Name of the Speaker | Title of the Talk |
---|---|
Aanchal Malhotra / Ripple | From Security to Scalability: The Multifaceted Role of Cryptographic Primitives in XRPL R&D |
Ahmad-Reza Sadeghi / TU Darmstadt | Security Tai Chi: The Art of Building and Attacking Secure Computing Systems |
Alessandro Mei / Sapienza University of Rome | Scams in the Cryptocurrency Market |
Anoop Singhal / NIST | Modeling and Security Analysis of Attacks on Machine Learning Systems |
Atul Prakash / University of Michigan | Large language models: are guarded models safe? |
Kari Kostiainen / ETH Zurich | Towards Regulated, Private and Robust Central Bank Digital Currency (CBDC) |
Pierangela Samarati / University of Milan | Data Security and Privacy in Emerging Scenarios |
Vincenzo Piuri / University of Milan | Biometrics and AI: Challenges and Opportunities |
Aanchal Malhotra
Ripple
Title: From Security to Scalability: The Multifaceted Role of Cryptographic Primitives in XRPL R&D
Abstract: In this talk, we delve into the critical role of cryptographic primitives in driving research and development (R&D) on the XRPL blockchain. We explore how these primitives, such as hash functions, elliptic curve cryptography, and zero-knowledge proofs, contribute to the security, scalability, and privacy of XRPL. By understanding the fundamental building blocks of XRPL, researchers and developers can unlock new possibilities and create innovative solutions. We discuss specific use cases and challenges associated with cryptographic primitives in XRPL R&D, offering insights for future advancements.
About the Speaker: Aanchal serves as the Head of Research at Ripple, where she leads the research and development efforts in Defi protocol design and cryptography. In her role, she drives various company-wide initiatives and collaborates on technical papers aimed at introducing native support for non-fungible tokens (NFTs), Automated Market Maker (AMM), and Decentralized Identity (DID) on XRPL. With her expertise in cryptographic primitives such as Threshold signatures and Zero-Knowledge SNARKS, Aanchal has dedicated almost four years to enhancing the scalability, privacy, and interoperability of XRPL. Additionally, she holds a position on the Board of Directors for the Travel Rule Information Sharing Alliance (TRISA), an organization committed to facilitating the secure and lawful exchange of digital assets. Aanchal holds a PhD in Computer Science from Boston University.
Webpage: https://www.linkedin.com/in/aanchal-malhotra-91005319/
Ahmad-Reza Sadeghi
Technical University of Darmstadt
Title: Security Tai Chi: The Art of Building and Attacking Secure Computing Systems
Abstract: The ever-increasing complexity of computing systems, coupled with emerging technologies like IoT and AI, poses many novel challenges in designing and implementing security concepts, methods, and mechanisms in hardware and software.
This talk overviews our journey through the system security universe, highlighting the lessons learned in advancing state-of-the-art software and hardware-assisted security in academic research and industry collaborations. We discuss the severe threat posed by recent software-exploitable hardware vulnerabilities, which can jeopardize critical systems. Our experience organizing the world’s largest hardware security competition alongside partners Intel and Synopsys since 2018 provides invaluable lessons in vulnerability discovery and mitigation strategies.
Addressing the critical importance of hardware security and resilience, we explore emerging trends in pre-fabrication vulnerability detection methods such as hardware fuzzing. The talk concludes by outlining future directions for secure hardware design and addressing associated challenges.
About the Speaker: Ahmad-Reza Sadeghi is a professor of Computer Science and the head of the System Security Lab at the Technical University of Darmstadt, Germany. He has led several Collaborative Research Labs with Intel since 2012 and Huawei since 2019. He has studied Mechanical and Electrical Engineering and holds a Ph.D. in Computer Science from the University of Saarland, Germany. Before academia, he worked in the R&D of IT enterprises, including Ericsson Telecommunications. He has continuously contributed to the field of security and privacy research. He was Editor-In-Chief of IEEE Security and Privacy Magazine and had been serving on the
editorial board of ACM TODAES, ACM TIOT, and ACM DTRAP.
