Speaker Archive: 2023

This is an archive of weekly meeting talks from 2023. See the speaker archives for the talks from the current year, and links to archives from other years.

This Year

Date Speaker Links from talk Summary
2023-01-19 Prabhjot Slides Website Fingerprinting (WF) attacks have been shown to be very effective in laboratory environments but the success of such attacks in real-world settings is questionable. Among a variety of real-world variables whose influence is typically neglected in laboratory-based WF attacks, the success of WF remains particularly under-explored when considering cellular and satellite networks. We are working towards understanding the impact of non-traditional networking environments on the success of WF attacks.
2023-01-19 Mohammad Slides We discuss our recent work in giving low-communication MPC protocols for branching programs: where one party holds a branching program and the other party holds an input, and they jointly want to learn the output of the program on that input.
2023-01-23 Meng Slides This talk is an introductory talk on the Move programming language, with a special focus on its type system and formal verification system.
2023-01-30 Adithya    
2023-02-06 Simon    
2023-02-13 Bailey    
2023-02-27 Adam    
2023-03-06 Parjanya   Talked about the tool we created to audit Android framework private APIs defined by custom vendors through inferring their security specifications based on the sensitivity indicators extracted from the preloaded apps. The problem of inferring the security specification is modelled as a probabilistic inference problem, which uses constraints generated from the evidences and clues extracted by analyzing applications.
2023-03-06 Abdulrahman    
2023-03-13 Xiaohe    
2023-03-13 Lucas    
2023-03-20 Meng Slides In this talk, we give an overview of Datalog, how Datalog can be used for program analysis (e.g., def-use analysis), and a proposal on using Datalog to build a declarative interpreter for the Rego language.
2023-03-20 Douglas    
2023-03-27 Asokan Slides Taking research results from the lab to the real world is a challenge in any field. Security research is no exception. This talk described technology transfer experiences in some research projects (some successes and some failures) and the lessons learned from the process divided into three categories: how to choose the right problems, how to identify good results, and how to find paths to deployment.
2023-04-03 Asim    
2023-04-03 Diogo    
2023-04-10 Sajin    
2023-04-10 Justin Slides A summary of the "Hope of Delivery: Extracting User Locations From Mobile Instant Messengers" paper from NDSS 2023. Essentially, the authors were able to train a classifier to identify the location of a recipient of a message using timing information from the delivery receipts with decent accuracy in a closed world setting (~80% from ~4 locations). There is, however, plenty of low-hanging fruit that could improve these results.
2023-05-12 Ru    
2023-05-12 Andre    
2023-05-19 Faezeh    
2023-06-09 Liyi    
2023-06-23 Mashal    
2023-06-23 Ross    
2023-07-07 Adrian    
2023-07-07 Shreya    
2023-07-14 Shahpar    
2023-07-14 Alice    
2023-07-21 Sara    
2023-07-21 Ruizhe    
2023-07-28 Michael    
2023-07-28 Vecna Slides Tor bridges are secret relays which allow users to access Tor when their connection would normally be censored. We present a process for determining whether or not a given bridge is accessible from a given country. This work was completed as a class project.
2023-08-04 Miti    
2023-08-11 Yunji Slides Path Coverage Guided Fuzzing using Bounded Fuzzing and DAG-ification
2023-09-18 Vasisht   The success of machine learning (ML) has been accompanied by increased concerns about its trustworthiness. Several jurisdictions are preparing ML regulatory frameworks. One such concern is ensuring that model training data has desirable distributional properties for certain sensitive attributes. For example, draft regulations indicate that model trainers are required to show that training datasets have specific distributional properties, such as reflecting diversity of the population. We propose the notion of property attestation allowing a prover (e.g., model trainer) to demonstrate relevant distributional properties of training data to a verifier (e.g., a customer) without revealing the data. We present an effective hybrid property attestation combining property inference with cryptographic mechanisms.
2023-09-18 Vahid    
2023-09-25 Ali   We consider the problem of realizing two-round Multiparty computation based on DDH assumption in Maurer's Generic Group Model. There has been some evidence that two-round MPC in this setting is not possible and we try to prove an impossibility. Prior works[ ITCS'20] showed that this primitive is not realizable in the presence of two-round oblivious transfer. We looked at [ ITC'21] as an example of impossibility result in Maurer's GGM.
2023-09-25 David    
2023-10-02 Justin Slides A practice talk for a presentation at SecDev 2023 on the "Grading on a Curve" paper. https://cypherpunks.ca/~iang/pubs/gradingcurve-secdev23.pdf
The paper is on the impact switching from C++ to Rust had on new contributors to projects used by Mozilla. Rust significantly lowered the number of vulnerabilities introduced, especially from new contributors, and increased the quantity of new contributors to projects.
2023-10-02 Nils    
2023-10-16 Ru    
2023-10-16 Ian Slides This talk discussed the importance of reducing communication (especially rounds) in MPC protocols, moreso than parallelizable computation. We presented PRAC, a communication-optimized MPC framework for computations requiring random-access memory and dynamic data structures, including oblivious algorithms for binary search, heaps, and AVL trees.
2023-10-23 Rui    
2023-10-23 Thomas   This was a whiteboard talk about an ongoing project in private machine learning. We discussed how gradient-based methods suffer from high sensitivity since the gradients and loss functions are unbounded. Our work considers using genetic algorithms that can directly optimize classification accuracy. The problem with genetic algorithms is scaling them to larger ML models. We concluded the talk with potential approaches for scaling, such as evolving architectures.
2023-10-30 Chelsea    
2023-10-30 Rasoul    
2023-11-06 Hossam   This was a whiteboard talk about side channels. I gave an overview of the different types of side channels, including what causes them and how they can be used to leak information.
2023-11-06 Andre    
2023-11-13 Sajin    
2023-11-13 Urs    
2023-11-20 Mohammad  

Title: How Computationally Efficient Can PIRs Be?

In this talk I will describe my recent work on the number of public-key operations needed in order to build PIR protocols without pre-processing. We show that for PIR protocols with sublinear amounts of communication, performing a close to linear number of public-key operations is unavoidable.

2023-11-20 Meng    
2023-11-27 Parjanya   We focus on (i) discovering various sources of hints that can provide essential information about the sensitivity of framework APIs, (ii) developing approaches to extract these hints, and (iii) utilizing these hints by modeling their inherent uncertainty through probabilistic inference. These steps ultimately result in developing novel approaches that can uncover new types of access control vulnerabilities. By following this methodology, we have developed a new approach that utilizes hints extracted from the preloaded system apps to audit vendor specified private framework APIs. Our approach can detect new types of inconsistencies that cannot be discovered by existing approaches. Next, we plan to apply this methodology to systematically analyze data structures defined by the vendors that augment AOSP. We aim to extract access control related hints through this analysis and recommend fine-grained access controls for the members of these data structures using probabilistic inference. In the long run, we aim to analyze Android framework through the lens of probabilistic inference and show how it can be used in numerous different ways to accurately detect different kinds of access control issues within the Android framework.
2023-11-27 Diogo    
2023-12-11 Yousra    

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2024-03-12 - HossamElAtali
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback