Thematic CERN School of Computing on Security 2025

Europe/London
Cosener's House

Cosener's House

15-16 Abbey Cl, Abingdon OX14 3JD, United Kingdom
Alberto Pace (CERN), Kristina Gunne (CERN), Andrzej Nowicki (CERN)
Description

The 16th Thematic CERN School of Computing (tCSC security 2025) will take place on April 6-12 2025. The theme of the school is "Security of research computing infrastructures" - see the academic programme for more details. 

The school is proposed to people working in academia and research institutes, who as part of their job need to ensure security and resilience of computing resources they manage, and want to be prepared to detect and handle possible security incidents.

This school is organized by CERN in collaboration with the UK Research and Innovation, Science and Technologies Facilities Council (UKRI STFC) The school will take place in Abingdon and will be hosted in The Cosener's house, located in the grounds of the medieval Abbey of Abingdon, eight miles from Oxford.

Important Dates

  • January 31st 2025- applications closing at midnight
  • February 14th 2025 - invitations sent to the selected participants
  • March 7th 2025 - registration fee payment deadline
  • Sunday 6 April - Saturday 12 April 2025 - the school

                 

CERN School of Computing
    • 15:00 17:00
      Registration 2h
    • 17:00 17:20
      Welcome to the CERN School of Computing 20m
    • 17:20 18:20
      Self-presentation: 1 minute per person 1h
    • 19:00 20:30
      Dinner at the Nag's head pub 1h 30m
    • 08:45 09:45
      Defensible security architecture: how to implement security principles 1h

      • data security
      • endpoint security: hardware, host, OS, BMC security, system hardening
      • application security
      • future security trends

      Speaker: Barbara Krašovec (IJS)
    • 09:45 10:45
      Logging and traceability 1h
      • host-based logs (system and application level), network monitoring
      • the importance of central logging
      • tools and technologies
      • data privacy, dealing with personal and sensitive data, log retention
      • traceability challenges
      Speaker: David Crooks (UKRI STFC)
    • 10:45 11:00
      Announcements 15m
    • 11:00 11:05
      School photo 5m
    • 11:05 11:30
      Coffee break 25m
    • 11:30 12:30
      Virtualisation and cloud security 1h

      Virtualisation and cloud security
      • virtualisation security fundamentals
      • cloud service models
      • authentication and key management
      • data security in the cloud
      • DevSecOps
      • security in private and public cloud
      • common threats in the cloud
      • security tools

      Speaker: Barbara Krašovec (IJS)
    • 12:30 13:15
      Lunch 45m
    • 13:15 14:45
      Study time and/or daily sports 1h 30m
    • 14:45 15:45
      Vulnerability management 1h
      • vulnerability lifecycle, monitoring, scanning
      • CVE, CVSS, CPE, CWE and related standards
      • special cases: vulnerable hardware, EOL systems etc.
      Speaker: Sven Gabriel
    • 15:45 16:15
      Coffee break 30m
    • 16:15 16:55
      Student lightning talks 40m
      • AI Meets Databases: How to build an image search using pgvector extension of PostgreSQL 7m

        Finding the right image in a large collection can be a challenge, especially when relying on traditional keyword-based search. This presentation is a HOWTO instruction on building a system that combines AI model with pgvector to enable natural language image retrieval and similarity search. By embedding images into a high-dimensional space using CLIP model and storing these embeddings in a pgvector PostgreSQL database, the system allows users to search for images using simple text descriptions—no need for exact keywords or metadata. The result is an intuitive, AI-powered search experience that returns visually relevant results based on semantic meaning. We’ll dive into how the system works, discuss real-world use cases, and explore performance considerations for scaling. To make it even more interesting, the photos that I'll be using are from my personal collection.

        Speaker: Andrzej Nowicki (CERN)
      • OT Cybersecurity: Securing the Industrial Landscape 7m

        The talk sheds light on the unique challenges and security imperatives of operational technology (OT) environments, focusing on industrial control systems. Using the Stuxnet malware incident as a case study, the discussion shows how targeted cyberattacks can exploit critical infrastructure vulnerabilities, leading to cyber and physical consequences. The analysis differentiates OT from traditional IT systems, emphasising that the former prioritises system availability and physical safety over data confidentiality. Key cybersecurity threats are identified, and defence-in-depth strategies are critically evaluated. It further discusses the gaps in the security landscape for mitigating risks in legacy and modern OT systems, drawing on lessons learned from the Stuxnet attack to propose a proactive framework for enhancing resilience in industrial cybersecurity.

        Speaker: Nowshaba Jeelani Wani
      • fscrypt on Lustre 7m

        fscrypt is a very powerful new tool for encrypting data at rest, and can also be used by distributed computing environments using Lustre. Here I will talk about its features, and some of its potential pain points.

