Security and Privacy
9 AM-12 PM, February 26, CSL B02
Welcome to the dynamic world of Security and Privacy in our student session! In an era where digital interactions and technological advancements abound, security and privacy have never been more crucial. Our session aims to illuminate the fundamental concepts underpinning these domains, exploring the intricate balance required to safeguard data, protect identities, and uphold individual rights in a digitally connected world. Through this session, participants will gain insights into the evolving landscape of cybersecurity, privacy frameworks, ethical considerations, and proactive measures needed to fortify digital ecosystems. Join us to delve into this paramount realm, where knowledge and action converge to shape a safer, more secure digital future for all.
Time: 9-10 AM
“Portable Certificate Validation Policies”
Abstract: Did you know that Chrome and Firefox have different opinions about which web sites are authentic? This talk dives into how browsers validate TLS certificates and explains why they sometimes reach different conclusions. To make certificate validation policies easier to understand and compare, we propose refactoring the validation process so that policy is separate from mechanism. In particular, the talk introduces a framework called Hammurabi in which policies are expressed as logic programs. We demonstrate that the policies of Chrome and Firefox can be expressed succinctly in Prolog, confirming that Hammurabi reaches the same conclusions as these browsers on over ten million certificates drawn from the Certificate Transparency logs and over one hundred thousand synthetic certificates. With these logic programs in hand, we can use a technique called imputation to automatically generate certificates that one browser accepts and the other rejects. To illustrate how Hammurabi makes policies portable, we show how to swap Chrome’s validation policy into Firefox. Finally, we introduce General Certificate Constraints, small logic programs attached to root certificates that enable portable partial distrust of roots. Joint work with James Larisch, Waqar Aqeel, Michael Lum, Yaelle Goldschlag, Kasra Torshizi, Leah Kannan, Yujie Wang, Taejoong “Tijay” Chung, Eddie Kohler, Dave Levin, Alan Mislove, Bryan Parno, and Christo Wilson.
Biography: Bruce Maggs is the Pelham Wilder Professor of Computer Science at Duke University. Prior to joining Duke, he was on the faculty of the Computer Science Department at Carnegie Mellon, where he also achieved the rank of full Professor. While visiting MIT in 1998, he helped form Akamai Technologies, where he was a founding employee and as Vice President for Research and Development served as the first head of the engineering organization. In 2018 he was one of the inaugural winners of the SIGCOMM Networking Systems Award for the Akamai content delivery network, and he was also named an ACM Fellow. From 2019 to 2024 he served as Director of Engineering at Emerald Innovations.
Time: 10-10:45 AM
“VerITAS: Verifying Image Transformations at Scale.”
Abstract: Verifying image provenance has become an important topic, especially in the realm of news media. To address this issue, the Coalition for Content Provenance and Authenticity (C2PA) developed a standard to verify image provenance that relies on digital signatures produced by cameras. However, photos are usually edited before being published, and a signature on an original photo cannot be verified given only the published edited image. In this work, we describe VerITAS, a system that uses zero-knowledge proofs (zk-SNARKs) to prove that only certain edits have been applied to a signed photo. While past work has created image editing proofs for photos, VerITAS is the first to do so for realistically large images (30 megapixels). Our key innovation enabling this leap is the design of a new proof system that enables proving knowledge of a valid signature on a large amount of witness data. We run experiments on realistically large images that are more than an order of magnitude larger than those tested in prior work. In the case of a computationally weak signer, such as a camera, we are able to generate a proof of valid edits for a 90 MB image in just over thirteen minutes, costing about $0.54 on AWS per image. In the case of a more powerful signer, we are able to generate a proof of valid edits for a 90 MB image in just over three minutes, costing only $0.13 on AWS per image. Either way, proof verification time is less than a second. Our techniques apply broadly whenever there is a need to prove that an efficient transformation was applied correctly to a large amount of signed private data
Biography: Trisha is a fourth-year PhD student at Stanford University working with Dan Boneh. Her work focuses on giving mathematical guarantees for information privacy and integrity. She has worked on developing more efficient and novel theoretical techniques for zk-SNARKs as well as applying these techniques to real-world applications to demonstrate their usefulness.
Student Speakers
Isha Chaudhary
Time: 10:45-11 AM
“Quantitative Certification of Bias in Large Language Models”
Trung-Hieu Hoang
Time: 11-11:15 AM
“RIP: A Simple Black-box Attack on Continual Test-time Adaptation”
Arunesh Kumar
Time: 11:15-11:30 AM
“No CAP(TCHA) – Enhancing CAPTCHA Solvers and Using Adversarial Examples to Make CAPTCHA More Robust”
Siheng Pan
Time: 11:30-11:45 AM
“zkRobustness”