Prof. N. Asokan (University of Waterloo, Canada)
Seminar title: Model stealing attacks and defenses: Where are we now?
Abstract: The success of deep learning in many application domains has been nothing short of dramatic. This has brought the spotlight onto security and privacy concerns with machine learning (ML). I will begin with a very high-level overview of the security and privacy concerns with AI-based systems. I will then discuss one such concern, the threat of models stealing, in more detail. I will discuss our work on exploring model stealing, especially in the form of "model extraction attacks" -- when a model is made available to customers via an inference interface, a malicious customer can use repeated queries to this interface and use the information gained to construct a surrogate model. I will also discuss possible countermeasures, focussing on deterrence mechanisms that allow for model ownership resolution (MOR). Finally, I will discuss the important, but insufficiently explored, issue of unintended interactions that arise when an ML model needs to be simultaneously protected from multiple threats.
Go to Top
Dr. Luc Bläser (Dfinity, Switzerland)
Seminar title: Powerful Blockchain Programming on the Internet Computer
Abstract: Modern blockchain technology provides a powerful computing platform for running general-purpose programs in a secure decentralized environment. In this session, we dive into blockchain programming on the basis of the Internet Computer blockchain. The Internet Computer supports different programming languages, such as Rust, Typescript, and even a specialized programming language called Motoko that is tailored to the blockchain’s runtime model. We look at the specific aspects and requirements involved in blockchain application development, such as the software components (called canisters), message communication, transactions and error handling, data persistence and upgrades, execution bounds, and the importance of rigorous memory and type safety. Thereby, we compare how these aspects are addressed in the specific programming languages and provide a rationale for the design of Motoko to enable particularly convenient, safe, and powerful development on the Internet Computer. This session is organized in two parts: First, a tutorial provides an overview of the Internet computer blockchain programming. Second, a workshop offers participants the opportunity to implement an application in the language of their preference (Motoko, Rust, Typescript) and test it on the Internet Computer.
Go to Top
Dr. Jan Camenisch (Dfinity, Switzerland)
Seminar title: The future of compute is blockchain
Abstract: Cybersecurity is becoming our next big global challenge. The cost caused by cybercrime damages as well as the money spent on IT security is ever increasing. With AI as a new tool to cybercriminals, this trend will very likely accelerate. The root problem is that the current IT stack is inherently insecure as it has grown organically with security requirements initially not being considered and later addressed only by bolt-on solutions such as firewalls, virus scanners, and intrusion detectors. This makes it nearly impossible to build and operate secure applications on this stack.
Nevertheless, there is a very prominent application that runs on the current IT stack and that has never been hacked despite being probably the largest honey-pot ever and despite the insecurity of the current stack: the bitcoin network. It obtains security by taking a radically different architectural approach: it is a distributed state machine realized by a cryptographic protocol, or as we say today, a blockchain.
It may seem that although successful generalizing bitcoin makes no sense: the bitcoin network has a slow transaction speed and limited throughput, its computational capacity is barely enough to maintain a ledger, nor is it Turing complete, and, despite these limitations, it consumes huge amounts of energy. In this talk we discuss how the principle of blockchain can be scaled to replace the current IT stack as a platform to build secure applications. In particular, we will look at the Internet Computer Protocol (ICP), a blockchain that has been designed from scratch with the explicit goal to provide all compute capacity that the world needs and to fundamentally address cybersecurity. We will discuss the protocol’s architecture and the different design challenges and decisions that were made. We conclude with an assessment to what ICP already achieves today and what is still required to be done towards the vision of all of humanity's software running on blockchain.
Go to Top
Prof. Yvo Desmedt (The University of Texas at Dallas, USA)
Seminar title: TBA
Abstract: TBA
Go to Top
Prof. Michalis Faloutsos (UC Riverside, USA)
Seminar title: Preemptive Security: taking away the first mover advantage of the hackers
Abstract: Can we do better than just waiting for the next attack to happen? We argue that security can become more proactive in order to minimize the damage that an attack, such as a DDoS or a virus, can have. Although this is an ambitious goal, we believe that we are making significant and promising steps towards it. Specifically, our work consists of the following "preemptive" thrusts:
a. We develop, C2Store, an authoritative source of C2 servers, to provide the most comprehensive information on C2 servers. Our work makes the following contributions: (a) we develop techniques to collect, verify, and combine C2 server addresses from five types of sources, including uncommon platforms, such as GitHub and Twitter; (b) we create an open-access annotated database of 335,967 C2 servers across 133 malware families, which supports semantically-rich and smart queries; (c) we identify surprising behaviors of C2 servers with respect to their spatiotemporal patterns and behaviors.
b. We identify real malware source code: we develop SourceFinder, a systematic approach to identify malware repositories on public online archives like GitHub. We have found 17K such malware repositories, with high precision (>89%). Furthermore, we study trends and the dynamics of the hacker ecosystem in GitHub. We examine who are the people that author such repositories and find that at least 30% of them seem to have malicious intent.
