Tutorial co-Chairs

Guofei Gu, Texas A&M University, USA
Maribel Fernandez, Kings College London, UK

Overview of Tutorials

Cache Side Channels: State-of-the-Art and Research Opportunities
Tuesday, October 31st, 10:45am – 12:15pm, Dallas Ballroom D3
Yinqian Zhang (Ohio State University)

Cliptography: Post-Snowden Cryptography
Tuesday, October 31st, 1:45pm – 5:00pm, Dallas Ballroom D3
Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap. Inc, & Columbia University)

Adversarial Data Mining: Big Data Meets Cyber Security
Wednesday, November 1st, 2:00pm – 5:00pm, Dallas Ballroom D3
Murat Kantarcioglu (University of Texas at Dallas)

SGX Security and Privacy
Thursday, November 2nd, 9:00am – 12:30pm, Dallas Ballroom D3
Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)

Private Information Retrieval
Thursday, November 2nd, 2:00pm – 5:00pm, Dallas Ballroom D3
Ryan Henry (Indiana University)

Tutorials in Detail

Cache Side-Channels: State-of-the-Art and Research Opportunities

Lecturer: Yinqian Zhang (Ohio State University)

Tuesday, October 31st, 10:45am – 12:15pm, Dallas Ballroom D3

Abstract: Cache side-channels are a type of attack vectors through which an adversary infers secret information of a running program by observing its use of CPU caches or other caching hardware. The study of cache side channels, particularly access-driven cache side channels, is gaining traction among security researchers in recent years. A large volume of papers on cache side-channel attacks or defenses is being published in both security and computer architecture conferences each year. However, due to the diversity of the research goals, methods, and perspectives, it becomes much harder for researchers new to this field to keep track of the frontiers of this research topic. As such, in this tutorial, we will provide a high-level overview of the studies of cache side-channels to help other security researchers to comprehend the state-of-the-art of this research area, and to identify research problems that have not been addressed by the community. We also hope to bridge the gap between the security community and the computer architecture community on this specific research topic by summarizing research papers from both sides.

Biography: Dr. Yinqian Zhang is an assistant professor of the Department of Computer Science and Engineering at The Ohio State University. He received his Ph.D. from University of North Carolina at Chapel Hill. His research interest lies in system security in general. His current research focus is side-channel attacks and defenses. In the past years, he has investigated several topics under this research theme, and published multiple research papers in top security conferences such as IEEE S&P, ACM CCS, Usenix Security. His research has been supported by NSF. He held three U.S. patents that were derived from his previous research. In the recent years, he has served on the technical program committees of multiple security conferences, including IEEE S&P, ACM CCS, Usenix Security, and NDSS.

Cliptography: Post-Snowden Cryptography

Lecturer: Qiang Tang (New Jersey Institute of Technology) and Moti Yung (Snap. Inc, & Columbia University)

Tuesday, October 31st, 1:45pm – 5:00pm, Dallas Ballroom D3

Abstract: This tutorial covers a systematic overview of kleptography: stealing information subliminally from black-box cryptographic implementations; and cliptography: defending mechanisms that clip the power of kleptographic attacks via specification re-designs (without altering the underlying algorithms).

Despite the laudatory history of development of modern cryptography, applying cryptographic tools to reliably provide security and privacy in practice is notoriously difficult. One fundamental practical challenge, guaranteeing security and privacy without explicit trust in the algorithms and implementations that underlie basic security infrastructure, remains. While the dangers of entertaining adversarial implementation of cryptographic primitives seem obvious, the ramifications of such attacks are surprisingly dire: it turns out that, in wide generality, adversarial implementations of cryptographic (both deterministic and randomized) algorithms may leak private information while producing output that is statistically indistinguishable from that of a faithful implementation. Such attacks were formally studied in Kleptography.

Snowden revelations have shown us how security and privacy can be lost at a very large scale even when traditional cryptography seems to be used to protect Internet communication, when Kleptography was not taken into consideration.

We first explain how the above-mentioned Kleptographic attacks can be carried out in various settings. We then introduce several simple but rigorous immunizing strategies that were inspired by folklore practical wisdoms to protect different algorithms from implementation subversion. Those strategies can be applied to ensure security of most of the fundamental cryptographic primitives such as PRG, digital signatures, public key encryptions against kleptographic attacks when they are implemented accordingly. Our new design principles may suggest new standardization methods that help reduce the threats of subverted implementation. We also hope our tutorial stimulates community-wide efforts to further tackle this fundamental challenge.

