Ruhr-Uni-Bochum
Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA

Women in Security and Cryptography Workshop (WISC)


Der Workshop richtet sich an Doktorandinnen und herausragende Studentinnen im Bereich der IT-Sicherheit und bietet Fachvorträge und Austausch von Senior- und Junior-Forscherinnen auf diesem Gebiet. Das langfristige Ziel der WISC ist es, ein starkes internationales Netzwerk von Nachwuchswissenschaftlerinnen zu bilden und ein wertvolles akademisches Programm zu schaffen. Die WISC ist ein Schwesterevent der renommierten Computer-Security-Konferenz Women in Theory (WIT) und findet in einem zweijährigen Rhythmus statt.

WISC 2023

Vom 27. bis 29. Juni 2023 richtete das Exzellenzcluster CASA zum zweiten Mal den WISC-Workshop aus, diesmal in Präsenz. Absolventinnen und herausragende Studentinnen aus dem Bereich der IT-Sicherheit und verwandten Bereichen verbrachten drei spannende Tage in Bochum, um gemeinsam zu lernen und sich zu vernetzen.

Referentinnen:

Außerdem: Podiumsdiskussionen, Posterpräsentationen, Networking-Aktivitäten und vieles mehr!

Zum ausführlichen Rückblick auf die WISC 2023

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Unser Flyer zur WISC 2023 gibt weitere Einblicke in die drei spannenden Workshoptage!

Eindrücke von der WISC 2023

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Vorträge der WISC 2023

Cynthia Sturton

Bringing Symbolic Execution to the Security Verification of Hardware Designs

The verification of hardware designs is a key activity for ensuring the correctness and security of a design early in the hardware lifecycle. In this talk I will discuss our work developing a new point in the hardware verification space: software-style symbolic execution. Symbolic execution generalizes testing by replacing concrete values with symbols, with each symbol representing the set of possible values of the variable. This path-based symbolic analysis allows for deep and precise exploration of the design’s state space. However, symbolic execution infamously suffers from the path explosion problem. In this talk I will first present two strategies we developed to leverage the modular and cyclical nature of hardware designs to manage the path explosion problem: hardware-oriented backward search and piecewise composition. I will then present our results using symbolic execution for the security verification of hardware designs, first for assertion-based verification, in which we find bugs that current state-of-the-art model checking does not, and second for information-flow analysis in which we eliminate many of the false-positive flows that static analysis or taint tracking can produce.

Yixin Zou

Learning from the People: A Human-Centered Approach in Security and Privacy Research

There is an increasing appreciation for human factors in security and privacy research. The knowledge of people’s concerns, needs, and expectations provide valuable insights for improving security and privacy systems. Meanwhile, people often do not use existing tools and strategies to the full extent – and it is not their fault. In this talk, I will draw from my research to demonstrate the value of incorporating human factors in designing security and privacy mechanisms, and the need of considering digital equity in people’s ability to protect themselves. In the first part, I will feature my line of work on data breaches as a case study, showing how examining consumer reactions could inform the design of more effective breach notifications. In the second part, I will feature my work with various marginalized populations–such as survivors of intimate partner violence, older adults, and Muslim-American women–and trauma-informed computing as a unifying framework for creating safer technology experiences for all. Throughout the talk, I will highlight how this human-centered approach can lead to positive impacts on industry practices, public policy, and educational efforts around security and privacy.
CONTENT WARNING: some parts of the talk will include descriptions of physical/emotional violence, harassment, and trauma.

Shruti Tople

Unlocking the Vault: Analyzing Data Leakage in Language Models

Language models have brought remarkable advancements in natural language processing but concerns regarding data leakage and privacy have arisen. In this talk, we delve into analyzing data leakage in language models, unlocking the vault to understand the risks involved. The talk investigates the implementation of language models that have been fine-tuned using private data. The focus is to analyze the leakage of sentence-level information and personally identifiable tokens from these models, all within a black-box setting. Additionally, we delve into the privacy-utility effects of mitigation techniques, such as differential privacy, when applied during the training of these models.  By gaining insights into the risks and understanding the impact of privacy-preserving measures, we can work towards building more secure and privacy-aware language models that preserve user trust while driving innovation in natural language processing.

Maria Eichlseder

Ascon - The new NIST standard for lightweight cryptography

Integrating cryptographic algorithms in IoT systems and other constrained environments is often difficult due to limited resources and additional security challenges. Driven by this demand, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we show how Ascon was designed to address the specific challenges in the IoT, including security, performance, and footprint. Since ciphers are not used in an ideal world, we show how Ascon also improves robustness against certain implementation attacks and mistakes. Finally, we take a look at the standardization process itself and discuss our experience with different cryptography competitions.

Jade Philipoom

The Joy of Cryptographic Implementation

This talk will focus on how implementers transform cryptographic algorithms from academic papers into production code. I'll draw on real examples from my work developing a low-level cryptographic library for the OpenTitan hardware project. In this context, it's vital to optimize for speed and space without compromising security. We'll also discuss the complexities of considering physically present attackers and interacting with hardware accelerators.

Claudia Diaz

The Nym network: Incentivized mixnets

This talk will introduce the Nym network, a recently deployed system for communication privacy that is based on an incentivized mixnet. We will first review different existing approaches to communication privacy and discuss their tradeoffs, in order to situate mixnets within the solution space. We will then present the Nym system design and its components, which include a Loopix-based mixnet for anonymously routing packets, Coconut-based credentials to enable private access, and an incentive mechanism to reward mixnet nodes for their work while supporting scalability, decentralization, reliability and cost-effectiveness.

