/cybersecurity-privacy-institute/ en /cybersecurity-privacy-institute/events/seminar-cryptography-security-and-privacy-crysp-securing <span class="field field--name-title field--type-string field--label-hidden">Seminar • Cryptography, Security, and Privacy (CrySP) — Securing Cloud-assisted Services</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/cybersecurity-privacy-institute/users/jszimans" typeof="schema:Person" property="schema:name" datatype="" xml:lang="">Jodi Szimanski</span></span> <span class="field field--name-created field--type-created field--label-hidden">Tue, 11/20/2018 - 13:14</span> <section class="uw-section-spacing--default uw-section-separator--none uw-column-separator--none layout layout--uw-1-col uw-contained-width"><div class="layout__region layout__region--first"> <div class="block block-layout-builder block-inline-blockuw-cbl-copy-text"> <div class="uw-copy-text"> <div class="uw-copy-text__wrapper "> <div class="field body field-label-hidden clearfix"> <div class="field-data "> <div class="field-item-switch"> <div class="field-item"> <p><strong>N. Asokan, Department of Computer Science</strong><br /><em>Aalto University, Finland</em></p> <p>All kinds of previously local services are being moved to cloud settings. While this is justified by the scalability and efficiency benefits of cloud-based services, it also raises new security and privacy challenges. Solving them by naive application of standard security/privacy techniques can conflict with other functional requirements. In this talk, I will outline some cloud-assisted services and the conflicts that arise while trying to secure these services.</p> <p>I will then take the case of cloud-assisted malware scanning as an example scenario to discuss the privacy concerns that arise. I will discuss possible solutions these concerns by casting them as an instance of the private membership test problem. I will briefly describe hardware-assisted trusted execution environments (TEEs) which are widely available now and describe a solution to private membership test using TEEs. In the process, I will also point out several other recent advances in using and building TEEs and my work in this area over the last decade and a half.</p> <p>Finally, I will discuss the more general setting of using cloud-hosted machine learning models in a privacy-preserving manner. I will describe MiniONN, a solution to transform any existing neural network into an oblivious variant. Oblivious neural networks (ONNs), hosted in a cloud server, can be used by clients without the server learning any information about the inputs clients send to the ONN or the results sent back to them. I will mention the pros and cons of this approach and briefly speculate on how hardware-assisted trusted execution may help address the cons.</p> <hr /><p><b>Bio</b>: N. Asokan is a professor of computer science at Aalto University in Finland where he co-leads the <a href="http://ssg.aalto.fi/">Secure Systems Group</a> and directs the <a href="https://haic.fi/">Helsinki-Aalto Center for Information Security HAIC</a>. He is a PI for the<a href="http://www.icri-cars.org/"> Intel Collaborative Research Center</a>. He is an IEEE Fellow (2017) and an ACM Distinguished Scientist (2015).</p> <p>Asokan was a staff member at UW (MFCF) in the 1990s and subsequently earned his doctorate in computer science from UW. Visit <a href="https://asokan.org/asokan/">his web page</a> or <a href="https://twitter.com/nasokan?lang=en">his Twitter profile</a> for more on his work.</p> </div> </div> </div> </div> </div> </div> </div> </div> </section> Tue, 20 Nov 2018 18:14:33 +0000 Jodi Szimanski 106 at /cybersecurity-privacy-institute