Annual Computer Security Applications Conference (ACSAC) 2021

Full Program »

Case Studies

Thursday, 9 December 2021
10:30 - 11:45

Chair: Saurabh Shintre, Splunk

Case Study 1: Trustworthy Selection and Use of Commodity Products and Services  
 
Abstract: There have been many attempts over the years to produce information security assessment, evaluation, and certification schemes for products and services, but these have typically been complex, expensive, and limited in scope, and the lifespan of the schemes has typically been short.   What is therefore needed is a meta-standardised way of replicably and reliably gaining some degree of confidence in the Trustworthy Selection and Use of Commodity Products and Services, which can be used either to "level up" different extramural assessments from the often ephermeral schemes where they exist, or to achieve at least a degree of due diligence in homologation of items that have not been, and may never be, subject to such assessments.   This presentation provides an overview of the concepts and plans of the UK's emergent Commodity Usage Principles and Assurance (CUPA), a public-private initiative.
 
Speaker Bio: Professor Ian Bryant is Adjunct Faculty, and Principle Investigator for Understanding Cyber Risk (UCR), in the Cyber Security Centre (CSC) of the University of Warwick.  In his other roles he is a Professional Engineer focusing on Information and Info-Cyber Systems (ICyS) protection, is heavily involved with various Standards Development Organisations (SCO), and is the Honarary Secretary, and Standards Development Advisor, for the UK’s Advisory Committee on Trustworthy Systems (ACTS).
 
SLIDES
 
Case Study 2: Differential Privacy in Practice
 
Abstract: I propose a case study on "Differential Privacy in Practice", which describes lessons learned from deploying a real world differential privacy system at Humu.  The case study will cover challenges around privacy budget management, including differential privacy in QA and CI workflows, and challenges around releasing fixes after data is in production.  It will describe usability issues, and the importance of calculating function sensitivity early.  It will also cover common issues such as bounded outputs, and getting the most out of your differentially private data when there isn’t enough data.
 
Speaker BioDr. Aleatha Parker-Wood was previously head of Machine Learning and Algorithmic Privacy at Humu, where she designed and implemented a differential privacy system for statistics release.  Prior to that, she was a manager in the Center For Advanced Machine Learning at Symantec, leading an applied research team focused on statistical privacy and security machine learning.  She is currently a Principal Privacy Engineer at Amazon.

SLIDES

Case Study 3: The Technology Behind IATA Travel Pass:Ensuring Privacy With Verifiable Credentials

Abstract: Since the onset of COVID-19, the notion of a “vaccine passport” has captivated the world and offered hope for the return of pre-pandemic activities. Done right, these digital records could enable the safe reopening of global borders. Done wrong, however, such a system could set a dangerous precedent for data surveillance and give rise to a new market of fake vaccine records.
In this presentation, Evernym’s Drummond Reed will discuss the privacy and security considerations that influenced the design of the International Air Transport Association’s Travel Pass initiative, the technology that makes Travel Pass possible, and the role of verifiable credentials in creating a safer, more trustworthy Internet.
Takeaways:
 How verifiable credentials create a secure, decentralized, and tamperproof proof that can be immediately verified and preserves privacy
 The role of issuers, verifiers, and holders; and the core architecture and standards behind verifiable credentials
 How the airline industry is using this technology today for verifiable health and travel records
 How this technology can be used beyond the current pandemic for a broad set of use cases spanning from passwordless authentication to secure, private messaging

Speaker Bio: Drummond Reed, Chief Trust Officer, Evernym: Drummond has spent over two decades working on Internet identity, security, privacy, and trust frameworks. Co-author of the new book Self-Sovereign Identity, Drummond joined Evernym as Chief Trust Officer after Evernym’s acquisition of Respect Network. Drummond is co-editor of the W3C Decentralized Identifiers (DIDs) 1.0 specification and contributor to the W3C Verifiable Credentials Data Model 1.0 specification. Prior to starting Respect Network, Drummond was Executive Director of two industry foundations: the Information Card Foundation and the Open Identity Exchange, the international not-for-profit clearinghouse for Internet trust frameworks. Drummond has served as a founding board member of the OpenID Foundation, ISTPA, XDI.org, and Identity Commons. In 2002 he was a recipient of the Digital Identity Pioneer Award from Digital ID World, and in 2013 he was honored as an OASIS Distinguished Contributor.

SLIDES

SESSION VIDEO

 



Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC