Lotfi ben Othmane from UNT faculty is giving a tutorial session during 2022 IEEE Secure Development (SecDev) Conference, which is a venue for presenting ideas, research, and experience about how to develop secure systems. SecDev focuses on theory, techniques, and tools to “build security in” to existing and new computing systems, and does not focus on simply discovering the absence of security. The goal of SecDev is to encourage and disseminate ideas for secure system development among academia, industry, and government. It aims to bridge the gap between constructive security research and practice and to enable the real-world impact of security research in the long run. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers. Great SecDev contributions could come from attendees of industrial conferences like AppSec and RSA; from attendees of academic conferences like IEEE S&P, IEEE CSF, USENIX Security, CCS, NDSS, PLDI, ICSE, FSE, ISSTA, SOUPS, HOST, and others; and from newcomers.
Tutorial: Threat Modeling of Cloud-based IT-solutions.
Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)
Topic: The tutorial aims to train the participants to apply a threat modeling process to identify potential threats to given cloud-based systems and prioritize countermeasures.
You can find more information in the document.