CCSW 2019: The ACM Cloud Computing Security Workshop
in conjunction with the ACM Conference on Computer and Communications Security (CCS)
November 11, 2019, London, UK



Clouds and massive-scale computing infrastructures are starting to dominate computing and will likely continue to do so for the foreseeable future. Major cloud operators are now comprising millions of cores hosting substantial fractions of corporate and government IT infrastructure. CCSW is the world's premier forum bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
  • side channel attacks
  • practical cryptographic protocols for cloud security
  • secure cloud resource virtualization mechanisms
  • secure data management outsourcing (e.g., database as a service)
  • practical privacy and integrity mechanisms for outsourcing
  • foundations of cloud-centric threat models
  • secure computation outsourcing
  • remote attestation mechanisms in clouds
  • sandboxing and VM-based enforcements
  • trust and policy management in clouds
  • secure identity management mechanisms
  • new cloud-aware web service security paradigms and mechanisms
  • cloud-centric regulatory compliance issues and mechanisms
  • business and security risk models and clouds
  • cost and usability models and their interaction with security in clouds
  • scalability of security in global-size clouds
  • trusted computing technology and clouds
  • binary analysis of software for remote attestation and cloud protection
  • network security (DOS, IDS etc.) mechanisms for cloud contexts
  • security for emerging cloud programming models
  • energy/cost/efficiency of security in clouds
  • machine learning for cloud protection
CCSW especially encourages novel paradigms and controversial ideas that are not on the above list. The workshop has historically acted as a fertile ground for creative debate and interaction in security-sensitive areas of computing impacted by clouds.

Extremely High Impact
CCSW has had a significant impact in our research community. As of May 2019, in the Google Scholar Metrics entry for CCS (which encompasses CCSW), 4 of the top 20 cited CCS papers come from CCSW. In fact, there are a few papers missing from that list that should be on, which likely brings the number to 5-6. One way to look at it is that you're as likely or perhaps more likely to have a top-20 paper publishing in CCSW than in CCS! (thanks to Ari Juels and Kristin Lauter for feedback on this)

Student Stipends
Student stipends may be available to attend CCSW. Please apply on the CCS website for a CCS grant (if any) and then email grants@ccsw.io to let us know why you would be a good fit for CCSW. We plan on awarding several student travel grants (a function also of the quality of the applications).

Important Dates
Submissions due: 1 August, 2019 (11:59pm anywhere in the world)
Author notification: 15 August, 2019
Camera-ready: 22 August, 2019
Workshop: November 11, 2019

Submissions
The submissions window is closed. For any related concerns please contact us by email at
chairs@ccsw.io.

Keynote Speakers
(tentative list, subject to change)


Dr. Claudiu Duma
Head of Security Architecture at Credit Suisse




Dr. Yassir Nawaz
Executive Director, Cybersecurity at JPMorgan Chase & Co.

Yassir Nawaz is an Executive Director and a Distinguished Engineer in Global Cybersecurity at JPMorgan Chase (JPMC). He is responsible for the security of the firm's Enterprise Data, Machine Learning, and Blockchain platforms. Prior to joining JPMorgan he worked as a Technology Fellow at Pitney Bowes Advanced Technology Labs where he led the security and privacy research for the firm and helped develop several security platforms. He has received several patents and published 10 technical papers in the area of digital privacy and security. He holds a Ph.D. in Cryptography & Information Security from University of Waterloo, Canada.



Dr. Nachiketh Rao Potlapally
Security Architect at Oracle Cloud Infrastructure

Nachiketh is a security architect in Oracle Cloud Infrastructure (OCI) which is Oracle's Next-Gen cloud. He enjoys the opportunity of building cloud security features to address the requirements of the most demanding customers, running their workloads in OCI. Previously, he worked on security of Amazon Web Services (AWS) cloud, and was at Intel's Security Center of Excellence working on Intel processor and chipset security. He has a PhD in Computer Engineering with a minor in Computer Science, from Princeton University.



Dr. Feng Xue
Ant Financial Services Group



Tentative Program

       
Schedule  
  07:30 - 08:20 Breakfast and registration
  08:20 - 08:30 Welcome
Radu Sion and Babis Papamanthou
  Session: MACHINE LEARNING AND SECURITYChair: TBA   
  08:30 - 09:20 MalPro: A Learning-based Malware Propagation and Containment Modeling,
Saeed Valizadeh and Marten van Dijk
  PrivFL: Practical Privacy-preserving Federated Regressions on High-dimensional Data over Mobile Networks,
Kalikinkar Mandal and Guang Gong
  AppMine: Behavioral Analytics for Web Application Vulnerability Detection,
Indranil Jana and Alina Oprea
  ABSTRACT: Cloud-based Image Classification Service Is Not Robust To Affine Transformation : A Forgotten Battlefield,
Dou Goodman, Xin Hao, Yunhan Jia, Yang Wang and Tao Wei
  Keynote I     
  09:20 - 10:00 Dr. Yassir Nawaz
Executive Director, Cybersecurity at JPMorgan Chase & Co.

Title: Building Secure Financial Platforms in the Cloud
Abstract: Security and compliance are often mentioned as the biggest challenges faced by global financial institutions in adopting the public cloud. In this talk I will discuss how financial institutions use technical security controls to manage business risk and prove compliance in the cloud. we will also look at the security challenges associated with building a variety of financial platforms (i.e., big data, machine learning and blockchain) in the public cloud. Finally I will highlight some opportunities for security research and innovation offered by such challenges.
Bio: Yassir Nawaz is an Executive Director and a Distinguished Engineer in Global Cybersecurity at JPMorgan Chase (JPMC). He is responsible for the security of the firm's Enterprise Data, Machine Learning, and Blockchain platforms. Prior to joining JPMorgan he worked as a Technology Fellow at Pitney Bowes Advanced Technology Labs where he led the security and privacy research for the firm and helped develop several security platforms. He has received several patents and published 10 technical papers in the area of digital privacy and security. He holds a Ph.D. in Cryptography & Information Security from University of Waterloo, Canada.
  10:00 - 10:35 Coffee Break
  Special Gold Sponsor Session     
10:35 - 10:45
Dr. Feng Xue
Ant Financial Services Group

Abstract: Alipay was born in 2004 as an escrow service to bridge the trust between buyers & sellers on Alibaba’s e-commerce website. Ant Financial started in October 2014 as an operator of Alipay. Initially focused on payments, it has evolved to become a life-style enabler, and in 2018 it was ranked as World's No. 1 non-social media app by App Annie.
Bio: Dr. Feng Xue is a staff algorithm engineer in Ant Financial Services Group. He is the head of security and intelligence department. In 2012, he received his Ph.D. from the University of Science and Technology of China. His research interests are in Artificial Intelligence. During his Ph.D., he represented his university in RoboCup International Robot Competition, won international championship and other honors. He was also an invited visiting scholar of the University of Rome Sapienza and University of Technology Sydney. After joining Ant Financial Services Group, he has been devoted to innovative research and practice in the cross-field of artificial intelligence and risk control. He has been responsible for fund risk intelligence, anti-money laundering risk intelligence, security intelligence and so on. His research interests include artificial intelligence, network security, data security and privacy preserving.
  Session: MULTIPARTY COMPUTATIONChair: Reihaneh Safavi-Naini, University of Calgary   
  10:45 - 11:30 ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction,
Harsh Chaudhari, Ashish Choudhury, Arpita Patra and Ajith Suresh
  Efficient Multi-Party Private Set Intersection Against Malicious Adversaries,
En Zhang, Feng-Hao Liu, Qiqi Lai, Ganggang Jin and Yu Li
  TaaS: Commodity MPC via Triples-as-a-Service,
Nigel Smart and Titouan Tanguy
  Session: PRIVACYChair: Ioannis Demertzis, University of Maryland   
  11:30 - 12:30 Secure Data Exchange: A Marketplace in the Cloud,
Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Peter Rindal and Mike Rosulek
  Quantifying Information Leakage of Deterministic Encryption,
Mireya Jurado and Geoffrey Smith
  Simple Forward and Backward Private Searchable Symmetric Encryption Schemes with constant number of Roundtrips,
Panagiotis Rizomiliotis and Stefanos Gritzalis
  Timing-Sensitive Synchronization for Efficient Secure Multi-Execution,
Tobias Pfeffer and Sabine Glesner
  12:30 - 14:00 Lunch
  Session: TRUSTED EXECUTION ENVIRONMENTSChair: Dimitris Papadopoulos, UST Hong Kong  
  14:00 - 14:35 Secure and Private Function Evaluation with Intel SGX,
Susanne Felsen, Agnes Kiss, Thomas Schneider and Christian Weinert
  S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX,
Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd and Michael Steiner
  ABSTRACT: MicroSCOPE: Enabling Access Control in Searchable Encryption with the use of Attribute-based Encryption and SGX,
Antonis Michalas, Alexandros Bakas, Hai-Van Dang and Alexandr Zalitko
  Keynote II     
  14:35 - 15:15 Dr. Nachiketh Rao Potlapally
Security Architect at Oracle Cloud Infrastructure

Title: Security design principles of a Next-gen cloud
Abstract: Next-gen cloud is targeted to address requirements of security-conscious customers such as Enterprises and Governmental agencies. Next-gen cloud make it easier for customers to secure their cloud workloads, while continuing to keep raising the security bar of the cloud infrastructure hosting customer data. This talk will walk-through the security design principles underlying a next-gen cloud, which enable customers to reliably and securely run their critical and sensitive workloads. The future is cloudy, and security will be a big part of it.
  15:15 - 15:45 Coffee Break
  Session: TRUSTWORTHY OUTSOURCED COMPUTATIONChair: Alp Kupcu, Koc University  
  15:45 - 16:30 MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness,
Michael P. Heinl, Alexander Giehl, Norbert Wiedermann, Sven Plaga and Frank Kargl
  Verifiable computation using smart contracts,
Mahmudun Nabi, Reihaneh Safavi-Naini, Sepideh Avizheh and Muni Venkateswarlu Kumaramangalam
  Secure Delegation of Isogeny Computations and Cryptographic Applications,
Robi Pedersen and Osmanbey Uzunkol
  Panel   Chair: Radu Sion, Stony Brook University and Private Machines Inc.  
  16:30 - 17:30 PANEL: Speculative Execution Attacks and Cloud Security
Panelists:
Yinqian Zhang, Ohio State University
Dr. Daniel Gruss, Graz University of Technology
Werner Hass, Cyberus Technology
Dr. Nachiketh Rao Potlapally, Oracle
Abstract: Speculative execution attacks, such as Meltdown, Spectre, and Foreshadow, exploit performance optimization features in modern processors and micro-architectural side channels to breach the confidentiality of computer systems. Although few incidences have been reported in the wild, their very existence imperils the promise of strong security isolation of cloud computing. This panel will invite experts from both academia and industry to discuss the impacts of speculative execution attacks on the cloud industry. The aim of the panel is to understand the state of the art of academic research and industry practice, and to explore future academic research directions and industry best practices.
  17:30 Conclusion  


Registration
Please register
here on the main CCS website.


Organizers

CHAIRS

Charalampos (Babis) Papamanthou, University of Maryland
Radu Sion, Stony Brook University


COMMITTEE

Ahmad-Reza Sadeghi, TU Darmstadt
Alp Kupcu, Koc University
Amir Herzberg, University of Connecticut
Anil Somayaji, Carleton University
Anrin Chakraborti, Stony Brook University
Bogdan Carbunar, FIU
Cedric Lauradoux, INRIA
Charles Wright, Portland State University
Cristina Nita-Rotaru, Northeastern University
Dimitris Papadopoulos, UST Hong Kong
Erik-Oliver Blass, Airbus
Evgenios Kornaropoulos, Brown University
Ghassan Karame, NEC Labs Germany
Giorgos Vasiliadis, Foundation for Research and Technology - Hellas
Giuseppe Persiano, University of Salerno
Haya Shulman, Fraunhofer Institute
Ioannis Demertzis, University of Maryland
Kevin Butler, University of Florida
Leendert van Doorn, Microsoft
Matthias Schunter, Intel Labs
Mike Rosulek, Oregon State University
Moti Yung, Google
Nigel Smart, KU Leuven
Peng Ning, Google
Pierangela Samarati, Universita degli Studi di Milano
Reihaneh Safavi-Naini, University of Calgary
Reza Curtmola, New Jersey Institue of Technology
Roberto Di Pietro, HBKU College of Science and Engineering Doha-Qatar
Sean Smith, Dartmouth College
Stefan Katzenbeisser, University of Passau
Tarik Moataz, Brown University
Thomas Schneider, TU Darmstadt
Tianwei Zhang, Amazon
Vassilis Zikas, University of Edinburgh
Xiao Wang, Northwestern University
Yingjiu Li, Singapore Management University
Yuqiong Sun, Symantec Labs
Zhiqiang Lin, Ohio State University


STEERING

Srdjan Capkun, ETH Zurich
Emiliano De Cristofaro, University College London
Kristin Lauter, Microsoft Research
Radu Sion, Stony Brook University (chair)
Yinqian Zhang, Ohio State University


Sponsorship
Interested in sponsoring CCSW (this or next year)? Please
contact us directly.


Gold Sponsors



Bronze Sponsors






Updated: October 16, 2019

© 2009-2019 NSAC Lab.

All Rights Reserved.