Prof. Zhiqiang Lin
Title: Towards Distributed and Virtualized Trusted Execution Environments
Zhiqiang Lin is a Professor of Computer Science and Engineering at The Ohio State University. He received his Ph.D. in Computer Science from Purdue University. His research interests center around systems and software security, with a key focus on developing automated binary analysis and reverse engineering techniques for vulnerability discovery, and hardening the systems and software from binary code rewriting, virtualization, and trusted execution environment. He has published over 100 papers, 43 of which were appeared in the big-four venues in his field (i.e., IEEE S&P, CCS, USENIX Security, and NDSS). He has also served on the technical program committee of the big-four conference many times, chaired or co-chaired ISC (2019), FEAST (2019), and ASIACCS (2021). Currently, he is an Associate Editor of ACM Transactions on Privacy and Security, ACM/IEEE Transactions on Networking, IEEE Transactions on Dependable and Securing Computing, and IEEE Transactions of Mobile Computing. He is a recipient of NSF CAREER award, AFOSR Young Investigator award, and Faculty Research Awards from VMware and Amazon.
Today, we are in the era of data economy, where a large volume of privacy sensitive data has been collected and processed by various edges and clouds. However, these data-centric, edge-cloud innovations are under persistent threats of security breaches, and growing regulatory pressure. Therefore, there is an urgent demand for technologies protecting data-in-use in such distributed systems. While cryptographic solutions (e.g., homomorphic encryption) are promising, they are still far away from wide deployment, due to their performance predicaments. Recently, the progress in trusted execution environment (TEE) such as Intel SGX and AMD SEV offers a new hope. However, TEE is designed to protect computing in a single node (e.g., an SGX enclave), whereas in a distributed environment like cloud and edge computing, trust needs to be established across a large number of heterogeneous nodes and their interactions so the whole distributed workflow can be protected. Meanwhile, current TEEs and their applications are tightly bound to the hardware implementation, hindering their evolutions and compatibility. In this talk, I will present a vision for a distributed and virtualized TEE, where data can be collected and processed in a distributed and faster evolvable TEEs across the edge and cloud. In particular, I will talk about how to achieve this vision, and the challenges we have to solve. Next, I will talk about a step we recently made with vSGX, which virtualizes the execution of an Intel SGX enclave on top of AMD SEV, with the goal of decoupling TEE from the hardware and enabling the faster evolution of TEEs. Finally, I will talk about with vSGX virtualized TEE can be possible and it can become a fundamental building block towards the vision of distributed TEE.
Prof. Xinyi Huang
Title: Towards Efficient Privacy-Preserving Inspection of TLS Encrypted Traffic
Xinyi Huang received his Ph.D. degree from the School of Computer Science and Software Engineering, University of Wollongong, Australia, in 2009. He is currently a Professor at the College of Computer and Cyber Security, Fujian Normal University, China. His research interests include cryptography and information security. He has published over 160 research papers in refereed international conferences and journals, such as ACM CCS, Crypto, Asiacrypt, IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, and IEEE Transactions on Information Security and Forensics. His work has been cited more than 10000 times at Google Scholar. He is in the Editorial Board of International Journal of Information Security and SCIENCE CHINA Information Sciences. He has served as the program/general chair or program committee member in over 120 international conferences.
Network middleboxes perform deep packet inspection to detect anomalies and suspicious activities in network traffic. However, increasingly these traffic are encrypted and middleboxes can no longer make sense of them. This raises the problem of privacy-preserving inspection on TLS encrypted traffic. In this talk will first introduce the need for TLS traffic inspection and the problem with the existing approach. Three recent proposals, namely Blindbox, PrivDPI and Pine, will be then introduced. Finally, I will present conclusion and future direction.