|
Keynote Speaker
|
Seraphin Calo is a Principal Research Staff Member at IBM Research and currently manages the Network Science group within that organization. He received the M.S., M.A., and Ph.D. degrees in electrical engineering from Princeton University, Princeton, New Jersey. He has worked, published, and managed research projects in a number of technical areas, including: queueing theory, data communications networks, multi-access protocols, expert systems, policy based computing, and complex systems management. Dr. Calo was a leading member of the IBM team that won and continues to work on government sponsored research programs in information science. He has been very active in international conferences, particularly in the systems management and policy areas. Dr. Calo has authored more than one hundred technical papers and has a number of United States patents (26 issued). He has received six IBM Research Division awards, and twelve IBM Invention Achievement awards.
|
Title: Distributed Intelligence - Trends in the Management of Complex Systems
The ability to incorporate intelligence in even small devices and to make use of contextual information from widely deployed sensors has already begun to change management paradigms. As edge computing and IoT devices become more prevalent, systems will increasingly consist of cooperating, heterogeneous, distributed, autonomous elements. Architectures for cognitive, collaborative systems are evolving to deal with such complex environments. Concepts from multi-agent systems and autonomic computing are being applied to cope with the scope and breadth of large collections of interacting devices and services. Technologies for security and access control must evolve as well. Policy-based mechanisms are widely used and have been very successful in protecting information and controlling access to systems and services. They tend to rely, however, on a centralized infrastructure and on the automated enforcement of directives. Newer paradigms are being investigated that allow policy structures to be more dynamic and contextual, while still preserving the desired levels of control. We will present trends in the evolution of architectures for distributed, federated systems, and the technologies for managing them.
|
|
Marten van Dijk is the Charles H. Knapp Associate Professor at the Electrical and Computer Engineering department at the University of Connecticut. He has over 15 years of experience in system security research in both academia (MIT and UConn) and industry (Philips Research and RSA Laboratories). At MIT he was part of the team that introduced the first circuit realizations of Physical Unclonable Functions (PUFs) which received the A. Richard Newton Technical Impact Award in Electronic Design Automation (ACM & IEEE) in 2015, and the team that designed Aegis, the first single-chip secure processor that verifies integrity and freshness of external memory which was selected for inclusion in "25 years of International Conference on Supercomputing" in 2014. His work on a simple and efficient Oblivious RAM received a best student paper award at CCS 2013. The IRIS authenticated file system with proofs of retrievability received the NYU-Poly AT&T Best Applied Security Paper Award, 3rd place, 2012. His work on fully homomorphic encryption over the integers was nominated (1 out of 3) for best paper award at Eurocrypt 2010. Marten is associate editor of the IEEE Transactions on Computers and the IEEE Transactions on Trusted and Dependable Secure Computing.
|
Title: Leveraging Hardware Isolation for Process Level Access Control & Authentication
Critical resource sharing among multiple entities in a processing system is inevitable, which in turn calls for the presence of appropriate authentication and access control mechanisms. Generally speaking, these mechanisms are implemented via trusted software "policy checkers" that enforce certain high level application-specific "rules" to enforce a policy. Whether implemented as operating system modules or embedded inside the application ad hoc, these policy checkers expose additional attack surface in addition to the application logic. In order to protect application software from an adversary, modern secure processing platforms, such as Intel's Software Guard Extensions (SGX), employ principled hardware isolation to offer secure software containers or enclaves to execute trusted sensitive code with some integrity and privacy guarantees against a privileged software adversary.
We extend this model further and propose using these hardware isolation mechanisms to shield the authentication and access control logic essential to policy checker software. While relying on the fundamental features of modern secure processors, our framework introduces productive software design guidelines which enable a guarded environment to execute sensitive policy checking code -- hence enforcing application control flow integrity -- and afford flexibility to the application designer to construct appropriate high-level policies to customize policy checker software.
Joint work with Syed Kamran Haider, Hamza Omar, Ilia Lebedev, and Srini Devadas.
|
|