Dr. Karthikeyan Bhargavan Research Scientist, Inria Paris (an Inria director of research specialised in the security of data exchanges on the Internet) | |
Title: | Towards High-Assurance Cryptographic Software |
Abstract: | After a spate of recent high-profile attacks on popular cryptographic protocol libraries like OpenSSL, both developers and researchers are calling for new testing and verification frameworks that can effectively find and prevent such critical flaws in modern cryptographic software. In this talk, we shall investigate the root cause of some recent attacks on the Transport Layer Security (TLS) protocol and advocate the use of formal verification in both the design and implementation of cryptographic protocols. As examples of this methodology, I will use two ongoing open-source projects that are being developed using the F* programming and verification framework. The first project is HACL*, a verified cryptographic library, and the second project is miTLS, a verified implementation of the TLS protocol. |
Dr. Doug Tygar University of California, Berkeley | |
Title: | Adversarial machine learning |
Abstract: | Machine learning is often hailed a core element of malware detection and intrusion detection systems. In a world of zero day attacks, advanced persistent threats, spear phishing, and targeted attacks, statistical machine learning techniques can offer a defense against attacks for which no known signature exists. But just how secure is machine learning itself? Classical machine learning techniques are designed to handle random noise in training data, but were not designed to protect against Byzantine noise, where an adversary onstructs training data that deliberately mistrains classifiers. In this talk, I will show some of the ways that an adversary can successfully manipulate machine learning algorithms, and will discuss methods for hardening those algorithms against some types of attacks. I will also discuss the prospects for a new field of security analytics based on secure machine learning algorithms. This is joint work with several colleagues and students at UC Berkeley.. |