What do I learn?

Altough the science of information and communication security is no more a young research field, one may wonder why there are still so many open security challenges. Why do we still hear about intrusions, hacks and compromises? Shouldn't be there already an armada of protection mechanisms? To answer the question short, yes, a plethora of wonderful security technologies exist. They are mature, well understood and guarantee the desired level of security. But the nature of ICT technologies is that they continously evolve. Be it on the technological or be it on the business side.  This continuity in conjunction with the desire to explore novel application realms is what makes securing ICT systems so challenging.

Every time a novel technology comes out one has to carefully explore the security requirements. Also the attacks against the technologies evolve over time. We face an arm race where attackers strive to improve their attack techniques in order to thwart present countermeasures. The reason for is easily argued. If a system deploys some security mechanism it has to protect some asset. As long as cyberattackers have attactive and realistic chances to exploit the asset, they will not hesitate to rig their strategies. It are these two continious evolvement that make system security such a vibrant and exiting research field. One has to be at the peak of time and understand present attack methodologies in order to deploy bullet-proof countermeasures.

The workshop is devoted to explore recent advances in system security. We make a pass through the proceedings of top tier security conferences, choose the hot topis and study the papers. A list of preliminary topics may, but is subject to student interest, incude

  • Attack trends & Countermeasures
  • Oblivious RAM
  • Searchable Encryption
  • Verifiable Computation
  • Crypto Currencies
  • Trusted Computing
  • Blockchain Technologies 

What can I do with this knowledge?

You will learn security R&D. You understand contemporary attack techniques, security problems in popular application realms and state-of-the-art solutions. You gather important skills to design novel attack techniques and/or develop innovative security solutions which go far beyond what the industry applies today. The workshop lays down the basis for your own research - be it a research project or be it a master thesis. It provides all necessary technical background to implement your own ideas. Those normally lead to a scientific publication, patent, prototype or kickoff a startup.

Rules of the Game

The intention of the workshop is to expand and sharpen your security research and development skills. You are given weekly reading assignments that shall prepare you for the class. You get an oral grade for your active engagement. Much emphasis during the workshop is put on your own ideas. You have to critically put in question current research results and discuss how to improve their weaknesses. After the class you are asked to summarize the findings. For your weekly short paper you get a written grade. The final grade is derrived from the weightened oral and written average grades

final grade := 0.4 * (average oral grade) + 0.6 * (average written grade)

The goal of the workshop is to stipulate your own research ideas and condense them into ideally a full paper, meeting the quality requirements to be submitted to a conference. To empower critical thinking and creativity, authors are given the opportunities to work out some bonus:

Incentive#1: Each week the author of the best paper will be awarded. The author is invited to publish an abbreviated version of his paper in the blog and may skip writting one short paper.

Incentive#2: A student with an interesting idea may ask for some extra time to work out the idea (e.g. implement a prototype, prove security, conduct some experiment). The author may skip writting at most half of the short papers (subject to prior agreement), but needs to deliver a full paper at the end of the workshop.

Recommended Conferences

Research Papers

  • Reza Curtmola and Juan Garay and Seny Kamara and Rafail Ostrovsky: Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions. ACM CCS, 2016
  • David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit S. Jutla, Hugo Krawczyk, Marcel-Catalin Rosu, Michael Steiner: Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation. NDSS 2014
  • Emil Stefanov and Marten van Dijk and Elaine Shi and T-H. Hubert Chan and Christopher Fletcher and Ling Ren and Xiangyao Yu and Srinivas Devadas: Path ORAM: An Extremely Simple Oblivious RAM Protocol. ACM CCS, 2013
  • Bryan Parno and Craig Gentry and Jon Howell and Mariana Raykova: Pinocchio: Nearly Practical Verifiable Computation. IEEE S&P, 2013
  • Craig Costello and Cédric Fournet and Jon Howell and Markulf Kohlweiss and Benjamin Kreuter and Michael Naehrig and Bryan Parno and Samee Zahur: Geppetto: Versatile Verifiable Computation. IEEE S&P, 2015
  • M. Backes, M. Barbosa, D. Fiore, and R. M. Reischuk: ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data. IEEE S&P 2015
  • Rui Qiao and Mark Seaborn: A New Approach for Rowhammer Attacks. IEEE HOST, 2016
  • Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer and Yuval Yarom: ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. ACM CCS, 2016
  • Drammer: Deterministic Rowhammer Attacks on Commodity Mobile Platforms Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi and Cristiano Giuffrida: Drammer: Deterministic Rowhammer Attacks on Commodity Mobile Platforms. ACM CCS, 2016
  • David I. Urbina, Jairo Giraldo, Alvaro A. Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell and Henrik Sandberg: Limiting The Impact of Stealthy Attacks on Industrial Control Systems. ACM CCS, 2016