The Computing Community Consortium (CCC) has released a white paper titled 5G Security and Privacy – A Research Roadmap. The white paper, written by CCC Council Member Elisa Bertino (Purdue University) with Syed Rafiul Hussain (Purdue University) and Omar Chowdhury (University of Iowa), aims to stimulate conversation around a research roadmap for the security of 5G-related technologies. From the abstract: “Cellular networks represent a critical infrastructure and their security is thus crucial. 5G – the latest generation of cellular networks – combines different technologies to increase capacity, reduce latency, and save energy. Due to its complexity and scale, however, ensuring its security is extremely challenging. In this white paper, we outline recent approaches […]

How does social science and government policy affect technology? That was the main question the Socio-technical Cybersecurity: It’s All About People scientific session attempted to answer at this year’s American Association for the Advancement of Science (AAAS) Annual meeting in Washington, DC. The session was moderated by Computing Community Consortium (CCC) Director Ann Drobnis, and CCC Council Member Keith Marzullo (University of Maryland, College Park) was the discussant for the panel, which included participating speakers: Brian LaMacchia (Microsoft Research) highlighted the challenges in cybersecurity in the age of cloud and edge computing in his presentation Cyberspace: Enabling Trustworthy and Autonomous Agency; David Mussington (University of Maryland, College Park) discussed the necessity of […]

This is a blog post by CCC Chair Mark D. Hill of the University of Wisconsin-Madison.  As readers on the CCC blog know, the Meltdown and Spectre microprocessor design flaws revealed in early 2018 made clear that many, if not most, computer systems can leak sensitive information via implementation timing “channel.” Fortuitously and concurrent with this revelation, the US National Science Foundation had commissioned a March 2018 workshop on “Side and Covert Channels in Computing Systems” led by Guru Prasadh Venkataramani of George Washington University and Patrick Schaumont of Virginia Tech. The report has just been issued. It provides too many research recommendations to summarize here, but let me whet […]

The National Institute of Standards and Technology (NIST) has launched the Unlinkable Data Challenge with a $50k grand prize! The challenge aims to advance approaches to differential privacy, a term introduced by Dwork, McSherry, Nissim, and Smith in 2006, which refers to the privacy loss that occurs when an individual’s information is used in the manufacture of a large dataset. NIST is calling for concept papers that propose “a mechanism to enable the protection of personally identifiable information while maintaining a dataset’s utility for analysis.” How to Participate: The Unlinkable Data Challenge is a multi-stage Challenge.  This first stage of the Challenge is intended to source detailed concepts for new […]

The following blog was written by CCC Vice Chair Mark D. Hill from the University of Wisconsin and CCC Cybersecurity Task Force Chair Kevin Fu from the University of Michigan. In recent days, several sources—listed below—have reported on two security design flaws in computer hardware that involve undesirable interactions between processor speculative execution and memory protection, but whose implications are still emerging. With speculative execution, a processor core uses heuristics to guess the next step for execution. Programs execute faster when the guess is correct. When speculation picks an incorrect direction, a core should hide any learned information from user-level software. With these newly disclosed flaws, incorrect outcomes from speculation […]

Daily headlines bemoan the lack of secure systems and this past year witnessed numerous breaches leading to the disclosure of private information. The failure of these commercial systems has dominated much of the discourse around security and privacy. However, the secure collection and transmission of information and the judicious use of private data is fundamental to the core of our society beyond commerce. It underlies the basic processes of governance and civic participation. Almost a decade ago, computing researchers developed a mathematical theory called differential privacy, which protects information about individuals when analyzing groups of people. Differential privacy is now deployed in the commercial space and used by US federal […]