ZISC Workshop 2016: Big Data Security and Privacy

Summary

“Big Data” has emerged as an exciting topic in academia and industry. It deals with the collection of large and complex data sets and the analysis of these data sets for relationships. Due to the connected nature of our daily lives, almost any service we use records our actions and our data. Users are both data providers but also reap the benefits at the receiving end with customized, cheaper, more accurate services.

As the amount of data, its incoming rates, and complex analytics frameworks evolve, questions related to user’s privacy and security gain importance. Is individual privacy a concern or should larger groups of users be the privacy subjects? Can conventional solutions be adapted to big data to protect privacy? How are current privacy mechanisms broken and how can we fix them? As regulations typically lag behind technology, what is their status with respect to big data and privacy? And finally, can developers adopt sophisticated mechanisms proposed in the scientific literature?

The Zurich Information Security and Privacy Center (ZISC) organizes a one-day workshop that focuses on these important questions around big data security and privacy. The format of the workshop includes 7 invited speakers each giving 45-minutes presentations on a related topic. The program is planned to cover topics such as differential and statistical privacy, cryptography, privacy in machine learning, genomic and location privacy, attacks on large datasets, and regulatory and industry perspectives.

Workshop Details

When: September 23, 2016
Where: ETH Zürich, Alumni Pavillon, Rämistrasse 101, 8092 Zürich

eth1

eth2

eth3

Registration

UPDATE: The event is fully booked and the registration is closed.

Speakers

Catuscia Palamidessi, INRIA

palamidessi

Title: Geo-indistinguishability, an approach to location privacy.

Bio: Catuscia Palamidessi obtained her Ph.D. in Computer Science at the University of Pisa, in 1988. She has been Professor in Computer Science at the University of Genova (Italy) and at Penn State University (USA). Since 2002, she is director of research at the National Institute for Research in Computer Science and Automata (INRIA) in France, where she leads the research team Comete. Her main research interests are the theory of concurrency, the foundations of security and privacy, with particular focus on the quantitative aspects, and location privacy.

Carmela Troncoso, IMDEA

troncoso

Title: Systematic design of privacy-preserving systems: are we there yet?

Abstract: The concept of Privacy by Design, which states that privacy should be included from the start when building systems and developing services, has gained traction in policy circles in the last decade. This is best reflected in its influence on the new European General Data Protection Regulation. There is no doubt that including privacy from the onset of systems development is necessary for the outcome of the design process to be truly privacy-preserving. Yet, how to implement this concept in reality, both from a methodological as well as technical points of view, remains a challenge.

In this talk we will discuss the state of play when it comes to systematically engineering Privacy by Design. In the first part of the talk we will make explicit which are the design strategies followed by privacy experts when engineering privacy-preserving systems, and we will show how these design strategies require the use of Privacy Enhancing Technologies. The second part will describe systematic approaches to develop such technologies in an optimal manner to support the implementation of privacy by design.

Bio: Carmela Troncoso received the Master’s degree in Telecommunication Engineering from the University of Vigo, Spain in 2006; and a Ph.D. in Engineering from the KU Leuven, Belgium, in 2011. Her thesis “Design and Analysis methods for Privacy Technologies” funded by the Fundación Barrié de la Maza and the Flemish Foundation for Science, received the European Research Consortium for Informatics and Mathematics Security and Trust Management Best Ph.D. Thesis Award. During her doctoral studies she was an intern at Microsoft Research Cambridge for three months.

She joins the IMDEA Software Institute in October 2015. Previously, she spent one year being post-doctoral researcher at the COSIC Group (KULeuven, Belgium) and two years as post-doc in Gradiant, the Galician Research and Development Center in Advanced Telecommunications. In December 2014 she became the Security and Privacy Technical Lead at Gradiant, leading a group of 5 people that works closely with industry to deliver secure and privacy friendly solutions to the market. In this time she files a patent with PSA Peugeot Citroën about secure communications Vehicle-Cloud.

Her research focuses on security and privacy, with main contributions to the field of anonymous communications and location privacy. She has published more 38 refereed scientific papers with more than 35 people, in the most prestigious venues in Security (e.g. ACM Conference on Computer Security or USENIX Security Symposium) and Privacy (Privacy Enhancing Technologies) and also in JCR journals such as the IEEE Trans. on Information Forensics and Security. She was co-author of the Gold Award to Best Student Paper at the IEEE Intl. Workshop on Information Forensics and Security in 2011.

Vitaly Shmatikov, Cornell Tech

shmatikov

Title: The Machine Learning Revolution in Data Privacy

Abstract: Recent advances in machine learning provide powerful new tools and juicy new targets for data privacy research. I will first show how to use machine learning against systems that partially encrypt data in storage while computing over it. Then, I will turn machine learning against itself, to extract sensitive training data from machine-learning models — including black-box models constructed using Google’s and Amazon’s “learning-as-a-service” platforms. I will conclude with open research questions at the junction of machine learning and privacy.

Bio: Vitaly Shmatikov is a professor at Cornell Tech, where he works on computer security and privacy. He most recently served as the program chair of the IEEE Symposium on Security and Privacy (“Oakland”).

