CCS 2018 Workshops

Workshop Proceedings




Multimedia Privacy and Security (MPS)

We focus on the security and privacy issues that have developed as our society has become more interconnected, specifically with respect to multimedia data generated by the Internet of Things (IoT) and Web 2.0. Multimedia has expanded beyond the scope its original definition. With the rise of social media, large quantities of multimedia data (e.g., pictures, videos, audio, and computer graphics) can be created in a short period of time. When all these data are stored in a networked environment, many people can connect to it for viewing, sharing, commenting, and storing information. In addition, multimedia data in IoT networks serves a significant purpose as many people’s status, locations, and live actions can be seen, disseminated, tracked, commented on, and monitored in real time. IoT opens up many possibilities for attacks since more people can broadcast themselves and allow their networks to view and share in their lives. There are also increased criminal activities in this space such as online frauds, cyber piracy, unauthorized access, malware, denial of service, phishing, social engineering, and identity theft, many of which involve multimedia data and devices. All of these present new technical challenges in related areas in cyber security such as access control, user and device authentication, data leakage protection, privacy enhancing technologies, identity management, digital watermarking, digital right management, and digital forensics. Other new challenges include new problems such as large-scale attacks and prevention, the strength of security protection (e.g., common encryption algorithms), hiding malware within multimedia data, location-based privacy with high accuracy and anonymity. Our workshop will allow a specific venue for the presentation of work addressing these concerns, specific to the multimedia privacy and security sub-community.

Security-Oriented Designs of Computer Architectures and Processors

The intrinsic security of computer architectures and the implementations of processors has long been unintentionally or even deliberately overlooked and traded for optimizations seeking for high performance and low cost. Traditional wisdom about computer security is to patch the vulnerable software eco-systems but still let them run on existing flawed computers in the hope to fend off the attacker with less exploitable bugs extra security checks and constrained running environment. However, without fixing the underlying security flaws in processor designs, defending the current software systems by the software along is doomed to be a losing battle. The recent Meltdown and Spectre attacks demonstrate that some of the fundamental architecture level optimizations, such as speculative execution have the potential to be or already become security vulnerabilities which are extremely difficult, if ever possible, to fix without changing the underlying hardware designs. It becomes necessary for future designs of computer architectures and processors to consider security early in the design process and devise a software-hardware interface with security in mind. Security-oriented designs of computer architectures and processors have the potential to significantly improve the overall computer security in a systematic manner.

System Software for Trusted Execution (SysTEX 2018)

With the rise of new hardware extensions that permit fine-grained and flexible trusted execution, we need appropriate systems support that makes trusted execution environments (TEEs) such as Intel’s Software Guard Extensions (SGX) or ARM’s TrustZone conveniently usable by application developers. The 3rd Workshop on System Software for Trusted Execution (SysTEX) will focus on systems research challenges related to TEEs, and explore new ideas and strategies for the implementation of trustworthy systems with TEEs.

Privacy in the Electronic Society (WPES)

The need for privacy-aware policies, regulations and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2018 Workshop, held in conjunction with the ACM CCS conference, is the seventeen in a yearly forum for papers on all the different aspects of privacy in today’s electronic society.

Moving Target Defense (MTD)

The static nature of current computing systems has made them easy to attack and hard to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever-adapting attack surface, attackers will have to deal with significant uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for defenders and attackers – ultimately tilting it in favor of the defender. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving target defense, and to have productive discussions and constructive debate on this topic.

Theory and Practice of Differential Privacy (TPDP)

Differential privacy is a promising approach to privacy-preserving data analysis. Differential privacy provides strong worst-case guarantees about the harm that a user could suffer from participating in a differentially private data analysis, but is also flexible enough to allow for a wide variety of data analyses to be performed with a high degree of utility. Having already been the subject of a decade of intense scientific study, it has also now been deployed in products at government agencies such as the U.S. Census Bureau and companies like Apple and Google. Researchers in differential privacy span many distinct research communities, including algorithms, computer security, cryptography, databases, data mining, machine learning, statistics, programming languages, social sciences, and law. This workshop will bring researchers from these communities together to discuss recent developments in both the theory and practice of differential privacy.

Encrypted Computing and Applied Homomorphic Cryptography (WAHC)

Secure computation is becoming a key feature of future information systems. Distributed network applications and cloud architectures are at danger because lots of personal consumer data is aggregated in all kinds of formats and for various purposes. Industry and consumer electronics companies are facing massive threats like theft of intellectual property and industrial espionage. Public infrastructure has to be secured against sabotage and manipulation. A possible solution is encrypted computing: Data can be processed on remote, possibly insecure resources, while program code and data is encrypted all the time. This allows to outsource the computation of confidential information independently from the trustworthiness or the security level of the remote system. The technologies and techniques discussed in this workshop are a key to extend the range of applications that can be securely outsourced. The goal of the WAHC workshop is to bring together researchers with practitioners and industry to present, discuss and to share the latest progress in the field. We want to exchange ideas that address real-world problems with practical approaches and solutions.

Artificial Intelligence and Security (AISec)

AISec serves as the primary meeting place for diverse researchers in security, privacy, AI, and machine learning, and as a venue to develop the fundamental theory and practical applications supporting the use of machine learning for security and privacy. The workshop addresses on this burgeoning community who are especially focused on (among other topics) learning in game-theoretic adversarial environments, privacy-preserving learning, or use of sophisticated new learning algorithms in security.

CPS: Cyber-Physical Systems Security and PrivaCy (CPS-SPC)

CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). In 2018, the workshop will run for the fourth time. Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

Programming Languages and Analysis for Security (PLAS)

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. We are especially interested in position papers that are radical, forward-looking, and likely to lead to lively and insightful discussions that will influence future research that lies at the intersection of programming languages and security.

Attacks and Solutions in Hardware Security (ASHES)

The 2nd Workshop on Attacks and Solutions in Hardware Security (ASHES) deals with all aspects of hardware security, welcoming any contributions to this area. Among other things, it particularly highlights emerging techniques and methods, as well as recent application areas within the field. This includes new attack vectors, novel designs and materials, lightweight primitives, use of nanotechnology, PUFs on the methodological side, as well as the internet of things, automotive security, smart homes, pervasive and wearable computing on the applications side.

Forming an Ecosystem Around Software Transformation (FEAST)

The 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST 2018) will be held in conjunction with the 25th ACM Conference on Computer and Communications Security (CCS) on October 19, 2018. The workshop is geared toward discussion and understanding of several critical topics surrounding software executable transformation for improving the security and efficiency of all software used in security-critical applications. The scope of discussion for this workshop will include topics that may be necessary to fully exploit the power and impact of late-stage software customization efforts as described in the Call for Papers.