        Speaker: Gwen Dawes (University of Cambridge)
      • Squinting over the tape moat 7m

        As the threat of ransomware continues to grow, many organisations look towards magnetic tape storage to provide a last line of defense for their data. Tape has a number of interesting properties which set it apart from flash and spinning disk technology, such as an air-gap between the storage media and the reading/writing device, immutability of written data, and a long shelf life. These make it an attractive option for keeping data safe over longer periods of time. This talk gives a short overview of the security properties you can expect from the storage solution that is likely used by your institution, or behind the scenes at your cloud provider. It is an abbreviated version of a talk previously given at the Chaos Communication Camp 2023: https://media.ccc.de/v/camp2023-57227-peeking_over_the_tape_moat

        Speaker: Richard Bachmann (CERN)
      • GitLab Security Scanning at CERN 7m

        In this lightning talk, I will discuss how we’ve enhanced the security of our users' development workflows at CERN using GitLab’s security scanning tools. By implementing a global scan execution policy at the group level, we’ve ensured consistent and automated detection of secrets and vulnerabilities across projects. Starting with the CERN IT Department, we refined the process by gathering user feedback and assessing infrastructure impact, and we are now continuing to expand this approach to more groups, ultimately making our users' workflows more secure and resilient.

        Speaker: Subhashis Suara (CERN)
    • 16:55 17:10
      Risk management - cont. 15m
      Speaker: Sven Gabriel
    • 17:15 18:15
      Application security 1h
      • web application security, typical web vulnerabilities
      • ethical hacking
      • introduction to pentesting
      Speaker: Sebastian Lopienski (CERN)
    • 18:15 19:15
      Application Security - exercises 1h
      Speaker: Sebastian Lopienski (CERN)
    • 19:15 20:00
      Dinner at Cosener´s house 45m
    • 08:45 09:45
      Container security 1h
      • key concepts of containers (namespaces, cgroups etc.) and Docker
      • container security, threat landscape
      • vulnerability and patch management
      Speaker: Daniel Kouřil (CESNET)
    • 09:45 10:45
      Container security - exercises 1h
      Speaker: Daniel Kouřil (CESNET)
    • 10:45 11:00
      Announcements 15m
    • 11:00 11:30
      Coffee break 30m
    • 11:30 12:30
      Intrusion detection with SOC: deployment and operation 1h
      • indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
      • tools and technologies: MISP, Zeek, OpenSearch etc.
      • deploying a Security Operation Center
      • security incidents: detecting and alerting* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
      • tools and technologies: MISP, Zeek, OpenSearch etc.
      • deploying a Security Operation Center
      • security incidents: detecting and alerting
      Speaker: David Crooks (UKRI STFC)
    • 12:30 12:45
      Collect lunch bags 15m
    • 13:00 14:00
      Departure of bus to Oxford 1h
    • 14:00 21:30
      Oxford visit, punting and dinner 7h 30m
    • 21:30 22:30
      Transport by bus to Cosener's house 1h
    • 08:45 09:45
      Security Operations 1h
      Speaker: Sven Gabriel
    • 09:45 10:45
      Incident response management 1h

      • incident management and coordination
      • incident analysis and investigation
      • communication with stakeholders
      • containment and eradiction
      • recovery
      • lessons learnt

      Speaker: Barbara Krašovec (IJS)
    • 10:45 11:00
      Announcements 15m
    • 11:00 11:30
      Coffee break 30m
    • 11:30 12:30
      Digital forensics: essentials and data acquisition 1h

      digital evidence handling
      data acquisition (live systems, storage etc.)
      data analysis (OS, file system, network, executables etc.)
      reporting

      Speaker: Daniel Kouřil (CESNET)
    • 12:30 13:15
      Lunch 45m
    • 13:15 14:45
      Study time and/or daily sports 1h 30m
    • 14:45 15:45
      Digital forensics: data analysis 1h
      Speaker: Daniel Kouřil (CESNET)
    • 15:45 16:15
      Coffee break 30m
    • 16:15 18:15
      Intrusion detection with SOC - exercises 2h
      • indicators of compromise, threat intelligence sharing, TLP protocol
      • tools and technologies
      • deploying a Security Operation Center
      • detecting security incidents
      Speaker: David Crooks (UKRI STFC)
    • 19:15 20:00
      Dinner at Cosener´s house 45m
    • 08:45 10:15
      Digital forensics - exercises 1h 30m
      Speaker: Daniel Kouřil (CESNET)
    • 10:15 10:30
      Coffee break 15m
    • 10:30 11:45
      Introduction to forensics - exercises 1h 15m
      Speaker: Daniel Kouřil
    • 11:45 12:00
      Announcements 15m
    • 12:00 12:30
      Penetration testing - exercise debriefing 30m
      Speaker: Sebastian Lopienski (CERN)
    • 12:30 13:15
      Lunch 45m
    • 13:15 14:15
      Study time 1h
    • 14:15 15:00
      Exam 45m
    • 15:00 16:30
      Incident response - exercise 1h 30m
      • incident management and coordination
      • Sirtfi and trust frameworks
      • communication with local users, external communities, and other stakeholders
      • working with law enforcement
      • privacy aspects
      Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack
    • 16:30 16:45
      Coffee break 15m
    • 16:45 18:00
      Incident response - exercise 1h 15m
      • incident management and coordination
      • Sirtfi and trust frameworks
      • communication with local users, external communities, and other stakeholders
      • working with law enforcement
      • privacy aspects
      Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack
    • 18:00 18:45
      Closing Session 45m
      Speaker: Alberto Pace (CERN)
    • 19:30 21:30
      Outside Closing Dinner at Doriandos 2h
    • 10:00 12:00
      Departure 2h