'''
信息安全分论坛议程
时间:2015 年 12 月 18 日
地点:复旦大学邯郸校区光华楼东辅楼 103 报告厅
主题:网络空间信息与系统安全
主持人:复旦大学计算机科学技术学院院长,王晓阳
08:30-09:00 开幕式 主持人:王晓阳09:00-10:20 第一场:网络与通信安全 主持人:吴杰 题目: Randomness and Privacy in Communications 报告人: Don Towsley,麻省大学 题目: Toward Simpler, More Flexible, More Secure Networking using Software-Driven Networking 报告人: Richard Yang,耶鲁大学10:20-10:40 茶歇10:40-12:00 第二场:系统与应用安全 主持人:韩伟力 题目: Understanding and Mitigation of Risks in Mobile Applications 报告人: Gail-Joon Ahn, 亚利桑那州立大学 题目: Design for a Concrete IT System-level Moving Target Defense Platform 报告人: Xinming Ou,南佛罗里达州大学12:00-14:00 午餐14:00-15:20 第三场:安全中的社会因素 主持人:王晓阳 题目: On the Importance of Collaboration for Cybersecurity: the Why and How 报告人: Marc Dacier, 卡塔尔计算研究所 题目: Bottom Line Security: Understanding the True Cost of Cybersecurity Attacks 报告人: Chris Kanich, 芝加哥伊利诺伊大学15:20-15:40 茶歇15:40-17:00 第四场:应用密码学 主持人:赵运磊 题目: Achieving Data Security & Privacy in Untrusted Servers 报告人: Robert Deng, 新加坡管理大学 题目: Privacy Preserving Computing and Min and k-th Min 报告人: 仲盛, 南京大学17:00-17:05 闭幕式 主持人:王晓阳
Fudan Science and Innovation Forum 2015
Information Security Sub-Forum Agenda
Time: Friday, December 18th, 2015
Venue: Room 103, 1st Floor, East Sub-building of Guanghua Tower, Fudan University
Topic: Information and Systems Security
Host: Dean of School of Computer Science, X. Sean Wang
08:30-09:00 Opening Ceremony Chair: X. Sean Wang
09:00-10:20 Session 1: Networking and Communication Security Chair: Jie Wu
Title: Randomness and Privacy in Communications
Speaker: Don Towsley (University of Massachusetts)
Title: Toward Simpler, More Flexible, More Secure Networking using Software-Driven Networking
Speaker: Richard Yang (Yale University)
10:20-10:40 Tea break
10:40-12:00 Session 2: Systems and Application Security Chair: Weili Han
Title: Understanding and Mitigation of Risks in Mobile Applications
Speaker: Gail-Joon Ahn (Arizona State University)
Title: Design for a Concrete IT System-level Moving Target Defense Platform
Speaker: Xinming Ou (University of South Florida)
12:00-14:00 Lunch
14:00-15:20 Session 3: Social Factors in Security Chair: X. Sean Wang
Title: On the Importance of Collaboration for Cybersecurity: the Why and How
Speaker: Marc Dacier (Qatar Computing Research Institute)
Title: Bottom Line Security: Understanding the True Cost of Cybersecurity Attacks
Speaker: Chris Kanich (University of Illinois at Chicago)
15:20-15:40 Tea break
15:40-17:00 Session 4: Applied Cryptography Chair: Yunlei Zhao
Title: Achieving Data Security & Privacy in Untrusted Servers
Speaker: Robert Deng (Singapore Management University)
Title: Privacy Preserving Computing and Min and k-th Min
Speaker: Sheng Zhong (Nanjing University)
17:00-17:05 Closing Ceremony Chair: X. Sean Wang
Don Towsley
Biography:
Don Towsley holds a B.A. in Physics (1971) and a Ph.D. in Computer Science (1975) from University of Texas. He is currently a Distinguished Professor at the University of Massachusetts in the Department of Computer Science. He has held visiting positions at numerous universities and research labs. He currently holds an adjunct faculty position with Xi’an Jiaotong University. His research interests include networks and performance evaluation.