He received the renowned German “Karl Heinz Beckurts” award for his influential research on Trusted and Trustworthy Computing. This award honors excellent scientific achievements with a high impact on industrial innovations in Germany. In 2018, he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and pioneering contributions in content protection, mobile security, and hardware-assisted security. In 2021, he was honored with the Intel Academic Leadership Award at USENIX Security conference for his influential research on cybersecurity, particularly hardware-assisted security. In 2022 he received the prestigious European Research Council (ERC) Advanced Grant.
Webpage: https://www.informatik.tu-darmstadt.de/systemsecurity/people_sys/people_details_sys_45184.en.jsp
Alessandro Mei
Sapienza University of Rome
Title: Scams in the Cryptocurrency Market
Abstract: The cryptocurrency market is currently subject to minimal regulation. Although policymakers are working to increase safety for cryptocurrency investors, this is a complex task. Meanwhile, blockchain-related technologies are rapidly evolving, making investors vulnerable to numerous scams and market manipulations. In this talk, we will describe some of the most common fraudulent activities, demonstrate methods to measure these phenomena, and discuss potential countermeasures to help establish a safer cryptocurrency market.
About the Speaker: Alessandro Mei received his laurea degree in computer science summa cum laude from the University of Pisa, Italy, in 1994, and his PhD in mathematics from the University of Trento, Italy, in 1999, under the supervision of Alan A. Bertossi. From 1998 to part of 1999, he worked as a research scholar at the Department of EE-Systems of the University of Southern California. Following this, he joined the faculty of the Department of Computer Science at Sapienza University of Rome, Italy, where he is currently a full professor. From 2015 to 2021, he served as the Head of Department, and from 2018 to 2021, he was the Chairman of the Council of the directors of department of Sapienza University.
Alessandro Mei’s primary research interests include distributed and networked systems, blockchain technology, and computer system security and privacy. He was a Marie Curie Fellow from 2010 to 2012 at both the University of California San Diego and Sapienza University, and he received the Google Faculty Research Award in 2012. Additionally, he served as an associate editor of the IEEE Transactions on Computers from 2005 to 2009 and as the general chair and general co-chair of IEEE IPDPS 2009, IEEE Mass 2021, and ACM CoNext 2022.
Webpage: http://wwwusers.di.uniroma1.it/~mei/
Anoop Singhal
NIST
Title: Modeling and Security Analysis of Attacks on Machine Learning Systems
Abstract: Last several years have witnessed rapidly increasing use of machine learning (ML) systems in multiple industry sectors. Auto driving cars are using ML to process the images/videos from the cameras to understand the traffic signals and real time traffic around them. ML has been used to translate text from one language to another in several systems. Deep Learning has been used in products such as Google and Mozilla to understand speech.
However, it is widely recognized that the existing security analysis frameworks and techniques, which were developed to analyze enterprise (software) systems and networks, are not very suitable for analyzing ML systems. ML systems have new kinds of causality relationships which cannot be handled by current approaches for security analysis. For example, attack graphs are fundamental tools for enterprise security analysis but mainly focus on relationships between security vulnerabilities (such as CVEs – Common Vulnerabilities and Exposures) and exploits (which mainly focus on newly gained permissions/accesses). In contrast, a good foundation for analyzing security issues in ML systems must also capture the causality relationships involved in data poisoning and evasion attacks using adversarial examples. It is clear that such causality relationships are not really relevant to traditional attacks that involve exploitation of common vulnerabilities (CVEs). Evasion attacks and data poisoning attacks can make ML systems misbehave. Evasion attacks refer to crafting adversarial examples after the training phase, so that models produce incorrect outputs. Data poisoning attacks refer to modifying the training data, so that the trained model will be maliciously altered. We take data poisoning attack against the word-to-word translation Machine Learning system as a motivating example to explain the concept of Causality Graphs.
