Clouds and massive-scale computing infrastructures are starting to
dominate computing and will likely continue to do so for the foreseeable future. Major cloud operators are
now comprising millions of cores hosting substantial fractions of
corporate and government IT infrastructure.
CCSW is the world's premier forum bringing together researchers and practitioners in
all security aspects of cloud-centric and outsourced computing, including:
- side channel attacks
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
- machine learning for cloud protection
CCSW especially encourages novel paradigms and
controversial ideas that are not on the above list. The workshop has
historically acted as a fertile ground for creative debate and
interaction in security-sensitive areas of computing impacted by clouds.
Extremely High Impact
CCSW has had a significant impact in our research community. As of May 2019, in the
Google Scholar Metrics entry for CCS (which encompasses CCSW),
4 of the top 20 cited CCS papers come from CCSW. In fact, there are a few papers missing from that list that should be on, which likely brings the number to 5-6.
One way to look at it is that you're as likely or perhaps more likely to have a top-20 paper publishing in CCSW than in CCS! (thanks to
Ari Juels and
Kristin Lauter
for feedback on this)
Student Stipends
Student stipends may be available to attend CCSW. Please apply on the
CCS website
for a CCS grant (if any) and then email
grants@ccsw.io to let us know why you would be a good fit for CCSW. We plan on awarding
several student travel grants
(a function also of the quality of the applications).
Important Dates
Submissions due: 1 August, 2019 (11:59pm anywhere in the world)
Author notification: 15 August, 2019
Camera-ready: 22 August, 2019
Workshop: November 11, 2019
Submissions
The submissions window is closed.
For any related concerns please contact us by email at chairs@ccsw.io.
Keynote Speakers
(tentative list, subject to change)
Dr. Claudiu Duma
Head of Security Architecture at Credit Suisse
Dr. Yassir Nawaz
Executive Director, Cybersecurity at JPMorgan Chase & Co.
Yassir Nawaz is an Executive Director and a Distinguished Engineer in Global Cybersecurity at JPMorgan Chase (JPMC). He is responsible for the security of the firm's Enterprise Data, Machine Learning, and Blockchain
platforms. Prior to joining JPMorgan he worked as a Technology Fellow at Pitney Bowes Advanced Technology Labs where he led the security and privacy research for the firm and helped develop several security platforms.
He has received several patents and published 10 technical papers in the area of digital privacy and security. He holds a Ph.D. in Cryptography & Information Security from University of Waterloo, Canada.
Dr. Nachiketh Rao Potlapally
Security Architect at Oracle Cloud Infrastructure
Nachiketh is a security architect in Oracle Cloud Infrastructure (OCI) which is Oracle's Next-Gen cloud. He enjoys the opportunity of building cloud security features to address the requirements of the most
demanding customers, running their workloads in OCI. Previously, he worked on security of Amazon Web Services (AWS) cloud, and was at Intel's Security Center of Excellence working on Intel processor and chipset security.
He has a PhD in Computer Engineering with a minor in Computer Science, from Princeton University.
Dr. Feng Xue
Ant Financial Services Group
Tentative Program
| | | | |
| Schedule |
| | 07:30 - 08:20 | Breakfast and registration |
| | 08:20 - 08:30 | Welcome
Radu Sion and Babis Papamanthou |
| | Session: MACHINE LEARNING AND SECURITY | Chair: TBA |
| | 08:30 - 09:20 | MalPro: A Learning-based Malware Propagation and Containment Modeling,
Saeed Valizadeh and Marten van Dijk |
| | | PrivFL: Practical Privacy-preserving Federated Regressions on High-dimensional Data over Mobile Networks,
Kalikinkar Mandal and Guang Gong |
| | | AppMine: Behavioral Analytics for Web Application Vulnerability Detection,
Indranil Jana and Alina Oprea |
| | | ABSTRACT: Cloud-based Image Classification Service Is Not Robust To Affine Transformation : A Forgotten Battlefield,
Dou Goodman, Xin Hao, Yunhan Jia, Yang Wang and Tao Wei |
| | Keynote I | |
| | 09:20 - 10:00 | Dr. Yassir Nawaz
Executive Director, Cybersecurity at JPMorgan Chase & Co.
