Co-Invited Speakers

Prof. Michael Reiter (University of North Carolina at Chapel Hill)

Bio: Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. His research interests include all areas of computer and communications security and distributed computing. His professional responsibilities during his career so far have included Director of Secure Systems Research at Bell Labs; founding Technical Director of CyLab at Carnegie Mellon University; program chair for the the flagship computer security conferences of the IEEE, the ACM, and the Internet Society; and Editor-in-Chief of ACM Transactions on Information and System Security, among others. Dr. Reiter was named an ACM Fellow in 2008 and an IEEE Fellow in 2014.

TITLE: Side-Channels in Multi-Tenant Environments

Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware --- both large (public clouds) and small (smartphones) --- the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely "side-channel attacks". In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.

Prof. Gene Tsudik (Chancellor's Professor of Computer Science, University of California, Irvine)

Bio: Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). Over the years, his research interests included many topics in security and applied cryptography. He is the Director of Secure Computing and Networking Center (SCONCE) at UCI. Gene Tsudik is a former Fulbright Scholar and a fellow of the ACM and the IEEE. From 2009 to 2015 he served as the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC).

TITLE: Secure and Private Proximity-Based Discovery of Common Factors in Social Networks

The recent decade has witnessed a rapid increase in popularity of mobile personal devices (notably, smartphones) that function as all-purpose personal communication portals. Concurrently, On-line Social Networks (OSNs) have continued their impressive proliferation. Meanwhile, the notion of "OSN privacy" remains elusive and even self-contradictory. Centralized nature of prominent OSNs is unlikely to change, which does not bode well for OSN users' privacy. However, some user privacy can be gained from making certain OSN functionality available off-line, such as discovering common contacts and other features, as well as establishing affinity-based connections. OSNs stand to gain from this, since users could avail themselves of OSN functionality in scenarios where none currently exists, e.g., whenever Internet connectivity is unavailable, expensive or insufficient. At the same time, OSN users benefit from increased privacy because off-line interactions are invisible to OSN providers.

This talk will explore off-line private proximity-based use of OSNs and will present a working system (called UnLinked) that is grafted atop a popular OSN -- LinkedIn. One key challenge is how to ensure integrity, authenticity and privacy of users' profile information when they engage in off-line interactions. This can be addressed via specialized privacy-agile cryptographic protocols. This talk will overview the design, architecture and functionality of UnLinked and will highlight important outstanding issues.

Prof. Steven M. Bellovin (Columbia University)

Bio: Steven M. Bellovin is the Percy K. and Vidal L. W. Hudson Professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don't get along, as well as related public policy issues. In his spare professional time, he does some work on the history of cryptography. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). Bellovin has served as Chief Technologist of the Federal Trade Commission. He is a member of the National Academy of Engineering and is serving on the Computer Science and Telecommunications Board of the National Academies, the Department of Homeland Security's Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission; he has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to the Cybersecurity Hall of Fame.

TITLE: Thinking Security

Many computer applications are bound to a particular point in time; more precisely, to a given set of technologies and costs. The same is true of computer security. Unfortunately, once something becomes possible people become wedded to it, and never look back at the environment and assumptions that made it possible or even necessary. This is especially serious for security, since it causes us to endure the costs and annoyances of marginally useful (or even harmful) mechanisms while blinding us to newer threats. What can be done? How can we recognize the implicit assumptions in what we're doing? Can we do better in the future? How do differing threat models affect the question?

