Abstract: Hack-A-Sat was a 4-years long aerospace-inspired cybersecurity competition organized by the US department of Air and Space force. After three simulated editions, this year’s competition finals took place on a real satellite in orbit – called Moonlighter – and the Italian team mhackeroni won it. This talk overviews the Hack-A-Sat competition, what types
Abstract: Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot securely use accelerators such as GPUs and FPGAs. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design, an upcoming TEE feature in Armv9-A, to address this gap. We observe that
Abstract: Count-Min Sketch (CMS) and HeavyKeeper (HK) are two realizations of a compact frequency estimator (CFE). These are a class of probabilistic data structures that maintain a compact summary of (typically) high-volume streaming data, and provide approximately correct estimates of the number of times any particular element has appeared. CFEs are often the base structure
Abstract: With the recent hype around the Metaverse and NFTs, Web3 is getting more and more popular. The goal of Web3 is to decentralize the web via decentralized applications. Wallets play a crucial role as they act as an interface between these applications and the user. Wallets such as MetaMask are being used by millions
Abstract: Chain-key Bitcoin (ckBTC) is a Bitcoin “layer 2” built on top of the Internet Computer blockchain (IC). It enables both individuals as well as IC smart contracts to transact the deposited Bitcoin cheaply and with a much higher throughput compared to the Bitcoin network. Crucially, ckBTC has no additional trust assumptions other than those
Abstract: Since the introduction of Intel SGX nearly a decade ago, the Confidential Computing industry has been growing significantly. In this talk, we’ll look at how secure architectures are being deployed and used today: what underlying primitives are available from hardware vendors, what infrastructure providers are making available, and how to write software using all
Abstract: Mozilla curates a set of root certificate authorities to validate hostnames for TLS in the Firefox browser. Many other software projects, such as Tor Browser and ca-certificates simply follow Mozilla’s list; other entities, such as Apple and Microsoft, make their own decisions for inclusion with considerations for Mozilla’s decisions and the associated public discussion. In March 2023, Mozilla
Abstract: Privacy-preserving machine learning has the potential to balance individuals’ privacy rights and companies’ economic goals. However, such technologies must inspire trust and communicate how they can match the expectations of the subjects of the data. In this talk, I present the breadth of privacy vectors for machine learning and the implications of my work on user perspectives of the
Abstract: Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked for practical deployments. While FHE’s lack of integrity has obvious implications for correctness, it also has
Abstract: The quantification of privacy risks associated with algorithms is a core issue in data privacy, which holds immense significance for privacy experts, practitioners, and regulators. I will introduce a systematic approach to assessing the privacy risks of machine learning algorithms. I will highlight our efforts towards establishing standardized privacy auditing procedures and privacy meter