Archive for the 'Conferences' Category

SRG at USENIX Security 2017

Saturday, August 12th, 2017

Several SRG students presented posters at USENIX Security Symposium in Vancouver, BC.


Approaches to Evading Windows PE Malware Classifiers
Anant Kharkar, Helen Simecek, Weilin Xu, David Evans, and Hyrum S. Anderson (Endgame)

JSPolicy: Policied Sandboxes for Untrusted Third-Party JavaScript
Ethan Lowman and David Evans
EvadeML-Zoo: A Benchmarking and Visualization Tool for Adversarial Machine Learning
Weilin Xu, Andrew Norton, Noah Kim, Yanjun Qi, and David Evans
Decentralized Certificate Authorities
Hannah Li, Bargav Jayaraman, and David Evans

Modest Proposals for Google

Friday, June 9th, 2017

Great to meet up with Wahooglers Adrienne Porter Felt, Ben Kreuter, Jonathan McCune, Samee Zahur (Google’s latest addition from my group), and (honorary UVAer interning at Google this summer) Riley Spahn at Google’s Research Summit on Security and Privacy this week in Mountain View.

As part of the meeting, the academic attendees were given a chance to give a 3-minute pitch to tell Google what we want them to do. The slides I used are below, but probably don’t make much sense by themselves.

The main modest proposal I tried to make is that Google should take it on as their responsibility to make sure nothing bad ever happens to anyone anywhere. They can start with nothing bad ever happening on the Internet, but with the Internet pretty much everywhere, should expand the scope to cover everywhere soon.

To start with an analogy from the days when Microsoft ruled computing. There was a time when Windows bluescreens were a frequent experience for most Windows users (and at the time, this pretty much mean all computer users). Microsoft analyzed the crashes and concluded that nearly all were because of bugs in device drivers, so it wasn’t their fault and was horribly unfair for them to be blamed for the crashes. Of course, to people losing their work because of a crash, it doesn’t really matter who’s code was to blame. By the end of the 90s, though, Microsoft took on the mission of reducing the problems with device drivers, and a lot of great work came out of this (e.g., the Static Driver Verifier), with dramatic improvements on the typical end user’s computing experience.

Today, Google rules a large chunk of computing. Lots of bad things happen on the Internet that are not Google’s fault. As the latest example in the news, the leaked NSA report of Russian attacks on election officials describes a phishing attack that exploits vulnerabilities in Microsoft Word. Its easy to put the blame on overworked election officials who didn’t pay enough attention to books on universal computation they read when they were children, or to put it on Microsoft for allowing Word to be exploited.

But, Google’s name is also all over this report – the emails when through gmail accounts, the attacks phished for Google credentials, and the attackers used plausibly-named gmail accounts. Even if Google isn’t too blame for the problems that enable such an attack, they are uniquely positioned to solve it, both because of their engineering capabilities and resources, but also because of the comprehensive view they have of what happens on the Internet and powerful ability to influence it.

Google is a big company, with lots of decentralized teams, some of which definitely seem to get this already. (I’d point to the work the Chrome Security Team has done, MOAR TLS, and RAPPOR as just a few of many examples of things that involve a mix of techincal and engineering depth and a broad mission to make computing better for everyone, not obviously connected to direct business interests.) But, there are also lots of places where Google doesn’t seem to be putting serious efforts into solving problems they could but viewing them as outside scope because its really someone else’s fault (my particular motivating example was PDF malware). As a company, Google is too capable, important, and ubiquitous to view problems as out-of-scope just because they are obviously undecidable or obviously really someone else’s fault.



[Also on Google +]

Enigma 2017 Talk: Classifiers under Attack

Monday, March 6th, 2017

The video for my Enigma 2017 talk, “Classifiers under Attack” is now posted:



The talk focuses on work with Weilin Xu and Yanjun Qi on automatically evading malware classifiers using techniques from genetic programming. (See EvadeML.org for more details and links to code and papers, although some of the work I talked about at Enigma has not yet been published.)

Enigma was an amazing conference – one of the most worthwhile, and definitely the most diverse security/privacy conference I’ve been to in my career, both in terms of where people were coming from (nearly exactly 50% from industry and 50% from academic/government/non-profits), intellectual variety (range of talks from systems and crypto to neuroscience, law, and journalism), and the demographics of the attendees and speakers (not to mention a way-cool stage setup).