He currently serves as a Co-Editor-in-Chief of ACM Transactions on Modeling and Performance Evaluation of Computer Systems (TOMPECS) and served previously as Editor-in-Chief of IEEE/ACM Transactions on Networking, and on numerous editorial boards. He has served as Program Co-chair of several conferences including INFOCOM 2009.
He has received numerous awards including the 2007 IEEE Koji Kobayashi Award, the 2008 ACM SIGCOMM Achievement Award, the 2011 IEEE INFOCOM Achievement Award, and numerous paper awards including a 2008 ACM SIGCOMM Test-of-Time Paper Award and the 2012 ACM SIGMETRICS Test-of-Time Award. Last, he has been elected Fellow of both the ACM and IEEE.
Title: Randomness and Privacy in Communications
Abstract: Security and privacy are fundamental concerns in today’s world. Recent revelations have shown that traditional cryptographic techniques do not provide the security that was expected. Moreover there are situations where even the presence of communications needs to be hidden and remain private; cryptographic techniques cannot provide such privacy. This has called into question how security and privacy can be provided. In this talk we investigate how randomness in the environment can be used to provide privacy in wireless communications. We consider the canonical problem where Alice wants to communicate with Bob in the presence of an adversary, Willie the Warden without Willie ever realizing that the communication is taking place. We consider a variety of wireless and wireline communication systems and determine how much information Alice can send privately to Bob without being detected. For example in wireless and optical communication systems, we establish that Alice can send bits (and no more) to Bob in time . On the other hand in a wireline channel where Alice can manipulate packet timings in order to encode information, Alice can convey much more information. Last, we report experimental results that corroborate these results. 
Richard Yang
Biography:
Richard Yang is a Professor of Computer Science at Yale, where he founded and leads the Laboratory of Networked Systems (LANS). He is also a professor at Tongji University, where he leads the SNLab. Prof. Yang's current research focus is on new computer network architectures, SDN programming, content distribution networks, and network-application interactions. He has published more than 10 papers in ACM SIGCOMM, the flagship conference on networking; among which 4 were nominated as best papers. His team proposed the framework of P4P for network-application interactions, which is adopted by IETF by forming the ALTO Working Group, which has defined the ALTO Protocol. His work has been implemented/adopted in products/systems of major companies (e.g., AT&T, Alcatel-Lucent, Cisco, Microsoft, PPLive, Youku), and featured in mainstream media including Economist, Forbes, Guardian, Chronicle of Higher Education, Information Week, MIT Technology Review, Science Daily, USA Today, Washington Post, and Wired, among others. His awards include a CAREER Award from the National Science Foundation and a Schlumberger Foundation Award. Dr. Yang's received his B.E. degree in Computer Science and Technology from Tsinghua University (1993), and his M.S. and Ph.D. degrees in Computer Science from the University of Texas at Austin (1998 and 2001).
Title: Toward Simpler, More Flexible, More Secure Networking using Software-Driven Networking
Abstract: Despite the success of traditional networking, control and management of existing networks have become too complex, leading to rigidity and vulnerabilities. In this talk, I will discuss a software-driven network programming framework that substantially simplifies network control and management, producing highly programmable, more secure networks.
Gail Joon Ahn
Biography:
Gail-Joon Ahn, Ph.D, CISSP is a Professor of Computer Science and Engineering Program in the School of Computing, Informatics and Decision Systems Engineering (CIDSE), Futon Entrepreneurial Professor, and Director of Center for Cybersecurity and Digital Forensics and Laboratory of Security Engineering for Future Computing at Arizona State University. Also he is currently a guest professor of Wuhan University. Prior to ASU, he was the Founding Director of Center for Digital Identity and Cyber Defense Research (DICyDER) at UNC Charlotte.
He is a recipient of US Department of Energy Early Career Principal Investigator Award, Educator of the Year Award from Federal Information Systems Security Educators' Association (FISSEA) and Best Researcher Award from CIDSE. Also, he serves as Associate Editor-in-Chief of IEEE Transactions on Dependable and Secure Computing, Associate Editor of IEEE Transactions on Information Forensics and Security, Associate Editor of ACM Transactions on Information and Systems Security and Editorial Board of Computers & Security. He is also the Steering Committee Chair of ACM Symposium on Access Control Models and Technologies. He is currently the information director of ACM Special Interest Group on Security, Audit and Control (SIGSAC) and the Steering Committee Chair of ACM Symposium on Access Control Models and Technologies. He also holds seven US patents on cybersecurity and privacy.
