the Associate Head of the Cyber Centre for three years, where he was responsible for achieving national level cyber security outcomes for Canada through collaborative efforts with industry partners. Previously a software engineer in the telecommunications sector, Rajiv joined CSE in 2007 and has held a number of leadership roles in the cyber security domain, including Director General of Cyber Defence Capabilities where he oversaw the development and operation of sensors, threat discovery analytics, and autonomous defence technologies used to protect Government of Canada networks. Previous to that role, he was the Director of Security Architecture and Risk Mitigation, responsible for security architecture guidance, supply chain and cloud risk assessments for the Government of Canada, and the implementation of a cyber security risk mitigation framework for Canada’s telecommunications sector.
Rajiv holds a bachelor’s degree and a master’s degree in engineering and is a Professional Engineer in the Province of Ontario.
Steve Sparkes
Biography:
Steve Sparkes joined TD Bank in 2025 as Chief Information Security Officer, and has more than 35 years of experience in leadership roles in technology infrastructure, application development, IT Operational Risk, and Cybersecurity.
Previously, Steve joined Scotiabank in 2021 as Chief Information Security Officer and SVP Information Security and Control. In November 2023 he added responsibility for Enterprise Infrastructure, as well as IT and Cyber Risk strategies, systems and procedures. Prior to Scotiabank, he spent 6 years at Bank of America as a Managing Director, being COO for Cybersecurity and then Head of Cybersecurity Technology. Other prior roles include 13 years as Managing Director at Morgan Stanley, where his career included periods as CTO for Investment Banking, CIO of Technology and Information Risk, and Head of the Technology and Data Philanthropy Committee. His early career included extensive software development for financial systems.
Steve is a strong advocate of the necessity of cybersecurity and resilience across the industry and has delivered numerous presentations on topics such as ethical AI and emerging technological threats. He serves on the executive board and chairs the Finance Committee of FS-ISAC, a member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, as well as being active in the Canadian cyber community.
Previously, Steve joined Scotiabank in 2021 as Chief Information Security Officer and SVP Information Security and Control. In November 2023 he added responsibility for Enterprise Infrastructure, as well as IT and Cyber Risk strategies, systems and procedures. Prior to Scotiabank, he spent 6 years at Bank of America as a Managing Director, being COO for Cybersecurity and then Head of Cybersecurity Technology. Other prior roles include 13 years as Managing Director at Morgan Stanley, where his career included periods as CTO for Investment Banking, CIO of Technology and Information Risk, and Head of the Technology and Data Philanthropy Committee. His early career included extensive software development for financial systems.
Steve is a strong advocate of the necessity of cybersecurity and resilience across the industry and has delivered numerous presentations on topics such as ethical AI and emerging technological threats. He serves on the executive board and chairs the Finance Committee of FS-ISAC, a member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, as well as being active in the Canadian cyber community.
Pamela Simpson
Biography:
Pam Simpson is an AI Business Information Security Officer at TD, where she leads security governance for generative AI initiatives and contributes to multiple industry working groups exploring AI’s impact on the financial sector. She previously supported insider investigations and strategic cyber threat intelligence at TD, and focused on state-sponsored threats and ransomware while at BMO. Pam is the Engagements Lead for TD’s Platforms and Technology Indigenous Peoples Committee, facilitating partnerships with Indigenous-led organizations in the tech space.
She serves on the steering committees for the FSISAC AI Risk Working Group and the Vancouver Privacy and Security Summit, and is an active member of the NIST AI Working Groups, the Cyber Risk Institute, Cloud Security Alliance, and the Canadian Bankers Association. Pam holds a B.A.H and M.A. in Political Science from Queen’s University, CISSP, GIAC Cyber Threat Intelligence Certification from SANS, and Security+ from CompTIA, and mentors aspiring cybersecurity professionals.
