Felix will introduce PrePaMS, an efficient participation management system that supports prerequisite checks and reward procedures in a privacy-preserving way.
By using a set of proven cryptographic primitives and mechanisms,
participations are protected so that service providers and organizers cannot
derive the identity of participants even within the reward process.
In this talk, I will present DenIM (Deniable Instant Messaging), a novel
protocol built on the idea of hiding traffic to make it unobservable to
an adversary by piggybacking it on observable traffic. We posit that
resilience to traffic analysis must be directly supported by major IM
services themselves, and must be done in a low-latency manner without
breaking existing features. Hence, DenIM is designed both for
compatibility and performance; DenIM is a variant of the Signal
protocol—commonly used for strong encryption in instant messaging
services, and, DenIM’s bandwidth overhead scales with the volume of
regular traffic, as opposed to scaling with time or the number of users.
Alley will argue in favor of using the real/ideal paradigm for defining security in a programming languages context, even when systems are entirely non-probabilistic.
Inevitably, personal data is transferred from EU to third countries. GDPR should follow this data wherever it is transferred. How can this requirement be enforced in practice? Currently, data transfers from EU to third countries are mostly regulated by legal agreements between data exporters and data importers. But these agreements tend to be complicated, unforeseeable, and ultimately inefficient. Technology can be employed to automatically ensure that transferred data is used by a third country is a way that does not violate GDPR. This talk explores information flow control as a tool to enforce GDPR, before it dives into new information flow semantics.
Rebekka will present techniques to build autonomous systems that are aware of humans and their changing preferences. Traditionally, autonomous systems have been designed to automate tasks for a set of predefined objectives (e.g., to reduce energy consumption and minimize cost). These objectives often need to be traded off against each other and might have to be changed over time. In this talk, Rebekka will explain how humans can be kept “on the loop” when working with autonomous systems and their quality trade-offs.
Victor will present in this introductory talk his past work on informed consent in the
IoT, and his research perspectives for the CyberSecIT project.
The first part of his presentation will summarize his PhD work, including a short
video demonstration.
The second part will introduce his interdisciplinary experience within the Sustainable
Computing Lab in Vienna on the standardization of consent in the IoT.
Finally, the third part will expose his research perspectives for the CyberSecIT
project with the iSec group at Chalmers.
Marit will explain various difficulties of enforcing Art. 25 GDPR from the perspective of a supervisory authority. She
will compare the deficiencies in this area with the situation of implementing "security-by-design" approaches. Also,
current trends stemming from technology design and from recent court decisions will be discussed concerning their
relevance for compliance with data protection requirements. To achieve built-in data protection, Marit will present
her "wish list" that addresses stakeholders such as researchers, developers, academic teachers, data protection
officers, lawyers and the data protection authorities themselves.
In this talk we will look at the protocol that allows two parties
who know their locations on a Euclidean plane to check whether they
are within distance R of each other or not. A distinguishing feature
of this protocol is that it does not require the parties to
communicate with each other directly and be online at the same
time. We introduce a pair of servers to which one client may submit
their data and go offline with the other client coming online later,
finishing the protocol and fetching the matching result.
We build the protocols by combining existing off-the-shelf
Cryptographic techniques. Interestingly, the protocol has better
parameters (w.r.t. performance and security) than some of the
hand-crafted protocols. So the importance of our protocol is in
showing what can be achieved in this field “for free” using the
generic techniques, and setting the bar for anyone who tries to make
a “smarter” protocol for this problem in the future.
During the talk we will have an intro to how Multi-Party Computation
protocols work, then show how our CatNap is built from them, and
finally discuss the practical implications of this work.
TypeScript is a typed version of JavaScript widely used across
Amazon, but poses challenges for static analysis: The language
supports many intricate features used in practice, such as callbacks
and higher-order functions, dynamic field access, and asynchronous
code. At the same time, the size of industrial code bases such as
the Prime Video application makes a highly precise whole-program
analysis intractable. In this talk, we present how we approach this
trade-off in Prime Video with a lightweight whole-program analysis
followed by a more precise goal-directed analysis of potential bug
locations. Our goal-directed analysis uses an imprecise call graph
and points-to information generated upfront to guide a more
expensive goal-directed analysis that attempts to prove that
potential bugs cannot happen via abstract interpretation backed by
an SMT solver.