Keynote 1 – Wednesday June 29
Kaveh Razavi: Open Hardware Security – A New Hope
Abstract: Hardware manufacturers actively engage in security by obscurity, leading to disaster time after time. During this talk, I will tell you how we are tackling the problem by investing in novel reverse engineering approaches that expose the intimate details of security-sensitive mechanisms deep inside DRAM hardware. These insights allow us to build effective security testing tools, and new principled and open mitigations. I will also tell you about our efforts in bringing automated security analysis to open-source CPU hardware.
Kaveh Razavi is an assistant professor at ETH Zurich where he leads the Computer Security Group. His research interests are in the area of systems and security. More recently, he has been involved in the discovery and exploitation of many high-profile hardware vulnerabilities in commodity hardware components such as DRAM and CPU. These efforts have won him and his collaborators many awards, including best paper and best practical paper at IEEE S&P, and three Pwnies in the most innovative research category at BlackHat.
Keynote 2 – Thursday June 30
Leyla Bilge: Journey to the Center of the Third-Party Tracking Ecosystem
Abstract: Tracking users’ online activity is a ubiquitous practice with different goals. At the core of online tracking is the desire to learn about a user’s habits, preferences, identity, and other information capable of creating a profile that can then be used in order to customize the user experience. This includes advertising and marketing, but also website personalization, analytics services, social media sharing, and others. The effectiveness of online tracking has fuelled very lucrative online business models, often leading to situations where trading profiles of oblivious users—and, therefore, the potential of capturing their attention—becomes the primary transaction instrument of the Internet economy. In this talk, I will present the state-of-the-art tracking ecosystem providing details about how trackers compute unique identifiers for the users. Then, I will talk about two of our recent studies on this very topic that aimed at measuring the real extent of cookie-based tracking and its real impact on Internet users. The first study let us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other’s content in web pages whose owners may not even be aware. We discovered that, in most web pages, tracking cookies are set and shared by organizations at the end of complex chains that involve several middlemen. We also studied the impact of cookie ghostwriting, i.e., a common practice where an entity creates cookies in the name of another party, or the webpage. We attributed and defined a set of roles in the cookie ecosystem, related to cookie creation and sharing. In the second study, on the other hand, we mapped this knowledge to real-world browsing telemetry to measure the total knowledge of the trackers about individuals and how much this knowledge could be extended if collaboration existed among the trackers.
Leyla Bilge is the director of the European research team of NortonLifeLock, formerly known as Symantec. She holds a Ph.D. from Eurecom and Telecom ParisTech on the topic of network-based botnet detection problems. Her interests embrace most of the systems security topics with a special focus on data analysis for cyber security, DNS-based malicious URL detection, predictive analytics, cyber insurance, and web privacy. In her earlier career, she contributed to the WINE project, which allowed the cyber security academics to leverage real-world telemetry to measure the real impact of particular security problems and threats. Her first study that leveraged WINE data to study the real-world impact of zero-day attacks received an honorable mention from NSA Science of Security Competition in 2013. While her day-to-day responsibility is to manage a team of experienced researchers with Ph.D. to explore new trends and contribute to the overall innovation of NortonLifeLock, she carries out a significant amount of academic research and publishes articles at the most prestigious cyber security conferences. In addition, she actively contributes to the reviewing process of scientific studies by participating in the program committees of the four top-tier security conferences: ACM CCS, IEEE S&P, Usenix Security, and NDSS. In 2021, she was the program chair of DIMVA 2021 and RAID 2021