Abstract: Privacy-preserving machine learning has the potential to balance individuals’ privacy rights and companies’ economic goals. However, such technologies must inspire trust and communicate how they can match the expectations of the subjects of the data. In this talk, I present the breadth of privacy vectors for machine learning and the implications of my work on user perspectives of the
Abstract: Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked for practical deployments. While FHE’s lack of integrity has obvious implications for correctness, it also has
Abstract: The quantification of privacy risks associated with algorithms is a core issue in data privacy, which holds immense significance for privacy experts, practitioners, and regulators. I will introduce a systematic approach to assessing the privacy risks of machine learning algorithms. I will highlight our efforts towards establishing standardized privacy auditing procedures and privacy meter
Abstract: Modern data centers have grown beyond CPU nodes to provide domain-specific accelerators such as GPUs and FPGAs to their customers. Customers are concerned about protecting their data and are willing to accept certain performance degradation for trusted execution environments (TEEs) like Intel SGX or AMD SEV. However, they face a trade-off between using accelerators
Abstract: In times of armed conflict, the emblems of the red cross, red crescent, and red crystal are used to mark physical infrastructure. This enables military units to identify assets as protected under international humanitarian law to avoid attacks on them. In this talk, we present how we extend such protection to digital, network-connected infrastructure
Abstract: (Program) verification is the process of proving that a program satisfies some properties by using mathematical techniques and formal reasoning, rather than relying on testing the program with inputs. Program verification is typically used to prove functional correctness properties (e.g., proving that a sorting algorithm does not crash and correctly sorts inputs), but it
Abstract: Modern smartphones are complex systems in which control over phone resources is exercised by phone manufacturers, operators, OS vendors, and users. These stakeholders have diverse and often competing interests. Barring some exceptions, users, including developers, entrust their security and privacy to OS vendors (Android and iOS) and need to accept the constraints they impose.
Abstract: SGX enclaves are trusted user-space memory regions that ensure isolation from the host, which is considered malicious. However, enclaves may suffer from vulnerabilities that allow adversaries to compromise their trustworthiness. Consequently, the SGX isolation may hinder defenders from recognizing an intrusion. Ideally, to identify compromised enclaves, the owner should have privileged access to the
Abstract: Deep learning models are often trained on distributed, webscale datasets crawled from the internet. We introduce two new dataset poisoning attacks that intentionally introduce malicious examples to degrade a model’s performance. Our attacks are immediately practical and could, today, poison 10 popular datasets. We will discuss how the attacks work; why (we think) these
Abstract: We present an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. The Swiss army, the Swiss government and the German chancellor are among its most prominent users. We discuss some of the attacks we found against the Threema protocols and we draw