Prateek Mittal, Princeton University

mittal

Title: Privacy and Learning from the Lens of Correlated Data

Bio: Prateek Mittal is an Assistant Professor in the Department of Electrical Engineering at Princeton University, where he is also affiliated with the Center for Information Technology Policy.

His research aims to build secure and privacy-preserving communication systems. His research interests include the domains of privacy enhancing technologies, trustworthy social systems, and Internet/network security. His research draws on techniques from computer networks & distributed systems, large scale machine learning, complex networks/network science and applied cryptography.

His work has influenced the design of widely-used systems such as the Tor network. He is the recipient of several awards, including the NSF CAREER award, the M.E. Van Valkenburg research award, Google Faculty research award, and outstanding paper awards at ACM CCS and ASIACCS.

George Danezis, University College London (UCL)

danezis

Title: Modern anonymity for communications and beyond.

Bio: George Danezis is a Professor of Security and Privacy Engineering at the Department of Computer Science of University College London, and Head of the Information Security Research Group. He has been working on anonymous communications, privacy enhancing technologies (PET), and traffic analysis since 2000. He has previously been a researcher for Microsoft Research, Cambridge; a visiting fellow at K.U.Leuven (Belgium); and a research associate at the University of Cambridge (UK), where he also completed his doctoral dissertation under the supervision of Prof. R.J. Anderson.

His theoretical contributions to the Privacy Technologies field include the established information theoretic and other probabilistic metrics for anonymity and pioneering the study of statistical attacks against anonymity systems. On the practical side he is one of the lead designers of the anonymous mail system Mixminion, as well as Minx, Sphinx, Drac and Hornet; he has worked on the traffic analysis of deployed protocols such as Tor.

His current research interests focus around secure communications, high-integirty systems to support privacy, smart grid privacy, peer-to-peer and social network security, as well as the application of machine learning techniques to security problems. He has published over 70 peer-reviewed scientific papers on these topics in international conferences and journals.

He was the co-program chair of ACM Computer and Communications Security Conference in 2011 and 2012, IFCA Financial Cryptography and Data Security in 2011, the Privacy Enhancing Technologies Workshop in 2005 and 2006. He sits on the PET Symposium board and ACM CCS Steering committee and he regularly serves in program committees of leading conferences in the field of privacy and security. He is a fellow of the British Computing Society since 2014.

Stefan Deml, Teralytics

deml

Title: Concepts and implications of data privacy for mobile device data analytics

Bio: Stefan Deml received a Master’s degree in Mechanical Engineering from ETH Zurich, Switzerland in 2014, majoring in applied mathematical optimization and advanced control theory. In his thesis he worked on statistical learning of predictive control laws and on non-linear optimization problems for power system modelling and simulation. During his studies he interned at the BMW Technology Office in Palo Alto, California and worked as an energy economist at AXPO AG for two years.

In 2014 Stefan joined Teralytics where he currently leads the INSIGHTS team. This team is responsible for building Teralytics’ scalable data warehouse, offering API access as well as dashboards to slice and dice the data in real-time. Additionally, his team of data scientists and engineers work on product creation and standardization via constant exchange with customers and data partners in Germany, the USA and Singapore.

Teralytics is a big data analytics company that uses breakthrough technology and science to unlock unprecedented insights about human behavior from telecom network data.
We process anonymized network data across the US, Europe and Asia to deliver valuable information about location, mobility, demographics and online behavior. Our data products deliver information that increases efficiency and profitability for industries such as retail, media, financial services, transportation and the public sector.

Damien Desfontaines, Google

desfontaines

Title: Life of PII: A day in the life of your Personally Identifiable Information

Abstract: This talk will present a high-level overview of the user data lifecycle on the Google infrastructure, and the privacy tools we use at each step of this process.

Bio: Damien received a Master’s degree in Logic and Theoretical Computer Science at the École Normale Supérieure in Paris. He is now part of the Privacy team in Google Zurich, where he protects user data for a living. He focuses on monitoring internal privacy tools, building scalable de-identification, and doing privacy reviews & education.

Program

8:45 – 9:15 Registration and coffee
9:15 – 9:30 Srdjan Capkun, ETH Zurich Opening
9:30 – 10:15 Catuscia Palamidessi, INRIA Geo-indistinguishability: an approach to location privacy
10:15 – 11:00 Carmela Troncoso, IMDEA Systematic design of privacy-preserving systems: are we there yet?
11:00 – 11:30 break
11:30 – 12:15 Vitaly Shmatikov, Cornell Tech The Machine Learning Revolution in Data Privacy
12:15 – 13:00 Prateek Mittal, Princeton University Privacy and Learning from the Lens of Correlated Data
13:00 – 14:30 Lunch at Dozentenfoyer (directions)
14:30 – 15:15 George Danezis, UCL Modern anonymity for communications and beyond
15:15 – 16:00 Stefan Deml, Teralytics Concepts and implications of data privacy for mobile device data analytics
16:00 – 16:30 break
16:30 – 17:15 Damien Desfontaines, Google Life of PII: A day in the life of your Personally Identifiable Information
17:15 – 17:30 Srdjan Capkun, ETH Zurich Closing
17:30 – 19:00 Apero at Restaurant uniTurm (directions)

Organization

Chair: Prof. Srdjan Capkun

Program: Kari Kostiainen

Administration: Barbara Pfändner