Keynote-1: Dr. René Mayrhofer, Google, Head of Android Security
Title: Android Security: Taming the Complex Ecosystem [slides]
Abstract: The Android ecosystem is immense, represents a diverse manifold of use cases and participants, and is therefore highly complex. At the same time, Android primarily targets end-users and acts as the gateway to digital services for a majority of often non-technical Internet users. Balancing flexibility, security, and usability raises interesting challenges; many trade-offs are not immediately apparent and non-trivial to resolve. This talk will cover some of my own lessons learned before and since joining the Android Security & Privacy team, starting with the Android platform security model, complexities of the ecosystem that are particularly relevant to security, and methods to improve security across many partners. Current and future challenges include insider attack resistance, transparency different layers, and new use cases such as identity credentials.
Bio: René Mayrhofer is currently heading the Android Platform Security team and tries to make recent advances in usable, mobile security research available to the Billions of Android users. He is on leave from the Institute of Networks and Security at Johannes Kepler University Linz (JKU), Austria, where he continues to supervise PhD and Master students. Previously, he held a full professorship for Mobile Computing at Upper Austria University of Applied Sciences, Campus Hagenberg, a guest professorship for Mobile Computing at University of Vienna, and a Marie Curie Fellowship at Lancaster University, UK.
His research interests include computer security, mobile devices, network communication, and machine learning, which he currently brings together in his research on securing mobile devices. Within the scope of u’smile, the Josef Ressel Center for User-friendly Secure Mobile Environments, his research group looked into full-stack security of mobile devices from hardware through firmware up to user interaction aspect. One particular outcome was a prototype for a privacy conscious Austrian mobile Driving License (AmDL) on Android smartphones supported by tamper-resistant hardware. René has contributed to over 80 peer-reviewed publications and is a reviewer for numerous journals and conferences. He received Dipl.-Ing. (MSc) and Dr. techn. (PhD) degrees from Johannes Kepler University Linz, Austria and his Venia Docendi for Applied Computer Science from University of Vienna, Austria.
Keynote-2: Professor Guevara Noubir, Northeastern University
Title: Wireless and Mobile Softwarization: Security and Privacy Pandora’s Box?
Abstract: The wireless revolution delivered beyond the pioneers dreams, forever changing how we access information, interact with each other, and our physical world. Yet, a confluence of factors indicates that a security and privacy storm is brewing. Limited resources and lack of strong security models, led to a variety of weaknesses in wireless and mobile systems. These risks are amplified by the accerelated pervasiveness and ad hoc integration of wireless communications in a variety of systems. At the same time hardware and in particular wireless softwarization is removing natural barriers such as attacks physical co-location, or cost. In this talk we reflect on some of the wireless and mobile security and privacy challenges and trends, from side-channel attacks to cross-layer attacks, as well as defense approaches and their limitations.
Bio: Guevara Noubir holds a PhD in Computer Science from the Swiss Federal Institute of Technology in Lausanne (EPFL) (1996). His research covers both theoretical and practical aspects of privacy, security, and robustness in networked systems. Prior to joining Northeastern University, he was a senior researcher at CSEM SA (1997-2000) where he led the design and development of the data protocol-stack of the third generation Universal Mobile Telecommunication System (UMTS) and its world first 3G prototype. His research led to a wide range of mechanisms and algorithms for scalable, secure, private, and robust wireless and mobile communications. He led the winning team of the 2013 DARPA Spectrum Cooperative Challenge against 90 academic and industry teams. He is a recipient of the National Science Foundation CAREER Award (2005), the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) best paper award in 2011 and runner-up best paper in 2013. His research was featured in the NSF CISE/CNS Highlights in 2009 and 2012.
Professor Noubir has held visiting research positions at Eurecom, MIT, and UNL. Professor Noubir has served as program co-chair of many conferences in his areas of expertise, including the ACM Conference on Security and Privacy in Wireless and Mobile Networks, IEEE Conference on Communications and Network Security, and IEEE WoWMoM. He also co-chaired two NSF Workshop on bio-computation and communications. He serves on the editorial board of the IEEE Transaction on Mobile Computing, the Elsevier Journal on Computer Networks and the ACM Transactions on Information and System Security.
Keynote-3: Professor Wenjing Lou, Virginia Tech
Title: Blockchain and Private Data Usage Control
Abstract: Blockchain, the technology behind Bitcoin, has drawn widespread attention in recent years. As a popular “secure by design” technology, Blockchain has great potential to enable a wide range of distributed applications across a broad spectrum of industries. In this talk, we will first examine some fundamental properties of blockchain. While blockchain promises decentralization, irreversible record keeping, public verifiability, transparency, and user anonymity, etc., some of these properties are not guaranteed and they come at a very high price. At the same time, excessive overhead and performance deficits may place a fundamental limit on the use of blockchain in many applications. We will also introduce “PrivacyGuard”, a blockchain-based private data usage control system that prevents unauthorized data access and usage. PrivacyGuard seamlessly integrates two technologies, smart contract and trusted execution environment (TEE), to overcome the contract execution efficiency problem with a novel trustworthy off-chain contract execution engine.
Bio: Wenjing Lou is the W. C. English Professor of Computer Science at Virginia Tech and a Fellow of the IEEE. She holds a Ph.D. in Electrical and Computer Engineering from the University of Florida. Her research interests cover many topics in the cybersecurity field, with her current research interest focusing on privacy protection in networked information systems and security and privacy problems in the Internet of Things (IoT) systems.
Prof. Lou is currently on the editorial boards of IEEE Transactions on Dependable and Secure Computing (TDSC), ACM/IEEE Transactions on Networking (ToN), IEEE Transactions on Mobile Computing (TMC), and Journal of Computer Security. She is the TPC chair for IEEE INFOCOM 2019 and SecureCom 2019. She chairs the steering committee of IEEE Conference on Communications and Network Security (IEEE CNS) and is also a member of the steering committees of IEEE INFOCOM and IEEE Transactions on Mobile Computing.