Seminars
Prof. Dennis Akos (University of Colorado Boulder, USA)
Seminar title: Detecting GNSS Jamming and Spoofing on Android Devices
Abstract: Global navigation satellite system (GNSS) location engines on Android devices provide location and navigation utility to billions of people worldwide. However, these location engines currently have very limited protection from threats to their position, navigation, and time (PNT) solutions. External sources of radio frequency interference (RFI) can render PNT information unusable. Even worse, false signals or spoofing can provide a false PNT solution to Android devices. To mitigate this, detection methods were developed and evaluated using native location parameters within Android. These methods provide a powerful means to significantly increase the robustness of the Android GNSS-based PNT solution and are implemented in the GNSSAlarm Android application to test/demonstrate real-time jamming and spoofing detection.
Dr. Luc Bläser (Dfinity, Switzerland)
Seminar title: Motoko: A Programming Language Designed for Secure Smart Contract Programming
Abstract: The Internet Computer blockchain offers an efficient operating system for running smart contract and Web3 applications with uncompromising security. To achieve such, the entire software stack of the blockchain has been designed from the ground up with this focus. A weak element in software security often is the programming language, offering risk for bugs and security attacks due to manyfold concepts that are often too low-level or prone to pitfalls. For this reason, the Internet Computer has its bespoke programming language, called Motoko, that is optimized for the Internet Computer, incorporating safety and security, while still aiming at flexibility and expressiveness: Memory safety with a powerful incremental garbage collector, static type safety, language-inbuilt data persistence with checked migration safety, arithmetic safety, inbuilt language abstractions for the Internet Computer runtime model and application security aspects.
In this workshop, we analyze how programming language concepts influence software security and learn how Motoko differentiates itself in this regard to other languages. The session is organized in two parts. First, a tutorial provides an overview of programming language design for security and safety on the blockchain. Second, a workshop offers participants the opportunity to implement and test a smart contract application on the Internet Computer, by having a choice of comparing Motoko to other languages (such as TypeScript and Rust).
Dr. Jan Camenisch (Dfinity, Switzerland)
Seminar title: The Internet Computer - Compute on the Network
Abstract: Compute is the lifeblood of society, there is hardly anything we do that does not involve software in one form or another. Our current IT stack is complicated, sometimes fragile and can no longer be reliably protected from cyber attacks. The reason for this is that it has grown organically from standalone systems built decades ago into highly interconnected ones, trying to meet very different requirements. Managing and maintaining today’s IT infrastructure has become incredibly hard and that’s why almost everyone has moved their software into the cloud, entrusting the cloud provider with that task.
This is problematic for two reasons:
• Handing over operations also means handing over control of one’s software and data to third parties.
• Worse, it is not even working: the cost spent on IT is ever growing as is the damage caused by cyber crime.
Clearly, a radically different approach is needed. In fact, we all know a computer that is built very differently from the current IT stack and that does not suffer from these problems: Bitcoin. It has never been hacked despite the large amount of money at stake. This may sound crazy: Bitcoin wastes a ton of energy, is very slow, and is not a computer but only a ledger that keeps track of who owns how much bitcoin. How could one possibly run all of the world’s software like this!
The reason that bitcoin is secure is twofold:
• It is a computer, well maybe more like a pocket calculator, that is created by a mathematical protocol. So it is pure math, it cannot be hacked. 2+2 will always be 4.
• But that is not enough. You don’t want to trust a single entity - it could be hacked, bribed or be outright malicious. You want to have many parties running the protocol, assuming that the majority is honest. So if all of them, or at least the majority, tells you the same result, you are good.
At DFINITY we have taken these principles of building a computer from a protocol, all the latest research in cryptography and distributed systems, and spent over 1000 person years to design and build the internet computer protocol. This protocol has been running in production since May 2021 without ever missing a beat nor ever being hacked. Currently, the protocol hosts close to 900 thousand smart contracts. The smart contracts realize all kinds of software from social networks, dexes, on-chain wallets, document storage and collaboration applications, to AI models. In other words, the internet computer protocol allows anyone to just run their software on the internet. The protocol provides smart contracts with lots of storage, computational power, and communication bandwidth - just like any ordinary computer would.
In this talk I will explain the basic architecture of the Internet Computer and explore some of the technical details that are essential to the protocol to work.
Prof. Liqun Chen (Surrey University, UK)
Seminar title: TBA
Abstract: TBA
Prof. Alexandra Dmitrienko (Würzburg University, Germany)
Seminar title: TBA
Abstract: TBA
Prof. Sorkatis Katsikas (Norwegian University of Science and Technology, Norway)
Seminar title: Cyber Ranges and Cyber-Physical Ranges: Progress, Potential, and Future Directions
Abstract: A Cyber Range (CR) serves as a specialized environment designed to provide dedicated testbeds and infrastructures for executing immersive training scenarios. Its primary goal is to enhance cybersecurity knowledge among security practitioners and awareness among non-security professionals and the public, while offering a hands-on learning experience for trainees. Over time, CRs have become an indispensable tool, offering a multifaceted approach to strengthening cybersecurity postures. On the other hand, Cyber-Physical Systems (CPSs) are advanced, intelligent systems that integrate physical processes with computational elements. These encompass diverse applications such as smart grids, autonomous vehicles, medical devices, process control systems, and autopilot avionics. As a fundamental pillar of Industry 4.0, CPSs drive the convergence of formerly distinct operational technology and modern information systems. Within this evolving technological landscape, Cyber-Physical Ranges (C-PRs) have emerged as an innovative and cost-effective solution that enable researchers and practitioners to explore vulnerabilities and devise robust defense mechanisms—without compromising real-world systems. This talk will first introduce a comprehensive taxonomy of CR systems, followed by an analysis of existing literature focusing on architecture, scenario development, capabilities, roles, tools, and evaluation criteria. Subsequently, we will present a fine-grained reference architecture for CRs, built upon a rigorous three-step methodology. Additionally, we will propose an evaluation framework that quantifies the alignment of a CR with state-of-the-art practices, offering a standardized method to identify optimal components for implementing the structural, functional, and informational facets of a CR. Finally, we will explore the latest advancements in C-PRs through real-world case studies, uncovering the challenges associated with designing, deploying, and managing these environments. We will also discuss their seamless integration with emerging technologies, illustrating their pivotal role in the future of cybersecurity research and innovation.
Prof. Wenjing Lou (Virginia Tech, USA)
Seminar title: Federated Learning, Model Inversion Attacks, and Privacy Enhancing Technologies in Machine Learning
Abstract: Privacy remains a critical challenge in the era of machine learning. The current success of machine learning largely depends on centralized learning, where data from multiple sources is pooled to a central location. This approach raises significant concerns in privacy-sensitive domains such as healthcare, where data is heavily regulated and often siloed across institutions. Federated learning offers a compelling alternative: it enables institutions to collaboratively train models without moving patient data across institutional boundaries, thereby preserving data locality and addressing legal and ethical barriers to data sharing.
However, despite its promise as a privacy-preserving learning paradigm, federated learning has been shown to be vulnerable to various privacy attacks. Recent studies have demonstrated that adversaries can exploit model updates to infer sensitive information through attacks such as data reconstruction and membership inference. In this talk, we will examine those privacy attacks in federated learning, with a particular focus on model inversion attacks. We will trace the evolution of model inversion attacks, from the early optimization-based methods, to linear leakage technique, and finally to the recent scale-MIA attack (Shi, NDSS 2025). This latest attack significantly improves attack efficiency, enabling adversaries to reconstruct clients’ training data from aggregated model updates without needing access to individual clients’ model updates.
We will also explore the limitations of current defense mechanisms, such as secure aggregation and differential privacy, which have shown limited effectiveness against model inversion attacks. Finally, we will discuss the broader implications of such attacks and explore emerging strategies to protect user data privacy in federated learning systems.
Mrs. Allison Mankin (PCH, IRTF, USA)
Seminar title: TBA
Abstract: TBA
Prof. Adrian Perrig (ETH Zürich , Switzerland)
Seminar title: Building a High-Availability and Path-Aware Internet with SCION
Abstract: With the increase of safety-critical traffic on the Internet, a challenge is to provide high availability in the presence of adversarial components. The SCION next-generation network architecture has been explicitly designed for security and scalability, applying novel approaches for achieving resilient control-plane operation and inter-domain end-to-end communication in the presence of active attacks. SCION has been in production use for critical infrastructure communication since 2017, with expanding deployments and use cases since then. Operating side-by-side with today’s Internet, SCION offers a communication fabric that is largely fault-independent from today’s BGP-based infrastructure.
In this talk, we highlight use cases, technical and business aspects of SCION that provide security properties such as geo-fencing and path validation, and enable new business models for ISPs. We will also discuss interoperability, how the fault-independence with today’s infrastructure is achieved, and how the deployment and co-existence with today’s infrastructure is accomplished.
With the rapidly expanding SCION deployment, exciting research opportunities arise. For instance, how can we harness native multipath with dozens (and sometimes hundreds) of path options for enhancing the communication quality with respect to diverse metrics? How can we best provide feedback about network conditions that further facilitates path selection? How can we drive deployment to provide benefits to any application? The availability of SCION connectivity brings up these and many new questions -- opening up exciting paths for new explorations.
Prof. Ahmad Reza Sadeghi (TU Darmstadt, Germany)
Seminar title: TBA
Abstract: TBA
Prof. Gene Tsudik (UC Irvine, USA)
Seminar title: Secure Awareness of Nearby IoT Devices
Abstract: Internet of Things (IoT) devices are becoming increasingly commonplace in numerous settings. Currently, most such devices lack mechanisms to facilitate their discovery by casual or incidental (nearby) users who are neither owners nor operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This naturally triggers privacy, security, and safety issues. To address this problem, some recent work explored device transparency in the IoT ecosystem. There are some low-tech approaches that offer various trade-offs as far as owner burden and security.
One intuitive technical means of discovering unfamiliar nearby IoT devices is exemplified by PAISA (CCS'23). In it, each device periodically, reliably, and securely broadcasts (announces) its presence and capabilities to all nearby users. While effective, when no new users are present, this push-based approach generates a substantial amount of unnecessary network traffic and interferes with normal device operation. An alternative, called DB-PAISA (PETS'25), addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if it is fully compromised), based on a small active Root-of-Trust (RoT). Neither PAISA nor DB-PAISA requires any hardware modifications and both are suitable for a range of current IoT devices.
Both are available via fully functional and publicly available prototypes. However, PAISA and DB-PAISA do not truly localize devices and are susceptible to wormhole and cuckoo attacks. Some very recent work demonstrates that these challenges can be indeed overcome.
This talk will overview aforementioned techniques and discuss some open research issues.
_logo.svg){kind=logo}
