Prof. XiaoFeng Wang
Title: Confidential Computing: Challenges Today and Opportunities Tomorrow
The rampage of incessant cyber attacks have caused the disclosure of billions of users’ private data, shaking the Internet to its core. In response, various data privacy laws and regulations have emerged, forcing the industry to change their practice and bringing the demand for large-scale secure computing to the spotlight. Such a demand, however, cannot be met by the state-of-the-art cryptographic techniques, even with decades of effort, due to the overheads (speed, bandwidth consumption) they incur. To narrow the gap, recent years have seen rapid progress in hardware based trusted execution environments (TEE), such as Intel SGX, AMD SEV and ARM TrustZone, which enable efficient computation on encrypted data within a secure enclave established by a trusted processor. In this talk, I will present our research on understanding and addressing the security challenges in this new secure computing paradigm and enhancing its design to achieve scalability, for the purpose of supporting accelerated machine learning. Further I will present the big questions that need to be answered in the area and introduce our genome privacy competition as a synergic activity that helps move the science in this area forward.
XiaoFeng Wang is a James H. Rudy Professor, co-director of IU’s Center for Security and Privacy in Informatics, Computing and Engineering, and the vice chair of ACM Special Interest Group on Security, Audit and Control.
He was a PC co-chair of the ACM Conference on Computer and Communications Security, the ACM’s flagship security and privacy conference, during 2018 and 2019.
Wang is considered to be one of the most prominent systems security researchers, a top author according to online statistics such as CSRankings and System Security Circus. He is known for his high-impact research on security analysis of real-world systems and biomedical data privacy. Particularly, the projects he led on payment and single-sign-on systems, Android and iOS security and IoT security have changed the way the industry built these systems.
He is also a pioneer researcher on human genome privacy and a co-founder of the iDASH Genome Privacy Competition. More recently, he is working on hardware-assisted secure computing, intelligent security, cybercrimes and IoT security.
Wang is an IEEE Fellow and a recipient of the Award for Outstanding Research in Privacy Enhancing Technologies, known as the PET Award. His work has been extensively reported by public media, including CNN, MSNBC, Forbes, Slashdot and Nature News.
Dr. Ahmad Reza Sadeghi
Title: Lessons Learned from Building and Attacking Secure Computing Systems
The ever-increasing complexity of computing systems, emerging technologies such as IoT and AI, and advancing attack capabilities pose a variety of (new) challenges on the design and implementation of security concepts, methods and mechanisms for computing systems.
This talk provides an overview of our journey through the system security research universe. We point out (painful) lessons learned in advancing state-of-the-art software security and hardware-assisted security both in academic research and industry collaborations. We also briefly present our insights gained throughout one of the world’s largest hardware security competitions that we have been conducting with industry partners since 2018. Finally, we discuss our future vision and new research directions in systems security, in particular in the light of the serious threat of software-exploitable hardware vulnerabilities that put all critical systems at risk.
Ahmad-Reza Sadeghi is a professor of Computer Science and the head of the System Security Lab at Technical University of Darmstadt, Germany. He has been leading several Collaborative Research Labs with Intel since 2012, and with Huawei since 2019. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award that honors excellent scientific achievements with high impact on industrial innovations in Germany.
In 2018, he received the ACM SIGSAC Outstanding Contributions Award for dedicated for pioneering contributions in content protection, mobile security and hardware-assisted security. In 2021, he was honored with Intel Academic Leadership Award at USENIX Security conference for his influential research on cybersecurity and in particular on hardware security. He is also the recipient of the prestigious European Research Council (ERC) Advanced Grant.
Prof. Mauro Conti
Title: Side and Covert Channels: the Dr. Jekyll and Mr. Hyde of Modern Technologies
While Smartphone and IoT devices usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as “tracking devices”. The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this talk, we discuss threats coming from contextual information and to which extent it is feasible, for example, to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We will also discuss the possibility of building covert and side channels leveraging timing, heat, energy consumption, and audio signals, to steal information from mobile devices, as well as inferring keypresses, password & PINs.
Mauro Conti is Full Professor at the University of Padua, Italy. He is also affiliated with TU Delft and University of Washington, Seattle. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor at the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU, UCLA, UCI, TU Darmstadt, UF, and FIU. He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded by companies, including Cisco, Intel, and Huawei. His main research interest is in the area of Security and Privacy. In this area, he published more than 450 papers in topmost international peer-reviewed journals and conferences. He is Editor-in Chief for IEEE Transactions on Information Forensics and Security, Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and has been Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, ACNS 2020, CANS 2021, and General Chair for SecureComm 2012, SACMAT 2013, NSS 2021 and ACNS 2022. He is Fellow of the IEEE, Senior Member of the ACM, and Fellow of the Young Academy of Europe.