Keynote Speakers

Dr. William Enck is an Associate Professor in the Department of Computer Science at the North Carolina State University where he is co-director of the Secure Computing Institute (SCI) and director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck's research interests span the broad area of systems security, with a focus on access control in emerging and complex systems such as those found in mobile platforms, Internet of Things (IoT), networks, and cloud infrastructure. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms. Prof. Enck was awarded the National Science Foundation CAREER Award and regularly serves on program committees for top conferences in security such as USENIX Security, IEEE Security and Privacy, ACM CCS, and NDSS. He is serving as department editor for IEEE Security and Privacy Magazine, as associate editor for ACM TOIT, and on the steering committees of the USENIX Security Symposium and ACM WiSec. He was program co-chair of USENIX Security 2018 and ACM WiSec 2016. Prior to joining NC State, Prof. Enck earned his Ph.D., M.S., and B.S in Computer Science and Engineering from the Pennsylvania State University in 2011, 2006, and 2004, respectively. Prof. Enck is a member of the ACM, IEEE, ISSA, and USENIX.

Title: Analysis of Access Control Enforcement in Android Over the past decade, the security the Android platform has undergone significant scrutiny from both academic and industrial researchers. A key take-away from this literature is that Android's app-centric access control framework represents a distinct and positive change from traditional computing platforms. However, most prior work has been directed towards third-party applications. In contrast, there has been limited investigation of the correctness of Android's access control enforcement, which is scattered throughout the middleware implementation. In this talk, I will present our recent work building a static program analysis framework for the Android middleware. I will discuss how we have applied our ACMiner and ARF analysis tools at multiple versions of the Android Open Source Project (AOSP) and discovered tens of vulnerabilities, several of which have resulted in bug bounties and CVEs. In doing so, I will describe how the transition to an app-centric security model complicates the design of OS access control and the need for automated and semi-automated techniques to evaluate its correctness.

---

Dr. Anna Squicciarini is an associate Professor in the College of Information Sciences and Technology at the Pennsylvania State University. She received her PhD in Computer Science from the University of Milan. From February 2006 to December 2007, Squicciarini was a post-doctoral fellow at Computer Science Department of Purdue University. Her main research interests are in the area of data security and privacy, with emphasis on access control mechanisms. Squicciarini's work has been funded by industry and various funding agencies, including grants from the National Science Foundation (and a CAREER Award 2015), DARPA, Air Force, and Army Research Office. She also received generous support from Industry. She is a CyberSecurity Fulbright Scholar in United Kingdom for the year of 2020. She has authored more than 90 contributions as papers in international conferences and journals, and chapters in international books.

Title: Multi-party Access Control - 10 years of successes and lessons learned As end-users have been asked to take on management tasks for their content and online resources, access control mechanisms have played an increasingly important role in a broad range of applications. These include data management for personalized medicine, content sharing sites, online communities, and technologies for remote collaborative work. To address the need of these emerging user-centered domains, an increasing body of work has recognized the importance of new multi-user (or more generally, stakeholder) access control mechanisms for multiple users. The emphasis on group-centered access control has led to a shift from the traditional approach taken in the access control community for two main reasons. First, the access control community had long investigated models and techniques to facilitate single subjects' access to resources according to well-defined locally-enforceable policies, with little attention given to group-driven access control decisions. Second,the underlying goal had been to maintain confidentiality rather than facilitate controlled sharing. As such, the decisions offered by these early mechanisms are single-user driven and often binary and based on inflexible policies. Consequently, researchers have investigated and proposed a variety of multiparty access control mechanisms, and defined rigorous models for content management among multiple users, also developing mechanisms for various applications. Some tools for practical applications have also been developed. However, we have also assisted to several "failures" where promising approaches have not gained traction, either among the research community or (even less) the applied world. In this talk I will first discuss unique needs and challenges with addressing access control for multi-owned content, and provide a perspective from various applications. Next, I will summarize main successes and failures of existing approaches, identify open research challenges for future research opportunities in this space.

---

Dr. Tal Rabin is the head of research at the newly formed Algorand Foundation. She obtained her Ph.D. in Computer Science from the Hebrew University, Israel in 1994. She joined the cryptography group at IBM Research in 1996 and managed it from 1997 to 2019. She has served as a member of the SIGACT Executive Board and a council member of the Computing Community Consortium. She has initiated and organizes the Women in Theory Workshop, a biennial event for graduate students in Theory of Computer Science. Tal is a Member of the American Academy of Arts and Sciences, a fellow of the ACM and a fellow of the International Association of Cryptologic Research (IACR). She is the 2019 recipient of the RSA Award for Excellence in the Field of Mathematics and winner of the 2014 Anita Borg Women of Vision Award for Innovation. Tal has been listed by Forbes as one of the World's Top 50 Women in Tech for 2018.

Title: Cryptography for #MeToo Reporting sexual assault and harassment is an important and difficult problem. Since late 2017, it has received increased attention as the viral #MeToo movement has brought about accusations against high-profile individuals and a wider discussion around the prevalence of sexual violence. Addressing occurrences of sexual assault requires a system to record and process accusations. It is natural to ask what security guarantees are necessary and achievable in such a system. In particular, we focus on detecting repeat offenders: only when a set number of accusations are lodged against the same party will the accusations be revealed to a legal counselor. Our solution ensures the confidentiality of the accuser and the accused as well as the traceability of false accusations using various cryptographic techniques. The protocol design emphasizes practicality, preferring fast operations that are implemented in existing software libraries. Joint work with: Ben Kuykendall and Hugo Krawczyk