The model of having speakers do on-line practice talks with their session was also very valuable (Enigma requires speakers to agree to do three on-line practice talks sessions before the conference, and from what I hear most speakers and sessions did cooperate with this, and it showed in the quality of the sessions) and something I hope other conference will be able to adopt. You actually end up with talks that fit with each other, build of things others present, and avoid unnecessary duplication, as well as, improving all the talks by themselves.

CCS 2017

Wednesday, January 18th, 2017

I’m program co-chair, with Tal Malkin and Dongyan Xu, for ACM CCS 2017.

The conference will be in Dallas, 30 Oct – 3 Nov 2017. Paper submissions are due May 19 (8:29PM PDT). It’ll be a while before the CFP is ready, but the conference website is now up!



O’Reilly Security 2016: Classifiers Under Attack

Friday, November 4th, 2016

I gave a talk on Weilin Xu’s work (in collaboration with Yanjun Qi) on evading machine learning classifiers at the O’Reilly Security Conference in New York: Classifiers Under Attack, 2 November 2016.

Machine-learning models are popular in security tasks such as malware detection, network intrusion detection, and spam detection. These models can achieve extremely high accuracy on test datasets and are widely used in practice.

However, these results are for particular test datasets. Unlike other fields, security tasks involve adversaries responding to the classifier. For example, attackers may try to generate new malware deliberately designed to evade existing classifiers. This breaks the assumption of machine-learning models that the training data and the operational data share the same data distribution. As a result, it is important to consider attackers’ efforts to disrupt or evade the generated models.

David Evans provides an introduction to the techniques adversaries use to circumvent machine-learning classifiers and presents case studies of machine classifiers under attack. David then outlines methods for automatically predicting the robustness of a classifier when used in an adversarial context and techniques that may be used to harden a classifier to decrease its vulnerability to attackers.



Private Multi‑Party Machine Learning

Thursday, August 18th, 2016

I’m co-organizing a workshop to be held in conjunction with NIPS on Private Multi‑Party Machine Learning, along with Borja Balle, Aurélien Bellet, Adrià Gascón. The one-day workshop will be held Dec 9 or Dec 10 in Barcelona.

NIPS workshops are different from typical workshops attached to computer security conferences, with lots of invited talks (and we have some great speakers lined up for PMPML16), but there is also an opportunity for researchers to submit short papers to be presented at the workshop either as short talks or posters.



ShanghaiTech Symposium

Saturday, June 25th, 2016

I went to Shanghai for the ShanghaiTech Symposium on Information Science and Technology. ShanghaiTech was only founded three years ago, but has made tremendous progress and recruited a talented group of faculty and students.


Zheng Zhang and Haibo Chen

Hao Bai

For the Symposium, I presented a tutorial introduction to secure multi-party computation (focused towards systems researchers), and an invited talk on Memory for Data-Oblivious Computation. Was a special honor to be able to speak about MPC applications build using Yao’s protocol following Andrew Yao’s opening keynote.

Thanks a bunch to Hao Chen for inviting me to the Symposium!

Aarhus Workshop on Theory and Practice of Secure Multiparty Computation

Sunday, June 5th, 2016

I’m back from the Workshop on Theory and Practice of Secure Multiparty Computation are Aarhus University in Denmark. Aarhus is a great city for biking – you can rent bikes (with trailers for children), and bike down the coast from the old city, past the beach, and to the countryside, all on a bikes-only roadway.

Highlight of the workshop was unquestionably the musical performance by Ivan Damgård, Claudio Orlandi, and Marcel Keller:



I gave a talk on circuit structures and Square-Root ORAM:

abhi shelat also presented on Jack Doerner’s work on private stable matching.





After the workshop, we had a family visit to Legoland (about an hour by train and bus from Aarhus). Photo albums: Aarhus, Legoland.

SRG at Oakland 2016

Wednesday, May 25th, 2016

At the IEEE Symposium on Security and Privacy in San Jose, CA, Samee Zahur presented on Square-Root ORAM and Anant, Jack, and Sam presented posters.



Anant Kharkar
Evading Web Malware Classifiers using Genetic Programming


Jack Doerner
Secure Gale-Shapley: Efficient Stable Matching for Multi-Party Computation


Samuel Havron
Secure Multi-Party Computation as a Tool for Privacy-Preserving Data Analysis

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks

Sunday, November 8th, 2015

I gave a talk at Johns Hopkins University for the DC-Area Crypto Day focused on cryptocurrencies: Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks.



Video of the Entire Workshop

Great to include two recent alums, Alex Kuck and Nick Skelsey at the end of my talk. They talks about progress with Ombuds, a platform for free speech built on the blockchain.




Download slides: [PPTX (35 MB), PDF (4-up, 34MB)]