Keynotes & Invited Talks

Aanchal Malhotra

Ripple

Title: From Security to Scalability: The Multifaceted Role of Cryptographic Primitives in XRPL R&D

Abstract: TBD

About the Speaker: Aanchal serves as the Head of Research at Ripple, where she leads the research and development efforts in Defi protocol design and cryptography. In her role, she drives various company-wide initiatives and collaborates on technical papers aimed at introducing native support for non-fungible tokens (NFTs), Automated Market Maker (AMM), and Decentralized Identity (DID) on XRPL. With her expertise in cryptographic primitives such as Threshold signatures and Zero-Knowledge SNARKS, Aanchal has dedicated almost four years to enhancing the scalability, privacy, and interoperability of XRPL. Additionally, she holds a position on the Board of Directors for the Travel Rule Information Sharing Alliance (TRISA), an organization committed to facilitating the secure and lawful exchange of digital assets. Aanchal holds a PhD in Computer Science from Boston University.

Webpage: https://www.linkedin.com/in/aanchal-malhotra-91005319/

Ahmad-Reza Sadeghi

Technical University of Darmstadt

Title: Security Tai Chi: The Art of Building and Attacking Secure Computing Systems

Abstract: The ever-increasing complexity of computing systems, coupled with emerging technologies like IoT and AI, poses many novel challenges in designing and implementing security concepts, methods, and mechanisms in hardware and software.

This talk overviews our journey through the system security universe, highlighting the lessons learned in advancing state-of-the-art software and hardware-assisted security in academic research and industry collaborations. We discuss the severe threat posed by recent software-exploitable hardware vulnerabilities, which can jeopardize critical systems. Our experience organizing the world’s largest hardware security competition alongside partners Intel and Synopsys since 2018 provides invaluable lessons in vulnerability discovery and mitigation strategies.

Addressing the critical importance of hardware security and resilience, we explore emerging trends in pre-fabrication vulnerability detection methods such as hardware fuzzing. The talk concludes by outlining future directions for secure hardware design and addressing associated challenges.

About the Speaker: Ahmad-Reza Sadeghi is a professor of Computer Science and the head of the System Security Lab at the Technical University of Darmstadt, Germany. He has led several Collaborative Research Labs with Intel since 2012 and Huawei since 2019. He has studied Mechanical and Electrical Engineering and holds a Ph.D. in Computer Science from the University of Saarland, Germany. Before academia, he worked in the R&D of IT enterprises, including Ericsson Telecommunications. He has continuously contributed to the field of security and privacy research. He was Editor-In-Chief of IEEE Security and Privacy Magazine and had been serving on the
editorial board of ACM TODAES, ACM TIOT, and ACM DTRAP.

He received the renowned German “Karl Heinz Beckurts” award for his influential research on Trusted and Trustworthy Computing. This award honors excellent scientific achievements with a high impact on industrial innovations in Germany. In 2018, he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and pioneering contributions in content protection, mobile security, and hardware-assisted security. In 2021, he was honored with the Intel Academic Leadership Award at USENIX Security conference for his influential research on cybersecurity, particularly hardware-assisted security. In 2022 he received the prestigious European Research Council (ERC) Advanced Grant.

Webpage: https://www.informatik.tu-darmstadt.de/systemsecurity/people_sys/people_details_sys_45184.en.jsp

Alessandro Mei

Sapienza University of Rome

Title: TBD

Abstract: TBD

About the Speaker: Alessandro Mei received his laurea degree in computer science summa cum laude from the University of Pisa, Italy, in 1994, and his PhD in mathematics from the University of Trento, Italy, in 1999, under the supervision of Alan A. Bertossi. From 1998 to part of 1999, he worked as a research scholar at the Department of EE-Systems of the University of Southern California. Following this, he joined the faculty of the Department of Computer Science at Sapienza University of Rome, Italy, where he is currently a full professor. From 2015 to 2021, he served as the Head of Department, and from 2018 to 2021, he was the Chairman of the Council of the directors of department of Sapienza University.

Alessandro Mei’s primary research interests include distributed and networked systems, blockchain technology, and computer system security and privacy. He was a Marie Curie Fellow from 2010 to 2012 at both the University of California San Diego and Sapienza University, and he received the Google Faculty Research Award in 2012. Additionally, he served as an associate editor of the IEEE Transactions on Computers from 2005 to 2009 and as the general chair and general co-chair of IEEE IPDPS 2009, IEEE Mass 2021, and ACM CoNext 2022.

Webpage: http://wwwusers.di.uniroma1.it/~mei/

Anoop Singhal

NIST

Title: Modeling and Security Analysis of Attacks on Machine Learning Systems

Abstract: Last several years have witnessed rapidly increasing use of machine learning (ML) systems in multiple industry sectors. Auto driving cars are using ML to process the images/videos from the cameras to understand the traffic signals and real time traffic around them. ML has been used to translate text from one language to another in several systems. Deep Learning has been used in products such as Google and Mozilla to understand speech.

However, it is widely recognized that the existing security analysis frameworks and techniques, which were developed to analyze enterprise (software) systems and networks, are not very suitable for analyzing ML systems. ML systems have new kinds of causality relationships which cannot be handled by current approaches for security analysis. For example, attack graphs are fundamental tools for enterprise security analysis but mainly focus on relationships between security vulnerabilities (such as CVEs – Common Vulnerabilities and Exposures) and exploits (which mainly focus on newly gained permissions/accesses). In contrast, a good foundation for analyzing security issues in ML systems must also capture the causality relationships involved in data poisoning and evasion attacks using adversarial examples. It is clear that such causality relationships are not really relevant to traditional attacks that involve exploitation of common vulnerabilities (CVEs). Evasion attacks and data poisoning attacks can make ML systems misbehave. Evasion attacks refer to crafting adversarial examples after the training phase, so that models produce incorrect outputs. Data poisoning attacks refer to modifying the training data, so that the trained model will be maliciously altered. We take data poisoning attack against the word-to-word translation Machine Learning system as a motivating example to explain the concept of Causality Graphs.

