We are very happy to announce the following keynote speakers (in alphabetical order):
Srini Devadas, MIT
Title: Secure Hardware and Cryptography: Contrasts, Synergies and Challenges
Abstract: Numerous cryptographic protocols and mechanisms have been developed to solve computer security challenges, and these techniques vary considerably with respect to security assumptions, performance tradeoffs, and applicability to problems. Secure hardware primarily uses the mechanism of isolation to solve a broad class of computer security problems, ranging from private information retrieval to verifiable computation. In this talk, I will contrast the two approaches by focusing on the application of remote outsourced computation. I will describe a spectrum of approaches that vary in their use of cryptography and isolation to achieve secure remote computation. I will end with describing challenges that remain in the deployment of secure hardware.
Biography: Srini Devadas is the Webster Professor of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology (MIT) where he has been on the faculty since 1988. Devadas’s research interests span Computer-Aided Design (CAD), computer security and computer architecture. He has received the 2014 IEEE Computer Society Technical Achievement award, the 2015 ACM/IEEE Richard Newton technical impact award, and the 2017 IEEE Wallace McDowell award for his research. Devadas is a MacVicar Faculty Fellow and an Everett Moore Baker teaching award recipient, considered MIT’s two highest undergraduate teaching honors.
Ulfar Erlingsson, Google
Title: Data-driven Software Security and its Hardware Support
Abstract: For computer software, our security models, policies, mechanisms, and means of assurance were primarily conceived and developed before the end of the 1970’s. However, since that time, software has changed radically: it is thousands of times larger, comprises countless libraries, layers, and services, and is used for more purposes, in far more complex ways. As a consequence, it is necessary to revisit many of our core computer security concepts. For example, it is unclear how the Principle of Least Privilege can be applied to set security policy, when software is too complex for either its developers or its users to explain its intended behavior in detail.
One possibility is to take an empirical, data-driven approach to modern software, and determine its exact, concrete behavior via comprehensive, online monitoring. Such an approach can be a practical, effective basis for security—as demonstrated by its success in spam and abuse fighting—but its use to constrain software behavior raises many questions. In particular, two questions seem critical. First, is it possible to learn the details of how software *is* behaving, without intruding on the privacy of its users? Second, are those details a good foundation for deriving security policies that constrain how software *should* behave? This talk answers both these questions in the affirmative, as part of an overall approach to data-driven security. It also considers what hardware support is necessary to perform comprehensive software monitoring, with privacy, and without prohibitive overhead.
Biography: Úlfar currently heads a team within Google Brain doing research of privacy and security for machine learning. Previously, he has been a researcher at Microsoft Research, Silicon Valley, an Associate Professor at Reykjavik University, Iceland, and led security technology at two startups: GreenBorder and deCODE Genetics. He holds a PhD in computer science from Cornell University.
Ahmad-Reza Sadeghi, TU Darmstadt
Title: Hardware-Assisted Security: Promises, Pitfalls and Opportunities
Abstract: Hardware security architectures and primitives are becoming increasingly important in practice providing trust anchors and trusted execution environment to protect modern IT systems, and particularly secure the insecure legacy software. Emerging applications, for instance in IoT area, increasingly involve large numbers of connected and heterogeneous device swarms and pose crucial security and privacy challenges on the underlying devices. Over the past two decades we have seen various hardware security solutions and trends in practice from Trusted Platform Modules (TPM), ARM’s TrustZone, and Physically Unclonable Functions (PUFs), to very recent advances such as Intel’s Software Guard Extension (SGX) and Control-Flow Enforcement technology (CET). However, despite their advantages these solutions are rarely used by third party developers, make strong trust assumptions about manufacturers, are too expensive for small constrained devices, do not easily scale, or suffer from information leakage. In this talk we will discuss the real-world impact of hardware-based security solutions, their strengths and shortcomings as well as new research directions.
Biography: Ahmad-Reza Sadeghi is a full professor of Computer Science at the TU Darmstadt, Germany. He is the head of the Systems Security Lab at the Cybersecurity Research Center of TU Darmstadt. Since January 2012 he is also the director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt. He holds a Ph.D. in Computer Science from the University of Saarland, Germany. Prior to academia, he worked in R&D of Telecommunications enterprises, amongst others Ericsson Telecommunications. He has been continuously contributing to security and privacy research. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany. He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC).