Lotfi ben Othmane from UNT faculty is giving a tutorial session during 2022 IEEE Secure Development (SecDev) Conference, which is ​a​ ​venue​ ​for​ ​presenting​ ​ideas,​ ​research,​ ​and​ ​experience​ ​about​ ​how​ ​to​ ​develop​ ​secure systems. SecDev focuses on theory,​ ​techniques,​ ​and​ ​tools​ ​to ​“build​ ​security​ ​in” to​ ​existing​ ​and​ ​new​ ​computing​ ​systems, and does not focus on simply discovering​ ​the​ ​absence​ ​of​ ​security.​ The​ ​goal of SecDev​ ​is​ ​to encourage​ ​and​ ​disseminate​ ​ideas​ ​for​ ​secure​ ​system​ ​development​ ​among​ ​academia,​ ​industry, and​ ​government.​ ​It​ ​aims​ ​to bridge ​the​ ​gap​ ​between​ ​constructive​ ​security​ ​research​ ​and​ ​practice and​ to ​enable​ ​the real-world​ ​impact​ ​of security research in​ ​the​ ​long​ ​run. ​Developers​ ​have​ ​valuable​ ​experiences​ ​and​ ​ideas​ ​that​ ​can​ ​inform​ ​academic research,​ ​and​ ​researchers​ ​have​ ​concepts,​ ​studies,​ ​and​ ​even​ ​code​ ​and​ ​tools​ ​that​ ​could​ ​benefit developers.​ ​Great​ ​SecDev​ ​contributions​ ​could​ ​come​ ​from​ ​attendees​ ​of​ ​industrial​ ​conferences like​ ​AppSec and​ ​RSA;​ ​from​ ​attendees​ ​of​ ​academic​ ​conferences​ ​like IEEE​ ​S&P,​ ​IEEE​ ​CSF,​ ​USENIX​ ​Security, CCS, ​​NDSS, PLDI,​ ICSE, ​FSE,​ ​ISSTA,​ ​SOUPS, HOST,​ ​and​ ​others;​ ​and​ ​from newcomers.

Tutorial: Threat Modeling of Cloud-based IT-solutions.
Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)

Topic: The tutorial aims to train the participants to apply a threat modeling process to identify potential threats to given cloud-based systems and prioritize countermeasures.

You can find more information in the document.