#eprint Breach Extraction Attacks: Exposing and Addressing the Leakage in Second Generation Compromised Credential Checking Services by Dario Pasquini, Danilo Francati, Giuseppe Ateniese, Evgenios M. Kornaropoulos (https://ia.cr/2023/1848)

Vol:17 No:4 → Algorithmic Complexity Attacks on Dynamic Learned Indexes
👥 Authors: Rui Yang, Evgenios M. Kornaropoulos, Yue Cheng
📄 PDF: https://www.vldb.org/pvldb/vol17/p780-yang.pdf

@tedted @tedted thought you were referring to trusted execution environment with the term “special hardware to compute sensitive data” 🤔

@tedted branding is the least of the problems with this technology (at least for now).

Happy New Year! Our Azure Systems Research group at Microsoft is seeking research interns on next gen cloud infrastructure, incl mem disaggregation, oversubscription, power efficiency, sustainability, AIOps, and serverless. Apply and spread the word at https://aka.ms/azsr !

I love closing out the year with this. 😊

On December 31, 1995, exactly 27 years ago today, legendary cartoonist Bill Watterson published his final 'Calvin and Hobbes' comic strip.

How beautiful and appropriate it was, and a timeless reminder of what we have before us in 2023. ❤️

Happy New Year, ya'll!

Well, the semester is over in the course on anonymity, privacy, and free speech that I co-taught with @alexabdo. It was cross-listed between CS and Law, and in >20 years of teaching I don't think I've ever enjoyed a class this much. Syllabus, slides, assignments, etc., are at https://www.cs.columbia.edu/~smb/classes/f22/index.html and are (as always for me) Creative Commons-licensed. Grading final projects will probably be hard because, based on final presentations, they're all great.

Want to work on privacy and cryptography? Want to work with real-world concerns?

Security/Privacy Researcher job @brave, to join our super productive and openly publishing Research Team.

Security/Privacy Researcher at Brave
London - Remote

Come work with me and more amazing people!

https://t.co/ae9Hu5E56F

Alright, we also now have @acm_ccs for ACM CCS announcements on Mastodon.

@davxy US postal services issued a stamp to honor the contribution of women cryptologists (there is a stamp in the middle of the frame). They are selling a few items to celebrate the occasion at their store : https://about.usps.com/newsroom/national-releases/2022/0919ma-women-cryptologists-crack-the-code-on-new-forever-stamps.htm

The Women Cryptologists of WWII frame arrived today! #cryptography

At first, I thought Google was deploying searchable encryption at scale. Unfortunately, that is not the case: “You can search for client-side encrypted files by their metadata, such as title and owner. However, you can’t search their content.” https://support.google.com/a/answer/10741897?hl=en

ChatGPT is not wrong on this one 😂 #academia

In certain contexts, differential privacy fits perfectly and provides meaningful guarantees. In other contexts, not so much...

I was trying to say something similar in recent discussions/PC reviews, but David Evans eloquently explained some concerns about DP as a universal privacy measure.

(slides here: https://www.dropbox.com/s/5gi766dqezsitw4/cray2022.pdf?dl=0)

gm and happy friday!

@matthew_d_green I am trying different approaches to see what brings an acceptable balance.

I found that if I "outsource" all the creative aspects to students, then I get impatient and, frankly, a bit bored. This approach stagnates the creative side of our job. My current approach is to always be very invested and active in one project (or grant) and then switch to a different one when I feel good about what we have achieved so far. Of course, while monitoring the rest of the projects.

One of the things that’s hard to explain about an academic research job is the number of projects you have going on at any moment, and the way you hand state off to students to manage. It’s the only way to be really productive but it also makes life deeply weird.

Even funnier that if you try to add the direct link to the Twitter profile you get the message "Description is considered malware".

@Zekovski Thanks! I added my handle at the very top of my Twitter profile, hopefully colleagues/friends can discover it easily.

It is funny though that they blocked all links related to Mastodon