Speaker: Anand Raghunathan, Integrated Systems Laboratory, Purdue University

Date/Time: 22 April 2016, Friday, 02:00 PM to 03:30 PM

Venue: Executive Classroom, COM2-04-02

Chaired by: Dr Mitra, Tulika, Professor, School of Computing


Registration: https://goo.gl/gmjK7g

Refreshment provided; Limited seats: 40 pax; First come first serve


Abstract:

We are witnessing a profound change in the workloads that are driving the demand for computing. In data centers and the cloud, computing demand is driven by the need to organize, analyze, interpret, and search through exploding amounts of data from the virtual and physical worlds. In mobile, wearable and IoT devices, the need to make sense of and interact more intelligently with users and the environment drive much of the computing demand. These trends have led to the genesis of a new class of workloads for computing platforms that involve recognition, mining, analytics, and inference. Machine learning is squarely at the center of this trend - indeed, the past decade has seen tremendous developments in machine learning algorithms, and remarkable growth in their practical deployment.

In this talk, I will make a case for ubiquitous analytics and learning as a key driver in the design of future computing platforms. I will present a quantitative analysis of the computational requirements of deep learning networks - a class of machine learning algorithms that have attracted great interest and achieved remarkable success in recent years. The analysis highlights a large gap between the capabilities of current computing systems and the requirements posed by these applications. This gap will only grow due to the seemingly insatiable appetite of these applications, together with diminishing benefits from technology scaling. I will outline a roadmap of technologies that can help bridge this gap - accelerators for machine learning, approximate computing, neuromorphic hardware, and emerging post-CMOS devices.

Biography:

Anand Raghunathan is a Professor of Electrical and Computer Engineering at Purdue University, where he leads the Integrated Systems Laboratory. His current areas of research include system-on-chip design, domain-specific architecture, computing with post-CMOS devices, and heterogeneous parallel computing. He holds a Distinguished Chair in Computational Brain Research at the Indian Institute of Technology, Madras. He is also co-founder and Director of Hardware at High Performance Imaging, Inc., a company formed to commercialize innovations in the area of computational imaging. Previously, he was a Senior Researcher and Project Leader at NEC Laboratories America and held a visiting position at Princeton University.

Speaker: XiaoFeng Wang, School of Informatics and Computing, Indiana University, Bloomington

Date/Time: 16 March 2016, Wednesday, 10:00 AM to 11:30 AM

Venue: SR@LT19

Chaired by: Saxena Prateek, School of Computing (prateeks@comp.nus.edu.sg)


Registration: https://goo.gl/u1R8wg

Refreshment provided; Limited seats: 40 pax; First come first serve


Abstract:

The rapid progress in computing has produced a huge amount of data, which will continue to grow in the years to come. In this big-data era, we envision that tomorrow’s security technologies will be data-centric: new defense will become smart and proactive by using the data to understand what the attackers have already done, what they are about to do, what their strategies and infrastructures are; effective protection will be provided for dissemination and analysis of the data involving sensitive information on an unprecedented scale. In this talk, I report our first step toward this future of secure computing. We show that through effective analysis of over a million Android apps, previously unknown malware can be detected within a few seconds, without resorting to conventional Anti-Virus means such as signatures and behavior patterns. Also, by leveraging trillions of web pages indexed by search engines, we can capture tens of thousands of compromised websites (including thos e of government agencies like NIH, NSF and leading education institutions world-wide) by simply asking Google and Bing right questions and automatically analyzing their answers through Natural Language Processing. Further, we found that an in-depth understanding about the unique features of human genomes and how they are used in biomedical research and healthcare systems can help us find a highly efficient way to protect patient privacy during a large-scale genome analysis. Our findings indicate that by unlocking the great value of data, we can revolutionize the security landscape, making tomorrow security technologies more intelligent and effective.

Biography:

Dr. XiaoFeng Wang is a professor in the School of Informatics and Computing at Indiana University, Bloomington. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University in 2004, and has since been a faculty member at IU. Dr. Wang is a well-recognized researcher on system and network security. His work focuses on cloud and mobile security, and data privacy. He is a recipient of 2011 Award for Outstanding Research in Privacy Enhancing Technologies (the PET Award) and the Best Practical Paper Award at the 32nd IEEE Symposium on Security and Privacy. His work frequently receives attention from media, including CNN, MSNBC, Slashdot, CNet, PC World, etc. Examples include his discovery of security-critical vulnerabilities in payment API integrations (http://money.cnn.com/2011/04/13/technology/ecommerce_security_flaw/) and his recent study of the security flaws on the Apple platform (http://money.cnn.com/2015/06/18/technology/apple-keychain-passwor ds/). His research is supported by the NIH, NSF, Department of Homeland Security, the Air Force and Microsoft Research. He is the director of IU’s Center for Security Informatics.

