Seminars
Prof. N. Asokan (University of Waterloo, Canada)
Seminar title: Model stealing attacks and defenses: Where are we now?
Abstract: The success of deep learning in many application domains has been nothing short of dramatic. This has brought the spotlight onto security and privacy concerns with machine learning (ML). I will begin with a very high-level overview of the security and privacy concerns with AI-based systems. I will then discuss one such concern, the threat of models stealing, in more detail. I will discuss our work on exploring model stealing, especially in the form of "model extraction attacks" -- when a model is made available to customers via an inference interface, a malicious customer can use repeated queries to this interface and use the information gained to construct a surrogate model. I will also discuss possible countermeasures, focussing on deterrence mechanisms that allow for model ownership resolution (MOR). Finally, I will discuss the important, but insufficiently explored, issue of unintended interactions that arise when an ML model needs to be simultaneously protected from multiple threats.
Dr. Luc Bläser (Dfinity, Switzerland)
Seminar title: Powerful Blockchain Programming on the Internet Computer
Abstract: Modern blockchain technology provides a powerful computing platform for running general-purpose programs in a secure decentralized environment. In this session, we dive into blockchain programming on the basis of the Internet Computer blockchain. The Internet Computer supports different programming languages, such as Rust, Typescript, and even a specialized programming language called Motoko that is tailored to the blockchain’s runtime model. We look at the specific aspects and requirements involved in blockchain application development, such as the software components (called canisters), message communication, transactions and error handling, data persistence and upgrades, execution bounds, and the importance of rigorous memory and type safety. Thereby, we compare how these aspects are addressed in the specific programming languages and provide a rationale for the design of Motoko to enable particularly convenient, safe, and powerful development on the Internet Computer. This session is organized in two parts: First, a tutorial provides an overview of the Internet computer blockchain programming. Second, a workshop offers participants the opportunity to implement an application in the language of their preference (Motoko, Rust, Typescript) and test it on the Internet Computer.
Dr. Jan Camenisch (Dfinity, Switzerland)
Seminar title: The future of compute is blockchain
Abstract: Cybersecurity is becoming our next big global challenge. The cost caused by cybercrime damages as well as the money spent on IT security is ever increasing. With AI as a new tool to cybercriminals, this trend will very likely accelerate. The root problem is that the current IT stack is inherently insecure as it has grown organically with security requirements initially not being considered and later addressed only by bolt-on solutions such as firewalls, virus scanners, and intrusion detectors. This makes it nearly impossible to build and operate secure applications on this stack.
Nevertheless, there is a very prominent application that runs on the current IT stack and that has never been hacked despite being probably the largest honey-pot ever and despite the insecurity of the current stack: the bitcoin network. It obtains security by taking a radically different architectural approach: it is a distributed state machine realized by a cryptographic protocol, or as we say today, a blockchain.
It may seem that although successful generalizing bitcoin makes no sense: the bitcoin network has a slow transaction speed and limited throughput, its computational capacity is barely enough to maintain a ledger, nor is it Turing complete, and, despite these limitations, it consumes huge amounts of energy. In this talk we discuss how the principle of blockchain can be scaled to replace the current IT stack as a platform to build secure applications. In particular, we will look at the Internet Computer Protocol (ICP), a blockchain that has been designed from scratch with the explicit goal to provide all compute capacity that the world needs and to fundamentally address cybersecurity. We will discuss the protocol’s architecture and the different design challenges and decisions that were made. We conclude with an assessment to what ICP already achieves today and what is still required to be done towards the vision of all of humanity's software running on blockchain.
Prof. Yvo Desmedt (The University of Texas at Dallas, USA)
Seminar title: Cryptography: A Cautionary Viewpoint
Abstract: 50 years ago, Gilbert-MacWilliams-Sloane presented the first scheme for Message Authentication Codes. The invention of public key cryptography two years later brought computational complexity theory into the picture. Today's cryptographers are convinced our modern cryptographic systems cannot be broken. The success of Bitcoin and Blockchain has strengthened that viewpoint.
When taking a closeup look at this 50 year of history, one might start to question our optimism. To justify the need for a cautionary viewpoint, we reflect on some of the history of cryptology. Several arguments will be put forward that question the aforementioned optimism. The consequences of overconfidence might be far reaching.
Looking at the last 50 years, we see that (i) many first generation public key systems were broken due to a massive research effort on cryptanalysis (then, roughly 40% of the papers at Crypto were on cryptanalysis); (ii) the last fundamental progress on factoring on a classical computer goes back to 1990; (iii) our current NIST standards for public key systems are being replaced by post-quantum ones, however without having the top universities analyze the security of the systems being proposed.