Title: Understanding and Mitigation of Risks in Mobile Applications
Abstract: More than half of adult Americans own a smartphone and sales are expected to exceed PC sales in the near future. Mobile operating systems allow third-party developers to create applications (apps). The onus is placed on the owner to evaluate, before an app is installed, the security and privacy implications of installing an app, using only the description and the permissions requested. For the average smartphone owner this information is not enough to make an informed decision. Power must be returned to smartphone owners. We have investigated various approaches to automatically generate app intelligence to empower owners to evaluate the security and privacy implications of installing and running an app. This talk overviews our approaches and results that show how we could create such intelligence.
Xinming Ou
Biography:
Dr. Xinming (Simon) Ou is associate professor of Computer Science and Engineering at University of South Florida. He received his PhD from Princeton University in 2005, and his ME and BE degrees from Tsinghua University in 2000 and 1998. Before joining USF, he was a faculty member at Kansas State University from 2006 to 2015. Dr. Ou's research is primarily in cyber defense technologies, with focuses on intrusion/forensics analysis, cloud security and moving-target defense, mobile system security, and cyber physical system security. Dr. Ou's research has been funded by National Science Foundation, Department of Defense, Department of Homeland Security, Department of Energy, National Institute of Standards and Technology (NIST), HP Labs, and Rockwell Collins. He is a recipient of 2010 NSF Faculty Early Career Development (CAREER) Award, a three-time winner of HP Labs Innovation Research Program (IRP) award, and 2013 K-State College of Engineering Frankenhoff Outstanding Research Award.
Title: Design for a Concrete IT System-level Moving Target Defense Platform
Abstract: The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity and raising the costs of their reconnaissance and attack efforts. The idea of applying moving target techniques for a whole IT system is intuitively beneficial for security. However, little research has been done to show that this idea is feasible. In this talk, I will present the design of a concrete MTD platform --- ANCOR (Automated eNterprise network COmpileR), which supports whole-system moving target defense. The ANCOR platform is based on an abstraction model that captures the IT system's configuration parameters and dependencies, which allows the platform to reason over and change the IT system's configuration at run time. To evaluate the platform's practicality, we show experimentally over multiple concrete IT system implementations that the platform's configuration changes do not disrupt normal operations and introduce only a very small run time overhead.
Marc Dacier
Biography:
Since Sept 1st 2014, Marc Dacier, Ph.D., is leading the growing Cybersecurity Group at the Qatar Computing Research Institute (QCRI/HBKU). Dr. Dacier holds a PhD from the INPT, France, obtained in 1994 after 3 years at LAAS-CNRS. After one year as a security consultant in Paris, France, he joined IBM Research in Zurich, Switzerland to create the Global Security Analysis Laboratory. In 2002, he left IBM to become a professor at Eurecom, France. In 2008, he left Eurecom to join Symantec to build its European Research Labs and manage all the ongoing collaborative research projects, worldwide. He spent 2 years in the USA while in that role. An internationally recognized expert in cybersecurity, Dr. Dacier has served on more than 60 program committees of all major security and dependability conferences and as a member of the editorial board of several technical journals.
Title: On the importance of collaboration for cybersecurity: the why and how
Abstract: The notion of data and/or threats intelligence sharing has become a very hot buzzword within the security community over the last few years. Several initiatives are taking place. Unfortunately, they are usually confined within the boundaries of a given industry, structure, country or sets of countries by implementing a “friends of friends” paradigm. Alternatively, some other schema involved a trusted third party, typically a vendor or a government body. Whereas both approaches have merits they also suffer from severe drawbacks that will be outlined in this talk. Furthermore, we will present some very concrete and successful examples of worldwide collaborations that have taken place over the years as well as the benefits they have generated. As some of them are still active, we will explain how Chinese actors could also, if they so desire, participate to such international collaborations, what this would practically mean and what they would have to win in such joint activities.
