Sebastian Seung, a world-renowned neuroscience-based AI expert, is the Head of Samsung Research, the advanced research & development hub of Samsung’s Device eXperience (DX) Division. Under his leadership, Samsung Research develops future innovative technology and identifies new growth possibilities for Samsung Electronics through a global effort spanning 16 R&D centers and 7 AI centers worldwide. Samsung Research's main focus is Artificial Intelligence, data intelligence, next generation communication/media, robot, security, Tizen etc. but is constantly expanding its research areas to new fields to realize a new lifestyle based on AI technologies.

At Samsung, security and privacy of our customers have always been the top priority. We are endeavoring to protect your privacy across all your experiences, and we believe it can be achieved with strong security. In this talk, I will present our vision, strategies, and ongoing research activities that are aimed at continuously achieving best security and privacy for our products and services. This talk will explain how your privacy is protected in Samsung products and services and how security systems are being developed to facilitate the means to achieve strong privacy. In addition, Samsung Research are trying very hard to find novel solutions for multi-device environment that would drastically improve their security and privacy without compromising any user experience. Such ongoing research activities and plans will also be explained. Yong Ho Hwang is a Corporate VP at Samsung Electronics, and leads the security & privacy team at Samsung Research. His team plays a crucial role in delivering innovative security solutions by conducting advanced researches on exploring cyber-attack techniques and developing protective measures. The primary goal of these research efforts is to enhance the security level of Samsung products, and address users’ privacy concerns. He received Ph.D. from POSTECH EEE, and worked in SPAR Lab/Computer Science at the Johns Hopkins University as a post-doctoral researcher.

The security and architecture communities will remember the past five years as the era of side channels. Starting from Spectre and Meltdown, time and time again we have seen how basic performance-improving features can be exploited to violate fundamental security guarantees. Making things worse, the rise of side channels points to a much larger problem, namely the inadequacy of existing security abstractions in capturing the complexity of modern computer systems.

In this talk, I will give a high-level survey on side channel attacks. I will discuss basic cache side channel techniques, as well as survey a line of work on speculative execution attacks such as Spectre and Meltdown. Finally, I will discuss browser-based side channels, highlighting deficiencies in existing side channel mitigation efforts. Daniel Genkin is an Alan and Anne Taetle Early Career Associate Professor at the School of Cybersecurity and Privacy at Georgia Tech. Daniel’s research interests are in hardware and system security, with particular focus on side channel attacks and defenses. Daniel's work has won the Distinguished Paper Award at IEEE Security and Privacy, an IEEE Micro Top Pick, the Black Hat Pwnie Awards, as well as top-3 paper awards in multiple conferences. Most recently, Daniel has been part of the team performing the first analysis of speculative and transient execution, resulting in the discovery of Spectre, Meltdown and followups. Daniel has a PhD in Computer Science from the Technion Israel's Institute of Technology as was a Postdoctoral fellow at the University of Pennsylvania and University of Maryland.

Secure multiparty computation or MPC is a powerful cryptographic primitive that allows a group of distrustful entities to collaborate and jointly compute an arbitrary function over their individual data while guaranteeing maximal privacy. While the feasibility of MPC was established in the 80s, practical realizations of MPC for real world tasks were demonstrated only in the past decade. With advent of blockchains and the numerous applications that MPC can bring to this space, progress in designing and deploying MPC systems and the related cryptographic primitive zero-knowledge (ZK) proofs has exploded. In this talk, I will introduce MPC and ZK and discuss applications related to blockchains. Then, I will highlight how Ligero Inc. is using MPC to solve some of the top issues daunting the blockchain space such as MEV, front-running, privacy and scalability. An expert on zero-knowledge proofs, secure multiparty computation and concurrent security, Muthu earned his PhD in Computer Science from Cornell University and is currently an Associate Professor of Computer Science at Georgetown University. Muthu is one of the steering committee members of zero-knowledge standardization effort. Muthu is a recipient of a Google Faculty Research Award and received the ICDE 2017 Influential Paper Award for his work on introducing new privacy techniques.

Hardware tracing of program executions became a reality on commodity CPUs when Intel introduced Intel Processor Trace (PT) in 2015. In this talk, I will present our work on applying hardware tracing to two security applications: reverse debugging and hypervisor fuzzing. While Intel PT can record a program’s control flow efficiently, it does not record the data flow. Therefore, an inherent challenge in using Intel PT is how to recover data values.
In reverse debugging, it is seemingly impossible to recover data values thousands of instructions before a software failure due to information loss. We tackle this challenge by leveraging the memory dump captured at the software failure. Specifically, we perform forward and backward execution to recover register and memory values based on the recorded control flow and data stored in the memory dump. Our reverse debugging tool called REPT was deployed on Windows and integrated with Windows Debugger.
In hypervisor fuzzing, we face the challenge of enabling dynamic symbolic execution of virtual CPUs without relying on slow hardware emulators. To solve this challenge, we recover an approximate execution trace by performing forward execution based on the recorded control flow and the fuzzing input. The reconstructed execution trace is surprisingly sufficient for precise dynamic symbolic execution of virtual CPUs. Our hypervisor fuzzing tool called HyperFuzzer has found 11 previously unknown virtual CPU bugs in the Hyper-V hypervisor, and all of them were confirmed and fixed. Weidong Cui is a Partner Research Manager managing the Systems Security and Privacy Research Group in the Microsoft Research Redmond lab. Weidong enjoys building real-world systems to tackle hard problems. His current passion is on making Microsoft Azure the best confidential computing platform. Weidong led the research on applying hardware tracing to security applications; his team built HyperFuzzer, the first efficient hybrid fuzzer for virtual CPUs that found a number of new bugs in the Hyper-V hypervisor, and REPT, the first lightweight record and replay solution that is widely deployed to enable reverse debugging of software failures. Weidong and his collaborators introduced controlled-channel attacks that can steal rich information from secure enclaves. He is also known for his early work on kernel rootkit detection and automatic protocol reverse engineering. Weidong received his Ph.D. and M.S. degrees from UC Berkeley, and his M.E. and B.E. degrees from Tsinghua University. He is a Distinguished Member of the ACM.

Can you trust your operating systems? Nowadays, virtually all safety-critical systems are running on operating systems so ensuring their safety and correctness is of utmost importance for modern society. However, it is challenging to verify operating systems because they are complex pieces of software with low-level features such as direct memory manipulation, fine-grained concurrency, and hardware control. Several operating system kernels such as seL4 and CertiKOS have been formally verified in the last decades, but they are limited to relatively simple kernel designs while incurring extremely high verification costs. In this talk, I will present our ongoing research program to address the challenges of formally verifying operating system kernels. For real-world kernel designs, we aim to verify strong and compositional specifications of data structures utilizing low-level features like fine-grained concurrency. We developed a verification theory for data structures on relaxed-memory concurrency and RCU-like manual memory management. We are applying the theory to Linux's RCU-based linked list and red-black tree. For low-cost verification, we aim to leverage Rust's strong type system to automatically reason about the safety of the majority of the code. We ported an operating system kernel from C to Rust and observed that 95% of the code can be implemented in safe Rust without undefined behaviors. We are developing a verification theory that automatically verifies the safety of 95% of the code in safe Rust and composes it with manual verification of concurrent data structures and other complex components. Putting it all together, our long-term goal is formally verifying production operating systems in a foreseeable future. Jeehoon Kang joined KAIST School of Computing as an assistant professor in 2019. He is interested in understanding systems in the viewpoint of programming languages. He is especially focused on designing and verifying concurrent programs for massively parallel workloads, which are going to be even more crucial in the era of big data and artificial intelligence. Currently, he is working on (1) designing compilers for massively parallel workloads like artificial intelligence and computer vision; (2) designing operational semantics for emerging hardware like persistent memory and many-core systems; (3) verifying concurrent programs; and (4) verifying compilers for concurrent programs. Jeehoon received his Ph.D. and B.S. from Seoul National University in 2019 and 2013, respectively. He received a PLDI distinguished paper award in 2017, and a doctoral disseratation award from the Department of Computer Science and Engineering, Seoul National University in 2019. He is a maintainer of Crossbeam, a Rust concurrency library. He was a compiler writer for FuriosaAI, a fabless startup building next-generation AI chip.

Taesoo Kim is a VP at Samsung Research and is leading the System Security Lab, where he leads the development of a Rust-based OS for a secure element. He is also a Professor in the School of Cybersecurity and Privacy and the School Computer Science at Georgia Tech, where he serves as a director of the Georgia Tech Systems Software and Security Center (GTS3). He made over 100 publications in the area of systems security: e.g., new methodologies to secure the systems by design, new exploitation methods, automated tools to find security vulnerabilities, and trusted execution environment. He is a recipient of several awards including NSF CAREER (2018), Internet Defense Prize (2015), and several best paper/artifacts awards including SOSP’21, USENIX Security’18 and EuroSys’17. He holds a BS from KAIST (2009), a SM (2011) and a Ph.D. (2014) from MIT. Website: https://taesoo.kim/

TBD TBD