c. We develop GeekMan, a We propose GeekMAN, a systematic human-inspired approach to identify similar usernames across online platforms focusing on technogeek platforms. The key novelty consists of the development and integration of three capabilities: (a) decomposing usernames into meaningful chunks, (b) de-obfuscating technical and slang conventions, and (c) considering all the different outcomes of the two previous functions exhaustively when calculating the similarity. We conduct a study using 1.2M usernames from five security forums. Our method outperforms previous methods with a Precision of 81-86%. We see our approach as a fundamental re- search capability, which we made publicly available on GitHub.
Our initial results are promising and the combined power of our preemptive security methods can fill in a significant gap in the current security ecosystem in an effort to take away the first mover advantage that the hackers enjoy currently.
Go to Top
Prof. Elena Ferrari (University of Insubria, Italy)
Seminar title: Privacy-preserving publishing of Knowledge Graphs
Abstract: Data sharing is crucial in the era of big data, and protecting users' sensitive information in these data is as vital as analyzing them. Knowledge graphs (KGs) are increasingly pivotal in data sharing due to their flexibility in modeling attributes' values and relationships. However, due to the rich information in shared KGs, users' privacy is more effortless to breach. Thus, data providers must anonymize their KGs before sharing them. Unfortunately, data providers cannot straightforwardly use anonymization techniques developed for relational and traditional graphs to anonymize KGs as such techniques do not consider both users' attributes and their relationships simultaneously. In this seminar, after discussing the main privacy threats, I will present a framework for anonymizing KGs, targeting three scenarios of increasing complexity: static publishing, sequential publishing, and personalized publishing. The first scenario allows data providers to publish their anonymized KGs once. The second one extends the first to enable the providers to publish new anonymized versions of their KGs. The final one lets users specify their privacy protection levels and anonymize KGs to protect all users under their levels. I will end the seminar by discussing my vision of the challenging research directions in the area of privacy-preserving data publishing.
Go to Top
Prof. Somesh Jha (University of Wisconsin–Madison, USA)
Seminar title: Watermarking (The State of the Union)
Abstract: Generative AI (GenAI) Turing test (did the content originate from a model, such as DALLE, Gemini, Claude,...?) is an important primitive for several downstream tasks, such as detecting fake media. Several legislations are also mandating that companies should watermark the content generated by their models. Several watermarking schemes exist in the literature. We will discuss a few of them. However, some very powerful attacks exist on the watermarking schemes. We also cover some of these attacks. We will then ponder the following question: what use cases are appropriate for watermarking? We will conclude with some future directions.
Go to Top
Prof. Angelos Keromytis (Georgia Tech, USA)
Seminar title: A New Look at Hardware Trojans
Abstract: Hardware trojans (HTs) represent one of the most challenging threat models in computer security. Due to the complexity and distributed nature of today’s electronics supply chains, there has been significant interest in developing scalable and accurate techniques for identifying such embedded malicious logic, at least in critical systems. However, much of the research in such techniques focuses on small target circuits with impractical HT usage (i.e., attack) scenarios, leading to both to questionable defenses and potential blind spots. In particular, most scenarios ascribe perfect knowledge and embedding control to the HT owner, consider simple (verging on simplistic) trigger and payload mechanisms, and cast the HT-attacker-defender interaction as a single shot game.
In this talk, I will discuss a new model for hardware trojans that targets realistic circuits (i.e., full-blown CPUs) in the context of imperfect knowledge/control by the attacker and an adaptive defender within a repeated game, and explore certain implications and technical challenges.
Go to Top
Dr. Herbert Lin (Stanford University, USA)
Seminar title: Unsolved Problems Regarding Security in Cyberspace
Abstract: From its beginnings as the study of technically defending computers against adversarial attack, both the purview and the nature of security in cyberspace (aka “cybersecurity”) have expanded significantly in scope over the past few decades. The topic domain (“the field”) now arguably encompasses security issues as they relate to defensive and offensive cyber operations and capabilities, information and influence operations, and artificial intelligence. Further, many of the most vexing problems are problems with a long pedigree. This talk will motivate some of these problems, explain why they are important, and discuss conundrums that arise when various solutions are proposed.