In this presentation, we will present new techniques for modeling of Attacks on ML systems using Causality Graphs. These graphs are used to capture the data, model and library dependencies in a specific ML system:
– Data dependencies
– Model dependencies
– Library Dependencies
We will illustrate our methodology using a case study. We will present some of the challenges for designing mitigation strategies against attacks on ML Systems. Here is a list of some of the questions that the causality graph can be used to answer:
1) Which part of the ML system gets tainted due to the attack?
2) How far into the ML system the attack penetrate?
3) Will the proposed defense system be effective in preventing the attack?
In summary, we will present a new methodology for modeling of attacks and security analysis of Machine Learning Systems.
About the Speaker: Dr. Anoop Singhal, is currently a Senior Computer Scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. He has more than 30 years of research experience at NIST, George Mason University and AT&T Bell Labs. His research interests are in cyber security, active cyber defense, cloud computing security and machine learning systems. He is a member of ACM, senior member of the IEEE and he has co-authored over 60 technical papers in leading conferences and journals. He has taught several graduate level courses in Computer Science as an adjunct faculty and given talks at RSA, IEEE and ACM conferences. He has two patents in the area of attack graphs and he has also co-edited a book on Secure Cloud Computing and Network Security Metrics.
Webpage: https://www.nist.gov/people/anoop-singhal
Atul Prakash
University of Michigan
Title: Large language models: are guarded models safe?
Abstract: Large language models (LLMs) are typically aligned to be harmless to humans. Unfortunately, recent work has shown that such models are susceptible to automated jailbreak attacks that induce them to generate harmful content. As a result, more recent LLMs often incorporate an additional layer of defense, a Guard Model, which is a second LLM that is designed to check and moderate the output response of the primary LLM. We first review the strategy behind prior automated jailbreak attacks. Then, we discuss some of the recent work that shows that even guarded models are susceptible to jailbreaking. Finally, we discuss some future directions for research on more robust large language models.
About the Speaker: Atul Prakash is a Professor and Chair of Computer Science and Engineering Division at the University of Michigan with research interests in computer security and machine learning. He received a Bachelor of Technology in Electrical Engineering from IIT, Delhi and a Ph.D. in Computer Science from the University of California, Berkeley. His recent research work is focusing on the vulnerability of deep learning and large language models and making these models robust. At the University of Michigan, he has served as Director of the Software Systems Lab, led the creation of the new Data Science undergraduate program, and is currently serving as the Chair of the CSE Division.
https://web.eecs.umich.edu/~aprakash/
Kari Kostiainen
ETH Zurich
Title: Towards Regulated, Private and Robust Central Bank Digital Currency (CBDC)
Abstract: Central Bank Digital Currencies (CBDCs) have gained significant attention recently. In this talk, we explain what is a CBDC and how it differs from digital payments and cryptocurrencies. We discuss desirable functionality and necessary security properties for CBDCs based on recent central bank documents and regulations. We consider CBDC systems that should work both in online and offline settings, and discuss their design challenges. In particular, we observe that achieving strong privacy protection and support for regulatory features such as holding limits and spending limits is difficult. We also note that double spending protection in the offline setting combined with strong privacy protections brings up new technical challenges. Finally, we present two novel designs for CBDCs, one for online scenarios and another for offline payments.
About the Speaker: Kari Kostiainen is Senior Scientist at ETH Zurich and Director of Zurich Information Security Center (ZISC). Before joining ETH, Kari was a researcher at Nokia. He has a PhD in computer science from Aalto. Kari’s research focuses on system security. Recent topics include trusted computing, blockchain security, and human factors of security.