Alternatives to the current approach of the research in cryptology will be proposed, which hopefully may lead to a better foundation for future cryptosystems.
Prof. Michalis Faloutsos (UC Riverside, USA)
Seminar title: Preemptive Security: taking away the first mover advantage of the hackers
Abstract: Can we do better than just waiting for the next attack to happen? We argue that security can become more proactive in order to minimize the damage that an attack, such as a DDoS or a virus, can have. Although this is an ambitious goal, we believe that we are making significant and promising steps towards it. Specifically, our work consists of the following "preemptive" thrusts:
a. We develop, C2Store, an authoritative source of C2 servers, to provide the most comprehensive information on C2 servers. Our work makes the following contributions: (a) we develop techniques to collect, verify, and combine C2 server addresses from five types of sources, including uncommon platforms, such as GitHub and Twitter; (b) we create an open-access annotated database of 335,967 C2 servers across 133 malware families, which supports semantically-rich and smart queries; (c) we identify surprising behaviors of C2 servers with respect to their spatiotemporal patterns and behaviors.
b. We identify real malware source code: we develop SourceFinder, a systematic approach to identify malware repositories on public online archives like GitHub. We have found 17K such malware repositories, with high precision (>89%). Furthermore, we study trends and the dynamics of the hacker ecosystem in GitHub. We examine who are the people that author such repositories and find that at least 30% of them seem to have malicious intent.
c. We develop GeekMan, a We propose GeekMAN, a systematic human-inspired approach to identify similar usernames across online platforms focusing on technogeek platforms. The key novelty consists of the development and integration of three capabilities: (a) decomposing usernames into meaningful chunks, (b) de-obfuscating technical and slang conventions, and (c) considering all the different outcomes of the two previous functions exhaustively when calculating the similarity. We conduct a study using 1.2M usernames from five security forums. Our method outperforms previous methods with a Precision of 81-86%. We see our approach as a fundamental re- search capability, which we made publicly available on GitHub.
Our initial results are promising and the combined power of our preemptive security methods can fill in a significant gap in the current security ecosystem in an effort to take away the first mover advantage that the hackers enjoy currently.
Prof. Elena Ferrari (University of Insubria, Italy)
Seminar title: Privacy-preserving publishing of Knowledge Graphs
Abstract: Data sharing is crucial in the era of big data, and protecting users' sensitive information in these data is as vital as analyzing them. Knowledge graphs (KGs) are increasingly pivotal in data sharing due to their flexibility in modeling attributes' values and relationships. However, due to the rich information in shared KGs, users' privacy is more effortless to breach. Thus, data providers must anonymize their KGs before sharing them. Unfortunately, data providers cannot straightforwardly use anonymization techniques developed for relational and traditional graphs to anonymize KGs as such techniques do not consider both users' attributes and their relationships simultaneously. In this seminar, after discussing the main privacy threats, I will present a framework for anonymizing KGs, targeting three scenarios of increasing complexity: static publishing, sequential publishing, and personalized publishing. The first scenario allows data providers to publish their anonymized KGs once. The second one extends the first to enable the providers to publish new anonymized versions of their KGs. The final one lets users specify their privacy protection levels and anonymize KGs to protect all users under their levels. I will end the seminar by discussing my vision of the challenging research directions in the area of privacy-preserving data publishing.
Dr. Per Gustavsson (Stratsys, Sweden / C4I & Cyber Center, GMU, USA)
Seminar title: Are CISOs the Ultimate Guardians of Cyber Governance?
Abstract: In the rapidly evolving digital landscape, the role of the Chief Information Security Officer (CISO) has become increasingly critical. As cyber threats grow in sophistication and frequency, the responsibility of safeguarding an organization’s information assets and ensuring robust cyber governance falls heavily on the shoulders of CISOs. But is the CISO the one solely responsible? What are the emerging threats when we focus on technology and physical security? Where will the adversary strike next?
This talk will delve into these pressing questions and explore the nightmare scenarios that keep CISOs awake at night. PG will share his insights on the digital landscape, evolving threats, and what he considers the most crucial component in all aspects of security.
Mr. Janne Haldesten (Sectyne, Sweden)
Seminar title: Practical Cyber Strategies: Navigating the Digital Battlefield
Abstract: In today's rapidly evolving digital era, cyberspace offers an expansive frontier of opportunities for organizations across various sectors. From businesses and educational institutions to healthcare providers and government agencies, the digital landscape facilitates unprecedented connectivity, efficiency, and innovation. Organizations can leverage cyberspace to enhance communication, streamline operations, and access global markets, transforming traditional practices into agile, data-driven processes. At the same time the strategic importance of cyberspace as a domain has increased for all states, where geopolitics today affects essentially all organizations in some sense.