In this presentation, we will present new techniques for modeling of Attacks on ML systems using Causality Graphs. These graphs are used to capture the data, model and library dependencies in a specific ML system:
– Data dependencies
– Model dependencies
– Library Dependencies

We will illustrate our methodology using a case study. We will present some of the challenges for designing mitigation strategies against attacks on ML Systems. Here is a list of some of the questions that the causality graph can be used to answer:
1) Which part of the ML system gets tainted due to the attack?
2) How far into the ML system the attack penetrate?
3) Will the proposed defense system be effective in preventing the attack?
In summary, we will present a new methodology for modeling of attacks and security analysis of Machine Learning Systems.

About the Speaker: Dr. Anoop Singhal, is currently a Senior Computer Scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. He has more than 30 years of research experience at NIST, George Mason University and AT&T Bell Labs. His research interests are in cyber security, active cyber defense, cloud computing security and machine learning systems. He is a member of ACM, senior member of the IEEE and he has co-authored over 60 technical papers in leading conferences and journals. He has taught several graduate level courses in Computer Science as an adjunct faculty and given talks at RSA, IEEE and ACM conferences. He has two patents in the area of attack graphs and he has also co-edited a book on Secure Cloud Computing and Network Security Metrics.

Webpage: https://www.nist.gov/people/anoop-singhal

Kari Kostiainen

ETH Zurich

Title: Towards Regulated, Private and Robust Central Bank Digital Currency (CBDC)

Abstract: TBD

About the Speaker: Kari Kostiainen is Senior Scientist at ETH Zurich and Director of Zurich Information Security Center (ZISC). Before joining ETH, Kari was a researcher at Nokia. He has a PhD in computer science from Aalto. Kari’s research focuses on system security. Recent topics include trusted computing, blockchain security, and human factors of security.

Webpage: https://syssec.ethz.ch/people/kkari.html

Pierangela Samarati

University of Milan

Title: TBD

Abstract: TBD

About the Speaker: Pierangela Samarati is a Professor at the Computer Science Department of the Università degli Studi di Milano. Her main research interests are in data protection, security, and privacy. She has coordinated and participated in several projects, funded by the European Commission and the Italian Ministry or Research, involving different aspects of information protection. On these topics she has published more than 300 papers appeared in international journals, conference proceedings, and books. She is co-author of the book “Database Security,” Addison-Wesley, 1995. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems, George Mason University, VA (USA).

She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the ERCIM Security and Trust Management Working Group (STM), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is the Italian representative in the IFIP (International Federation for Information Processing) Technical Committee 11 (TC-11) on “Security and Privacy”. She is a member of the Steering Committee of: European Symposium on Research in Computer Security (ESORICS), IEEE Conference on Communications and Network Security (CNS), Italian Conference on CyberSecurity (ITASEC), International Conference on Information Systems Security (ICISS), and International Conference on Information and Communications Security (ICICS). She is IEEE Fellow (2012), ACM Fellow (2021), IFIP Fellow (2021), and ACM Distinguished Scientist (2009). She has received the ESORICS Outstanding Research Award (2018), the IEEE Computer Society Technical Achievement Award (2016), the IFIP TC11 Kristian Beckman Award (2008), and the IFIP WG 11.3 Outstanding Research Contributions Award (2012).

Webpage: https://samarati.di.unimi.it

Vincenzo Piuri

University of Milan

Title: Biometrics and AI: Challenges and Opportunities

Abstract: Biometric technologies and applications are pervasively permeating our everyday life. Once typically used for authentication and for restricting access to critical (physical or digital) environments, biometrics are increasingly and seamlessly at the basis of many of the services and applications of today’s smart society, from governmental and business services to leisure.

The widespread adoption of biometrics, the enormous amount of biometrics data gathered, shared, and processed, as well as advancements in artificial intelligence open new challenges and opportunities in the field of biometrics and biometric data processing.

These advancements in applications call for novel biometric solutions, able to operate in new and emerging scenarios seamlessly and balancing the need of catering advanced services based on biometrics while complying with the rightful desire for an ethical, secure, and privacy-respectful use of biometrics.

In this talk, I will illustrate the main biometrics techniques discussing their characteristics, strengths, limitations, and applications. I will also discuss challenges and research directions, with particular focus on opportunities from the application of AI.

About the Speaker: Vincenzo Piuri is Professor in computer engineering at the University of Milan, Italy (since 2000). He has been Associate Professor at Polytechnic of Milan, Italy and Visiting Professor at the University of Texas at Austin, USA, and visiting researcher at George Mason University, USA.

His main research interests are: artificial intelligence, machine learning, pattern analysis and recognition, intelligent systems, signal and image processing, biometrics, industrial applications. Original results have been published in 400+ papers in international journals, proceedings of international conferences, books, and book chapters.

He is Fellow of the IEEE and Distinguished Scientist of ACM. He is IEEE Region 8 Director (2023-24) and has been IEEE Vice President for Technical Activities (2015), IEEE Director, President of the IEEE Systems Council, and President of the IEEE Computational Intelligence Society. He has been Editor-in-Chief of the IEEE Systems Journal (2013-19). He received the IEEE Instrumentation and Measurement Society Technical Award (2002), the IEEE TAB Hall of Honor (2019), and the Rudolf Kalman Professor Title of the Obuda University, Hungary.

Webpage: https://piuri.di.unimi.it