This talk will present the design of CoVault, a work-in-progress system for securely storing and querying data under a very strong threat model that doesn’t place trust in any one entity or authority, and includes the complete compromise of all CPUs of a specific manufacturer, as well as many common side channel attacks.
Having spent almost 30 years in the field, Ivan intends to provide his insights — opinions informed by experience — about the information security discipline and its young history: Where we are, how did we get here, and what we could look for in the future of our field.
Billions of passwords are leaked due to data breaches in the last few years and are available online. As users frequently reuse passwords, attacks using these leaked passwords are the most imminent threat to account security nowadays.
Trigger-Action Platforms (TAPs) connect disparate online services and enable users to create automation rules in diverse domains such as smart homes and business productivity. Unfortunately, the current TAP design is flawed from a privacy perspective, since it has unfettered access to sensitive user data.
Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code.
The GDPR promotes the principle of Privacy by Design and Default, acknowledging that the individual’s privacy is best protected if privacy law is complemented by privacy enhancing technologies (PETs). While technically advanced PETs have been researched and developed in the last four decades, challenges remain for making PETs and their configurations usable. In particular, PETs are often based on “crypto-magic” operations that are counterintuitive and for which no real-world analogies can be easily found.
Data privacy is an ever important aspect of data analyses. Historically, a plethora of privacy techniques have been introduced to protect data, but few have stood the test of time. From investigating the overlap between big data research, and security and privacy research, I have found that _differential privacy_ presents itself as a promising defender of data privacy.
High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, provable security, and absence of …
There is a long line of research on how to control information flow in pure programming languages. In Haskell, for instance, the MAC library [Russo 2015] provides IFC primitives that allows programmers to write (statically) secure programs. MAC …
This presentation provides an introduction to fuzz testing of automotive systems with a focus on both process and practical topics. We first discuss the typical automotive development process to better understand where the fuzz testing activity fits …