Chris Kanich
Biography:
Chris Kani ch is an Assistant Professor in the Department of Computer Science at the University of Illinois at Chicago. He received his Ph.D. in Computer Science and Engineering at UC San Diego and a B.S. in Mathematics and Computer Science at Purdue University. His current research focuses on improving user experience in the face of cybersecurity attacks. His approach uses myriad data-driven techniques (anything from botnet infiltration to user studies) to improve our understanding of how to counteract the true motivations of cybercriminals and minimize real-world losses for targets of cybercrime.
Title: Bottom Line Security: Understanding the True Cost of Cybersecurity Attacks
Abstract: This presentation will highlight recent results that improve our understanding the true cost of cybercrime. I'll also show how these results can lead to actionable insights into which attacks we should be spending our finite effort combating. I'll cover losses due to affiliate fraud, measured in profits lost, both by the platforms and legitimate marketers. I'll also cover losses incurred due to typosquatting: while typosquatting is perpetrated by thousands upon thousands of domains, the harm caused is not clear. We use a model which quantifies how many visitors legitimate sites lose and how much time end users waste when they visit these sites. Finally, I'll showcase a tool whichquantifies the value of a user's private data (their account logins), which can motivate better security behavior through a personalized warning regarding how much their account might be worth to cybercriminals.
Robert H. Deng
Biography:
Robert H. Deng has been a Professor at the School of Information Systems, Singapore Management University since 2004. Prior to this, he was Principal Scientist and Manager of Infocomm Security Department, Institute for Infocomm Research, Singapore. His research interests include data security and privacy, multimedia security, network and system security. He was Associate Editor of the IEEE Transactions on Information Forensics and Security from 2009 to 2012. He is currently Associate Editor of IEEE Transactions on Dependable and Secure Computing, and member of Editorial Board of the Journal of Computer Science and Technology (the Chinese Academy of Sciences) and the International Journal of Information Security (Springer), respectively. He is the chair of the Steering Committee of the ACM Symposium on Information, Computer and Communications Security (ASIACCS). He received the University Outstanding Researcher Award from the National University of Singapore in 1999 and the Lee Kuan Yew Fellow for Research Excellence from the Singapore Management University in 2006. He was named Community Service Star and Showcased Senior Information Security Professional by (ISC)^2 under its Asia-Pacific Information Security Leadership Achievements program in 2010.
Title: Achieving Data Security & Privacy in Untrusted Servers
Abstract: Traditionally, access controls to data are enforced by employing trusted servers to store data and mediate access control. However, services are increasingly storing data across many servers shared with other data owners. An example of this is cloud computing which has the great potential of providing various services to the society at significantly reduced cost due to aggregated management of elastic resources. Since software systems are not guaranteed to be bug-free and hardware platforms are not under direct control of data owners in such distributed systems, security risks are abundant. To mitigate users’ security and privacy concerns about their data, a common solution is to outsource data in encrypted form so that it will remain private even if data servers are not trusted or compromised. The encrypted data, however, must be amenable to sharing and access control. In this talk, I will discuss various security issues related to outsourced data storage and provide an overview of emerging solutions for realizing secure access to encrypted data in untrusted servers.
Sheng Zhong
Biography:
Sheng Zhong received his BS (1996), MS (1999) from Nanjing University, and his PhD (2004) from Yale University, all in computer science. He used to be on the faculty of SUNY Buffalo computer science and engineering, receiving NSF CAREER Award and early tenure promotion over there. Currently he is a professor at Nanjing University. He is a recipient of the National Science Fund for Distinguished Young Scholars of China, and has also been supported by the 1000-Talent Recruit Program of China (Youth Class). He is an Editorial Board Member of Science China Information Sciences, an Editor of IEEE Transactions on Vehicular Technology, and an Associate Editor of Information Sciences.
Title: Privacy Preserving Computing and Min and k-th Min
Abstract: Protecting users' privacy is extremely important in mobile sensing applications. In this work, we study how an aggregator can quickly compute the minimum or the k-th minimum of users' data, without learning the data. Two protocols are built, based on random coding and an XOR-homomorphic encryption scheme. These protocols are proved to be secure in the semi-honest model. Empirical data demonstrates that our protocols have greatly improved the efficiency compared with previous protocols.'''
