UCL is recognised by EPSRC and GCHQ as a Centre of Excellence in Cyber Security Research.

We will be hosting two short talks, followed by the Director of the ACE-CSR Prof Jens Groth's Inaugural Lecture.

The event will conclude with a drink reception.

Programme

16:05 Introduction by Jens Groth

16:10 Zachary Peterson: 'Can Games Fix What’s Wrong with Computer Security Education?'

16:35 Jens Krinke: 'How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel'

17:00 short break

17:05 Introduction to proceedings by George Danezis, Reader in Security and Privacy Engineering (Associate Professor) and head of Information Security Research Group at UCL Computer Science

17:10 Jens Groth's Inaugural Lecture: 'Zero-Knowledge Proofs'

17:55 Vote of thanks by Angela Sasse, Professor of Human-Centred Security. Director of the UK Research Institute in Science of Cyber Security (RISCS)

18:00 Adjourn for drinks reception in Roberts Foyer

Speakers

Zachary Peterson, Associate Professor of Computer Science at Cal Poly, San Luis Obispo, California

Year after year, we see reports on an ever increasing gap, both in the public and private sectors, between the number of computer security professional we need and the number we expect to produce. While the reasons for this trend are varied, there is a perception (particularly among those new to computing) that security can be asocial and isolating, that it is void of creativity and individual expression, and lacks positive social relevance. But, as we all know, security can inherently have all of these qualities, which perhaps manifest themselves most clearly in cybersecurity games. Indeed, the freedoms of play inherent in games may directly address the qualities deficient in security pedagogy, with many educators now turning to security games, in and out of the classroom, as a meaningful tool for outreach and education. In this talk, we take a critical look at the use of games in cybersecurity education, and explore some of the ways games can (and cannot) fix computer security education.

Zachary Peterson is Associate Professor of Computer Science at Cal Poly, San Luis Obispo, California. His technical background is in applied cryptography, particularly as applied to storage systems. He also has a passion for creating new ways of engaging students of all ages in computer security, especially through the use of games and play. He has co-created numerous security games, including [d0x3d!], a network security board game, and is the co-founder of ASE, a new USENIX workshop dedicated to making advances in security education. He is the recent recipient of a Cyber Security Fulbright Scholarship which he will use to continue some of his research at University College, London, exploring the use of digital and non-digital games for teaching computer security concepts to new, young, and non-technical audiences.

http://znjp.com/

Jens Krinke, Senior Lecturer in the Software Systems Engineering Group at UCL

A double-fetch bug is a time-of-check to time-of-use race condition that occurs in the use of shared memory between kernel space and user space. Such bugs very often cause exploitable vulnerabilies in the kernel. We present the first (to the best of our knowledge) analysis and study on double fetches in the Linux kernel. With the help of a static pattern-based analysis, we identify typical situations in which double fetches occur. We categorize the 90 identified double-fetch situations into three scenarios and discuss each of the three scenarios in detail. A statistical analysis shows that double fetches are more likely to occur in drivers (57 out of 90) which are hard to analyze with a dynamic approach when the hardware is not available. Furthermore, we developed an approach, based on the Coccinelle matching engine, that identifies buggy double-fetch situations which can be kernel vulnerabilities. Our approach found six previously unknown double-fetch bugs, four of them in drivers, and three of them are exploitable double-fetch vulnerabilities.

Jens Krinke is Senior Lecturer in the Software Systems Engineering Group at UCL, where he is Deputy Director of the CREST centre. His research focus is analysing software for software engineering and software security.

http://www0.cs.ucl.ac.uk/staff/J.Krinke/

Jens Groth, Professor of Cryptology, UCL Computer Science

Zero-knowledge proofs enable a prover to convince a verifier that a statement is true without revealing anything else, in particular they reveal no private information. The combination of verification and confidentiality make them a fundamental and widely used building block in cryptography. There has been a number of exciting developments in recent years leading to tremendous improvements in efficiency. Jens will give an introduction to zero-knowledge proofs and outline some of the ideas that go into recent constructions of efficient zero-knowledge proofs.

Jens is the Director of UCL's Academic Centre of Excellence in Cyber Security Research and Professor of Cryptology at UCL Computer Science. He is among the 20 most published authors worldwide at the top cryptology conferences ASIACRYPT, EUROCRYPT and CRYPTO over the last decade. Jens’s work has revolutionized the area of zero-knowledge proofs with the invention of practical pairing-based non-interactive zero-knowledge proofs, which was recognized early on with the UCLA Chancellor's Award for Postdoctoral Research in 2007. His research has been funded by several EPSRC grants and an ERC Starting Grant on Efficient Cryptographic Arguments and Proofs.

http://www.cs.ucl.ac.uk/staff/j.groth/

Academic Centre of Excellence in Cybersecurity Research lectures