CySeP '17 Technical Program
Talks
Day 1, June 19, 2017, Talk 1 (9:00-10:30)
Speaker: Bart Preneel (KU Leuven)
Title: Bitcoin and Blockchain
Abstract: This lecture explores the technological innovations created by cryptocurrencies such as Bitcoin. We discuss the principles of distributed currencies and discuss their strengths and weaknesses. We also explain how the blockchain mechanism interacts with the other features to create a complex ecosystem. We also touch on the issues of stability and incentive compatibility and we discuss which properties of blockchains are relevant for the key use cases.
Day 1, June 19, 2017, Talk 2 (11:00-12:30)
Speaker: Ueli Maurer (ETH Zurich)
Title: Constructive Cryptography
Abstract: Constructive cryptography is a methodology for defining the security of cryptographic schemes and for designing and proving the security of protocols making use of such schemes. Such a cryptographic scheme can be seen (and defined) as constructing a certain resource (e.g. a channel or a key) with certain security properties from another (weaker) such resource. For example, a secure symmetric encryption scheme constructs a secure channel from an authenticated channel and a secret key, and the Diffie-Hellman protocol can be used to construct a secret key from two authenticated channels, one in each direction.
In this talk we give an introduction to constructive cryptography suitable for a non-specialist audience and present some recent new insights.
Day 1, June 19, 2017, Talk 3 (13:30-15:00)
Speaker: Pierangela Samarati (Univ. of Milano)
Title: Data security and privacy in the Cloud
Abstract: The "cloud" has become a successful paradigm for conveniently storing, accessing, processing, and sharing information. With its significant benefits of scalability and elasticity, the cloud paradigm has appealed companies and users, which are more and more resorting to the multitude of available providers for storing and processing data. Unfortunately, such a convenience comes at a price of loss of control over these data and consequent new security threats that can limit the potential widespread adoption and acceptance of the cloud computing paradigm. In this talk, I will illustrate some security and privacy issues arising in the cloud scenario, focusing in particular on the problem of guaranteeing confidentiality and integrity of data stored or processed by external providers, and of regulating and controlling access in the cloud.
Day 1, June 19, 2017, Talk 4 (15:30-17:00)
Speaker: Virgil Gligor (Carnegie Mellon University)
Title: Establishing and Maintaining Root of Trust on Commodity Computer Systems
Abstract: Suppose that a trustworthy program must be booted on a commodity system that may contain persistent malware. For example, a formally verified micro-kernel, micro-hypervisor, or a subsystem obtained from a trustworthy provider must be booted on a computer system that runs Windows, Linux, or Android. Establishing root of trust assures the user that either the system is in a malware-free state in which the trustworthy-program boot takes place or the presence of malware is discovered, with high probability. Obtaining such an assurance is challenging because malware can survive in system states across repeated secure- and trusted-boot operations; e.g., these operations do not always have malware-unmediated access to device controllers’ processors and memories. To date, concrete assurance for root-of-trust establishment has not been obtained on more complex systems than tablets or smartphones. I this presentation, I will illustrate both the theoretical and practical challenges of root-of-trust establishment unconditionally; i.e., without secrets, privileged modules (e.g., TPMs), or adversary bounds.
Establishing root of trust is important because makes all persistent malware ephemeral and forces the adversary to repeat the malware-insertion attack, perhaps at some added cost. Nevertheless, some malware-controlled software can always be assumed to exist in commodity operating systems and applications. The inherent size and complexity of their components (aka the “giants”) render them vulnerable to successful attacks. In contrast, small and simple software components with rather limited function and high-assurance layered security properties (aka the “wimps”) can, in principle, be resistant to all attacks.
Maintaining root of trust assures a user that a commodity computer’s wimps are isolated from, and safely co-exist with, adversary-controlled giants. However, regardless how secure program isolation may be (e.g., based on Intel’s SGX), I/O channel isolation must also be achieved despite the pitfalls of commodity architectures that encourage I/O hardware sharing, not isolation. In this presentation I will illustrate the challenges of I/O channel isolation and present and approach that enables the co-existence secure wimps with insecure giants, via two examples of experimental systems; i.e., on-demand isolated I/O channels and a trusted display service, which were designed and implemented at CMU’s CyLab.
Day 2, Talk 1 (9:00-10:30)
Speaker: Fred Schneider (Cornell University)
Title: Tagging Security
Abstract: Reference monitors generally restrict operation invocation. We discuss an alternative approach to security — enforcing restrictions on how data is used. A new class of expressive tags is required. These RIF tags will be explained, with an eye towards static and run-time enforcement. We also discuss applications to privacy enforcement.
Day 2, Talk 2 (11:00-12:30)
Speaker: Gene Tsudik (UC Irvine)
Title: Security in Personal Genomics: Lest We Forget
Abstract: Genomic privacy has attracted much attention from the research community, mainly since its risks are unique and breaches can lead to terrifying leakage of most personal and sensitive information. The much less explored topic of genomic security needs to mitigate threats of the digitized genome being altered by its owner or an outside party, which can have dire consequences, especially, in medical or legal settings. At the same time, many anticipated genomic applications (with varying degrees of trust) require only small amounts of genomic data. Supporting such applications requires a careful balance between security and privacy. Furthermore, genome’s size raises performance concerns.
