Department of Computer Science and Technology

Security Group

2019 seminars

Expand all Collapse all

If you can't find a talk you are looking for on this page, try the old archives.

View original page

29 January 14:00Keeping authorities honest with verifiable append-only logs, and making backdoored software updates detectable / Mustafa Al Bassam, Department of Computer Science, University College London (UCL)

LT2, Computer Laboratory, William Gates Building

Transparency is important in services that rely on authoritative information, as it provides a robust mechanism for holding authorities accountable for their actions, or making those actions publicly auditable. A number of solutions have emerged in recent years that provide public auditability in the setting of public key infrastructure (such as certificate and key transparency), and cryptocurrencies provide an example of how to allow for public verifiability in a financial setting.

In this seminar, we explore the technical mechanisms for building transparent, auditable or verifiable systems, including verifiable data structures, append-only logs and blockchains. We discuss how such systems can provide extra security assurances to users in the context of compelled software backdoors (e.g. via the Investigatory Powers Act), by enforcing transparency mechanisms in software distribution.

View original page

22 January 14:00Evil on the Internet / Richard Clayton, Computer Laboratory, University of Cambridge

LT2, Computer Laboratory, William Gates Building

This talk introduces the audience to a wide range of 'evil' websites that aim to defraud you of your money, with live examples presented to explain how they work and what is currently known about the criminals who operate them. There are many types of fraud ... you will see "phishing" sites which collect banking credentials; fake escrow sites defrauding the winners of online auctions; fake banks which hold cash for fake African dictators; Ponzi scheme websites where almost (but not quite) everyone knows that they’re a scam; booters where you can buy a DDoS attack on your game playing opponents; ecommerce shops where you should not spend your money and various other types of evil including some very cute pictures of (non-existent) puppies.

Please note that, very regrettably of course, there's so much to see that this talk doesn't fit into a one hour slot.


Bio

Dr Richard Clayton is the Director of the Cambridge Cybercrime Centre based in the Computer Laboratory. He has been studying online fraud for decades and is currently heading an initiative to not only study online wickedness in Cambridge, but to collect extremely large cybercrime datasets and make them available to other academics so that they can contribute their expertise as well.

View original page

15 January 14:00Trustworthy and Accountable Function-as-a-Service using Intel SGX / Andrew Paverd, Microsoft Research Cambridge

LT2, Computer Laboratory, William Gates Building

Function-as-a-Service (FaaS) is a recent and already very popular paradigm in cloud computing. The function provider need only specify the function to be run, usually in a high-level language like JavaScript, and the service provider orchestrates all the necessary infrastructure and software stacks. The function provider is only billed for the actual computational resources used by the function invocation. Compared to previous cloud paradigms, FaaS requires significantly more fine-grained resource measurement mechanisms, e.g. to measure compute time and memory usage of a single function invocation with sub-second accuracy. Thanks to the short duration and stateless nature of functions, and the availability of multiple open-source frameworks, FaaS enables non-traditional service providers e.g. individuals or data centers with spare capacity. However, this exacerbates the challenge of ensuring that resource consumption is measured accurately and reported reliably. It also raises the issues of ensuring computation is done correctly and minimizing the amount of information leaked to service providers.

To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our design introduces a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of resource measurement mechanisms that securely measure compute time and memory allocations within an enclave.