ACM CCS 2016 Panel Discussion
23rd ACM Conference on Computer and Communication Security
October 25 – 27, 2016, Hofburg Palace, Vienna, Austria
Impact of Academic Security Research: Frogs in Wells, Storms in Teacups, or Raw Diamonds?
Ahmad-Reza Sadeghi, TU Darmstadt, CYSEC, Germany
Ross Anderson, University of Cambridge, UK
Davide Balzarotti, EURECOM, France
Robert Broberg, Cisco Systems Inc, USA
Bart Preneel, KU Leuven, Belgium
Anand Rajan, Intel Labs, USA
Greg Shannon, White House Office of Science & Technology Policy, USA
Rapidly rising dependence on computerized technologies comes at a price of new vulnerabilities and attacks and poses a number of new security and privacy challenges compared to the last decade. In particular, in post Snowden era we are confronted with a significantly different threat quality: nation state adversaries and mass surveillance, growing hacker industry, aggressive data mining by cloud and social network providers inventing new fancy names for artificial intelligence, etc.
This panel will discuss the real-world impact (or lack thereof) of academic security research in light of these challenges. Have academic information security researchers lost the big picture having limited view of practice (frogs in wells)? Have the tenure-track and grant-raising syndromes led to a tendency to overhype results of marginal or no real-world significance (storms in teacups)? Or are there highly valuable contributions that are still waiting to be discovered and shaped for high impact real-world deployment (raw diamonds)?
Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technische Universität Darmstadt, in Germany, where he heads the Scientific Excellence Team of the Cybersecurity center TU Darmstadt (CYSEC). Since January 2012 he is also the Director of Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt. He received his PhD in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications. He has been leading and involved in a variety of national and international research and development projects on design and implementation of Trustworthy Computing Platforms and Trusted Computing, Security Hardware, and Applied Cryptography. He has been serving as general or program chair as well as program committee member of major conferences and workshops in Information Security and Privacy. He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).
Ross Anderson is Professor of Security Engineering at Cambridge University. He is one of the founders of a vigorously-growing new academic discipline, the economics of information security. Ross was also a seminal contributor to the idea of peer-to-peer systems and an inventor of the AES finalist encryption algorithm “Serpent”. He also has well-known publications on many other technical security topics including hardware tamper-resistance, emission security, copyright marking, and the robustness of application programming interfaces (APIs). He is a Fellow of the Royal Society, the Royal Academy of Engineering, the IET and the IMA. He also wrote the standard textbook “Security Engineering – a Guide to Building Dependable Distributed Systems”.
Davide is an Associate Professor at the Eurecom Graduate School and Research Center, located in Sophia Antipolis. His research interests include most aspects of system security and in particular the areas of binary and malware analysis, reverse engineering, computer forensics, and web security. He is part of the International Security Lab .
Robert Broberg is a Distinguished Engineer at Cisco Systems and an Associate Visiting Scholar at the University of Pennsylvania. As a member of Cisco’s Advanced Security Research and Government group he focuses applied research on new approaches to secure the Internet. Trained as a Chemical Engineer, Robert entered the networking field in 1984 working for Ungermann Bass. At UB, Robert worked on one of the first TCP/IP stacks for NICs that enabled IP communications for early PCs and then led a team in Japan that transitioned terminal servers, channel attach gateways, and NICs from XNS to TCP/IP. Robert moved to Cisco Systems in 1993 and was a senior technical contributor on many core router projects including the paradigm shifting works of IP Packet over Sonet. In 1998 Robert joined the Physical Science Division of Bell-Labs working on early CWDM metro rings and optical switching research. In 2001 Robert returned to industry. In one of his many projects since then he led a joint industry and academic team that built the first fault tolerant network operating system for core routers. Robert continues to find the Internet an endless source for innovation and challenge. He enjoys bringing positive and significant impact working with both industry and academic experts.
Bart Preneel is full professor at the KU Leuven. At KU Leuven, he heads the COSIC research group which has 60 members. He has authored more than 400 scientific publications and is the inventor of four patents. His main research interests are cryptography, information security and privacy, and he frequently consults on these topics. From 2008 to 2013, he was president of the IACR (International Association for Cryptologic Research). He has been an invited speaker at more than 100 conferences in 40 countries. In 2014, he received the RSA Award for Excellence in the field of Mathematics.
Anand Rajan is Director of the Emerging Security Lab at Intel Labs. He leads a team of senior technologists whose mission is to research novel security features that raise the assurance of platforms across the compute continuum (Cloud to Wearables). The topics covered by his team span Trustworthy Execution Environments, Mobile Security, IOT Security, Identity & Authentication, Cryptography, and Security for emerging paradigms. Anand is a Principal Investigator for Intel’s research collaboration with academia, government, and commercial labs on Trustworthy Platforms. He co-chairs the Security Research Sector of Intel’s Corporate Research Council which sponsors security research investments in academia. Anand was an active member of the IEEE WG that crafted the P1363 (public-key crypto) standard. Anand and his team developed the Common Data Security Architecture specification, adopted as worldwide standard by The Open Group. His team was instrumental on several security standardization efforts (e.g. PKCS#11, BioAPI, UPnP-Security, & EPID). Prior to joining Intel in 1994, Anand was technical lead for the Trusted-UNIX team at Sequent Computer Systems and worked on development and certification of a TCSEC B1-level Operating System.
Greg Shannon is the Chief Scientist for the CERT(r) Division at Carnegie Mellon University’s Software Engineering Institute, where he is responsible for expanding cybersecurity research, advancing national and international research agendas and promoting data-driven science for cybersecurity. Shannon currently is on part-time detail to the White House Office of Science & Technology Policy as the Assistant Director for Cybersecurity Strategy. Shannon served as the Chair of IEEE’s Cybersecurity Initiative in 2015 and General Chair of the IEEE Symposium on Security & Privacy, also in 2015. In 2012, he cofounded the Workshop on Learning from Authoritative Security Experiment Results (www.LASER-workshop.org). Shannon received a bachelor’s in Computer Science from Iowa State University with minors in Mathematics, Economics and Statistics. He earned his master’s and doctorate in Computer Sciences at Purdue University on a fellowship from the Packard Foundation. He is a member of the Association for Computing Machinery and a senior member of IEEE.