Title: Building Secure Financial Platforms in the Cloud
Abstract: Security and compliance are often mentioned as the biggest challenges faced by global financial institutions in adopting the public cloud. In this talk I will discuss how financial institutions use technical security controls to manage business risk and prove compliance in the cloud. we will also look at the security challenges associated with building a variety of financial platforms (i.e., big data, machine learning and blockchain) in the public cloud. Finally I will highlight some opportunities for security research and innovation offered by such challenges.
Bio: Yassir Nawaz is an Executive Director and a Distinguished Engineer in Global Cybersecurity at JPMorgan Chase (JPMC). He is responsible for the security of the firm's Enterprise Data, Machine Learning, and Blockchain platforms. Prior to joining JPMorgan he worked as a Technology Fellow at Pitney Bowes Advanced Technology Labs where he led the security and privacy research for the firm and helped develop several security platforms. He has received several patents and published 10 technical papers in the area of digital privacy and security. He holds a Ph.D. in Cryptography & Information Security from University of Waterloo, Canada. |
| | 10:00 - 10:35 | Coffee Break
|
| | Special Gold Sponsor Session | |
| 10:35 - 10:45
| Dr. Feng Xue
Ant Financial Services Group
Abstract: Alipay was born in 2004 as an escrow service to bridge the trust between buyers & sellers on Alibaba’s e-commerce website.
Ant Financial started in October 2014 as an operator of Alipay. Initially focused on payments, it has evolved to become a
life-style enabler, and in 2018 it was ranked as World's No. 1 non-social media app by App Annie.
Bio: Dr. Feng Xue is a staff algorithm engineer in Ant Financial Services Group. He is the head of security and intelligence department. In 2012, he received his Ph.D. from the University of Science and Technology of China. His research interests are in Artificial Intelligence. During his Ph.D., he represented his university in RoboCup International Robot Competition, won international championship and other honors. He was also an invited visiting scholar of the University of Rome Sapienza and University of Technology Sydney. After joining Ant Financial Services Group, he has been devoted to innovative research and practice in the cross-field of artificial intelligence and risk control. He has been responsible for fund risk intelligence, anti-money laundering risk intelligence, security intelligence and so on. His research interests include artificial intelligence, network security, data security and privacy preserving. |
| | Session: MULTIPARTY COMPUTATION | Chair: Reihaneh Safavi-Naini, University of Calgary |
| | 10:45 - 11:30 | ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction,
Harsh Chaudhari, Ashish Choudhury, Arpita Patra and Ajith Suresh |
| | | Efficient Multi-Party Private Set Intersection Against Malicious Adversaries,
En Zhang, Feng-Hao Liu, Qiqi Lai, Ganggang Jin and Yu Li |
| | | TaaS: Commodity MPC via Triples-as-a-Service,
Nigel Smart and Titouan Tanguy |
| | Session: PRIVACY | Chair: Ioannis Demertzis, University of Maryland |
| | 11:30 - 12:30 | Secure Data Exchange: A Marketplace in the Cloud,
Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Peter Rindal and Mike Rosulek |
| | | Quantifying Information Leakage of Deterministic Encryption,
Mireya Jurado and Geoffrey Smith |
| | | Simple Forward and Backward Private Searchable Symmetric Encryption Schemes with constant number of Roundtrips,
Panagiotis Rizomiliotis and Stefanos Gritzalis |
| | | Timing-Sensitive Synchronization for Efficient Secure Multi-Execution,
Tobias Pfeffer and Sabine Glesner |
| | 12:30 - 14:00 | Lunch
|
| | Session: TRUSTED EXECUTION ENVIRONMENTS | Chair: Dimitris Papadopoulos, UST Hong Kong |
| | 14:00 - 14:35 | Secure and Private Function Evaluation with Intel SGX,
Susanne Felsen, Agnes Kiss, Thomas Schneider and Christian Weinert |
| | | S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX,
Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd and Michael Steiner |
| | | ABSTRACT: MicroSCOPE: Enabling Access Control in Searchable Encryption with the use of Attribute-based Encryption and SGX,