We argue that genomic security must be taken seriously and explored as a research topic in its own right. To this end, we discuss the problem space, identify the stakeholders, discuss assumptions about them, and outline several simple approaches based on common cryptographic techniques, including signature variants and authenticated data structures. We also present some extensions and identify opportunities for future research. The main goal of this work is to highlight the importance of genomic security as a research topic in its own right.
Day 2, Talk 3 (13:30-15:00)
Speaker: Herbert Lin (Stanford University)
Title: Some fundamental principles of cyber war and conflict with an emphasis on offensive operations in cyberspace
Abstract: This talk will provide a policy context for discussions of cyber war and conflict, with particular attention to the use of offensive operations in cyberspace as deliberate instruments of national policy. Political scientists and others without specific technical background in cybersecurity are welcome; policy makers are especially welcome.
Day 2, Talk 4 (15:30-17:00)
Speaker: Robin Blokker (FRA)
Title: Live hacking
Abstract: A live hacking demonstration.
Day 3, Talk 1 (in two parts) (9:00-10:30 and 11:00-12:30)
Speaker: Jan Camenisch (IBM Research Zurich)
Title: How to build privacy-preserving cryptographic protocols
Abstract: This talk aims to give some insights into how one can construct privacy-preserving cryptographic protocols from cryptographic primitives such as signatures, commitment, and encryption scheme by combining them suitably with zero-knowledge proofs. To this end, we will first discusses these cryptographic primitives, give an suitable example realisation for each of them so that can efficiently be combined. We also give a brief overview of alternative realisations of such a primitive framework. We then show how they can be combined to obtain a few example high-level cryptographic protocols and briefly discuss how the security of such solution can be proved.
Day 3, Talk 2 (14:00-15:30)
Speaker: Amit Sahai (UC Los Angeles)
Title: Mathematical Software Obfuscation
Abstract: The goal of general-purpose software obfuscation is to make an arbitrary computer program “unintelligible” while preserving its functionality. Obfuscation allows us to achieve a powerful capability: software that can keep a secret. This talk will cover recent advances in obfuscation research, yielding constructions of general-purpose obfuscation mechanisms based on mathematical structures.
Day 4, Talk 1 (9:00-10:30)
Speaker: Wenke Lee (Georgia Tech University)
Title: UI and security: two sides of the story
Abstract: User interface (UI) is the centerpiece of our computing experiences and plays a very important role in cybersecurity. In this talk, I will discuss the (in)security of UI as well as how UI can be leveraged to improve systems security.
1. The insecurity of UI:
When new UI features are added to support new applications or new paradigms of user interactions, they often introduce new security vulnerabilities in the underlying operating systems. An example is accessibility support. Assistive technologies can be defined as computing subsystems that either transform user input into interaction requests for other applications and the underlying OS, or transform application and OS output for display on alternative devices. Inadequate security checks on these new I/O paths make it possible to launch attacks from accessibility interfaces. I will describe a security evaluation of accessibility support for four of the most popular computing platforms: Microsoft Windows, Ubuntu Linux, iOS, and Android. I will outline new attacks that can bypass state-of-the-art defense mechanisms deployed on these OSs, including UAC, the Yama security module, the iOS sandbox, and the Android sandbox.
The effectiveness of the Android permission system fundamentally hinges on the user’s correct understanding of the capabilities of the permissions being granted. I will discuss how both the end-users and the security community have significantly underestimated the dangerous capabilities granted by the SYSTEM ALERT WINDOW and the BIND ACCESSIBILITY SERVICE permissions. I will show that an app with these two permissions can completely control the UI feedback loop and create devastating attacks. For example, such an app can steal a user’s login credentials and security PIN, silently install a God-mode app with all permissions enabled, leaving the victim completely unsuspecting.
2. Leveraging UI for better security
We are increasingly depending on cloud-based services in our daily activities, and inevitably a lot of our sensitive and valuable data is transported through or stored in the cloud. There have been many incidents where the security of user data was compromised because of malicious or vulnerable client-side applications and cloud servers. Our research aims to develop a data protection approach that can be widely adopted by the average end-users, and a key challenge we need to overcome is user acceptance. In particular, we need to provide transparent user experience, that is, our data protection approach should not alter the functionality, workflow, and the look-and-feel of an application. Further, we need to provide intuitive, user-intended protection, that is, the default security policy should match a user’s understanding of the expected (good) behaviors of an application.
Day 4, Talk 2 (11:00-12:30)
Speaker: Steve Bellovin (Columbia University)
Title: Authentication Revisited
Abstract: We all know about authentication -- passwords, two factors, biometrics, and more. But what are the real underlying properties of these different types? Are passwords as bad as portrayed? Why? What are the failure modes of other types of authentication? How should they be used? Is there an underlying framework we can use, for today's and tomorrow's authentication schemes?
Day 4, Talk 3 (14:00-15:30)
Speaker: Herbert Lin (Stanford University)
Title: Research topics regarding cyber war and conflict: an interactive session
Abstract: Building in part on the earlier talk (above), this talk will address several topics regarding cyber war and conflict that deserve attention and serious research. The nature of each topic and motivation for its importance will be addressed, and some preliminary thoughts on each research topic will be used as points of departure for a large degree of interaction and discussion with those in attendance. As before political scientists and others without specific technical background (and especially policy makers) in cybersecurity are most welcome.
