While Machine Learning (ML) has been around for several decades, the recent rise in applications for this technology also attracts malicious actors. Attacks on ML-based applications are of a distinctively different nature than conventional security threats against computer systems. Moreover, ML can be used as an attack tool itself and can also be employed as additional line of defense against attacks. This workshop will shed light on these three different relations between ML and security of modern information technology.

Referees: 

Stephan Kleber, Senior Security Architect (Mercedes-Benz Tech Innovation GmbH)

Quickly assessing & handling vulnerabilities in automotive systems  has become an increasingly important issue.
Growing software complexity in the SDV increases the potential of issues appearing, especially if the software supply chain includes many different dependencies. At the same time the highly connected nature of modern vehicles and strengthening competence of attackers means that reactions to vulnerabilities must become quicker as well.
In this workshop, we present and discuss different options to alleviate this issue and improve the efficiency of vulnerability management.
 

The workshop will contain:

• A recap on automotive vulnerability management and monitoring
• Solutions
• Binary analysis supported SBOM generation
• Automated rating and filtering of vulnerabilities
• Interaction and integration with vehicle security operations centers (VSOC) & vulnerability management 
• A live demo of ONEKEY, ESCRYPT CycurRisk and ESCRYPT CycurGate
• An open exchange, especially on improving vulnerability exchange in the automotive industry

Referees: 

Thomas Haslbauer, Automotive Security Consultant (ETAS GmbH)

Wolfram Gottschlich, Consulting Lead (ETAS GmbH)

Sebastian Schneider, Senior Security Consultant (ONEKEY GmbH)

Reverse engineering increasingly threatens embedded systems, with attacks becoming more sophisticated and damaging. This process often involves an interplay between hardware and software components. Initially, attackers focus on the hardware, deciphering chip functionalities and extracting firmware. This step is crucial as it lays the groundwork for the subsequent phase: software reverse engineering. By deconstructing the software to its fundamental components, attackers gain a deep understanding of its operation, yielding insights that are essential for both exploiting vulnerabilities and enhancing system security and functionality. Despite its impact, software reverse engineering is not widely understood, and its severe consequences, such as malicious hacking through exploits or intellectual property theft, are often inadequately addressed by current solutions, leaving systems vulnerable.

This workshop will contain:

• An overview of state-of-the-art hardware reverse engineering methods, including firmware extraction.
• An introduction to software reverse engineering and state-of-the-art tools.
• Hands-on part: Attendees will apply different reverse engineering techniques, to example embedded firmware, extracting hardcoded user credentials to gain understanding of reverse engineering principles.
• An outlook on advanced software protections.

Referees:

Dr. Tim Blazytko (Emproof)

Dr. Marc Fyrbiak (Emproof)

Prof. Christof Paar (Max Planck Institute for Security and Privacy)