Speaker Archive: 2023
This is an archive of weekly meeting talks from 2023. See the speaker archives for the talks from the current year, and links to archives from other years.This Year
| Date | Speaker | Links from talk | Summary |
|---|---|---|---|
| 2023-01-19 | Prabhjot | Slides | Website Fingerprinting (WF) attacks have been shown to be very effective in laboratory environments but the success of such attacks in real-world settings is questionable. Among a variety of real-world variables whose influence is typically neglected in laboratory-based WF attacks, the success of WF remains particularly under-explored when considering cellular and satellite networks. We are working towards understanding the impact of non-traditional networking environments on the success of WF attacks. |
| 2023-01-19 | Mohammad | Slides | We discuss our recent work in giving low-communication MPC protocols for branching programs: where one party holds a branching program and the other party holds an input, and they jointly want to learn the output of the program on that input. |
| 2023-01-23 | Meng | Slides | This talk is an introductory talk on the Move programming language, with a special focus on its type system and formal verification system. |
| 2023-01-30 | Adithya | ||
| 2023-02-06 | Simon | ||
| 2023-02-13 | Bailey | ||
| 2023-02-27 | Adam | ||
| 2023-03-06 | Parjanya | Talked about the tool we created to audit Android framework private APIs defined by custom vendors through inferring their security specifications based on the sensitivity indicators extracted from the preloaded apps. The problem of inferring the security specification is modelled as a probabilistic inference problem, which uses constraints generated from the evidences and clues extracted by analyzing applications. | |
| 2023-03-06 | Abdulrahman | ||
| 2023-03-13 | Xiaohe | ||
| 2023-03-13 | Lucas | ||
| 2023-03-20 | Meng | Slides | In this talk, we give an overview of Datalog, how Datalog can be used for program analysis (e.g., def-use analysis), and a proposal on using Datalog to build a declarative interpreter for the Rego language. |
| 2023-03-20 | Douglas | ||
| 2023-03-27 | Asokan | Slides | Taking research results from the lab to the real world is a challenge in any field. Security research is no exception. This talk described technology transfer experiences in some research projects (some successes and some failures) and the lessons learned from the process divided into three categories: how to choose the right problems, how to identify good results, and how to find paths to deployment. |
| 2023-04-03 | Asim | ||
| 2023-04-03 | Diogo | ||
| 2023-04-10 | Sajin | ||
| 2023-04-10 | Justin | Slides | A summary of the "Hope of Delivery: Extracting User Locations From Mobile Instant Messengers" paper from NDSS 2023. Essentially, the authors were able to train a classifier to identify the location of a recipient of a message using timing information from the delivery receipts with decent accuracy in a closed world setting (~80% from ~4 locations). There is, however, plenty of low-hanging fruit that could improve these results. |
| 2023-05-12 | Ru | ||
| 2023-05-12 | Andre | ||
| 2023-05-19 | Faezeh | ||
| 2023-06-09 | Liyi | ||
| 2023-06-23 | Mashal | ||
| 2023-06-23 | Ross | ||
| 2023-07-07 | Adrian | ||
| 2023-07-07 | Shreya | ||
| 2023-07-14 | Shahpar | ||
| 2023-07-14 | Alice | ||
| 2023-07-21 | Sara | ||
| 2023-07-21 | Ruizhe | ||
| 2023-07-28 | Michael | ||
| 2023-07-28 | Vecna | Slides | Tor bridges are secret relays which allow users to access Tor when their connection would normally be censored. We present a process for determining whether or not a given bridge is accessible from a given country. This work was completed as a class project. |
| 2023-08-04 | Miti | ||
| 2023-08-11 | Yunji | Slides | Path Coverage Guided Fuzzing using Bounded Fuzzing and DAG-ification |
| 2023-09-18 | Vasisht | The success of machine learning (ML) has been accompanied by increased concerns about its trustworthiness. Several jurisdictions are preparing ML regulatory frameworks. One such concern is ensuring that model training data has desirable distributional properties for certain sensitive attributes. For example, draft regulations indicate that model trainers are required to show that training datasets have specific distributional properties, such as reflecting diversity of the population. We propose the notion of property attestation allowing a prover (e.g., model trainer) to demonstrate relevant distributional properties of training data to a verifier (e.g., a customer) without revealing the data. We present an effective hybrid property attestation combining property inference with cryptographic mechanisms. | |
