Keynote by Prof. Adrian Perrig

Title: Exciting Security Research Opportunity: Next-generation Internet

Date/Time: Wednesday, Nov 5th, 2014, 11:45 am - 12:45 pm

Abstract:

The Internet has been successful beyond even the most optimistic expectations. It permeates and is intertwined with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is not commensurate with its importance.

Although we cannot conclusively determine what the impact of a 1-minute, 1-hour, 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal processes. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture and business processes. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.

Given the diverse nature of constituents in today's Internet, another major issue is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.

After decades of network security research, patches and extensions to the network infrastructure, we have painted ourselves into a corner. The consideration of economic, scientific, societal, and legal aspects have created a multitude of constraints that severely limit the solution space.

To address these issues, we study the design of a next-generation Internet that is secure, available, and offers privacy by design; that provides appropriate incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage. Such a research environment offers a bonanza for security researchers: a critically important problem space with a medley of challenges to address, and best of all the freedom to think creatively in the absence of limiting constraints. Once we know how good a network could be, we can then engage in transitioning ideas to the current Internet or study how to transition to a next-generation network.

Bio: 

Adrian Perrig is a Professor of Computer Science at the Department of Computer Science at the Swiss Federal Institute of Technology (ETH) in Zürich, where he leads the network security group. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J. D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from the Swiss Federal Institute of Technology in Lausanne (EPFL). He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.

Keynote by Prof. Chris Clifton

Title: Privacy: Beyond Confidentiality

Date/Time: Thursday, Nov 6th, 2014, 11:45 am - 12:45 pm

Abstract:

The computer science community has had a growing research focus in Privacy over the last decade.  Much of this has really focused on confidentiality:  Anonymization, computing on encrypted data, access control policy, etc.  This talk will look at a variety of research results in this area, including “weaker” approaches than the absolutes typically considered in the security community, and how they all come down to the same basic concept of providing confidentiality.

Privacy is much more complex.  People are often willing to allow use of their data – but not just for anything.  This talk will look at such other privacy issues, such as harm to individuals and society from the fear of disclosure or misuse of private data.  The talk will conclude with ideas for new research directions in privacy.

Bio: 

Dr. Clifton works on data privacy, particularly with respect to analysis of private data. This includes privacy-preserving data mining, data de-identification and anonymization, and limits on identifying individuals from data mining models. He also works more broadly in data mining, including data mining of text and data mining techniques applied to interoperation of heterogeneous information sources. Fundamental data mining challenges posed by these applications include extracting knowledge from noisy data, identifying knowledge in highly skewed data (few examples of "interesting" behavior), and limits on learning. He also works on database support for widely distributed and autonomously controlled information, particularly issues related to data privacy.

Prior to joining Purdue, Dr. Clifton was a principal scientist in the Information Technology Division at the MITRE Corporation. Before joining MITRE in 1995, he was an assistant professor of computer science at Northwestern University.