Daniela Seabra Oliveira is a member of the University of Florida Warren B. Nelms Institute for the Connected World. Her main research interest is interdisciplinary computer security, where she employs successful ideas from other fields to make computer systems more secure. Her current research interests include (i) human factors in security (cyber deception, phishing, developer’s blind spots) and (ii) systems/IoT security, especially the application of dynamic information flow to thwart attacks. She is the Diversity Director of the Florida Institute for Cyber Security (FICS) at the University of Florida, which she joined in 2014 as part of the UF Rising to Preeminence Hiring Program (Electrical and Computer Engineering Department).

Talk: Cyber Deception and Social Engineering: Why These Attacks Will be the Most Devastating of the Next Decade

Online deception and social engineering are becoming more common, as individuals increasingly navigate through a digitally connected world. Technological advances and the diversifications of means of communication online are opening up multiple avenues for all types of online fraud, scams, and attacks. Attacks involving social engineering and deception attempt to influence an Internet user (corporate or end user) into performing an action that will go against his, his institution’s, or even his country’s best interests. When influenced, individuals can click on malicious links or open malicious attachments that install malware into their computers or can visit phishing webpages that can steal their credentials. In this talk I will discuss strategies of influence that attackers leverage in such attackers and the serious implications of such attacks for corporate cyber security, individuals’ financial and emotional well-being, and nation states’ democracies. I will also discuss how certain demographics are more susceptible to deception and will advocate an interdisciplinary research agenda to combat such attacks, combining usable security, psychology, and neuroscience.

Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, particularly understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

Talk: The Security of Recent Browser Features

A number of new features have been added to browsers in the last few years, including Web Assembly, WebRTC and JavaScript additions. This presentation describes Project Zero’s analysis of these features. It explains our techniques for finding bugs in these targets and gives an overview of the vulnerabilities found.