Biography: Qiang Tang is an Assistant Professor at the Department of Computer Science at New Jersey Institute of Technology (NJIT). Before joining NJIT, he was a postdoctoral associate at Cornell University and was also affiliated with the Initiative of CryptoCurrency and Contracts (IC3). He obtained his PhD from the University of Connecticut with a Taylor Booth Scholarship. He also held visiting researcher positions at various institutes including the University of Wisconsin, Madison, NTT Research, Tokyo and the University of Athens, Greece. His research interests are applied and theoretical cryptography, privacy and computer security. In particular, in accountability, post-Snowden cryptography, and blockchain technology. He has made contributions on using cryptocurrency to deter copyright infringement and to enforce key management policy, re-designing cryptographic specifications to defend against implementation subversion, as well as information theoretical security.

Moti Yung is a computer scientist whose main interests are in cryptography, security, and privacy. He is currently with Snap, Inc., and has been holding adjunct professor appointments at Columbia University where he has co-advised several Ph.D. students. He was with IBM, CertCo, RSA Lab, and Google. Dr. Yung made extensive contributions on the foundation of modern cryptography as well as innovative secure industrial technology within actual large scale systems, including the Greek National Lottery system, the security and privacy aspects of Google's global systems such as the Ad Exchange (ADX) and the ephemeral ID efforts for Google's BLE beacons, and Snap's "my eyes only memories' cloud security. Also, his invention of Cryptovirology (including Kleptography) envisioned the explosion of ransomware, and algorithm subversion on crypto systems and standards such as the Dual_EC DRNG subversion. Dr. Yung has been giving distinguished and keynote speeches at numerous top-tier crypto/security/distributed computing conferences. He is a Fellow of ACM, IEEE, IACR, and EATCS.

Adversarial Data Mining: Big Data Meets Cyber Security

Lecturer: Murat Kantarcioglu (University of Texas at Dallas)

Wednesday, November 1st, 1:45pm - 5:00pm, Dallas Ballroom D3

Abstract: Increasing amounts of cyber security incident data ranging from systems logs to vulnerability scan results are being collected. At the same time, manually analyzing these collected data to detect important cyber security events become almost impossible. Hence, data mining techniques are becoming an essential tool for real-world cyber security solutions. One of the most important differences between applying data mining for cyber security and many other data mining applications is the existence of malicious adversaries that continuously adapt their behavior to hide their actions and to make the data mining models ineffective.

To address these concerns, over the last couple of years new and novel data mining techniques which is more resilient to such adversarial behavior are being developed in data mining community. We believe that lessons learned as a part of this research direction would be beneficial for cyber security researchers who plan to apply data mining techniques in practice.

In this three hour long tutorial, we introduce the foundation, the techniques, and the applications of adversarial data mining to cyber security applications. We first introduce various data mining approaches proposed in the past to defend against active adversaries. We then discuss a game theoretic framework to model the sequential actions of the adversary and the data miner, while both parties try to maximize their utilities. We also introduce a modified support vector machine method and a relevance vector machine method to defend against active adversaries. Intrusion detection and malware detection are two important application areas for adversarial data mining models that will be discussed in details during the tutorial. Finally, we discuss some practical guidelines on how to use adversarial data mining ideas in generic cyber security applications and how to leverage existing big data management tools such as Spark for building data mining algorithms for cyber security.

Biography: Dr. Murat Kantarcioglu is a Professor of Computer Science and Director of the UTD Data Security and Privacy Lab at The University of Texas at Dallas. He holds MS and PhD degrees in Computer Science from Purdue University. He is recipient of an NSF CAREER award and a Purdue CE- RIAS Diamond Award for academic excellence. He has been a visiting scholar at Harvard’s Data Privacy Lab. Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. In addition, he focuses on using adversarial data mining techniques for fraud detection, cyber security and homeland security.

His research has been supported by awards from NSF, AFOSR, ONR, NSA, and NIH. He has published over 150 peer-reviewed papers. His work has been covered by media outlets such as Boston Globe and ABC News, among others and has received three best paper awards. He is a senior member of both ACM and IEEE.