Webpage: https://syssec.ethz.ch/people/kkari.html
Pierangela Samarati
University of Milan
Title: Data Security and Privacy in Emerging Scenarios
Abstract: The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Cloud, Big Data, Internet of things, services and
technologies that are becoming more and more pervasive and conveniently accessible, towards the realization of a ‘smart’ society’. At the heart of this evolution is the ability to collect, analyze, process, and share an ever-increasing amount of data to extract knowledge for offering personalized and advanced services. This typically also involves external parties for data management and computation that may be either not authorized to access data or not fully trusted. The complexity of this scenario introduces several security and privacy challenges. In this talk, I will illustrate some challenges related to guaranteeing confidentiality and integrity of data stored or processed by external providers.
About the Speaker: Pierangela Samarati is a Professor at the Computer Science Department of the Università degli Studi di Milano. Her main research interests are in data protection, security, and privacy. She has coordinated and participated in several projects, funded by the European Commission and the Italian Ministry or Research, involving different aspects of information protection. On these topics she has published more than 300 papers appeared in international journals, conference proceedings, and books. She is co-author of the book “Database Security,” Addison-Wesley, 1995. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems, George Mason University, VA (USA).
She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the ERCIM Security and Trust Management Working Group (STM), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is the Italian representative in the IFIP (International Federation for Information Processing) Technical Committee 11 (TC-11) on “Security and Privacy”. She is a member of the Steering Committee of: European Symposium on Research in Computer Security (ESORICS), IEEE Conference on Communications and Network Security (CNS), Italian Conference on CyberSecurity (ITASEC), International Conference on Information Systems Security (ICISS), and International Conference on Information and Communications Security (ICICS). She is IEEE Fellow (2012), ACM Fellow (2021), IFIP Fellow (2021), and ACM Distinguished Scientist (2009). She has received the ESORICS Outstanding Research Award (2018), the IEEE Computer Society Technical Achievement Award (2016), the IFIP TC11 Kristian Beckman Award (2008), and the IFIP WG 11.3 Outstanding Research Contributions Award (2012).
Webpage: https://samarati.di.unimi.it
Vincenzo Piuri
University of Milan
Title: Biometrics and AI: Challenges and Opportunities
Abstract: Biometric technologies and applications are pervasively permeating our everyday life. Once typically used for authentication and for restricting access to critical (physical or digital) environments, biometrics are increasingly and seamlessly at the basis of many of the services and applications of today’s smart society, from governmental and business services to leisure.
The widespread adoption of biometrics, the enormous amount of biometrics data gathered, shared, and processed, as well as advancements in artificial intelligence open new challenges and opportunities in the field of biometrics and biometric data processing.
These advancements in applications call for novel biometric solutions, able to operate in new and emerging scenarios seamlessly and balancing the need of catering advanced services based on biometrics while complying with the rightful desire for an ethical, secure, and privacy-respectful use of biometrics.
In this talk, I will illustrate the main biometrics techniques discussing their characteristics, strengths, limitations, and applications. I will also discuss challenges and research directions, with particular focus on opportunities from the application of AI.
About the Speaker: Vincenzo Piuri is Professor in computer engineering at the University of Milan, Italy (since 2000). He has been Associate Professor at Polytechnic of Milan, Italy and Visiting Professor at the University of Texas at Austin, USA, and visiting researcher at George Mason University, USA.
His main research interests are: artificial intelligence, machine learning, pattern analysis and recognition, intelligent systems, signal and image processing, biometrics, industrial applications. Original results have been published in 400+ papers in international journals, proceedings of international conferences, books, and book chapters.
He is Fellow of the IEEE and Distinguished Scientist of ACM. He is IEEE Region 8 Director (2023-24) and has been IEEE Vice President for Technical Activities (2015), IEEE Director, President of the IEEE Systems Council, and President of the IEEE Computational Intelligence Society. He has been Editor-in-Chief of the IEEE Systems Journal (2013-19). He received the IEEE Instrumentation and Measurement Society Technical Award (2002), the IEEE TAB Hall of Honor (2019), and the Rudolf Kalman Professor Title of the Obuda University, Hungary.
Webpage: https://piuri.di.unimi.it