She serves on the steering committees for the FSISAC AI Risk Working Group and the Vancouver Privacy and Security Summit, and is an active member of the NIST AI Working Groups, the Cyber Risk Institute, Cloud Security Alliance, and the Canadian Bankers Association. Pam holds a B.A.H and M.A. in Political Science from Queen’s University, CISSP, GIAC Cyber Threat Intelligence Certification from SANS, and Security+ from CompTIA, and mentors aspiring cybersecurity professionals.
Academic Conference Speakers
Lingyu Wang
Biography:
Lingyu Wang is a Professor of Computer Engineering in the School of Engineering at UBC Okanagan. Prior to joining UBC, he was a Professor in the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University. He held the NSERC/Ericsson Industrial Research Chair (IRC) in SDN/NFV Security between 2019 and 2024. He received his Ph.D. degree in Information Technology in 2006 from George Mason University, USA. His research interests include cloud computing security, SDN/NFV security, network security metrics, software security, and privacy. He has been the principal investigator of over four million dollars of research grants. He has co-authored seven books, six patents, and over 150 conference and journal articles, including many published at top security conferences/journals such as S&P, CCS, USENIX Security, NDSS, TOPS, TIFS, TDSC, JCS, etc. He was the recipient of several best (student) paper awards. He has (co-)supervised 50 graduate students, among whom 10 former Ph.D. students are currently holding academic positions. He has served on the editorial boards of IEEE Transactions on Dependable and Secure Computing (TDSC), Computers & Security, and Annals of Telecommunications (ANTE). He has also served as the program (co)-chair of seven international conferences and the technical program committee member of over 150 international conferences.
Talk Title:
Attack Detection, Investigation, and Mitigation for Network Functions Virtualization (NFV)
Talk Abstract:
By decoupling network functions from proprietary physical boxes, Network Functions Virtualization (NFV) allows tenants to host their network services on top of existing clouds managed by third-party providers. NFV may also lead to novel security challenges at different abstraction levels. In this talk, I will present three of our recent works on securing NFV through attack detection (USENIX Security'24), attack investigation (S&P’25), and attack mitigation (NDSS'24).
First, NFV tenants typically cannot directly inspect the underlying cloud infrastructure to detect cloud-level attacks on their network function deployment. Existing solutions add a cryptographic trailer to every packet, which may incur significant performance overhead. We propose ChainPatrol, a lightweight solution for tenants to perform continuous detection and classification of cloud-level attacks on SFCs. Our main idea is to “virtualize” cryptographic trailers by encoding them as side-channel watermarks, such that those trailers can be transmitted without adding any extra bit to packets.
Second, while provenance analysis is one of the go-to solutions for investigating security incidents, existing solutions share the limitation of merely regarding the incident as an abstract starting point. We observe that doing so may lead to missed opportunities for pruning the provenance graph, since the incident is typically associated with rich external information about the corresponding vulnerability or exploit. Based on such an observation, we propose CONTEXTS, a solution that complements existing pruning approaches by leveraging such external information about the incident. Third, unpatched vulnerabilities in containers represent a major challenge to mitigating attacks in NFV environments. The average time-to-patch of zero-day vulnerabilities has stayed above 100 days in recent years, which leaves a wide attack window. We propose Phoenix, a solution for blocking exploits of unpatched vulnerabilities by accurately and efficiently filtering sequences of system calls identified through provenance analysis. To achieve this, Phoenix cleverly combines the efficiency of Seccomp filters with the accuracy of Ptrace-based deep argument inspection, and it provides the novel capability of filtering sequences of system calls through a dynamic Seccomp design.
First, NFV tenants typically cannot directly inspect the underlying cloud infrastructure to detect cloud-level attacks on their network function deployment. Existing solutions add a cryptographic trailer to every packet, which may incur significant performance overhead. We propose ChainPatrol, a lightweight solution for tenants to perform continuous detection and classification of cloud-level attacks on SFCs. Our main idea is to “virtualize” cryptographic trailers by encoding them as side-channel watermarks, such that those trailers can be transmitted without adding any extra bit to packets.