Speaker: Akash Lal, Researcher, Microsoft Research, Bangalore

Date/Time: 25 February 2016, Thursday, 11:00 AM to 12:00 PM

Venue: SR2, COM1-02-04

Chaired by: Saxena Prateek, School of Computing (prateeks@comp.nus.edu.sg)


Registration: https://goo.gl/uqwL8V

Refreshment provided; Limited seats: 40 pax; First come first serve


Abstract:

Programming efficient asynchronous systems is challenging because it can often be hard to express the design declaratively, or to defend against interleaving-dependent bugs such as data races and other assertion violations. Previous work has only addressed these challenges individually, either by designing a new declarative language, or a new data race detection tool, or a new testing technique. We present P#, a language for high-reliability asynchronous programming co-designed with a static analysis and testing infrastructure. We will describe our experience using P# and its effectiveness in finding bugs in production systems. For example, in a collaboration between MSR and Azure Storage, the team successfully uncovered a subtle data replication bug in the Azure Storage system using P#. The bug was due to a rare distributed race condition, which made it very difficult to identify, reproduce and troubleshoot using conventional testing methods.

Biography:

Akash Lal is a researcher at Microsoft Research, Bangalore. His interests are in the area of programming languages and program analysis, with a focus on building bug-finding tools for concurrent programs. He joined Microsoft in 2009 after completing his PhD from University of Wisconsin-Madison under the supervision of Prof. Thomas Reps. For his thesis, he received the Outstanding Graduate Researcher Award, given by the Computer Sciences Department of UW-Madison, and the ACM SIGPLAN Outstanding Doctoral Dissertation Award. He completed his Bachelor’s degree from IIT-Delhi in 2003.

Speaker: Dawn Song, Professor, Computer Science Division University of California, Berkeley

Date/Time: 12 January 2016, Tuesday, 04:15 PM to 05:30 PM

Venue: Video Conference Room, COM1-02-13

Chaired by: Dr Roychoudhury, Abhik, Professor, School of Computing (abhik@comp.nus.edu.sg)


Abstract:

The world is becoming more and more connected and intelligent. At the same time, malicious cyber attacks are wreaking havoc on the Internet and continue to increase in scale, sophistication, and severity. How can we combat the increasingly sophisticated threat landscape? How can we fundamentally break the cat-and-mouse game and change the attack-defense arms race dynamic? In this talk, I will explore different approaches to security and present new techniques to build secure systems. I will show examples from our recent projects that demonstrate the principle of Secure by Construction and Secure by Learning, and describe how these approaches provide better security than traditional approaches. Our approaches have helped improve security in real-world software systems including high-profile Google applications and FreeBSD. I will discuss future directions in next-generation security solutions.

Biography:

Dawn Song is Professor of Computer Science at UC Berkeley. Prior to joining UC Berkeley, she was an Assistant Professor at Carnegie Mellon University from 2002 to 2007. Her research interest lies in security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the IBM Faculty Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award, and Best Paper Awards from top conferences.

Speaker: Ben Livshits, Microsoft Research (Redmond)

Date/Time: 18 December 2015, Friday, 03:00 PM to 04:30 PM

Venue: Seminar Room 2 (SR2), COM1-02-04

Chaired by: Saxena Prateek, School of Computing (prateeks@comp.nus.edu.sg)


Registration: https://goo.gl/EaWnHF

Refreshment provided; Limited seats: 40 pax; First come first serve


Abstract:

Over the last several years, JavaScript malware has emerged as one of the most insidious ways to attack unsuspecting users through their web browsers. This talk covers a series of projects that use ideas from program analysis, both static and runtime, to find — and fight — JavaScript malware.

A number of these academic projects have been successfully deployed within Bing and have been used daily to find and block malicious web sites, constituting one of the largest-scale deployments of such techniques. This talk will focus on the complex interplay between static and runtime analyses and outline some of the lessons learned in migrating research ideas to real-world products.

I will present the key ideas and insights behind four of the systems with increasingly dazzling names we have created: Nozzle, Zozzle, Rozzle, and Kizzle. Nozzle is a runtime malware detector that focuses on finding heap spraying attacks. Zozzle is a mostly static detector that finds heap sprays and other types of JavaScript malware. Rozzle leverages a novel technique we call multi-execution to address the problem of client-side cloaking, an avoidance tactic used by malware to escape detection. Lastly, Kizzle is a system that finds exploit kits, the most sophisticated form of JavaScript malware to date.

These systems all share two characteristics that are key to their deployability: they are fast and extremely precise. For example, Zozzle’s false positive rate is about one in a million, while Nozzle’s is close to one in a billion.

Biography:

Ben Livshits is a research scientist at Microsoft Research in Redmond, WA and an affiliate professor at the University of Washington. Originally from St. Petersburg, Russia, he received a bachelor’s degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. His research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs.

Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author of several dozen academic papers and patents. Lately, he has been focusing on topics ranging from security and privacy to crowdsourcing an augmented reality. Ben generally does not speak of himself in the third person.