SGX Security and Privacy

Lecturer: Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)

Thursday, November 2nd, 9:00 - 12:30, Dallas Ballroom D3

Abstract: In this tutorial, we will first introduce the basic concepts of Intel SGX, its development workflows, potential applications and performance characteristics. Then, we will explain known security concerns, including cache/branch side-channel attacks and memory safety issues, and corresponding defenses with various working demos. Last but not least, we will introduce various ways to quickly start writing SGX applications, specifically by utilizing library OSes or thin shielding layers; we will explain the pros and cons of each approach in terms of security and usability.

Biography: Taesoo Kim is an Assistant Professor in the School Computer Science at Georgia Tech. He also serves as the director of the Georgia Tech Systems Software and Security Center (GTS3). He is interested in building a system that has underlying principles for why it should be secure. Those principles include the design of a system, analysis of its implementation, and clear separation of trusted components. His thesis work, in particular, focused on detecting and recovering from attacks on computer systems. He holds a BS from KAIST (2009), a SM (2011) and a PhD (2014) from MIT in CS.

Zhiqiang Lin is an Associate Professor of Computer Science at The University of Texas at Dallas. He earned his PhD from Computer Science Department at Purdue University in 2011. His primary research interests are systems and software security, with an emphasis on developing program analysis techniques and applying them to secure both application programs including mobile apps and the underlying system software such as Operating Systems and hypervisors. Dr. Lin is a recipient of the NSF CAREER Award and the AFOSR Young Investigator Award.

Chia-Che Tsai is a PhD candidate at Stony Brook University, and will soon join the RISE Lab at UC Berkeley as a postdoc researcher. He is also joining the Computer Science and Engineering department of Texas A&M University in Fall 2018 as a faculty. He is interested in building OSes and runtimes with a balance between usability, security, and performance. He is the main contributor to the Graphene library OS, an open-source framework for reusing unmodified Linux applications on Intel SGX and other various host options.

Private Information Retrieval

Lecturer:Ryan Henry (Indiana University)

Thursday, November 2nd, 2:00pm - 5:00pm, Dallas Ballroom D3

Abstract:Private information retrieval (PIR) is a cryptographic primitive that facilitates the seemingly impossible task of letting users fetch records from untrusted and remote database servers without revealing to those servers which records are being fetched. The research literature on PIR is vast; in the over two decades since its 1995 introduction by Chor, Goldreich, Kushilevitz, and Sudan, the cryptography, privacy, and theoretical computer science research communities have studied PIR intensively and from a variety of perspectives. Alas, despite a series of significant advances, most privacy practitioners and theoreticians alike fall into one of two camps: (i) those who believe that PIR is so inefficient and abstruse as to make it all-but-useless in practice, or (ii) those who remain blissfully unaware that PIR even exists. Indeed, to date not even one of the numerous PIR-based applications proposed in the research literature has been deployed at scale to protect the privacy of users "in the wild".

This tutorial targets both of the above camps, presenting a bird's-eye overview of the current state of PIR research. Topics covered will span the spectrum from purely theoretical through imminently applicable and all the high points in between, thereby providing participants with an awareness of what modern PIR techniques have (and do not have) to offer, dispelling the myth of PIR's inherent impracticality, and hopefully inspiring participants to identify practical use cases for PIR within their own niche areas of expertise. This introductory tutorial will be accessible to anyone comfortable with college-level mathematics (basic linear algebra and some elementary probability and number theory).

Biography: Ryan Henry is an Assistant Professor in the Computer Science department at Indiana University in Bloomington, Indiana. His research explores the systems challenges of applied cryptography, with an emphasis on using cryptography to build secure systems that preserve the privacy of their users. In addition to designing and analyzing privacy-enhancing systems, Professor Henry is interested in practical matters like implementing and working toward the deployment of such systems, as well as more theoretical matters like devising number-theoretic attacks against non-standard cryptographic assumptions and developing new models and theories to understand just how efficient "heavy-weight" cryptographic primitives can be. He received his MMath (2010) and PhD (2014) from the University of Waterloo, where he held a Vanier Canada Graduate Scholarship (Vanier CGS), the most prestigious graduate scholarship in Canada. He has published several papers on PIR at top research venues (e.g., CCS, NDSS, and PETS), is a contributor to Percy++ (an open-source implementation of PIR protocols in C++), and two of his three active NSF grants heavily involve PIR research.