Second, while provenance analysis is one of the go-to solutions for investigating security incidents, existing solutions share the limitation of merely regarding the incident as an abstract starting point. We observe that doing so may lead to missed opportunities for pruning the provenance graph, since the incident is typically associated with rich external information about the corresponding vulnerability or exploit. Based on such an observation, we propose CONTEXTS, a solution that complements existing pruning approaches by leveraging such external information about the incident. Third, unpatched vulnerabilities in containers represent a major challenge to mitigating attacks in NFV environments. The average time-to-patch of zero-day vulnerabilities has stayed above 100 days in recent years, which leaves a wide attack window. We propose Phoenix, a solution for blocking exploits of unpatched vulnerabilities by accurately and efficiently filtering sequences of system calls identified through provenance analysis. To achieve this, Phoenix cleverly combines the efficiency of Seccomp filters with the accuracy of Ptrace-based deep argument inspection, and it provides the novel capability of filtering sequences of system calls through a dynamic Seccomp design.
Sébastien Gambs
Biography:
Sébastien Gambs has held the Canada Research Chair in Privacy and Ethical Analysis of Massive Data since December 2017 and has been a professor in the Department of Computer Science at the Université du Québec à Montréal since January 2016. His main research theme is privacy in the digital world. He is also interested in solving long-term scientific questions such as the existing tensions between massive data analysis and privacy as well as ethical issues such as fairness, transparency and algorithmic accountability raised by personalized systems.
Talk Title:
Understanding and Addressing Fairwashing in Machine Learning
Talk Abstract:
Fairwashing refers to the risk that an unfair black-box model can be explained by a fairer model through post-hoc explanation manipulation. In this talk, I will first discuss how fairwashing attacks can transfer across black-box models, meaning that other black-box models can perform fairwashing without explicitly using their predictions. This generalization and transferability of fairwashing attacks imply that their detection will be difficult in practice. Finally, I will nonetheless review some possible avenues of research on how to limit the potential for fairwashing.
Roozbeh Razavi-Far
Biography:
Roozbeh Razavi-Far is an Associate Professor with the Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick. His research focuses on machine learning, adversarial machine learning, secure AI, big data analytics, computational intelligence, and cybersecurity of cyber-physical systems. He has authored or co-authored more than 170 papers in scholarly journals and international conferences. In 2024, Stanford listed him among the top two percent of most-cited researchers for the third consecutive year. He is the recipient of several awards and grants including NSERC-DG, NSERC-ECR, NBIF, USRG, MITACS, NCC R&D, and NSERC-PDF. He is an associate editor at several journals, including the Neurocomputing, Machine Learning and Knowledge Extraction, Machine Learning with Applications, Discover Artificial Intelligence, IEEE Transactions on Industrial Cyber-Physical Systems, and IEEE Access. He served as a guest editor and chair for several journals and peer-reviewed conferences, and the chapter chair of IEEE Computational Intelligence, and Systems, Man and Cybernetics Societies at Windsor Section.
Talk Title:
Toward Secure Federated Learning
Talk Abstract:
Federated learning has emerged as a privacy-preserving solution enabling collaborative model training across distributed and sensitive data sources without direct data sharing. However, the decentralized and opaque nature of federated learning introduces new vulnerabilities to both model integrity and data privacy. In this keynote, I will explore the evolving threat landscape in federated learning, including poisoning, backdoors, inference, and model manipulation. I will walk through emerging threat models and cutting-edge defense techniques highlighting their promise and limitations. In this talk, I will present one of our recent works on securing federated learning systems. This talk will be of interest to researchers and practitioners working at the intersection of machine learning, cybersecurity, and distributed systems.
Important Dates
Paper Submission:April 30, 2025
Acceptance Notification:
June 1, 2025
Camera-Ready:
July 1, 2025
Author Registration:
July 1, 2025
Early-Bird Registration Ends:
August 1, 2025
Conference Date:
August 26-28, 2025