BEGIN:VCALENDAR
VERSION:2.0
PRODID:researchseminars.org
CALSCALE:GREGORIAN
X-WR-CALNAME:researchseminars.org
BEGIN:VEVENT
SUMMARY:Kovila Coopamootoo (Newcastle University)
DTSTART:20210616T140000Z
DTEND:20210616T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/1
DESCRIPTION:Title: U
sage Patterns of Privacy-Enhancing Technologies\nby Kovila Coopamootoo
(Newcastle University) as part of UK Security and Privacy Seminar Series\
n\n\nAbstract\nThe steady reports of privacy invasions online paints a pic
ture of the Internet growing into a more dangerous place. This is supporte
d by reports of the potential scale for online harms facilitated by the ma
ss deployment of online technology and by the data-intensive web. While In
ternet users often express concern about privacy\, some report taking acti
ons to protect their privacy online.\n\nWe investigate the methods and tec
hnologies that individuals employ to protect their privacy online. We cond
uct two studies\, of N=180 and N=907\, to elicit individuals' use of priva
cy methods\, within the US\, the UK and Germany. We find that non-technolo
gy methods are among the most used methods in the three countries. We iden
tify distinct groupings of privacy methods usage in a cluster map. The map
shows that together with non-technology methods of privacy protection\, s
imple privacy-enhancing technologies (PETs) that are integrated in service
s\, form the most used cluster\, whereas more advanced PETs form a differe
nt\, least used cluster. We further investigate user perception and reason
ing for mostly using one set of PETs in a third study with N=183 participa
nts. We do not find a difference in perceived competency in protecting pri
vacy online between advanced and simpler PETs users. We compare use percep
tions between advanced and simpler PETs and report on user reasoning for n
ot using advanced PETs\, as well as support needed for potential use. This
paper contributes to privacy research by eliciting use and perception of
use across 43 privacy methods\, including 26 PETs across three countries a
nd provides a map of PETs usage. The cluster map provides a systematic and
reliable point of reference for future user-centric investigations across
PETs. Overall\, this research provides a broad understanding of use and p
erceptions across a collection of PETs\, and can lead to future research f
or scaling use of PETs.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/1/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Changyu Dong (Newcastle University)
DTSTART:20210609T140000Z
DTEND:20210609T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/2
DESCRIPTION:Title: H
ow to Make Private Distributed Cardinality Estimation Practical\, and Get
Differential Privacy for Free\nby Changyu Dong (Newcastle University)
as part of UK Security and Privacy Seminar Series\n\n\nAbstract\nSecure co
mputation is a promising privacy enhancing technology\, but it is often no
t scalable enough for data intensive applications. On the other hand\, the
use of sketches has gained popularity in data mining\, because sketches o
ften give rise to highly efficient and scalable sub-linear algorithms. It
is natural to ask: what if we put secure computation and sketches together
? We investigated the question and the findings are interesting: we can ge
t security\, we can get scalability\, and somewhat unexpectedly\, we can a
lso get differential privacy — for free. Our study started from building
a secure computation protocol based on the Flajolet-Martin (FM) sketches\
, for solving the Private Distributed Cardinality Estimation (PDCE) proble
m\, which is a fundamental problem with applications ranging from crowd tr
acking to network monitoring. The state of art protocol for PDCE is comput
ationally expensive and not scalable enough to cope with big data applicat
ions\, which prompted us to design a better protocol. Our further analysis
revealed that if the cardinality to be estimated is large enough\, our pr
otocol can achieve (\\epsilon\,\\delta)-differential privacy automatically
\, without requiring any additional manipulation of the output. The result
signifies a new approach for achieving differential privacy that departs
from the mainstream approach (i.e. adding noise to the result). Free diffe
rential privacy can be achieved because of two reasons: secure computation
minimizes information leakage\, and the intrinsic estimation variance of
the FM sketch makes the output of our protocol uncertain. We further show
that the result is not just theoretical: the minimal cardinality for diffe
rential privacy to hold is only 10^2−10^4 for typical parameters.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/2/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Jorge Blasco Alis (Royal Holloway University of London)
