German-French IT Security Day 2018

Please register here for the event.


March 14, 2018
9:00 am - 6:00 pm



Exhibition Area

Exhibition: Stalls of participating companies, start-ups, and research institutes


Dr. Heino Klingen (Managing Director of "IHK Saarland")
Keynote: "IT Security as a Game Changer - How Scientific Excellence is Promoting Structural Change in the Greater Region"
Prof. Dr. Michael Backes (CISPA)
Keynote: "Reverse Engineering: a Case Study"
Prof. Dr. Jean-Louis Lanet (Inria)
Panel Discussion: "From Research to Products: How Can We Improve Research Transfer in the Greater Region"
Prof. Dr. Michael Backes (CISPA), Prof. Dr. Olivier Festor (Telecom Nancy, Université de Lorraine), Dr. Thomas Sinnwell (consistec) und Prof. Dr. Jean-Yves Marion (Cyber Detect, Université de Lorraine, IUF), Moderation: Dr. Ben Stock (CISPA)
Talk "Research on Malware Analysis and How It Benefits Businesses"
Prof. Dr. Christian Rossow (CISPA)
Lunch Break
Talk: "Disinformation Attacks on Companies – Current Situation, Prognosis, and Defense"
Uwe Heim (Deloitte GmbH Wirtschaftsprüfungsgesellschaft)
Talk: "How to Operate IT Security Based on Risks and Make It Compatible with Business"
aj:henke (enbiz GmbH)
Talk: "Secure and Convenient Collaboration in the Cloud"
Heiko Passauer (DHC Business Solutions GmbH & Co. KG)
Coffee Break and Startup Pitches
Talk: "Question and Answer Session: European General Data Protection Regulation"
Monika Grethel ("Landesbeauftragte für Datenschutz und Informationsfreiheit")
Keynote: "Browser Security with Automated Testing"
Christian Holler (Mozilla Corporation)
Get together with snacks and drinks

We are offering simultaneous interpretation (English-German, German-English) for all lectures.