Antonis Michalas, Alexandros Bakas, Hai-Van Dang and Alexandr Zalitko |
| | Keynote II | |
| | 14:35 - 15:15 | Dr. Nachiketh Rao Potlapally
Security Architect at Oracle Cloud Infrastructure
Title: Security design principles of a Next-gen cloud
Abstract: Next-gen cloud is targeted to address requirements of security-conscious customers such as Enterprises and Governmental agencies. Next-gen cloud make it easier for customers to secure their cloud workloads, while continuing to keep raising the security bar of the cloud infrastructure hosting customer data. This talk will walk-through the security design principles underlying a next-gen cloud, which enable customers to reliably and securely run their critical and sensitive workloads. The future is cloudy, and security will be a big part of it. |
| | 15:15 - 15:45 | Coffee Break
|
| | Session: TRUSTWORTHY OUTSOURCED COMPUTATION | Chair: Alp Kupcu, Koc University |
| | 15:45 - 16:30 | MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness,
Michael P. Heinl, Alexander Giehl, Norbert Wiedermann, Sven Plaga and Frank Kargl |
| | | Verifiable computation using smart contracts,
Mahmudun Nabi, Reihaneh Safavi-Naini, Sepideh Avizheh and Muni Venkateswarlu Kumaramangalam |
| | | Secure Delegation of Isogeny Computations and Cryptographic Applications,
Robi Pedersen and Osmanbey Uzunkol |
| | Panel | Chair: Radu Sion, Stony Brook University and Private Machines Inc. |
| | 16:30 - 17:30 | PANEL: Speculative Execution Attacks and Cloud Security
Panelists:
Yinqian Zhang, Ohio State University
Dr. Daniel Gruss, Graz University of Technology
Werner Hass, Cyberus Technology
Dr. Nachiketh Rao Potlapally, Oracle
Abstract: Speculative execution attacks, such as Meltdown, Spectre, and Foreshadow, exploit performance optimization features in modern processors and micro-architectural side channels to breach the confidentiality of computer systems. Although few incidences have been reported in the wild, their very existence imperils the promise of strong security isolation of cloud computing. This panel will invite experts from both academia and industry to discuss the impacts of speculative execution attacks on the cloud industry. The aim of the panel is to understand the state of the art of academic research and industry practice, and to explore future academic research directions and industry best practices. |
| | 17:30 | Conclusion | |
Registration
Please register here on the main CCS website.
Organizers
CHAIRS
Charalampos (Babis) Papamanthou, University of Maryland
Radu Sion, Stony Brook University
COMMITTEE
Ahmad-Reza Sadeghi, TU Darmstadt
Alp Kupcu, Koc University
Amir Herzberg, University of Connecticut
Anil Somayaji, Carleton University
Anrin Chakraborti, Stony Brook University
Bogdan Carbunar, FIU
Cedric Lauradoux, INRIA
Charles Wright, Portland State University
Cristina Nita-Rotaru, Northeastern University
Dimitris Papadopoulos, UST Hong Kong
Erik-Oliver Blass, Airbus
Evgenios Kornaropoulos, Brown University
Ghassan Karame, NEC Labs Germany
Giorgos Vasiliadis, Foundation for Research and Technology - Hellas
Giuseppe Persiano, University of Salerno
Haya Shulman, Fraunhofer Institute
Ioannis Demertzis, University of Maryland
Kevin Butler, University of Florida
Leendert van Doorn, Microsoft
Matthias Schunter, Intel Labs
Mike Rosulek, Oregon State University
Moti Yung, Google
Nigel Smart, KU Leuven
Peng Ning, Google
Pierangela Samarati, Universita degli Studi di Milano
Reihaneh Safavi-Naini, University of Calgary
Reza Curtmola, New Jersey Institue of Technology
Roberto Di Pietro, HBKU College of Science and Engineering Doha-Qatar
Sean Smith, Dartmouth College
Stefan Katzenbeisser, University of Passau
Tarik Moataz, Brown University
Thomas Schneider, TU Darmstadt
Tianwei Zhang, Amazon
Vassilis Zikas, University of Edinburgh
Xiao Wang, Northwestern University
Yingjiu Li, Singapore Management University
Yuqiong Sun, Symantec Labs
Zhiqiang Lin, Ohio State University
STEERING
Srdjan Capkun, ETH Zurich
Emiliano De Cristofaro, University College London
Kristin Lauter, Microsoft Research
Radu Sion, Stony Brook University (chair)
Yinqian Zhang, Ohio State University
Sponsorship
Interested in sponsoring CCSW (this or next year)? Please contact us directly.
Gold Sponsors
Bronze Sponsors