DTSTART:20210630T140000Z
DTEND:20210630T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/3
DESCRIPTION:Title: I
nformation-Flow Analysis for Mobile and Wearable Device Security and Priva
cy\nby Jorge Blasco Alis (Royal Holloway University of London) as part
of UK Security and Privacy Seminar Series\n\n\nAbstract\nInformation flow
analysis techniques have been widely applied to the analysis of mobile ap
plications. In this talk we will explore how they can be used to study the
security and privacy properties in mobile-to-IoT and wearable device inte
ractions. For this\, we separate the interaction methods in two main categ
ories: those enabled by the operating system in the form of proprietary AP
Is (Android Wear) and those that are done directly at a lower level using
wireless protocols such as Bluetooth Low Energy. We show how we can instru
ment Google Play APIs to perform information flow analysis over Android We
ar API calls. With this\, we can identify what information is being exchan
ged between the mobile application and its wearable counterpart\, being ab
le to reason about possible privacy leakages. When looking at lower level
interactions\, we analyse how Android implements its Bluetooth Low Energy
stack and identify an issue that would allow any application with Bluetoot
h permissions to access any BLE connected device without the users’ cons
ent. We measure how many BLE-enabled apps are affected by this and provide
mitigation recommendations to stakeholders in the BLE ecosystem.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/3/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Zhiyun Qian (UC Riverside)
DTSTART:20210707T140000Z
DTEND:20210707T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/4
DESCRIPTION:Title: W
eaponizing Network Side Channels: From TCP Hijacking to DNS Cache Poisonin
g\nby Zhiyun Qian (UC Riverside) as part of UK Security and Privacy Se
minar Series\n\n\nAbstract\nSide channel attacks were never considered as
part of the threat model when network protocols were designed. Even today\
, the impact of network side channels is vastly underestimated. Exploiting
network side channels have been considered challenging\, if not infeasibl
e\, due to its nature of being remote. In this talk\, I will demonstrate a
series of surprisingly powerful attacks where a blind off-path attacker c
an use side channels to hijack arbitrary remote TCP connections\, as well
as launch DNS cache poisoning attacks against popular DNS services. I will
also give insights on how to systematically discover such problems.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/4/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Roberto Guanciale (KTH)
DTSTART:20210728T140000Z
DTEND:20210728T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/5
DESCRIPTION:Title: I
nSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal
Analysis\nby Roberto Guanciale (KTH) as part of UK Security and Priva
cy Seminar Series\n\n\nAbstract\nThe Spectre attacks have demonstrated the
fundamental insecurity of current computer microarchitecture. The attacks
use features like pipelining\, out-of-order and speculation to extract ar
bitrary information about the memory contents of a process. A comprehensiv
e formal microarchitectural model capable of representing the forms of out
-of-order and speculative behavior that can meaningfully be implemented in
a high performance pipelined architecture has not yet emerged. Such a mod
el would be very useful\, as it would allow the existence and non-existenc
e of vulnerabilities\, and soundness of countermeasures to be formally est
ablished. We present such a model targeting single core processors. The mo
del is intentionally very general and provides an infrastructure to define
models of real CPUs. It incorporates microarchitectural features that und
erpin all known Spectre vulnerabilities. We use the model to elucidate the
security of existing and new vulnerabilities\, as well as to formally ana
lyze the effectiveness of proposed countermeasures. Specifically\,we disco
ver three new (potential) vulnerabilities\, including a new variant of Spe
ctre v4\, a vulnerability on speculative fetching\, and a vulnerability on
out-of-order execution\, and analyze the effectiveness of existing counte
rmeasures including constant time and serializing instructions.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/5/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Rikke Bjerg Jensen (Royal Holloway University of London)
DTSTART:20210818T140000Z
DTEND:20210818T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/6
DESCRIPTION:Title: C
ollective Information Security in Large-Scale Urban Protests: the Case of
Hong Kong\nby Rikke Bjerg Jensen (Royal Holloway University of London)
