Workshops

EuroS&P 2018 affiliated events

Participants are kindly asked to register seperately for the workshops – see registration.

Monday, 23 April

• SPIDA – Workshop on Security Protocol Implementations: Development and Analysis [afternoon] (at UCL, Chandler House, Room B02) 
  The SPIDA workshop focuses on improving the development and analysis of implementations of security protocols. When translating specifications of security protocols into actual code many things can go wrong. Specifications can be ambiguous or unclear, and even when they are not, bugs can still be introduced in the code. We have seen this go wrong many times in the past. SPIDA seeks novel contributions and case studies that address the challenges when implementing security protocols. How can implementations be analysed, statically or dynamically, in a systematic way? How can we make sure that the specifications are precise, but still easy to understand and implement correctly? And how to assure implementations faithfully follow such specifications? How can we apply insights from LangSec (language-theoretic security) here? As security protocols are by definition security-critical, and standard protocols are very widely used (with TLS as the prime example), they are an ideal application area for trying out new approaches for more robust specification and software engineering.
• S&B – Security on Blockchains (at UCL, Chandler House, Room 118) 
  Blockchains have emerged as a promising instrument for transparency and integrity in a decentralized fashion -- with an ever-increasing interest from popular media, research, and policy communities. The blockchain initially received wide attention as the underlying technology of Bitcoin proposed in 2009; it has independently evolved since, thanks to its resilience, integrity, and transparency properties, and spread to many other non-cryptocurrency applications. As Bitcoin suffers from scalability and privacy issues that impede its wider adoption, many choose the spectrum of permissioned or a combination of public and private blockchains. In a public setting every transaction is published on a global ledger, which allows small amounts of information (e.g., the identities of the participants in a single transaction) to be amplified if statistical analysis is used to track user activities. This limits the commercial usefulness of the current blockchain, and also harms individual privacy as user behavior frequently reflects the pervasive assumption that Bitcoin is an anonymous system. Ongoing research for public blockchains aims to alleviate privacy problems. In the meantime, private ledgers offer improved privacy, but at the cost of security due to the reduction of the number of participants. More importantly, decision-making entities of private ledgers are typically regulated by a single trusted entity, which contrasts the fundamental security assumptions of open and decentralized ledgers.
  
  Research in the area has been focusing mainly on improving the proof-of-work, the repurposing of mining energy, and denial-of-service attacks. With the Security on Blockchain Workshop we propose to look at the major issues in adopting blockchains -- both permissioned and permissionless models -- as a wide, secure and privacy preserving solution to contemporary problems in various fields: financial, authentication, access control, medical applications, fast data transactions, manufacturing processes, etc. We propose to focus on the critical analysis of various implementations of blockchain solutions, and the security improvements brought by technologies built on top of blockchains such as Sidechains, Confidential Transactions, Hyperledger, Lightning Networks, and Smart Contracts, and their application to security and privacy in the field.
• EuroUSEC – European Workshop on Usable Security (at UCL, Chandler House, Room B01) 
  The European Workshop on Usable Security (EuroUSEC) is the European sister of the USEC workshop, and thus is a premier forum for research in the area of human-centered security and privacy. The European Workshop on Usable Security solicits previously unpublished work offering novel research contributions in any aspect of human-centered security and privacy, targeting both end-users and IT professionals. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human-computer interaction, computer security and privacy, psychology, social science and economics.

Friday, 27 April

• IMPS – Innovations in Mobile Privacy and Security CANCELED
• S4CIP – 3nd Workshop on Safety & Security aSSurance for Critical Infrastructures Protection [morning] (at UCL, Roberts Engineering Building, Room 508) 
  Modern society heavily relies on large, heterogeneous and complex software-intensive systems to support all kinds of daily activities. Services such as urban transportation, logistics, health-care, data communication, railway, aerospace, and power distribution, to name a few, are becoming more and more dependent on the availability of such infrastructures. Any discontinuity of service may lead to serious problems, from severe financial losses to fatalities or injuries; the causes have different natures, either human errors, unexpected acts of nature, or intentional attacks like sabotage. Safety and security (S&S) assessments in critical infrastructures measure how these disruptions are handled and what is the impact suffered by the critical infrastructure under stress. These assessments are normally performed using analytical or simulation-based techniques often addressing one single specific aspect at a time rather than studying these infrastructures in a holistic manner.
  
  This workshop aims at providing a forum for people from academia and industry to communicate their latest results on theoretical advances, industrial case studies, practical scenarios, and lessons learned in the assurance of S&S for critical infrastructures. Since the special interest on S&S assurance, a special focus will be put on model-based approaches; to the joint modelling and analysis of both cyber and physical aspects of critical infrastructures; and to the definition of unifying modelling and analysis methodologies.
• IWPE – International Workshop on Privacy Engineering (at UCL, Roberts Engineering Building, Room 106) 
  Privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention.
  
  To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. The workshop targets an international and multi-disciplinary audience including computer scientists, technical experts from industry, legal scholars as well as social scientists.

Venue Information

Workshops will take place at UCL as shown below. On Monday, you will also be able to register for the main conference.

Monday, 23 April

Friday, 27 April