CSE 590Y (Security Seminar)

Wednesdays @ 2:30pm in CSE 203

Topic: Recent papers from USENIX Security 2017 (or other security conferences)

Schedule:

• 9/27: Brief intros and organization
• 10/4: Cam & Laura - “Exploring User Perceptions of Discrimination in Online Targeted Advertising”
• 10/11: Eric & Jared - Where the Wild Warnings Are: Root Causes of Chrome Certificate Errors
• 10/18: Guest Speaker - Bo Li - Secure Learning in Adversarial Environments (talk details below)
• 10/25: Cancel
• 11/1: Guest Speaker - Ben Ylvisaker on secure collaboration tools (talk details below)
• 11/8: Ivan & Kiron - USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
• 11/15: Cancel (Affiliates Research Day)
• 11/22: Cancel (Thanksgiving)
• 11/29: Matt & Esther - “AuthentiCall: Efficient Identity and Content Authentication for Phone Calls”
• 12/6: Lucy & Chris - Chameleon Devices: Investigating More Secure and Discreet Mobile Interactions via Active Camouflaging

11/1 Guest Speaker Information

Title: United We Stand: A Protocol for End-to-End Encrypted Collaborative Editing

Abstract: In recent years end-to-end encrypted protocols have become popular as a way for people to use the internet without giving service providers access to their private data. The two common patterns for e2ee protocols are messaging/chat and simple file storage. Messaging protocols, like Signal, deal with transient data. File storage protocols, like Tresorit and Boxcryptor, handle data in an opaque and coarse-grained way. This talk introduces a new protocol called United We Stand (UWS) that advances e2ee in a couple of ways. First it allows members of a team to collaborate in a fine-grained and low latency (well low-ish, anyway) way on shared data (think Google Docs, or similar). Second, there is no central server in the protocol at all; the only necessary pieces are client computers (phone, desktop, whatever) and a commodity cloud storage account per user (Dropbox, OneDrive, whatever). This means that it is quite challenging for a third party to even collect metadata about the users of the protocol.

Bio: Benjamin Ylvisaker got his PhD from the fair University of Washington back in 2010. After that he worked at the software engineering and security contractor Grammatech in Ithaca for a few years. Then followed a more teaching-focused path with a 1 year position at Swarthmore, and now 3 years at Colorado College. His research interests are in programming languages and information privacy.

10/18 Guest Speaker Information

Title: Secure Learning in Adversarial Environments

Abstract: Advances in machine learning have led to rapid and widespread deployment of software-based inference and decision making, resulting in various applications such as data analytics, autonomous systems, and security diagnostics. Current machine learning systems, however, assume that training and test data follow the same, or similar, distributions, and do not consider active adversaries manipulating either distribution. In this talk I will show that motivated adversaries can circumvent anomaly detection or classification models at test time through evasion attacks, or can inject well-crafted malicious instances into training data to induce errors in classification through poisoning attacks. I will describe my recent research about evasion attacks and poisoning attacks for machine learning systems in adversarial environments.

Bio: Bo Li is a Postdoctoral Researcher in Computer Science and Engineering working with Dr. Dawn Song at the UC Berkeley. Li will join the CS@ILLINOIS faculty in the fall of 2018. Her research focuses on machine learning, security, privacy, game theory, social networks, and adversarial deep learning. Li has received the Symantec Research Labs Graduate Fellowship in 2015.

Paper Presentation Guidelines:

• Your goal is to provide an overview of the paper and foster a discussion around it, including: What problem does the paper try to address and how? How does it fit into the broader context (e.g., related work)? What are the positive and negative aspects of the paper/approach? What new research questions does it raise?
• Please be positive! It’s easy to find reasons to criticize papers. While it’s useful to also discuss these weaknesses, you should also focus on why a paper might have been accepted, what we can learn from it, or how you might build on it. Think about how you would like other seminar to discuss *your* work! :)
• The use of slides to guide and organize your presentation is preferred. You’re welcome to borrow slides from the paper’s authors if you can find them. USENIX posts videos of conference presentations; they’re great to help you prepare, but please use them sparingly during seminar.
• Keep in mind that not everyone is a security expert (yet! :)), so please make sure to explain concepts or context that those newer to the field might not yet know.
• Borrowing from USENIX’s code of conduct and speaker guidelines: “Speakers are responsible for the content of their presentations, but USENIX requests that speakers be cognizant of potentially offensive actions, language, or imagery, and that they consider whether it is necessary to convey their message. If they do decide to include it, USENIX asks that they warn the audience, at the beginning of the talk, and provide them with with the opportunity to leave the room to avoid seeing or hearing the material.” Another type of content to avoid is content identified as classified by a government, content that clearly violates a company's intellectual property, and so on. We do have one deviation from the USENIX policy: since this is a class, everyone should be able to attend. This means that you should avoid using the types of material mentioned in this bullet.

Questions?

franzi@cs.washington.edu

yoshi@cs.washington.edu