Abstract: Deep neural networks’ ability to memorize parts of their training data is a privacy concern for models trained on user data. In this talk, I’ll describe recent work on using membership inference attacks to quantify this leakage in the worst-case, and to audit empirical defenses. Join us in CNB/F/110 (Lunch) + CAB G 52 (Seminar).
Abstract: The role of the human for security and privacy is highly relevant, e.g., when it comes to secure authentication, communication, or the detection of phishing e-mails. As such, the human is an important element in today’s security-critical systems. Yet, humans have often been considered a weak link as it is finally them who create
Abstract: We review the basic notions of trust, trust minimization, zero trust, and trust establishment. We showthat zero trust impossible in any enterprise network and has meaning only as an unreachable limit oftrust establishment. Hence, trust establishment — not the zero trust “buzzword” — can be a foundation ofnetwork security. We also review the key
Abstract: The rise of Ethereum has lead to a flourishing decentralized marketplace that has, unfortunately, fallen victim to frontrunning and Maximal Extractable Value (MEV) activities, where savvy particpants game transaction orderings within a block for profit. One popular solution to address such behavior is Flashbots, a private pool with infrastructure and design goals aimed at eliminating the negative externalities associated with MEV.
Abstract: Plaintext graph database systems have already received much attention in both industry and academia. With the rise of data storage outsourcing and, consequently, data breaches, there is an increased interest in Graph Encryption Schemes (GES). A GES enables a client to encrypt a graph, outsource the storage of the encrypted graph to an untrusted
Abstract: In this talk, I will present the results of my recent work including: 1- Caring for Intimate Data in Fertility Technologies, Mehrnezhad, Almeida, ACM Conference on Human Factors in Computing Systems (CHI), 2021 2- How Can and Would People Protect from Online Tracking? Mehrnezhad, Coopamootoo, and Toreini, Privacy Enhancing Technologies Symposium (PoPETs), 2022 3-
Abstract: Recent bugs in implementations, such as Heartbleed or in the Matrix chat application, demonstrate that formally verifying security properties for protocol models is an important first step but not enough to also guarantee them for implementations. We present a bottom-up verification approach to prove trace-based security properties directly on the level of existing implementations.
Abstract: There are lots of potential uses for machine readable specifications so you would think that every major real world artifact like long-lived hardware and software systems, protocols, languages, etc. would have a formal specification that is used by all teams extending, implementing, testing, verifying or securing the design. But, in practice, this is usually
Abstract: The European Union’s General Data Protection Regulation (GDPR) requires websites to inform users about personal data collection and request consent for cookies. Yet the majority of websites do not give users any choices, and others attempt to deceive them into accepting all cookies. We document the severity of this situation through an analysis of
Abstract: Machine learning can be a powerful ally in fighting Cybercrime provided that few challenges in its application can be solved. The Keybridge team at Oracle Labs has experience with developing ML solutions for security use cases. In this talk we would like to share those experiences and discuss three challenges – selecting an ML model,