Prof. Athina Petropulu (Rutgers University, USA)
Seminar title: Physical Layer Security for Dual-function Radar-Communication Systems
Abstract: Dual-function radar-communication (DFRC) systems are integrated sensing-communication systems that use the same waveform for simultaneously probing the surroundings and communicating with other equipment. DFRC systems offer high spectral, hardware and power efficiency, and as such are prime candidates for 6G wireless systems. Before the DFRC promise is realized, several issues need to be addressed. One of those issues is security. By embedding communication information in the probing waveform, DFRC systems are vulnerable to eavesdropping by the targets. In this talk we will present a novel physical layer security (PLS) system design for optimizing the communication secrecy rate while maintaining sufficient power in the target echoes to ensure high target sensing performance. We will also present a novel Directional Modulation approach for achieving PLS via Time Modulated arrays, via which, the DFRC system is designed to deliver the signal intact to the legitimate destination and scrambled in all other directions. We will examine the possibility of the target/eavesdropper defying the proposed security measures and investigate additional protection measures.
Go to Top
Prof. Bart Preneel (KU Leuven, Belgium)
Seminar title: Location Privacy in the IoT
Abstract: The presentation will start with a concise overview of privacy paradigms, followed by an exploration of three key areas: device tracking, proximity tracing, and toll/insurance pricing. It will delve into the challenges associated with safeguarding location data effectively, spotlighting tools like the AirTag "Find Me" system, while acknowledging both its privacy safeguards and residual risks.
Subsequently, the talk will discuss proximity tracing, a pivotal tool in epidemic control, comparing centralized and decentralized approaches. It will delineate the requisites for decentralized proximity tracing, emphasizing privacy, accuracy, scalability, and transparency, showcasing the DP3T protocol and its impact on adoption.
The presentation will then conclude with an examination of electronic toll pricing (ETP), aimed at mitigating congestion by levying charges on road users. It will address privacy concerns surrounding detailed GPS data collection and potential ramifications. The PrETP system will be introduced as a privacy-preserving solution for road pricing, prioritizing data minimization and user control, with assurances of privacy through commitments to location data and zero-knowledge proofs.
The presentation will underscore the intricate nature of location privacy challenges, necessitating sophisticated solutions tailored to specific contexts. It will emphasize the delicate balance between technological innovation and legal compliance in developing such solutions.
Go to Top
Prof. Pierangela Samarati (University of Milan, Italy)
Seminar title: TBA
Abstract: TBA
Go to Top
Prof. Nitin Vaidya (Georgetown University, USA)
Seminar title: Fault-Tolerant Distributed Optimization and Learning
Abstract: Consider a network of agents wherein each agent has a private cost function. In the context of distributed machine learning, the private cost function of an agent may represent the “loss function” corresponding to the agent’s local data. The objective here is to identify parameters that minimize the total cost over all the agents. In machine learning for classification, the cost function is designed such that minimizing the cost function should result in model parameters that achieve higher accuracy of classification. Similar problems arise in the context of other applications as well.
Our work addresses privacy and security (or fault-tolerance) of distributed optimization with applications to machine learning. In privacy-preserving machine learning, the goal is to optimize the model parameters correctly while preserving the privacy of each agent’s local data. In fault-tolerance, the goal is to identify the model parameters correctly while tolerating adversarial agents that may be supplying incorrect information. When a large number of agents participate in distributed optimization, security compromise of some of the agents becomes increasingly likely. We constructively show that privacy-preserving and secure algorithms for distributed optimization exist. The talk will provide intuition behind these algorithms, with a focus on fault-tolerant algorithms.
Go to Top
Prof. XiaoFeng Wang (Indiana University, USA)
Seminar title: Security Of AI, By AI and For AI: AI-Centered Cybersecurity Research and Innovations
Abstract: The rapid advancements in artificial intelligence (AI) technologies and the unyielding demand for their transformative applications have ushered in significant opportunities for security and privacy research and innovations. There is an urgent need for innovative and practical solutions to protect data and other assets to support the training and utilization of large, complicated machine learning (ML) models in a scalable and cost-effective manner ("Security For AI"). In the meantime, substantial research efforts are focused on understanding the security and privacy implications of AI systems, particularly identification of vulnerabilities in ML models and mitigation of associated risks ("Security Of AI"). Furthermore, cutting-edge AI technologies are increasingly being deployed to enhance the security of computing systems, offering intelligent protection and more effective defenses against real-world threats ("Security By AI").
In this presentation, I will use our research in these areas to demonstrate how AI innovations have expanded the horizons of security and privacy research. For instance, under the theme "Security For AI," I will provide an overview of ongoing research at the Center for Distributed Confidential Computing (CDCC) — one of the largest initiatives funded by the US National Science Foundation aimed at advancing practical, scalable data-in-use protection. This initiative is poised to have a transformative impact on AI research. Regarding "Security Of AI," I will discuss our investigations into Trojan threats to ML models, exploring the fundamentality of this emerging security risk, its defensibility in particular. In the context of "Security By AI," I will showcase how AI and ML technologies are revolutionizing the detection and prediction of security threats within carrier networks—a vital infrastructure—by automating the analysis of their documentations. Lastly, I will discuss potential future directions in the vast space of AI-centered cybersecurity research and innovations.
Go to Top
More speakers to be announced soon.