as part of UK Security and Privacy Seminar Series\n\n\nAbstract\nThe Anti
-Extradition Law Amendment Bill protests in Hong Kong present a rich conte
xt for exploring information security practices among protesters due to th
eir large-scale urban setting and highly digitalised nature. We conducted
in-depth\, semi-structured interviews with 11 participants of these protes
ts. Research findings reveal how protesters favoured Telegram and relied o
n its security for internal communication and organisation of on-the-groun
d collective action\; were organised in small private groups and large pub
lic groups to enable collective action\; adopted tactics and technologies
that enable pseudonymity\; and developed a variety of strategies to detect
compromises and to achieve forms of forward secrecy and post-compromise s
ecurity when group members were (presumed) arrested. We further show how g
roup administrators had assumed the roles of leaders in these ‘leaderles
s’ protests and were critical to collective protest efforts.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/6/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Ian Thornton-Trump
DTSTART:20210714T140000Z
DTEND:20210714T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/7
DESCRIPTION:Title: T
he Eight Principles of Security Leadership: An insider’s view of SolarWi
nds & Supply Chain Failure\nby Ian Thornton-Trump as part of UK Securi
ty and Privacy Seminar Series\n\n\nAbstract\nIn 2017\, I failed to save a
5 billion dollar company from getting ravaged by Russian and Chinese Advan
ced Persistent Threat actors from a series of attacks that may have starte
d in 2019. The repercussions of the SolarWinds “hack” as it has been c
haracterised has generated a lot of attention – mainstream media up to
and including three US government house committees: Intelligence\, Homelan
d Security & Reform and Oversight. After four years of introspection I mai
ntain the attack – even though it was conducted by nation state actors f
unded with millions of dollars and nearly unlimited resources – could ha
ve been thwarted. Although we characterise “security” into three domai
ns of people\, process & technology there is a need to unite these domains
into an organization imperative. I discovered that without security leade
rship in place to unite people\, process & technology in common purpose th
e three domains become silos. It is within these silos that threat actors
exploit organizations and dwell within organizations undetected. In this p
resentation I present Eight Principles of Security Leadership and discuss
candidly how they could have been applied to prevent catastrophe for an or
ganization like SolarWinds.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/7/
END:VEVENT
BEGIN:VEVENT
SUMMARY:XiaoFeng Wang (Indiana University)
DTSTART:20210721T140000Z
DTEND:20210721T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/8
DESCRIPTION:Title: C
onfidential Computing: Challenges Today and Opportunities Tomorrow\nby
XiaoFeng Wang (Indiana University) as part of UK Security and Privacy Sem
inar Series\n\n\nAbstract\nThe rampage of incessant cyber attacks have cau
sed the disclosure of billions of users’ private data\, shaking the Inte
rnet to its core. In response\, various data privacy laws and regulations
have emerged\, forcing the industry to change their practice and bringing
the demand for large-scale secure computing to the spotlight. Such a deman
d\, however\, cannot be met by the state-of-the-art cryptographic techniqu
es\, even with decades of effort\, due to the overheads (speed\, bandwidth
consumption) they incur. To narrow the gap\, recent years have seen rapid
progress in hardware based trusted execution environments (TEE)\, such as
Intel SGX\, AMD SEV and ARM TrustZone\, which enable efficient computatio
n on encrypted data within a secure enclave established by a trusted proce
ssor. In this talk\, I will present our research on understanding and addr
essing the security challenges in this new secure computing paradigm and e
nhancing its design to achieve scalability\, for the purpose of supporting
accelerated machine learning. Further I will present the big questions th
at need to be answered in the area and introduce our genome privacy compet
ition as a synergic activity that helps move the science in this area forw
ard.\n
LOCATION:https://researchseminars.org/talk/UK-SPS/8/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Yves-Alexandre de Montjoye (Imperial College London)
DTSTART:20210811T140000Z
DTEND:20210811T150000Z
DTSTAMP:20260422T225820Z
UID:UK-SPS/9
DESCRIPTION:by Yves-Alexandre de Montjoye (Imperial College London) as par
t of UK Security and Privacy Seminar Series\n\nAbstract: TBA\n
LOCATION:https://researchseminars.org/talk/UK-SPS/9/
END:VEVENT
END:VCALENDAR