Header Ads Widget

A Golden Age of Systems Security Research: What’s Happening at the NDSS Symposium 2022

Every year, the Internet Society hosts one of the top computer and network security research conferences, the Network and Distributed Systems Security (NDSS) Symposium. While the symposium had to meet virtually last year due to the pandemic, this year we are happy to present a hybrid format, offering both remote and in-person attendance.

We’re expecting 200 people to join us in-person in San Diego, California, next week, and over 200 more to take advantage of the remote attendance. No matter which way people attend the NDSS Symposium 2022, Internet Society staff, and the volunteer Program Committee, and Steering Group and Organizing Committee have worked hard to ensure that there is a rich feast of new research.

Open Access to Top-Tier Research

All the accepted papers and the videos of the authors presenting them are made freely available to everyone after the event concludes and anyone can access them regardless of whether they attended the event or not. This is one of the best features of the symposium, which helps to strengthen collaborative research and offers cost-free access to top-tier academic research.

Here I’m going to preview the 2022 event and point out what caught my eye.

First, the week begins and ends with a day of workshops on either end. That is, the week will be an ‘NDSS Symposium’ sandwich, with the ‘bread’ made from five amazing co-located workshops—and an additional symposium—spanning topics such as fuzzing, automotive security, web measurement security, computer security experimentation, usable security, and binary analysis.

Here are short descriptions of each:

Sunday, 24 April:

Automotive and Autonomous Vehicle Security (AutoSec) Workshop 2022: AutoSec includes a rich set of papers discussing new work involving both attacks and defenses against automotive and/or autonomous vehicles, with three demonstration sessions.

Fuzzing Workshop 2022: Fuzzing—where randomized signals are sent to software and hardware to find vulnerabilities or failure modes in an automated fashion—is a valuable tool in software security and reliability and this workshop includes a number of new papers on aspects of fuzzing as well as two big-picture keynotes.

Binary Analysis Research (BAR) Workshop 2022: BAR is all about binary analysis—analysis of software in binary form, without access to underlying source code—and includes a flurry of papers and two formidable keynotes.

Thursday, 28 April:

Workshop on Learning from Authoritative Security Experiment Results (LASER) 2022: LASER focuses on learning from and improving cybersecurity experiment results, and it is a bit different in that authors lead the room in an interactive discussion of experimental aspects of work that they are presenting at the NDSS Symposium.

Measurements, Attacks, and Defenses for the Web (MADWeb) Workshop 2022: Web security rules everything around us, and MADWeb is an immersion in the security of the web ecosystem, user agents, and the increasingly complex systems we put between users and services on the web. This workshop includes keynotes by both Adriana Porter Felt (Google Chrome) and Franzi Roesner (UW Computer Science and Engineering), two exceedingly brilliant experts in this area that I respect and admire a ton; you will not want to miss what they have to say!

Usable Security and Privacy (USEC) Symposium 2022: In no way last or least, USEC will showcase a number of new and emerging results in usable security and privacy, with a keynote by Ross Anderson, one of the leading thinkers in security, usable or not.

The NDSS Symposium itself runs from Monday to Wednesday (25-27 April) and includes three tracks each day, with around 12-16 papers presented per track. There are two amazing keynotes on Monday and Wednesday that you should not miss:

Monday: Measuring Security Outcomes – Alex Gantman, Qualcomm Technologies Inc.

Wednesday: Will Cryptographically Secure Anonymous Communication Ever be Practical? – Srini Devadas, MIT

And there is such amazingly good work represented in the paper and poster sessions. While it wouldn’t be fun to read my take on all the papers, here are a few that I suspect will be of wide interest to anyone involved in systems security. The  full papers are available at each link:

“ROV-MI: Large-Scale, Accurate and Efficient Measurement of ROV Deployment”, by Chen et al.: it can be difficult to measure uptake of a key routing security measure called Resource Origin Validation (ROV), which allows network operators to securely filter routing information. This work proposes a mind-blowing way to measure ROV deployment more accurately and more quickly and do so at scale.

“PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on Android”, by Wang et al.: Newer authentication methods on mobile devices include one-click login, fingerprint-based payment approval, and face/voice unlocking. Wang et al. develop methods for “PHYjacking”—hacking a physical input method—on Android where they can mount “fingerprint-jacking” and “facejacking” techniques to accomplish unintended authentication across a wide variety of apps.

“HARPO: Learning to Subvert Online Behavioral Advertising” by Zhang et al.: Behavioral advertising online uses the behavior of the user across many apps and websites to tailor advertisements that might be most effective at selling a product or service. HARPO is a system that can subvert online advertising through obfuscation by adaptively requesting fake pages along with real requests. Neat!

“PoF: Proof-of-Following for Vehicle Platoons” by Xu et al.: A future of smart and autonomous vehicles will include vehicle “platooning”, where a set of vehicles can cooperate to control their speed and handling to improve safety and fuel efficiency. This work introduces a “proof-of-following” where a vehicle can prove that it follows a verifier vehicle within the appropriate platooning distance.

“SemperFi: Anti-spoofing GPS Receiver for UAVs” by Sathaye et al.: UAVs or drones are of little practical use if they don’t know where they are, so they all typically use some sort of positioning, navigation, and timing (PNT) system commonly known as a Global Positioning System or GPS. However, GPS can be spoofed, confusing the UAV and potentially causing havoc and  safety issues. Sathaye et al. in this work develop a highly resistant GPS receiver that can protect against both naïve and stealthy spoofing attacks, and recover true location within a second.

“VPNalyzer: Systematic Investigation of the VPN Ecosystem” by Ramesh et al.: Everyone should know how to use a VPN, but it can be so frustrating to try and understand the differences between different VPN services and software. Ramesh et al. present VPNalyzer in this work, which enables systematic, semi-automated investigation into the VPN ecosystem. This research finds several previously unreported key issues and implementation shortcomings in the VPN ecosystem.

“Let’s Authenticate: Automated Certificates for User Authentication” by Conners et al.: Let’s Encrypt is a wildly successful and award-winning automated certificate authority for the secure web (i.e., HTTPS), securing hundreds of millions of websites around the world. Playing off that success with the name of this research effort, Connors et al. describe Let’s Authenticate, which aims to help help our collective problems with passwords, by issuing privacy-preserving authentication certificates to users, automatically managing their credentials, and eliminating trust in third parties.

And that is a small subset of the research feast that attendees, virtual and physical, will get to sample next week during the NDSS Symposium. If you are a systems security researcher or educator, or if you work in this field, please consider attending to inform, inspire, and shape the future of the Internet.

About the NDSS Symposium

The NDSS Symposium is an annual event focused on the latest developments in network and distributed system security. An incubator of ideas, it brings together leading academics, industry researchers, and security practitioners to discuss peer-reviewed research and exchange ideas. The Internet Society has proudly hosted the NDSS Symposium since 1993 to foster the next generation of Internet security experts and to support open, accessible, and collaborative security to research to help strengthen the Internet.


Post a Comment