| 2023-09-18 | Vahid | ||
| 2023-09-25 | Ali | We consider the problem of realizing two-round Multiparty computation based on DDH assumption in Maurer's Generic Group Model. There has been some evidence that two-round MPC in this setting is not possible and we try to prove an impossibility. Prior works[ ITCS'20 ] showed that this primitive is not realizable in the presence of two-round oblivious transfer. We looked at [ ITC'21] as an example of impossibility result in Maurer's GGM. |
|
| 2023-09-25 | David | ||
| 2023-10-02 | Justin | Slides | A practice talk for a presentation at SecDev 2023 on the "Grading on a Curve" paper. https://cypherpunks.ca/~iang/pubs/gradingcurve-secdev23.pdf The paper is on the impact switching from C++ to Rust had on new contributors to projects used by Mozilla. Rust significantly lowered the number of vulnerabilities introduced, especially from new contributors, and increased the quantity of new contributors to projects. |
| 2023-10-02 | Nils | ||
| 2023-10-16 | Ru | ||
| 2023-10-16 | Ian | Slides | This talk discussed the importance of reducing communication (especially rounds) in MPC protocols, moreso than parallelizable computation. We presented PRAC, a communication-optimized MPC framework for computations requiring random-access memory and dynamic data structures, including oblivious algorithms for binary search, heaps, and AVL trees. |
| 2023-10-23 | Rui | ||
| 2023-10-23 | Thomas | This was a whiteboard talk about an ongoing project in private machine learning. We discussed how gradient-based methods suffer from high sensitivity since the gradients and loss functions are unbounded. Our work considers using genetic algorithms that can directly optimize classification accuracy. The problem with genetic algorithms is scaling them to larger ML models. We concluded the talk with potential approaches for scaling, such as evolving architectures. | |
| 2023-10-30 | Chelsea | ||
| 2023-10-30 | Rasoul | ||
| 2023-11-06 | Hossam | This was a whiteboard talk about side channels. I gave an overview of the different types of side channels, including what causes them and how they can be used to leak information. | |
| 2023-11-06 | Andre | ||
| 2023-11-13 | Sajin | ||
| 2023-11-13 | Urs | ||
| 2023-11-20 | Mohammad | Title: How Computationally Efficient Can PIRs Be? In this talk I will describe my recent work on the number of public-key operations needed in order to build PIR protocols without pre-processing. We show that for PIR protocols with sublinear amounts of communication, performing a close to linear number of public-key operations is unavoidable. |
|
| 2023-11-20 | Meng | ||
| 2023-11-27 | Parjanya | We focus on (i) discovering various sources of hints that can provide essential information about the sensitivity of framework APIs, (ii) developing approaches to extract these hints, and (iii) utilizing these hints by modeling their inherent uncertainty through probabilistic inference. These steps ultimately result in developing novel approaches that can uncover new types of access control vulnerabilities. By following this methodology, we have developed a new approach that utilizes hints extracted from the preloaded system apps to audit vendor specified private framework APIs. Our approach can detect new types of inconsistencies that cannot be discovered by existing approaches. Next, we plan to apply this methodology to systematically analyze data structures defined by the vendors that augment AOSP. We aim to extract access control related hints through this analysis and recommend fine-grained access controls for the members of these data structures using probabilistic inference. In the long run, we aim to analyze Android framework through the lens of probabilistic inference and show how it can be used in numerous different ways to accurately detect different kinds of access control issues within the Android framework. | |
| 2023-11-27 | Diogo | ||
| 2023-12-11 | Yousra |
Edit | Attach | Topic revision: r2 - 2024-03-12 - HossamElAtali
Home
Index
Search
Changes
New Page
AIMAS |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback