All times below are in Korea time November 15 (GMT+9)

7:00-7:10am Opening remarks (5pm EST, 11pm Amsterdam time on Nov 14th)

7:10-8:00am Keynote

Session Chair: Yinqian Zhang (Southern University of Science and Technology)

Guofei Gu (Department of Computer Science & Engineering at Texas A&M University):

"Programmable Security in the Age of Software-Defined Infrastructure"

Today's network and computing infrastructure rests on inadequate foundations. An emerging, promising new foundation for computing is software-defined infrastructure (SDI), which offers a range of technologies including: compute, storage, and network virtualization; novel separation of concerns at the systems level; and new approaches to system and device management. As a representative example of SDI, software-defined networking (SDN) is a new networking paradigm that decouples the control logic from the closed and proprietary implementations of traditional network data plane infrastructure. SDN is now becoming the networking foundation for cloud/data-center, future Internet and 5G infrastructures. We argue that we should leverage software-defined infrastructure to design new methodologies and principles to make security programmable. In this talk, I will discuss some new opportunities as well as challenges in this new direction, and demonstrate with case studies from our recent research results. Our vision is that future security will be programmable thus more intelligent and powerful to secure a software-defined world.

8:00-8:10am Break

8:10-9:30am Presentations accepted papers (4x 20min)

Session Chair: Guoxing Chen (Shanghai Jiao Tong University)

"Private Hierarchical Clustering and Efficient Approximation," Xianrui Meng (Amazon Web Services), Dimitrios Papadopoulos (Hong Kong University of Science and Technology), Alina Oprea (Northeastern University), Nikos Triandopoulos (Stevens Institute of Technology) - RUNNER UP FOR BEST PAPER AWARD

"Secure Featurization and Applications to Secure Phishing Detection," Akash Shah (Microsoft Research, India), Nishanth Chandran (Microsoft Research, India), Mesfin Dema (Microsoft Corporation), Divya Gupta (Microsoft Research), Arun Gururajan (Microsoft Corporation), Huan Yu (Microsoft Corporation)

"Privacy-enhanced OptiSwap," Sepideh Avizheh (University of Calgary), Preston Haffey (University of Calgary), Reihaneh Safavi-Naini (University of Calgary)

"Privacy-Preserving Randomized Controlled Trials: A Protocol for Industry Scale Deployment," Mahnush Movahedi (Facebook), Benjamin M. Case (Facebook), James Honaker (Facebook), Andrew Knox (Facebook), Li Li (Facebook), Yiming Paul Li (Facebook), Sanjay Saravanan (Facebook), Shubho Sengupta (Facebook), Erik Taubeneck (Facebook)

9:30-9:40am Break

9:40-10:30am Keynote

Session Chair: Marten van Dijk (Centrum Wiskunde & Informatica)

Orran Krieger (Department of Electrical and Computer Engineering at Boston University):

"Security in a Cloud Bazaar"

While cloud computing is transforming society, today's public clouds are black boxes, implemented and operated by a single provider that makes all business and technology decisions. In 2013 we launched the Mass Open Cloud (MOC) with the vision of creating a production cloud that would enable innovation by a broad industry and research community. This open cloud has become a laboratory for cloud research and innovation, resulting in hundreds of publications, contributions to open source software, and collaborations between researchers, open source developers, and production operations staff. Recently we launched the Open Research Cloud Initiative (ORCI) to provide a framework to coordinate the bazaar of interrelated projects and initiatives that have evolved since 2013, including the Red Hat Collaboratory@BU, Open Cloud Testbed (OCT), New England Research Cloud (NERC), Northeast Storage Exchange (NESE), Operate First, and OpenInfra Labs. With its launch, the MOC inspired and enabled research in cloud security. For example, the Modular Approach to Cloud Security (MACS) SaTC NSF frontier project, launched in 2014, brought together cryptographers, operating system, database and computer architecture researchers from BU, MIT, UConn and NEU. This security research resulted in new open-source software and products that are today enabling new services in the ORCI bazaar. This talk will discuss the ORCI cloud bazaar, some of the security research and projects it inspired, and some exciting new collaborations happening now to make the cloud both open and secure.

10:30-10:40am "Stay Tuned" remark

10:40am-5pm Break

5:00-5:10pm Opening remarks repeated (3am EST, 9am Amsterdam time on Nov 15th)

5:10-6:10pm Presentations accepted papers (3x 20min)

Session Chair: Dimitrios Papadopoulos (Hong Kong University of Science and Technology)

"m-Stability: Threshold Security Meets Transferable Utility," Osman Bicer (Koc University), Burcu Yildiz (Koc University), Alptekin Kupcu (Koc University)

"ACCO: Algebraic Computation with Comparison," Xiaoqi Duan (Tsinghua University), Vipul Goyal (CMU and NTT Research), Hanjun Li (University of Washington), Rafail Ostrovsky (UCLA), Antigoni Polychroniadou (J.P. Morgan AI Research), Yifan Song (CMU)

"ROSEN: RObust and SElective Non-repudiation (for TLS)," Srdjan Capkun (ETH Zurich), Ercan Ozturk (UC Irvine), Gene Tsudik (UC Irvine), Karl Wuest (ETH Zurich)

6:10-6:40pm Lightning talks (3x 10min)

Session Chair: Sisi Duan (Tsinghua University)

"Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships," Jan Pennekamp (RWTH Aachen University), Frederik Fuhrmann (RWTH Aachen University) , Markus Dahlmanns (RWTH Aachen University), Timo Heutmann (Fraunhofer IPT), Alexander Kreppein (Fraunhofer IPT), Dennis Grunert (Fraunhofer IPT), Christoph Lange (Fraunhofer IPT & RWTH Aachen University), Robert H. Schmitt (Fraunhofer IPT & RWTH Aachen University), Klaus Wehrle (RWTH Aachen University)

"We Can Make Mistakes: Fault-tolerant Forward Private Verifiable Dynamic Searchable Symmetric Encryption," Dandan Yuan (The University of Auckland), Shujie Cui (Monash University), Giovanni Russello (The University of Auckland)

"SecuHub: Distributing Kernel-level Security Policies for Container Vulnerabilities Mitigation," Maxime Belair (Orange Labs, IMT Atlantique, LS2N), Sylvie Laniepce (Orange Labs), Jean Marc Menaud (IMT Atlantique, STACK, INRIA, LS2N)

6:40-6:50pm Break

6:50-7:50pm Presentations accepted papers (3x 20min)

Session Chair: Byoungyoung Lee (Seoul National University)

"Guardian: symbolic validation of orderliness in SGX enclaves," Pedro Antonino (The Blockhouse Technology Limited), A. W. Roscoe (The Blockhouse Technology Limited & University College Oxford Blockchain Research Centre & Department of Computer Science, Oxford University), Wojciech Woloszyn (The Blockhouse Technology Limited & Mathematical Institute, University of Oxford & St Hilda's College, Oxford)

"Live Migration of Operating System Containers in Secure Encrypted Virtual Machines," Joana Pecholt (Fraunhofer AISEC), Monika Huber (Fraunhofer AISEC), Sascha Wessel (Fraunhofer AISEC)

Automating Seccomp Filter Generation for Linux Applications," Claudio Canella (Graz University of Technology), Mario Werner (Graz University of Technology), Daniel Gruss (Graz University of Technology), Michael Schwarz (CISPA Helmholtz Center for Information Security) - BEST PAPER AWARD

7:50-8:40pm Keynote

Session Chair: Marten van Dijk (Centrum Wiskunde & Informatica)

Christian Banse (Fraunhofer Institute of Applied and Integrated Security AISEC)

"Data Sovereignty in the Cloud - Wishful Thinking or Reality?"

The idea of data sovereignty has been at the core of various research activities over the last years, especially in Europe. The topic gained additional traction through various regulations and initiatives such as the EU General Data Protection Regulation (GDPR), the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and lastly, Gaia-X. While asserting digital control over your data is relatively easy in a closed ecosystem, such as your own on-premises or a community data space, it is infinitely more challenging in a public open ecosystem, such as the Cloud. On one hand, recent advantages in the field of confidential computing, such as the introduction of secure enclaves and encrypted virtual machine memory are promising new ways to enforce data sovereignty even in Cloud infrastructures. On the other hand, the mere existence of these techniques does not ensure an overall secure system, demonstrated by various flaws found in confidential computing techniques themselves, such as AMD SEV. So, the question remains if data sovereignty in the cloud is already reality or still wishful thinking? Keeping the requirements from initiatives such as Gaia-X and the EUCS in mind, this talk will explore what it means to achieve data sovereignty and security in the Cloud. It is important to understand, that it is not only necessary to implement appropriate security measures, but also (continuously) demonstrate the effectiveness of them. Therefore, this talk will show an overview of different technical means to leverage confidential computing for data sovereignty in the Cloud, especially using remote attestation and integrity verification. Furthermore, it will explore techniques to demonstrate the effectiveness of these measures with regards to regulation compliance. One such example is the MEDINA framework, which aims to continuously verify the requirements of EUCS and Gaia-X, both on the infrastructure as well as the application level in cloud systems.

8:40-8:50pm Closing remarks