5th Annual Cyber Security Next Generation Workshop

Utrecht, The Netherlands
May 03, 2019

The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT, dcypher, and NWO) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 5th edition of this workshop will be held at SURFnet in Utrecht on May 03, 2019. Participation is free of charge.

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by sending an e-mail to: csngworkshop@gmail.com

Important Dates

- Abstract submission deadline: March 29, 2019

- Notification of acceptance: April 12, 2019

- Registration deadline: April 25, 2019

- Workshop date: May 03, 2019

Registration

Registration is free but required. Please register here.

Venue

The workshop will be held in the rooms of SURFnet in Utrecht which are right next to the train station:

Hoog Overborch Office Building (Hoog Catharijne)
3511 EP Utrecht Moreelspark 48

More details and directions can be found on the website of SURF.

Tentative Program

10:00 - 10:20  Registration
10:20 - 10:30  Welcome
10:30 - 11:15  Keynote: Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”
11:15 - 11:45  Morning coffee & poster session
11:45 - 12:30  Talks
12:30 - 13:30  Lunch
13:30 - 14:30  BCMT award ceremony
14:30 - 15:00  Coffee break & poster session
15:00 - 16:00  Talks
16:00 - 17:00  Borrel

Keynote

Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”

Abstract: The Internet is a magnificent dynamic system that is growing larger and faster than what we could ever had imagined. While there is speech of considering Internet access as a human right, we are at the same time faced daily with indications that the Internet infrastructure, and as a consequence we as society relying on it, are under attack. As future generation of security professionals, we have a chance to shape how the Internet will look like in the future. But to do so consciously and ethically, we need to know what we need to protect, and what the threats are. This talk with give some examples of attacks targeting the Internet, how we can measure them and what we can do to prevent them.

Morning Talks

11:45 - 12:05 Pavlo Burda (TU/e) - "Characterizing the Redundancy of DarkWeb .onion Services"
12:05 - 12:30 Remco Poortinga - van Wijnen (SURFnet) - "Security & Privacy (Research) at SURF"

Afternoon Talks

15:00 - 15:20 Oğuzhan Ersoy (TU Delft) - Bandwidth-Efficient Transaction Routing Mechanism for Blockchain Networks
15:20 - 15:40 Sharwan Adjodha (TU Delft) - Assessing Cyber Security Of Innovations For Climate Disaster Resilience
15:40 - 16:00 Mina Sheikhalishahi (TU/e) - Privacy Preserving Multi-party Access Control

BCMT award ceremony

13:30 - 13:35 Introduction
13:35 - 14:00 Stephan van Schaik (VU) - "Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think"

Abstract: Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker-controlled code sharing the cache with a designated victim can leak confidential data by timing the execution of cache-accessing operations. Much recent work has focused on defenses that enforce cache access isolation between mutually distrusting software components. In such a landscape, many software-based defenses have been popularized, given their appealing portability and scalability guarantees. All such defenses prevent attacker-controlled CPU instructions from accessing a cache partition dedicated to a different security domain. We present a new class of attacks (indirect cache attacks), which can bypass all the existing software-based defenses. In such attacks, rather than accessing the cache directly, attacker-controlled code lures an external, trusted component into indirectly accessing the cache partition of the victim and mount a confused-deputy side-channel attack. To demonstrate the viability of these attacks, we focus on the MMU, demonstrating that indirect cache attacks based on translation operations performed by the MMU are practical and can be used to bypass all the existing software-based defenses. Our results show that the isolation enforced by existing defense techniques is imperfect and that generalizing such techniques to mitigate arbitrary cache attacks is much more challenging than previously assumed.

14:00 - 14:25 Pietro Frigo (VU) - "GLitch: Practical Microarchitectural Attacks from the GPU"

Abstract: Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this work we look at the security implications of integrated Graphics Processing Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives.

14:25 - 14:30 Award Ceremony

 

Monday, January 28, 2019