Behavioral Advertising and Consumer Welfare: An Empirical Investigation
Speaker: Alessandro Acquisti with Eduardo Schnadower Mustri and Idris Adjerid
The value that consumers derive from behavioral advertising has been more often posited than empirically demonstrated. The majority of empirical work on behavioral advertising has focused on estimating the effectiveness of behaviorally targeted ads, measured in terms of click or conversion rates. I will present the results of two online within-subject experiments that, instead, employ a counterfactual approach, designed to assess comparatively some of the consumer welfare implications of behaviorally targeted advertising.
CirC, a compiler for cryptographic computation and more
Cryptographic tools like proof systems, multi-party computation, and fully homomorphic encryption are usually applied to computations expressed as systems of arithmetic constraints. In practice, this means that these applications rely on compilers from high-level programming languages (like C) to such constraints. This compilation task is challenging, but not entirely new: the software verification community has a rich literature on compiling programs to logical constraints (like SAT or SMT). This talk gives an overview of our shared infrastructure for software verification and cryptographic computation, and how we combine different compiler backends (e.g., for proof systems and verification or multi-party computation and optimization) to support completely new applications.
Tackling Data Silos with Synthetic Data
Speaker: Giulia Fanti
Organizations are often unable to share data due to regulatory, business, and privacy concerns. The resulting data silos seriously inhibit the development, tuning, testing, and auditing of data science pipelines. In this talk, I will discuss the promise and challenges of using synthetic data from deep generative models to share data across institutional boundaries, thereby mitigating data silos. I will focus on a case study from the networking and security domain, in which we produce synthetic network traces using deep generative models. We study key challenges related to the fidelity, privacy, and interpretability of the synthetic data. Doing so involves both system design and addressing fundamental learning challenges for GANs. Ultimately, we demonstrate NetShare, a synthetic data generator for network packet header traces; NetShare matches microbenchmark distributions in real data 40% better than baselines, while also enabling synthetic data users to train models for downstream tasks. At the same time, we discuss some privacy challenges that arise when training synthetic data models, and highlight the need for new privacy tools.
Physical Side-Channel-based Intrusion Detection System for Automotive Microcontrollers
Speaker: Stefan Gehrer
Protecting the security of the internal network of connected vehicles remains a priority to guarantee the safety of current and future automotive systems. We will present a lightweight host-based Intrusion Detection System (IDS), which takes advantage of the power consumption of the software that executes in automotive microcontrollers to detect tampering. We collected traces of normal and abnormal software behavior to train classifiers to learn a voltage fingerprint. At a sampling rate of 9.8MS/s, we achieved a test accuracy of 99.9% with deep learning (DL) and 99.67% with gradient boosting. We verified the high test accuracy for different setup parameters.
To demonstrate the real-world applicability of this IDS on an automotive microcontroller, we integrated and benchmarked a complete machine learning (ML) pipeline on an Infineon AURIX TriCore, leveraging its analog-to-digital converters (ADCs) for the purpose of gathering traces.
ZT4SDV – Zero Trust for Software Defined Vehicles or How to Implement a Dynamic Trust Model for Safety-Relevant Controllers
Speaker: Robert Kaster
The question of trust, for today’s static vehicle architectures, is often defined once when manufacturing the vehicle and receives a binary answer. Tomorrow’s dynamic architectures require a more flexible approach. The principles of zero trust provide a proven basis for protecting confidentiality. We reevaluate these with a focus on protecting vehicle safety and propose a scheme for building incremental trust to a prerequisite level based on the safety requirements for the desired action.
Adversarial Attacks on Large Language Models
Speaker: Zico Kolter
In this talk, I'll discuss our recent work on adversarial attacks against public large language models (LLMs), such as ChatGPT and Bard. Using combined gradient-based and greedy search on open source LLMs, we find adversarial suffix strings that cause these models to ignore their "safety alignment" and answer potentially harmful user queries. And most surprisingly, we find that these adversarial prompts transfer amazingly well to closed-source, publicly-available models. I'll discuss the methodology and results of this attack, as well as what this may mean for the future of LLM robustness.
Applications of TEEs to Software-in-the-Loop and IP Protection
Speaker: Shalabh Jain
The automotive industry is pivoting increasingly towards software based solutions, components, and development environments. This pursuit leads to increased reliance on outsourced cloud infrastructure. As a result, the security architecture of existing design pipelines must be reinforced with state-of-the art technology available in cloud environments, without significant changes for the users. We illustrate the challenges with this approach in context of software in the loop (SiL) systems. In automotive, SiL systems are setups where traditional hardware components are designed and tested in pure virtual PC/IT environment consisting of virtualized hardware and networks. Cloud-based SiL simulation systems involving multiple contributors and orchestrators create huge risks for organizations due to potential for leakage of confidential model-IP to adversaries within the distributed infrastructure. We provide examples of a data-flow architecture using trusted-computing technologies (e.g. Intel-SGX) to protect models and IP in cloud-based SiL environments.
Software Security Challenges in the Era of Modern Hardware
Speaker: Riccardo Paccagnella
Today’s hardware cannot keep secrets. Indeed, the past two decades have seen the discovery of a slew of attacks where an adversary exploits hardware features to leak software’s sensitive data. These attacks have shaken the foundations of computer security and caused a major disruption in the software industry. Fortunately, there has been a saving grace, namely the widespread adoption of models that have enabled developers to build secure software while comprehensively preventing hardware vulnerabilities.
In this talk, I will present two new classes of vulnerabilities that fundamentally undermine these prevailing models for building secure software. In the first part, I will demonstrate that the current constant-time programming model is insufficient to guarantee constant-time execution. In the second part, I will demonstrate that the current resource partitioning model is insufficient to guarantee software isolation. Finally, I will propose future research directions for enabling the design of more secure software and hardware systems.
To be trusted, ML models need to know what they don’t know and how they learned what they do know
The predictions of machine learning often appear fragile, with no hint as to the reasoning behind them—and may be dangerously wrong. This situation is in large part due to the absence of security considerations in the design of machine learning algorithms. One direction that has been proposed to develop more trustworthy ML algorithms is the introduction of randomization. In this talk, we first contrast the success of randomized algorithms for privacy-preserving learning with failed applications of randomization to develop more robust machine learning models. From this comparison, we identify best practices for the research community and highlight how, moving forward, a better understanding of the training dynamics of machine learning algorithms will be needed to trust model predictions. Such an understanding can lead to better estimations of the uncertainty of model predictions and help attribute model predictions to the training data that supports them. The implications are wide ranging from defending against model stealing to improving the training of models for generative AI.
Cyber Security Challenges
Speaker: Christoph Peylo
The focus of this talk is on the challenges posed to business enterprises due to the significant rise in cyber attacks. The overall attack strategies of economically motivated attackers and the corresponding underlying market strategies will be discussed, along with potential defensive strategies.
Load, Overload, and Denial of Service: Building Input-Resilient Networked Systems
Speaker: Justine Sherry
Network security appliances—such as intrusion detection/prevention systems (‘IDS’), forensic andmonitoring systems (“network loggers”), and authentication systems—are crucial to defending networked assets. We argue that network security infrastructure itself is vulnerable to overload-based attacks due to a combination of trends in computer hardware as well as poor analysis of worst-case performance bounds in the design and implementation of these systems. In this proposal, we demonstrate how to mitigate these vulnerabilities through a combination of new hardware systems designs along with mathematical bounds on their performance.