BEGIN:VCALENDAR
VERSION:2.0
PRODID:researchseminars.org
CALSCALE:GREGORIAN
X-WR-CALNAME:researchseminars.org
BEGIN:VEVENT
SUMMARY:Kovila Coopamootoo (Newcastle University)
DTSTART:20210616T140000Z
DTEND:20210616T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/1
DESCRIPTION:Title: Usage Patterns of Privacy-Enhancing Technologies\nby Kovila Coop
amootoo (Newcastle University) as part of UK Security and Privacy Seminar
Series\n\n\nAbstract\nThe steady reports of privacy invasions online paint
s a picture of the Internet growing into a more dangerous place. This is s
upported by reports of the potential scale for online harms facilitated by
the mass deployment of online technology and by the data-intensive web. W
hile Internet users often express concern about privacy\, some report taki
ng actions to protect their privacy online.\n\nWe investigate the methods
and technologies that individuals employ to protect their privacy online.
We conduct two studies\, of N=180 and N=907\, to elicit individuals' use o
f privacy methods\, within the US\, the UK and Germany. We find that non-t
echnology methods are among the most used methods in the three countries.
We identify distinct groupings of privacy methods usage in a cluster map.
The map shows that together with non-technology methods of privacy protect
ion\, simple privacy-enhancing technologies (PETs) that are integrated in
services\, form the most used cluster\, whereas more advanced PETs form a
different\, least used cluster. We further investigate user perception and
reasoning for mostly using one set of PETs in a third study with N=183 pa
rticipants. We do not find a difference in perceived competency in protect
ing privacy online between advanced and simpler PETs users. We compare use
perceptions between advanced and simpler PETs and report on user reasonin
g for not using advanced PETs\, as well as support needed for potential us
e. This paper contributes to privacy research by eliciting use and percept
ion of use across 43 privacy methods\, including 26 PETs across three coun
tries and provides a map of PETs usage. The cluster map provides a systema
tic and reliable point of reference for future user-centric investigations
across PETs. Overall\, this research provides a broad understanding of us
e and perceptions across a collection of PETs\, and can lead to future res
earch for scaling use of PETs.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/1/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Changyu Dong (Newcastle University)
DTSTART:20210609T140000Z
DTEND:20210609T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/2
DESCRIPTION:Title: How to Make Private Distributed Cardinality Estimation Practical\, a
nd Get Differential Privacy for Free\nby Changyu Dong (Newcastle Unive
rsity) as part of UK Security and Privacy Seminar Series\n\n\nAbstract\nSe
cure computation is a promising privacy enhancing technology\, but it is o
ften not scalable enough for data intensive applications. On the other han
d\, the use of sketches has gained popularity in data mining\, because ske
tches often give rise to highly efficient and scalable sub-linear algorith
ms. It is natural to ask: what if we put secure computation and sketches t
ogether? We investigated the question and the findings are interesting: we
can get security\, we can get scalability\, and somewhat unexpectedly\, w
e can also get differential privacy — for free. Our study started from b
uilding a secure computation protocol based on the Flajolet-Martin (FM) sk
etches\, for solving the Private Distributed Cardinality Estimation (PDCE)
problem\, which is a fundamental problem with applications ranging from c
rowd tracking to network monitoring. The state of art protocol for PDCE is
computationally expensive and not scalable enough to cope with big data a
pplications\, which prompted us to design a better protocol. Our further a
nalysis revealed that if the cardinality to be estimated is large enough\,
our protocol can achieve (\\epsilon\,\\delta)-differential privacy automa
tically\, without requiring any additional manipulation of the output. The
result signifies a new approach for achieving differential privacy that d
eparts from the mainstream approach (i.e. adding noise to the result). Fre
e differential privacy can be achieved because of two reasons: secure comp
utation minimizes information leakage\, and the intrinsic estimation varia
nce of the FM sketch makes the output of our protocol uncertain. We furthe
r show that the result is not just theoretical: the minimal cardinality fo
r differential privacy to hold is only 10^2−10^4 for typical parameters.
\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/2/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Jorge Blasco Alis (Royal Holloway University of London)
DTSTART:20210630T140000Z
DTEND:20210630T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/3
DESCRIPTION:Title: Information-Flow Analysis for Mobile and Wearable Device Security an
d Privacy\nby Jorge Blasco Alis (Royal Holloway University of London)
as part of UK Security and Privacy Seminar Series\n\n\nAbstract\nInformati
on flow analysis techniques have been widely applied to the analysis of mo
bile applications. In this talk we will explore how they can be used to st
udy the security and privacy properties in mobile-to-IoT and wearable devi
ce interactions. For this\, we separate the interaction methods in two mai
n categories: those enabled by the operating system in the form of proprie
tary APIs (Android Wear) and those that are done directly at a lower level
using wireless protocols such as Bluetooth Low Energy. We show how we can
instrument Google Play APIs to perform information flow analysis over And
roid Wear API calls. With this\, we can identify what information is being
exchanged between the mobile application and its wearable counterpart\, b
eing able to reason about possible privacy leakages. When looking at lower
level interactions\, we analyse how Android implements its Bluetooth Low
Energy stack and identify an issue that would allow any application with B
luetooth permissions to access any BLE connected device without the users
’ consent. We measure how many BLE-enabled apps are affected by this and
provide mitigation recommendations to stakeholders in the BLE ecosystem.\
n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/3/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Zhiyun Qian (UC Riverside)
DTSTART:20210707T140000Z
DTEND:20210707T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/4
DESCRIPTION:Title: Weaponizing Network Side Channels: From TCP Hijacking to DNS Cache P
oisoning\nby Zhiyun Qian (UC Riverside) as part of UK Security and Pri
vacy Seminar Series\n\n\nAbstract\nSide channel attacks were never conside
red as part of the threat model when network protocols were designed. Even
today\, the impact of network side channels is vastly underestimated. Exp
loiting network side channels have been considered challenging\, if not in
feasible\, due to its nature of being remote. In this talk\, I will demons
trate a series of surprisingly powerful attacks where a blind off-path att
acker can use side channels to hijack arbitrary remote TCP connections\, a
s well as launch DNS cache poisoning attacks against popular DNS services.
I will also give insights on how to systematically discover such problems
.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/4/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Roberto Guanciale (KTH)
DTSTART:20210728T140000Z
DTEND:20210728T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/5
DESCRIPTION:Title: InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by
Formal Analysis\nby Roberto Guanciale (KTH) as part of UK Security an
d Privacy Seminar Series\n\n\nAbstract\nThe Spectre attacks have demonstra
ted the fundamental insecurity of current computer microarchitecture. The
attacks use features like pipelining\, out-of-order and speculation to ext
ract arbitrary information about the memory contents of a process. A compr
ehensive formal microarchitectural model capable of representing the forms
of out-of-order and speculative behavior that can meaningfully be impleme
nted in a high performance pipelined architecture has not yet emerged. Suc
h a model would be very useful\, as it would allow the existence and non-e
xistence of vulnerabilities\, and soundness of countermeasures to be forma
lly established. We present such a model targeting single core processors.
