Dan Horovitz
PE, security architect/researcher Arm
Rishon LeTsiyyon, Israel
Actions
Dan Horovitz is an experienced Principal Security Researcher, worked at Arm, Intel, McAfee, Checkpoint as well co-founder of several security startups for the last 25+ years, doing security product development as well as security assurance, security code review, architecture and design review and security validation.
Dan is a life-long hacker, security advocate, he has always had a passion for deconstructing technology, particularly since getting his first Commodore 64 at the age of 7 teaching himself BASIC programming. In his career, Dan has performed all forms of security assessments but given his developer and management background, he has a dedication to security architecture, security features development and security assurance. Dan has MBA & B.Sc in computer science from BGU and he's CISSP certified, reached the 3rd Black Belt Security in Intel, highest org. security certification. Dan is a technical mentor for Security oriented products over the last 7 years helping the new SU from ideation till productization.
Dan has authored 35+ patents on security, privacy and system enhancements and presented papers in different conferences such: BSides, DefCamp, OWASP, iSecCon, SWPC, Intel System Engineer, Intel TechWeek, QA&Test, INCOSE and MPower. Dan is also a lecture at Ben Gurion University, focusing on Confidential Compute technologies for advanced degrees.
Area of Expertise
Topics
The rise of (evil) robots - cyber meeting safety in autonomous systems
When it comes to securing safety certified system such AMR (Autonomous Mobile Robot), the safety might be considered as a black-box that isn’t or shouldn’t be influenced by security attacks, but the opposite is the right approach. Security experts and security architects should assess the safety systems embedded in their products, how they can be tampered, and they should map threats that can tamper with the safety building blocks of their product and the right mitigations to secure them.
Safety focuses on the potential result of an occurrence defined as a risk. Something will be identified as a Safety problem if there is an unacceptable risk of damage to people, property, or the environment. Safety (and Functional Safety) deal with random and unintentional events - accidents and failures where Security deals with intentional acts. It is not possible to be truly Safe without also being Secure.
If you are developing a product with safety aspects that talk will provide you insights on protecting a safety certified system form cyber security attacks as well maintaining the system’s safety aspects under all scenarios.
The good and the bad of facial authentication
As the raises of facial authentication (FA) use increases so as its risk. This presentation will cover the FA technology, its use cases, why and where is used, its risks, its security attacks, and their available mitigations. The goal is to educate on that emerging technology and present what can be done to be used securely. We will also show some of Intel technologies and how we mitigated different presented risks in our products (optional). I will also cover the increased deep fake abuse for overcoming facial authentication technology and what are the latest mitigation trends.
Sleeping on a Volcano: The Hidden Dangers Inside Everyday IoT Devices
The world is rapidly filling with connected devices from home appliances to medical and industrial equipment making IoT security essential to safety, privacy, and system resilience. Yet most IoT products rely on extremely constrained microcontrollers where power, memory, and cost limitations make robust protections difficult. At the same time, attackers now combine software exploits with physical techniques such as side-channel analysis, fault injection and EMFI, creating threats many lightweight devices were never designed to withstand.
This session presents practical, low-overhead security architectures tailored for constrained IoT platforms.
We will explore hardware-based mitigations, side-channel-resistant designs, and fault-detection strategies that help manufacturers meet SESIP requirements and prepare for the EU Cyber Resilience Act.
Attendees will gain actionable guidance for building secure, compliant, and resilient IoT devices in a hyperconnected world.
Teaching Confidential Computing: Challenges Today, Foundations for Tomorrow’s Ecosystem
As Confidential Computing rapidly evolves from a niche capability to a foundational pillar of modern data security, universities face a growing need to prepare the next generation of engineers for a world where protecting data in use is as essential as securing it at rest or in transit. Driven by passion for the domain, its transformative impact and the lack of educational material, we, as a small group of experts on the topic, have developed and delivered an advanced Confidential Computing academic course for advanced degree level students in Ben-Gurion University. As now that course is planned for second cycle and also being adopted in other universities. This talk reflects on the practical challenges encountered, while bringing such a course to life, and explores why academic programs must begin integrating these technologies into their core curriculum.
A key challenge stems from the hardware-centric nature of Confidential Computing: limited availability of cutting-edge TEEs and secure processors for academic research, fragmented documentation, and varying levels of SDK maturity make hands-on learning difficult. Emulation environments, while helpful, introduce their own inaccuracies and constraints. Moreover, bridging theoretical use cases with real-world deployment realities often reveals gaps between academic expectations and industry capabilities. The course introduces various Confidential Computing techniques from cryptography-based solutions down-to HW based Trusted Execution Environments, covering different types and vendors, from the theoretical principles down to hands-on experience.
Despite these obstacles, the return on investment for academia is substantial. Embedding Confidential Computing as a core course accelerates technology maturation, creates deep familiarity among emerging engineers, and fosters innovation that can spark new solutions—and even future startups.
The talk concludes with a call to action: to broaden global support for such courses by open-sourcing teaching materials, contributing to shared curricula, and enabling access to hardware platforms and lab environments. By collaborating across academia and industry, we can empower students, advance the ecosystem, and strengthen the future of secure computing.
C0mpile wi7h d3f3ns3 1n d3p7H 0n fring3 sys73ms
When we are developing SW products over Win\Linux or other modern OS the defense in depth mechanisms are well known and relatively easy to implement. When we move down the rabbit hole over the BIOS and below the FW those mechanisms are becoming more and more complex and rare. If we are looking on non-IA or ARM like MIPS, ARC or Tensilica that knowledge is even poorer and hard to get.
The session will cover all developer defenses and will explain how to use stack shadow, stack checker, MMU/MPU for achieving DEP, how to implement self-stack canary and how to use CPU’s debugging features to detect stack overflows or underflows, other embedded OS security enhancements, memory protection mechanisms…
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top