Invited Talks
We are proud to announce the confirmed invited speakers of IEEE EuroS&P 2021:
Understanding microarchitectural vulnerabilities and countermeasures
Video
Abstract: It has been known for quite a while that processor optimization features like caches or branch predictors can leak secret information to attackers executing code on the same processor as the victim. With the recent discovery of transient execution attacks like Spectre, Meltdown, and their many variants, it has become clear that these information leaks can be significantly worse than previously expected.
As a consequence, the last four years have seen very intense activity in this area, both in academia and in industry.
It is now well-understood that some insight into processor microarchitecture, i.e. the way in which a processor implementation is organized and what performance optimization techniques it uses, is important to evaluate the security properties of software executing on that processor.
One of the key research challenges is to design adequate models of processor behavior, detailed enough to capture relevant attacks, but simple enough to enable the verification of security claims and the evaluation of the benefits and costs of countermeasures.
This talk will provide an overview of the current understanding of microarchitectural vulnerabilities and countermeasures, with a focus on how the language-based security community is trying to build adequate processor models that can be used to evaluate countermeasure designs, and to prove the security of software running on these processors.
Frank Piessens is a professor in the research group DistriNet (Distributed Systems and Computer Networks) at the Computer Science department of the Katholieke Universiteit Leuven. His main research interests are in the field of software security, where he focuses on the development of high-assurance techniques to deal with implementation-level software vulnerabilities and bugs, including techniques such as software verification, run-time monitoring, type systems, language based security and hardware-software co-design for security. These techniques are relevant for many types of software systems, including web applications, embedded software, mobile applications and so forth.
After the Attack: Security through Resilience and Recovery
Video
Abstract: While a main focus of security research is on identifying, mitigating and preventing attacks, the reality is that security failures always have - and always will - continue to happen. What's more, as computing continues to become more distributed and attack surfaces increase, the possibility of truly "securing" real-world computational systems diminishes. Given this environment of persistent attacks and security failures, this talk will explore the question of whether security research should begin to look beyond prevention and begin to concern itself more actively with questions of resilience and recovery when security failures inevitably happen.
Susan McGregor an Associate Research Scholar at Columbia University’s Data Science Institute, where she also co-chairs its Center for Data, Media & Society. McGregor’s research is centered on security and privacy issues affecting journalists and media organizations. Her current projects include NSF-funded work to provide readers with stronger guarantees about digital media by integrating cryptographic signatures into digital publishing workflows, an effort to develop novel classifiers for detecting abusive and harassing speech targeting journalists on Twitter, and using artificial intelligence and computer vision to help journalists recognize unfamiliar political graphics when reporting in the field.