Exhibiting companies

Companies and Start-ups

Research exhibits

Mass attacks on the Internet, so called Distributed Denial of Service Attacks are increasingly used by criminals to target attacks on services, including critical infrastructures, where they can cause a maximum of harm. In many cases, attackers use servers for amplification attacks to overload a target system with a very large amount of data packets. Prof. Rossow and his team have installed a global sensor network, which has already helped them document more than 14.752.744 attacks. By identifying different phases of these attacks, they could develop an early-warning system. A special fingerprinting method even enables them to derive clues on the attacker's identity.
Are you worried about your computer's safety? How about your phone's safety? Nowadays, there is no real difference between computers and telephones any more. Phones are small, adapted computers, whose microphones can record random conversations at any time. We are demonstrating a method for automated security testing by means of a popular fixed-line telephone that is used in the White House as well as various companies.
We demonstrate tribble, a system that produces millions of valid inputs to a software system in the hope to expose a vulnerability.
Since the first whole-genome sequencing, the cost of molecular profiling has been plummeting, enabling a significant progress in biomedical science and the rise of precision medicine. This scientific breakthrough is triggered by the increasing availability of biomedical data, whose main negative counterpart is the new threat towards health privacy. Our research aims at assessing and preventing privacy risks induced by the increasing availability of biomedical data at all layers of the human biological system.
The Android Middleware Fuzzer is an ongoing research project that enables automated software testing of the highly complex Android middleware to discover security-critical bugs. Our approach distinguishes itself from prior approaches through greybox and whitebox fuzz testing based on recent research results on statically analysing and instrumenting the middleware code as well as through a new virtual environment that provides fuzz testing of the middleware like any regular application.
Machine Learning is a form of Artificial Intelligence that is used every day: in Internet search engines, banking software, credit standing decisions, autonomous driving, biometric sensors, human resource decisions, infrastructure, resource allocation and business optimization. Needed data is collected everywhere: by smartphones, cars, enterprises, smart devices or the Internet. This ubiquitous application of machine learning leads to a huge impact in the real world. As a consequence, attackers have started to investigate how to manipulate this process for their personal gain by making minuscule, practically unobservable changes to their input data. These nevertheless drastically changes the Machine Learning algorithm's evaluation. In practice, this allows an attacker to bypass biometric systems by slightly altering their appearance or to evade network detection even by highly effective intrusion detection systems when attacking a network infrastructure. In most cases, the amount of data is enormous and this renders it impossible for a human to verify the consistency of the data, or whether it has been tampered with. Finding a scaling and verifiable way to distinguish real world changes from systematic tampering with the data remains thus an open problem. We currently work on providing a formal framework, which enhances machine learning systems with strong guarantees against exploitation of machine learning systems by a range of different adversaries.
Placed in an enclosed environment with an insulated Internet network and with access protected by biometric recognition, the High Security Lab in Nancy offers a reliable technological and regulatory framework for conducting sensitive tests and operations. It has been designed for guaranteeing the security of the data, phenomena and equipment being analysed.The High Security Lab is common to CNRS, Inria and Université de Lorraine, located in Nancy, in the premises of Loria and Inria Nancy - Grand Est.
Demo 1 Eradicating vulnerabilities in Java source code without knowledge of the expected defects. The aim of this work is to defeat attacks against an embedded system based on Java. The attacker has not the access to the source code neither to the binary code. He only sends command to the device. The attacker uses brute force attack a.k.a fuzzing technique to find vulnerabilities into the product. From the defense point of view, it is equivalent to find unguarded command or unchecked parameters in a command. We use unsupervised machine learning techniques (clustering) to detect these weaknesses in a program. The main advantage of this method is its scalability. Demo 2 DaD: Data Aware Defense Most of the solutions against malware are based on a model of the expected hostile code. Some characteristics are extracted (n-gram, control flow graph, system calls) that provide a signature (a model) of the code. Then, the solutions are searching these models or some approximation of the models into a suspected file. We choose a solution based on divergence with a model of the normal behavior. Any divergence is the signal of an abnormal behavior. A Markov Chain is our model and it characterizes the expected behavior. It can be tuned automatically for each computer with a continuous learning process. The solution does not rely on the hostile code, thus, it is able to tackle any yet unseen malware. The Wanacry malware has been detected immediately as a hostile code. The main advantage of our solution is its extremely low overhead both in term of CPU and memory usage.
The High Security Lab of Inria continuously collects valuable information for security (darknet, honeypot, active probing). Additionnaly, public data sources (blacklists, chats, social networks, etc.) contain also relevant information to extract fruitful knowledge. In the RESIST team of Inria, researchers rely on these data sources to define advanced analytics methods to monitor and mitigate various threats from predictive port scan blocking, password leakage, IoT preventive security assessment or malware trafic classification. AMICS provide those as security cloud services to novice end-users. The platform is therefore easy to use and all the incoming and outgoing end-user traffic is monitored by chosen services. The RESIST team is located in Nancy, France and is part of the LORIA (Laboratoire Lorrain d'Informatique et ses Applications) research unit. It is affiliated to the French National Scientific Research Center (CNRS), the French National Institute for computer science and applied mathematics (Inria), and the Université de Lorraine.
The team CARBONE at LORIA develops new methods to analyze and detect x86-malware. Methods consist in a combination of static and dynamic analysis. We will present the use of the platform BINSEC in order to use SMT solver to deobfuscate binary codes. The RESIST team is located in Nancy, France and is part of the LORIA (Laboratoire Lorrain d'Informatique et ses Applications) research unit. It is affiliated to the French National Scientific Research Center (CNRS) and the Université de Lorraine.
How can we defend computer systems against ransomwares and data-stealing malwares ? We can extract a representation of a software behavior by relying on symbolic analysis. We determine whether the behavior is malicious by relying on machine learning techniques. We are then able to detect malwares that try to circumvent classical antivirus tools. Our machine learning technique is based on a large number of malware and cleanware samples, in order to obtain a good precision for the detection.
GroddDroid is a software that helps to automatically execute a malware on a custom smartphone or emulator. The smartphone is monitored by Blare that captures all the generated information flows at operating system level. The captured flows are represented on a web page as a graph and can be replayed offline. The global solution helps the security analyst to quickly understand the actions performed by the malware before moving to a manual deeper analysis. Dr. Jean-Francois Lalande, Maître de conférences HDR à CentraleSupélec, inria.
IoT devices are widely adopted in multiple applications ranging from personal use, home automation, smart spaces or even industrial environments. They are equipped with wireless communication capabilities including WiFi, Z-Wave, BLE or Zigbee. Recently, many of them are becoming targets for potential cyber-attacks with the intent to take control over them and eventually expose end-users to privacy, security and safety risks. In this demo, we show our running work towards an automated evaluation of the security of off-the-shelf devices in home environments. In particular, we demonstrate an attack where we are able to take the control of any Z-Wave network. The RESIST team is located in Nancy, France and is part of the LORIA (Laboratoire Lorrain d'Informatique et ses Applications) research unit. It is affiliated to the French National Scientific Research Center (CNRS), the French National Institute for computer science and applied mathematics (Inria), and the Université de Lorraine.
Demonstration of a Denial-of-Service attack against the IKEv2 protocol and its implementation strongSwan. IKEv2 is a key-exchange protocol used to set up Virtual Private Networks (VPN). This novel attack belongs to the class of slow DoS attacks and exploits an authentication weakness in the protocol.

Local contact

Andrea Ruffing
 +49 681 302 70975
 +49 681 302 71942
 Stuhlsatzenhaus 5 | 66123 Saarbrücken
Sabine Betzholz-Schlüter (
 +49 681 9520 474
  | 66123 Saarbrücken

Supported by:

Helmholtz Center for Information Security
Stuhlsatzenhaus 5
Saarbrücken, Germany

How to get there

By train

Congresshalle can easily be reached by public transportation. Take a bus or train to main station (Hauptbahnhof). You will reach Congresshalle via Faktoreistraße within walking distance. It is situated on the right-hand side.

By car

Congresshalle is situated in the city center, close to the main station: Hafenstraße 12, 66111. Find more details on how to get there here: hier.
Parking is available at the car park Parkhaus Kongresshalle, right next to the main entrance of the event location.

By shuttle

We are providing a free shuttle service from Nancy to Saarbruecken and back. Details on departure and arrival will be published shortly.


Anbieter dieses Internetangebots ist das CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH, vertreten durch den Direktor und wissenschaftlichen Geschäftsführer Prof. Dr. Michael Backes und den kaufmännischen Geschäftsführer, Bernd Therre.
Verantwortlich für redaktionelle Inhalte:
Prof. Dr. Dr. h. c. Michael Backes
Direktor und wissenschaftlicher Geschäftsführer
Helmholtz Center for Information Security
Stuhlsatzenhaus 5
66123 Saarbrücken, Germany
CISPA − Helmholtz Center for Information Security
Stuhlsatzenhaus 5
66123 Saarbrücken, Germany
 Fon: +49 681 302 71900
 Fax: +49 681 302 71942