However, with these opportunities come significant challenges and risks. The complexity of cyberspace introduces a range of cybersecurity threats, including data breaches, ransomware attacks, and phishing scams. Organizations must navigate the delicate balance between leveraging digital tools and protecting sensitive information. Ensuring cybersecurity requires for example robust strategies, proper implementation of security and risk management. The dynamic nature of cyberspace requires organizations to continuously adapt to evolving technologies and threat landscapes, but this adaptation is often very difficult for various reasons.
This presentation starts off with providing an overview of the current situation in cyberspace, the dynamics that drives it and how it affects organizations at large. To continue, the presentation moves on to describe some of the most major security challenges that organizations face where the emphasis is on empirical observations of security failures and inadaptability that extend beyond mere compliance. Lastly, some insights are given regarding contemporary and emerging challenges and concerns.
Prof. Somesh Jha (University of Wisconsin–Madison, USA)
Seminar title: Watermarking (The State of the Union)
Abstract: Generative AI (GenAI) Turing test (did the content originate from a model, such as DALLE, Gemini, Claude,...?) is an important primitive for several downstream tasks, such as detecting fake media. Several legislations are also mandating that companies should watermark the content generated by their models. Several watermarking schemes exist in the literature. We will discuss a few of them. However, some very powerful attacks exist on the watermarking schemes. We also cover some of these attacks. We will then ponder the following question: what use cases are appropriate for watermarking? We will conclude with some future directions.
Prof. Angelos Keromytis (Georgia Tech, USA)
Seminar title: A New Look at Hardware Trojans
Abstract: Hardware trojans (HTs) represent one of the most challenging threat models in computer security. Due to the complexity and distributed nature of today’s electronics supply chains, there has been significant interest in developing scalable and accurate techniques for identifying such embedded malicious logic, at least in critical systems. However, much of the research in such techniques focuses on small target circuits with impractical HT usage (i.e., attack) scenarios, leading to both to questionable defenses and potential blind spots. In particular, most scenarios ascribe perfect knowledge and embedding control to the HT owner, consider simple (verging on simplistic) trigger and payload mechanisms, and cast the HT-attacker-defender interaction as a single shot game.
In this talk, I will discuss a new model for hardware trojans that targets realistic circuits (i.e., full-blown CPUs) in the context of imperfect knowledge/control by the attacker and an adaptive defender within a repeated game, and explore certain implications and technical challenges.
Dr. Herbert Lin (Stanford University, USA)
Seminar title: Unsolved Problems Regarding Security in Cyberspace
Abstract: From its beginnings as the study of technically defending computers against adversarial attack, both the purview and the nature of security in cyberspace (aka “cybersecurity”) have expanded significantly in scope over the past few decades. The topic domain (“the field”) now arguably encompasses security issues as they relate to defensive and offensive cyber operations and capabilities, information and influence operations, and artificial intelligence. Further, many of the most vexing problems are problems with a long pedigree. This talk will motivate some of these problems, explain why they are important, and discuss conundrums that arise when various solutions are proposed.
Prof. Athina Petropulu (Rutgers University, USA)
Seminar title: Physical Layer Security for Dual-function Radar-Communication Systems
Abstract: Dual-function radar-communication (DFRC) systems are integrated sensing-communication systems that use the same waveform for simultaneously probing the surroundings and communicating with other equipment. DFRC systems offer high spectral, hardware and power efficiency, and as such are prime candidates for 6G wireless systems. Before the DFRC promise is realized, several issues need to be addressed. One of those issues is security. By embedding communication information in the probing waveform, DFRC systems are vulnerable to eavesdropping by the targets. In this talk we will present a novel physical layer security (PLS) system design for optimizing the communication secrecy rate while maintaining sufficient power in the target echoes to ensure high target sensing performance. We will also present a novel Directional Modulation approach for achieving PLS via Time Modulated arrays, via which, the DFRC system is designed to deliver the signal intact to the legitimate destination and scrambled in all other directions. We will examine the possibility of the target/eavesdropper defying the proposed security measures and investigate additional protection measures.
Prof. Bart Preneel (KU Leuven, Belgium)
Seminar title: Location Privacy in the IoT
Abstract: The presentation will start with a concise overview of privacy paradigms, followed by an exploration of three key areas: device tracking, proximity tracing, and toll/insurance pricing. It will delve into the challenges associated with safeguarding location data effectively, spotlighting tools like the AirTag "Find Me" system, while acknowledging both its privacy safeguards and residual risks.
