Tutorials

We are pleased to announce that in this year’s AsiaCCS conference, we will provide 4 tutorial presentations on a wide range of emerging privacy and security issues. The tutorials and presenters’ information are provided in this page, and the tutorial agenda will be published later.

Abstract: Today, the security of commonly used cryptographic applications and protocols built upon classical public key cryptography (PKC) is threatened by emerging quantum computing technology. With the rapid advances of quantum supremacy, it is only a matter of time before a large-scale quantum computer capable of breaking classical PKC becomes available. Post-quantum cryptography (PQC) is secure against quantum attacks even after a large-scale quantum computer becomes available. However, the PQC migration of existing protocols and devices faces challenges due to the relatively large computational and communication overhead of PQC compared to classical PKC. In addition, despite the ongoing standardisation efforts, the PQC is still in its infancy compared to the decades-old classical PKC, and therefore suffers from issues of backward compatibility and a lack of confidence in the community.

Therefore, this tutorial aims at providing insights on transitioning to PQC. First, this tutorial will discuss the applications known to be vulnerable to quantum computing and the basic concepts of PQC. Then, the tutorial will discuss the current PQC migration efforts of some common protocols in network communication. Both the pure post-quantum solutions and the hybrid solutions between the classical PKC and the PQC will be discussed in this section. At last, the unique challenges of PQC migration faced by IoT devices will be discussed. Existing academic research works, standards, and implementation results will be presented in this tutorial.

Speakers Info:

Raymond K. Zhao, CSIRO’s Data61, Australia

Biography: Raymond K. Zhao received a BEng degree in computer science and technology from Zhejiang University, China, in 2015, a master’s degree in network and security from Monash University, Australia, in 2017, and a PhD degree from the Faculty of Information Technology (FIT), Monash University, Australia, in 2022. He was a research fellow in the Department of Software Systems and Cybersecurity, FIT, Monash University, Australia, in 2022. Since November 2022, he has been a postdoctoral fellow with CSIRO’s Data61. His main research interests include efficient and secure implementation techniques for post-quantum cryptographic applications and protocols.

Sara Jafarbeiki, Monash University, Australia

Biography: Sara is a Research Fellow in the Department of Software Systems and Cybersecurity, Faculty of Information Technology at Monash University, Australia. She holds a Bachelor’s degree and a Master’s degree in Electrical and Electronic Engineering from Sharif University of Technology. She has completed her doctoral research in the field of cybersecurity at Monash University.

Sara’s academic pursuits have been primarily focused on advancing the security and privacy of information systems. Her research interests span various areas of information security, including searchable encryption, database security, data privacy, and applied cryptography.

Abstract: Machine learning (ML) models have been widely applied to various applications, including image classification, text generation, audio recognition, and graph data analysis. However, recent studies have shown that ML models are vulnerable to membership inference attacks (MIAs), which aim to infer whether a data record was used to train a target model or not. MIAs on ML models can directly lead to a privacy breach. For example, via identifying the fact that a clinical record that has been used to train a model associated with a certain disease, an attacker can infer that the owner of the clinical record has the disease with a high chance. In recent years, MIAs have been shown to be effective on various ML models, e.g., classification models and generative models. Meanwhile, many defense methods have been proposed to mitigate MIAs. In this tutorial, we will briefly discuss the recent advances of MIAs and provide the taxonomies for both attacks and defences. Then, we point out several promising future research directions for the identified challenges to inspire the researchers who wish to follow this area.

Speakers Info:

Hongsheng Hu, CSIRO’s Data61, Australia

Biography: Hongsheng is currently a postdoctoral fellowship at Data61, CSIRO, Australia. His research focuses on AI privacy and security, especially membership inference attacks, differential privacy, and inference attacks in the context of federated learning. He has published several international refereed journal and conference papers, including ACM Computing Surveys, IJCAI, and ICDM.