The model is intentionally very general and provides an infrastructure to
define models of real CPUs. It incorporates microarchitectural features t
hat underpin all known Spectre vulnerabilities. We use the model to elucid
ate the security of existing and new vulnerabilities\, as well as to forma
lly analyze the effectiveness of proposed countermeasures. Specifically\,w
e discover three new (potential) vulnerabilities\, including a new variant
of Spectre v4\, a vulnerability on speculative fetching\, and a vulnerabi
lity on out-of-order execution\, and analyze the effectiveness of existing
countermeasures including constant time and serializing instructions.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/5/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Rikke Bjerg Jensen (Royal Holloway University of London)
DTSTART:20210818T140000Z
DTEND:20210818T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/6
DESCRIPTION:Title: Collective Information Security in Large-Scale Urban Protests: the C
ase of Hong Kong\nby Rikke Bjerg Jensen (Royal Holloway University of
London) as part of UK Security and Privacy Seminar Series\n\n\nAbstract\nT
he Anti-Extradition Law Amendment Bill protests in Hong Kong present a ric
h context for exploring information security practices among protesters du
e to their large-scale urban setting and highly digitalised nature. We con
ducted in-depth\, semi-structured interviews with 11 participants of these
protests. Research findings reveal how protesters favoured Telegram and r
elied on its security for internal communication and organisation of on-th
e-ground collective action\; were organised in small private groups and la
rge public groups to enable collective action\; adopted tactics and techno
logies that enable pseudonymity\; and developed a variety of strategies to
detect compromises and to achieve forms of forward secrecy and post-compr
omise security when group members were (presumed) arrested. We further sho
w how group administrators had assumed the roles of leaders in these ‘le
aderless’ protests and were critical to collective protest efforts.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/6/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Ian Thornton-Trump
DTSTART:20210714T140000Z
DTEND:20210714T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/7
DESCRIPTION:Title: The Eight Principles of Security Leadership: An insider’s view of
SolarWinds & Supply Chain Failure\nby Ian Thornton-Trump as part of UK
Security and Privacy Seminar Series\n\n\nAbstract\nIn 2017\, I failed to
save a 5 billion dollar company from getting ravaged by Russian and Chines
e Advanced Persistent Threat actors from a series of attacks that may have
started in 2019. The repercussions of the SolarWinds “hack” as it has
been characterised has generated a lot of attention – mainstream media
up to and including three US government house committees: Intelligence\,
Homeland Security & Reform and Oversight. After four years of introspectio
n I maintain the attack – even though it was conducted by nation state a
ctors funded with millions of dollars and nearly unlimited resources – c
ould have been thwarted. Although we characterise “security” into thre
e domains of people\, process & technology there is a need to unite these
domains into an organization imperative. I discovered that without securit
y leadership in place to unite people\, process & technology in common pur
pose the three domains become silos. It is within these silos that threat
actors exploit organizations and dwell within organizations undetected. In
this presentation I present Eight Principles of Security Leadership and d
iscuss candidly how they could have been applied to prevent catastrophe fo
r an organization like SolarWinds.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/7/
END:VEVENT
BEGIN:VEVENT
SUMMARY:XiaoFeng Wang (Indiana University)
DTSTART:20210721T140000Z
DTEND:20210721T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/8
DESCRIPTION:Title: Confidential Computing: Challenges Today and Opportunities Tomorrow<
/a>\nby XiaoFeng Wang (Indiana University) as part of UK Security and Priv
acy Seminar Series\n\n\nAbstract\nThe rampage of incessant cyber attacks h
ave caused the disclosure of billions of users’ private data\, shaking t
he Internet to its core. In response\, various data privacy laws and regul
ations have emerged\, forcing the industry to change their practice and br
inging the demand for large-scale secure computing to the spotlight. Such
a demand\, however\, cannot be met by the state-of-the-art cryptographic t
echniques\, even with decades of effort\, due to the overheads (speed\, ba
ndwidth consumption) they incur. To narrow the gap\, recent years have see
n rapid progress in hardware based trusted execution environments (TEE)\,
such as Intel SGX\, AMD SEV and ARM TrustZone\, which enable efficient com
putation on encrypted data within a secure enclave established by a truste
d processor. In this talk\, I will present our research on understanding a
nd addressing the security challenges in this new secure computing paradig
m and enhancing its design to achieve scalability\, for the purpose of sup
porting accelerated machine learning. Further I will present the big quest
ions that need to be answered in the area and introduce our genome privacy
competition as a synergic activity that helps move the science in this ar
ea forward.\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/8/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Yves-Alexandre de Montjoye (Imperial College London)
DTSTART:20210811T140000Z
DTEND:20210811T150000Z
DTSTAMP:20260404T111246Z
UID:UK-SPS/9
DESCRIPTION:by Yves-Alexandre de Montjoye (Imperial College London) as par
t of UK Security and Privacy Seminar Series\n\nAbstract: TBA\n
LOCATION:https://stable.researchseminars.org/talk/UK-SPS/9/
END:VEVENT
END:VCALENDAR