Prof. Gene Tsudik, University of California, Irvine, USA
- Achtung: diese DLS findet ausnahmesweise an einem Dienstag statt - Details anzeigen
Remote Attestation (RA) is a security service that allows a trusted verifier (Vrf) to measure the software state of an untrusted remote device -- Prv. If correctly implemented, RA allows Vrf to remotely detect if Prv is in an illegal or compromised state. Although several RA architectures have been proposed, little attention has been devoted to their verifiability and security guarantees that can be derived through formal verification of RA architectures.
Prof. N. Asokan, Aalto University, Espoo, Finland
Run-time attacks are a prominent attack vector for compromising systems written in memory-unsafe languages like C and C++. Over the last decade there has been significant advances by both researchers and practitioners in understanding and defending against run-time attacks, especially those that attempt to defeat control-flow integrity (CFI). As CFI defenses are gradually being deployed, data-oriented attacks will become increasingly attractive. ....Details anzeigen
Prof. Daniel Keim, Universität Konstanz
Abstract: Details anzeigen
Never before in history data is generated and collected at such high volumes as it is today, in particular in security applications. For the analysis of large data sets to be effective, it is important to include the human in the data exploration process and combine the flexibility, creativity, and general knowledge of humans with the enormous storage capacity and the computational power of today's computers.
Prof. Ross Anderson, University of Cambridge Computer Laboratory, UK
Diese DLS in Cybersecurity kann leider nicht stattfinden. Sie wird zu einem späteren Zeitpunkt nachgeholt werden.
We've been exploring how to track stolen bitcoin. Previous attempts to do this had got entangled in the problem of dealing with transactions that split bitcoin into change, or that consolidate smaller sums into larger ones, and with mining fees. One answer comes from an unexpected direction: a legal precedent in 1816....
Prof. Ari Juels, Cornell Tech, New York, USA
Abstract: Details anzeigen
Smart contracts are applications that run on and inherit the special properties of blockchains. These properties alone, though, do not make smart contracts broadly useful. Persistence prevents tampering, but makes errors irreversible. Transparency supports behavioral assurances, but at the cost of confidentiality.
Prof. Paulo Esteves-Veríssimo, University of Luxembourg
Abstract: Details anzeigen
Computing and communications infrastructures have become commodities which societies largely depend on, transacting huge quantities of data and exhibiting pervasive interconnections, sometimes in critical conditions. However, the actual magnitude that security and dependability risks may assume, is often misperceived. The information society has been assuming risk behaviours, without the adequate protection. Many stakeholders, not only end-users but vendors, service providers, public administrations and - what may be surprising - even governments, seem to ignore those risks, in different ways.
Prof. Gilles Barthe, University of Manchester, UK
Building secure cryptographic implementations is notoriously hard. In this talk, I will outline a general methodology that delivers formal guarantees on assembly-level implementations through a combination of ideas from deductive program verification, program analysis, and verified compilation.
Colin Boyd, Norwegian University of Science and Technology (NTNU), Norwegen
Deduplication is a widely used mechanism in cloud storage systems which can greatly increase efficiency. The basic idea is to remove duplicate stored files, replacing copies with a pointer to a single version. Empirical evidence shows that deduplication can be extremely effective in reducing both storage requirements and bandwidth used for uploading. However, deduplication also introduces severe challenges to security. There is an inherent conflict between the use of deduplication and the desire of users to encrypt their files prior to uploading. Even if this problem can be solved, client-side deduplication opens up a side channel which can reveal information to an adversary, as shown in 2010 by Harnik et al.
Paul van Oorschot, Carleton University, Ottawa, Canada
Recent years have seen increasing calls to make security research more “scientific”. Who can argue with science being desirable? But what exactly do people mean when they suggest this, and what are they really seeking? There is little clarity on what a “Science of Security” would look like. We consider this question, in the context of historical science and more recent security research, offer observations and insights, and suggest where things might be improved.
Prof. Srini Devadas, Massachusetts Institute of Technology, Cambridge, USA
Architectural isolation can be used to secure computation on a remote secure processor with a private key where the privileged software is potentially malicious as recently deployed by Intel's Software Guard Extensions (SGX). This talk will first describe the Sanctum secure processor architecture, which offers the same promise as SGX, namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of additional software attacks that infer private information by exploiting resource sharing....