Subsequently, the talk will discuss proximity tracing, a pivotal tool in epidemic control, comparing centralized and decentralized approaches. It will delineate the requisites for decentralized proximity tracing, emphasizing privacy, accuracy, scalability, and transparency, showcasing the DP3T protocol and its impact on adoption.
The presentation will then conclude with an examination of electronic toll pricing (ETP), aimed at mitigating congestion by levying charges on road users. It will address privacy concerns surrounding detailed GPS data collection and potential ramifications. The PrETP system will be introduced as a privacy-preserving solution for road pricing, prioritizing data minimization and user control, with assurances of privacy through commitments to location data and zero-knowledge proofs.
The presentation will underscore the intricate nature of location privacy challenges, necessitating sophisticated solutions tailored to specific contexts. It will emphasize the delicate balance between technological innovation and legal compliance in developing such solutions.
Prof. Pierangela Samarati (University of Milan, Italy)
Seminar title: Data Security and Privacy in Distributed Collaborative Scenarios
Abstract: The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Cloud, Big Data, Internet of things, services and technologies that are becoming more and more pervasive and conveniently accessible, towards the realization of a ‘smart’ society’. At the heart of this evolution is the ability to collect, analyze, process, and share an ever-increasing amount of data, to extract knowledge for offering personalized and advanced services. This typically also involves data management and computation by external storage and computational providers that may be either not authorized to access data or not fully trusted. In this seminar, I will illustrate some challenges related to guaranteeing confidentiality and integrity of data stored or processed by external providers. I will then address the protection of data in the context of collaborative distributed computation involving different data sources, authorities and computational providers.
Prof. Nitin Vaidya (Georgetown University, USA)
Seminar title: Fault-Tolerant Distributed Optimization and Learning
Abstract: Consider a network of agents wherein each agent has a private cost function. In the context of distributed machine learning, the private cost function of an agent may represent the “loss function” corresponding to the agent’s local data. The objective here is to identify parameters that minimize the total cost over all the agents. In machine learning for classification, the cost function is designed such that minimizing the cost function should result in model parameters that achieve higher accuracy of classification. Similar problems arise in the context of other applications as well.
Our work addresses privacy and security (or fault-tolerance) of distributed optimization with applications to machine learning. In privacy-preserving machine learning, the goal is to optimize the model parameters correctly while preserving the privacy of each agent’s local data. In fault-tolerance, the goal is to identify the model parameters correctly while tolerating adversarial agents that may be supplying incorrect information. When a large number of agents participate in distributed optimization, security compromise of some of the agents becomes increasingly likely. We constructively show that privacy-preserving and secure algorithms for distributed optimization exist. The talk will provide intuition behind these algorithms, with a focus on fault-tolerant algorithms.
Prof. XiaoFeng Wang (Indiana University, USA)
Seminar title: Security Of AI, By AI and For AI: AI-Centered Cybersecurity Research and Innovations
Abstract: The rapid advancements in artificial intelligence (AI) technologies and the unyielding demand for their transformative applications have ushered in significant opportunities for security and privacy research and innovations. There is an urgent need for innovative and practical solutions to protect data and other assets to support the training and utilization of large, complicated machine learning (ML) models in a scalable and cost-effective manner ("Security For AI"). In the meantime, substantial research efforts are focused on understanding the security and privacy implications of AI systems, particularly identification of vulnerabilities in ML models and mitigation of associated risks ("Security Of AI"). Furthermore, cutting-edge AI technologies are increasingly being deployed to enhance the security of computing systems, offering intelligent protection and more effective defenses against real-world threats ("Security By AI").
In this presentation, I will use our research in these areas to demonstrate how AI innovations have expanded the horizons of security and privacy research. For instance, under the theme "Security For AI," I will provide an overview of ongoing research at the Center for Distributed Confidential Computing (CDCC) — one of the largest initiatives funded by the US National Science Foundation aimed at advancing practical, scalable data-in-use protection. This initiative is poised to have a transformative impact on AI research. Regarding "Security Of AI," I will discuss our investigations into Trojan threats to ML models, exploring the fundamentality of this emerging security risk, its defensibility in particular. In the context of "Security By AI," I will showcase how AI and ML technologies are revolutionizing the detection and prediction of security threats within carrier networks—a vital infrastructure—by automating the analysis of their documentations. Lastly, I will discuss potential future directions in the vast space of AI-centered cybersecurity research and innovations.