IEEE CSCloud 2015 Keynote Speakers

Dr. Bhavani Thuraisingham
Louis A. Beecherl, Jr. I, Distinguished Professor
Department of Computer Science
Executive Director of the Cyber Security Research Institute
Erik Jonsson School of Engineering and Computer Science
The University of Texas at Dallas
Bio: Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. Distinguished Professor of Computer Science and the Executive Director of the Cyber Security Research and Education Institute (CSI) at The University of Texas at Dallas. She is an elected Fellow of IEEE, the AAAS, the British Computer Society, and the SPDS (Society for Design and Process Science). She received several prestigious award including IEEE Computer Society's 1997 Technical Achievement Award for “outstanding and innovative contributions to secure data management”, the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for “seminal research contributions and leadership in data and applications security for over 25 years” and the SDPS Transformative Achievement Gold Medal for her contributions to interdisciplinary research. She has unique experience working in the commercial industry (Honeywell), federal research laboratory (MITRE), US government (NSF) and academia and her 35 year career includes research and development, technology transfer, product development, program management, and consulting for the federal government. Her work has resulted in 100+ journal articles, 200+ conference papers, 100+ keynote and featured addresses, eight US patents (three pending) and fifteen books (two pending). She received the prestigious earned higher doctorate degree (DEng) from the University of Bristol England in 2011 for her published work in secure data management since her PhD. She has been a strong advocate for women in computing and has delivered featured addresses at events organized by the CRA-W (Computing Research Association) and SWE (Society for Women Engineers).


This presentation will describe our research and development efforts in assured cloud computing for the Air Force Office of Scientific Research. We have developed a secure cloud computing framework as well as multiple secure cloud query processing systems. Our framework uses Hadoop to store and retrieve large numbers of RDF triples by exploiting the cloud computing paradigm and we have developed a scheme to store RDF data in a Hadoop Distributed File System. We implemented XACML-based policy management and integrated it with our query processing strategies. For secure query processing with relational data we utilized the HIVE framework. More recently we have developed strategies for secure storage and query processing in a hybrid cloud. In particular, we have developed algorithms for query processing wherein user’s local computing capability is exploited alongside public cloud services to deliver an efficient and secure data management solution. We have also developed techniques for secure virtualization using the XEN hypervisor to host our cloud data managers as well as an RDF-based policy engine hosted on our cloud computing framework. Finally we have developed a secure social media framework hosted on our secure cloud computing framework. The presentation will discuss our secure cloud computing framework for assured information sharing and discuss the secure social media framework. We will then discuss the relationship to big data security and privacy aspects and connect our research to Secure Internet of Things with a special emphasis on data privacy.

Dr. Kui (Quinn) Ren
Associate Professor
Department of Computer Science and Engineering
University at Buffalo, State University of New York

Bio: Kui Ren is an associate professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo. He received his PhD degree from Worcester Polytechnic Institute. Kui's current research interest spans Cloud & Outsourcing Security, Wireless & Wearable System Security, and Human-centered Computing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He is a recipient of NSF CAREER Award in 2011 and Sigma Xi/IIT Research Excellence Award in 2012. Kui has published 150 peer-review journal and conference papers and received several Best Paper Awards including IEEE ICNP 2011. He currently serves as an associate editor for IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Mobile Computing, IEEE Transactions on Information Forensics and Security, IEEE Wireless Communications, IEEE Internet of Things Journal, IEEE Transactions on Smart Grid, and Oxford The Computer Journal. Kui is a senior member of IEEE, a member of ACM, a Distinguished Lecturer of IEEE, and a past board member of Internet Privacy Task Force, State of Illinois.

Topic: Secure Outsourcing Image Feature Extraction: Challenges and Solutions

The amount and availability of user-contributed image data have grown to an unprecedented level during recent years. Social network service providers, like Facebook and Twitter, are heavily exploiting these vast valuable data to study user behaviors, social preferences, et al., for various business purposes. However, existing practices could seriously breach users' privacy and have led to increasing public criticisms and legislation pressures. The pressing need to develop sound privacy-preserving image processing mechanisms is being recognized by the research community.
In this talk, I will present our research on secure outsourcing of image feature extraction, a widely-applicable technique for various content-based image applications. Our goal is to enable a public cloud service provider to perform a variety of image feature detection tasks, including both global features (visual descriptors in MPEG-7 standard) and local features (Scalar Invariant Feature Transform), while protecting image contents related to users' privacy. I will first discuss the research challenges, which mainly lie in the complicated functionality requirements of image feature extraction algorithms. A practical solution requires delicate tradeoffs among functionality, efficiency, and privacy. I will then introduce our solutions on secure outsourcing both global and local feature extractions. For the former, our solution is a generalized feature extraction platform over the somewhat homomorphic encryption scheme. For the latter, we utilize a multi-server cloud structure with a tailored practical security design. Finally, we conclude the talk by discussing future research directions and the related open issues .