Abstract: Cloud computing provides enormous power to end users to obtain on-demand computing services, offering higher flexibility and control. Cloud computing however poses a fundamental questions: Can we trust the results? How can we be sure that the computation has been done correctly? In this talk, we provide an overview of approaches to providing correctness guarantees through replicated computation, and show how smart contracts can be used to design systems with provable correctness that are viable in practice.

Bio: Rei Safavi-Naini is the NSERC/Telus Industrial Research Chair and Alberta Innovates Strategic Chair in Information Security. She is a co-founder of Institute for Security, Privacy and Information Assurance at the University of Calgary and served as its Director until January 2019. Before joining the University of Calgary in 2007 as the iCORE Chair in Information Security, she was a Professor of Computer Science and the Director of Telecommunication and Information Technology Research Institute at the University of Wollongong Australia. She has over 400 published papers in journals and conferences, has served as an Associate Editor of IEEE Transactions on Information Theory (two times), ACM Transactions on Information and System Security (TISSEC), and IEEE Transactions on Secure and Dependable Computing. She has served as Program Chair/co-Chair of Crypto 2012, ACNS 2013, Financial Cryptography 2014, and ACM CCS Cloud Security Workshop 2014. Her current research interests are cryptography, information theoretic security, quantum-safe cryptography, Cloud security, and Distributed Ledger and Smart Contracts.

Abstract: We introduce a method for protection against a side-channel attack made possible by the use of a cloud-computing feature called memory deduplication. Memory deduplication improves the efficiency with which physical memory is used by the virtual machines (VMs) running on the same server by keeping in memory only one copy of the libraries and other software used by multiple VMs. However, this allows an attacker's VM to find out the memory locations (and thus the operations) used by a victim's VM, as these locations are cached and can be accessed faster than memory locations not used by the victim. To perform the attack, the malicious VM needs to execute an abnormal sequence of cache flushes, and our new method detects this by monitoring memory locations associated with sensitive (e.g., encryption) operations and using logistic regression to identify the abnormal cached operations. Furthermore, our method uses its own cache flushing to render the attack ineffective by feeding fake (random) information to the attacker. The experiments we ran using the KVM hypervisor and Ubuntu 18.04 LTS VMs on both Debian~10 and CentOS physical servers show that our method can detect attacks with 99% accuracy, and can feed fake information to an attacker with between 2-8% CPU overheads.

Abstract: We provide clear and concise guidelines for the use of three of the most popular homomorphic cryptosystems: BFV, CKKS and TFHE. Because they are unified under the Chimera framework and it is now possible to switch a ciphertext from one cryptosystem to another, such a comparison is essential to better understand which cryptosystem to use in which use-case or for which part of a secure computation on the cloud. We do this by comparing the application of the three cryptosystems to the evaluation phase of standard feed-forward neural networks tested on the MNIST database. We tested their application in the case where both the query and the neural network model are encrypted and in the case when only the query is encrypted. We evaluated the results obtained using the three homomorphic schemes in terms of precision, memory usage and execution time for a minimal security of 128 bits.

Abstract: Network function virtualisation enables versatile network functions as cloud services. Specifically, network measurement tasks such as heavy-hitter detection and flow distribution estimation serve many core network functions for improved performance and security of enterprise networks. However, deploying network measurement services in third-party cloud providers raises critical privacy and security concerns. In this talk, I will present the design of our recent work named OblivSketch - a secure network measurement service built from Intel SGX. We harness the insights from confidential computing, large-scale network flow analysis, and data-oblivious primitives to build a secure and practical network measurement service that can even mitigate side-channels against SGX. We integrate OblivSketch into the framework of SDN and demonstrate its performance via CAIDA datasets with millions of flows.

Bio: Dr Xingliang Yuan is a Senior Lecturer with the Faculty of Information Technology, Monash University, Australia. He obtained his PhD degree from the City University of Hong Kong in 2016. His research interests are in the areas of data security and privacy, secure networked system, confidential computing, machine learning security and privacy. In the past few years, his work has appeared in prestigious venues in cybersecurity, computer networks, and distributed systems, including CCS, NDSS, INFOCOM, ICDCS, etc. His research has been supported by Australian Research Council, CSIRO Data61, and Oceania Cyber Security Centre.