SPEAKER: Bryan Parno
TITLE: Bootstrapping Cloud Security
Security concerns are frequently cited as a barrier to migrating to the cloud. For security and cryptography researchers, this represents a tremendous opportunity, since mitigations of these concerns will be eagerly sought after. In this talk, I will survey some of the largest challenges in cloud security and argue that verification will be a major component in addressing them. For example, the cloud should support verifiable computation; i.e., clients should be able to verify results returned from the cloud, to guard against malicious or malfunctioning services. Even from a legitimate service’s perspective, verification is desirable, since verifiable results are likely to command higher prices. They also allow the service to shed liability by proving that undesired or unexpected outputs were a result of bugs in the client's code or data, and hence not the service's fault.
This talk will cover some of the latest developments in cryptographic verifiable computation, including a new computational encoding we developed that enables very efficient cryptographic applications, including verifiable computation (Did the service do what I asked?), succinct non-interactive arguments (Convince me that a statement is true), and non-interactive zero knowledge proofs (I can convince you without revealing any private information). Our implementation improves on the state-of-the-art by five to seven orders of magnitude and shows that verifiable computation is close to practical for a variety of applications.
Bryan Parno works in the Security and Privacy Research Group at Microsoft Research. His current work focuses on protocols for verifiable computation and zero-knowledge proofs, building practical, formally verified secure systems, and developing next-generation application models. He completed his PhD at Carnegie Mellon University, where he worked with Adrian Perrig. Dr. Parno’s dissertation, which won the 2010 ACM Doctoral Dissertation Award, studies the design, implementation, and evaluation of a combination of hardware, software, and cryptographic primitives for extending the trust one has in one service or device in order to allow one to trust other services and devices. He was selected for the Forbes 30-Under-30: Science list, and he recently published a book on Bootstrapping Trust in Modern Computers.
SPEAKER: Ahmad-Reza Sadeghi
TITLE: Selected Topics in Mobile Security and Trusted Computing
Mobile and embedded devices are changing our lives in private but also increasingly in corporate domains. Smart devices such as smartphones and tablets are the emerging dominant computing platforms for end-users; they offer high computing, storage and sensing capabilities as well as new interfaces such as near field communication (NFC) that enable many new useful applications. Mobile applications provide flexible access to critical services such as online banking, health records, enterprise applications, or social networks.
Interestingly mobile platforms such as smartphones are designed with security in mind from their infancy. Moreover, many smartphones contain hardware-based trusted execution environment (TrEE) today, although applications developers have not yet have the means to make use of it. However, we also observe growing threats through sophisticated attack vectors as shown recently: application-level privilege escalation, sensory malware, code-reuse attacks hijacking the execution flow of apps, root exploits as well as bypassing TrEE.
Researchers have proposed various solutions to enhance security and privacy aspects of mobile devices mostly targeting specific attacks at specific abstraction layers with a strong focus on the Android operating system.
This talk will review some of the recent results on attacks as well as on designing security architectures for mobile platforms and applications. In particular we consider the challenge of building a flexible and effective ecosystem that allows for instantiating different mobile security and privacy-protecting solutions, e.g., context-based access control. We also discuss the trade-off between the achieved protection level and usability in practice.
Ahmad-Reza Sadeghi is a full professor of Computer Science at Technische Universität Darmstadt, Germany. He is the head of the System Security Lab at the Center for Advanced Security Research Darmstadt (CASED) and Scientific Director of Fraunhofer Institute for Secure Information Technology (SIT). Since January 2012 he is also the Director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt.
He holds a Ph.D. in Computer Science from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericsson Telecommunications. He has been continuously contributing to the IT-Security research community and serving as general or program chair as well as program committee member of many scientific and industrial conferences and workshops in the field of information security and privacy. He is on the Editorial Board of the ACM Transactions on Information and System Security.
Prof. Sadeghi has been awarded with the renowned German prize ``Karl Heinz Beckurts'' for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received the second prize of the German IT Security Competition Award 2010.
SPEAKER: Francois Theberge
TITLE: Ensemble Clustering for Graphs-Based Data
Several methods have been proposed in recent years for anomaly, fraud and intrusion detection, where the data is represented as a graph. In the cyber defence context, one objective is to complement signature-based detection schemes with behaviour-based anomaly detection. However, the size of the graphs involved often require some pre-processing to be done, such as graph partitioning, in order to fit within computational and/or storage limits. In this talk, we present a new approach to graph partitioning based on the concept of ensemble learning. Our goal is to develop a method that is both scalable and robust, where the partitions we obtain can then be used for more complex tasks such as finding communities, visualization or anomaly detection. Our model allows for the definition of similarity between any two vertices on the graph, which can be used for applications such as seed set expansion.
Dr François Théberge is a research mathematician with the Tutte Institute, as well as an adjunct professor in the department of mathematics and statistics at the University of Ottawa. His main research interests are in applied probability, semi-supervised learning and mining graph based data.