Workshops

"Securing your success: Presentation skills for young scientists", von Sandra Schlagheck
Presenting yourself and your research convincingly is essential to your professional success. This workshop aims to encourage reflection on presentations, give tips on preparing for them, and practice using voice and body language. To this end, the workshop includes short inputs and exercises on the foundation (topic, audience, purpose), preparation (collect, structure, formulate), and practice (voice, body language, stage fright).

"Allyship and the Power of Networks", von Louisa van den Bosch und Judith Valceschini
In our workshop “Allyship and the Power of Networks” we will look at the importance of finding and creaVng networks for FLINTA* (Female, Lesbian, Intersexual, Non-Binary, Trans- and A-Gender) to support ourselves and our peers in mainly cis-male dominated spaces and industries. We are looking to empower ourselves and find our strengths in shared experiences. Further we will reflect on how we can use our own advantages and privileges to share space and power with colleagues in our own fields of work who are less privileged and more marginalized than we are ourselves.

Cyber Security in the Age of Large-Scale Adversaries

Cynthia Sturton, University of North Carolina at Chapel Hill.

Cyber Security in the Age of Large-Scale Adversaries

Yixin Zou, Max Planck Institute for Security and Privacy.

Cyber Security in the Age of Large-Scale Adversaries

Shruti Tople, Microsoft Research.

Cyber Security in the Age of Large-Scale Adversaries

Maria Eichlseder, TU Graz.

Cyber Security in the Age of Large-Scale Adversaries

Jade Philipoom, Google/Open Titan.

Cyber Security in the Age of Large-Scale Adversaries

Claudia Diaz, KU Leuven.

Cyber Security in the Age of Large-Scale Adversaries

Podiumsdiskussion der Referentinnen.

Copyright/Fotos: CASA, Mareen Meyer

Rückblick: WISC 2021

Vom 21.-23. September 2021 fand der erste Workshop der “Women in Security and Cryptography” (WISC) des Excellenzclusters CASA statt. Am digitalen Workshop haben internationale Doktorandinnen* und herausragende Studentinnen* aus dem Bereich der IT-Sicherheit teilgenommen.

Programm mit ausgewählten Vorträgen aus Wissenschaft und Wirtschaft

Im Mittelpunkt des Konferenzprogramms standen hochkarätige Vorträge von führenden Wissenschaftlerinnen* auf dem Gebiet der IT-Sicherheit. Diese ermöglichten den Teilnehmerinnen* relevante Einblicke in die Branche, das Kennenlernen von Role Models und das Knüpfen dauerhafter Verbindungen zu wichtigen Akteurinnen* in der wissenschaftlichen Gemeinschaft.

Die herausragenden Sprecherinnen* der WISC und ihre Vortragsthemen

  • Tal Rabin, University of Pennsylvania & Algorand Foundation, USA
    „MPC in the YOSO (You Only Speak Once) Model“
  • Elette Boyle, FACT Research Center, IDC Herzliya, Israel
    “Pseudorandom Correlation Generators”
  • Kenza Ait Si Abbou, Senior Managerin für Robotik und künstliche Intelligenz
    “Artificial intelligence needs more women!”
  • Michelle Mazurek, Institute for Advanced Computer Studies, University  of  Maryland, USA
    “Investigating Secure Development In Practice:  A Human-Centered Perspective”
  • Adrienne Porter Felt, Director of Engineering, Google, USA
    ”An Industry Career Path, in Security and Beyond“
  • Carmela Troncoso, École polytechnique fédérale de Lausanne, Schweiz
    “Why Synthetic Data Is Not a Solution to Any Machine Learning Problem”

Austausch, Weiterbildung und Treffen mit Gleichgesinnten

Neben den spannenden Vorträgen der Sprecherinnen und vielfältigen Beiträgen der Teilnehmerinnen im Rahmen der Lightning talks stand die WISC ganz im Zeichen des wissenschaftlichen Austausches zwischen allen Anwesenden. Ziel war es nicht nur, ein attraktives Weiterbildungsprogramm zu schaffen, sondern Frauen* aus den verschiedenen Bereichen der IT-Sicherheitsforschung zusammenbringen und einen gemeinschaftlichen Austausch innerhalb der Community zu fördern. Dazu gab es gezielte Möglichkeiten zum Networking und für Gespräche bei geselligen Aktivitäten.

Einen Rückblick auf die WISC in 2021 bietet auch unser Flyer. Erfahre hier mehr über die Vorträge, das Programm und die Teilnehmerinnen!

Unser Graphic Recording der WISC 2021

Bleibe auf dem Laufenden

An unserem Exzellenzcluster tun sich eine Menge spannender Dinge: Veranstaltungen, Vorträge, Workshops, Jobangebote...
Wenn Sie im Bereich Equal Opportunity & Diversity auf dem Laufenden bleiben wollen, tragen Sie sich bitte in unsere E-Mail-Liste ein. Dann verpassen Sie kein Update mehr!

E-Mail-Liste
By submitting this form, you give CASA permission to process your data (name, email address) for the purpose of informing you about events, jobs and other news of the cluster. This consent is voluntary and can be revoked at any time.

Kontakt

Cyber Security in the Age of Large-Scale Adversaries

Kirsten Jäger
Equal Opportunities & Diversity,
Quality & Event Management
(0)234-32-29263
K.Jaeger(at)rub.de