Ruoxi Sun, CSIRO’s Data61, Australia

Biography: Ruoxi is currently a postdoctoral researcher at CSIRO’s Data61. His research focuses on the software privacy and security and machine learning security. His research resulted in several security vulnerabilities disclosures to vendors with resulting positive feedback as well as the removal of offending apps from the Google Play Store. He has published several papers at top conferences, including IEEE S&P, ACM CCS, NDSS, WWW, ICSE, ESEC/FSE, ASE, SenSys, and NeurIPS.

Shuo Wang, CSIRO’s Data61, Australia

Biography: Shuo is a research scientist at the CSIRO. He has his Ph.D. from the University of Melbourne in June 2018 before joining CSIRO. His research interests are in the field of AI for Cybersecurity and AI security. He has published papers in top conferences and journals in cybersecurity like IEEE S&P, NDSS, TIFS, TDSC, TPDS, etc.

Xuyun Zhang, Macquarie University, Australia

Biography: Xuyun Zhang is currently working as a senior lecturer in School of Computing at Macquarie University (Sydney, Australia). Besides, he has the working experience in University of Auckland and NICTA (now Data61, CSIRO). He received his PhD degree in Computer and Information Science from University of Technology Sydney (UTS) in 2014, and his MEng and BSc degrees from Nanjing University. His research interests include scalable and secure machine learning, big data mining and analytics, big data privacy and cyber security, cloud/edge/service computing and IoT, etc. He is the recipient of 2021 ARC DECRA Award and several other prestigious awards, and has been listed as one of the Clarivate 2021 Highly Cited Researchers.

Abstract: The static analysis identifies bugs without running the code. However, to find bugs in real-world complex software, even those modern static analysis tools suffer from scalability issues, and there still remains a huge gap between research-based analysis and practical bug detection. In this tutorial, we demonstrate Goshawk, a static analysis tool to find memory corruption bugs with the help of Natural Language Processing (NLP), and our audiences are expected to 1) leverage Goshawk to find memory-related bugs in real-world C/C++ projects in several minutes; 2) learn how to utilize latest AI techniques to extend static code analysis.

Speakers Info:

Xiang Chen, Shanghai Jiao Tong University / Shanghai Qizhi Institute, China

Biography: Major in cyber security (master’s degree) at Shanghai Jiao Tong University and as a member of G.O.S.S.I.P, Xiang Chen is now focusing on applying static program analysis to find bugs effectively in real-world projects. He is one of the current maintainers of the Goshawk project.

Siqi Ma, The University of New South Wales, Australia

Biography: Siqi Ma is currently a senior lecturer at the University of New South Wales. She mainly works in the area of software security. She has published over 40 papers at the top conferences in the areas of cybersecurity and software engineering, such as Security & Privacy, Usenix Security, International Conference, and Software Engineering.

Abstract: Symmetric Searchable Encryption (SSE) enables a client to outsource the storage of her encrypted database to a remote server while preserving the ability to securely search over the data. Since initiated by Song et al. in 2000 (S&P 2000), extensive efforts have been made towards developing constructions with tradeoffs between security, efficiency, and expressiveness in the past two decades. To realize efficient search, the majority of current SSE constructions allow leaking some well-defined information such as search pattern and access pattern. Nevertheless, a line of research has shown that some information revealed to the server (e.g., access pattern) can be leveraged to break query or data privacy, which in turn motivates the design of SSE schemes with reduced leakage.

Speakers Info:

Jianfeng Wang, Xidian University, China

Biography: Jianfeng Wang is an Associate Professor of the School of Cyber Engineering at Xidian University. He worked as a Visiting Scholar at Swinburne University of Technology, Australia. He obtained his PhD degree in cryptography from Xidian University, Xi’an, China, in 2016. His research interests include applied cryptography, data security, and searchable encryption. He has authored over 70 papers in refereed international conferences and journals, including publications in ACM CCS, ESORICS, IEEE TC, IEEE TDSC, IEEE TIFS, IEEE TSC and IEEE TMC etc.