Speaker: Ioannis Demertzis, Associate Professor in the Computer Science and Engineering Dept. at the University of California, Santa Cruz.
Speaker’s Bio: Ioannis Demertzis is an Associate Professor in the Computer Science and Engineering Dept. at the University of California, Santa Cruz. His research focuses on applied cryptography, security & privacy, and secure databases/systems. His work has been published at top security, system and database conferences including USENIX, CRYPTO, NDSS, S&P, SIGMOD, SOSP, PVLDB and TODS. He is the recipient of the ACM SIGSAC Doctoral Dissertation Award Runner-up, Distinguished Dissertation Award of ECE (University of Maryland), and the Symantec Research Labs Graduate Fellowship. Before joining UCSC, he was a Postdoctoral Researcher at the EECS Dept. of UC Berkeley hosted by Prof. Raluca Ada Popa. He received his Ph.D. from the ECE Dept. of the University of Maryland, College Park advised by Prof. Charalampos Papamanthou. He obtained his ECE Diploma and M.Sc at the Technical University of Crete, under the supervision of Minos Garofalakis.
Title: Scalable Secure Computation for Next Generation Private Systems, Databases, and AI
Abstract: Any privacy-preserving computation on encrypted data that relies solely on encryption can leak significant information about the plaintext input through leakage-abuse attacks. Industrial approaches that support confidential computing through hardware enclaves are susceptible to side-channel attacks; however, hardware enclaves provide an affordable and low-cost solution for any privacy-preserving computation. Oblivious primitives are a powerful cryptographic tool that, when combined with hardware enclaves, can mitigate leakage-abuse and software side-channel attacks—achieving **zero** leakage.
Oblivious primitives find applications in various areas, including Signal’s contact discovery, Anonymous Key Transparency, end-to-end encrypted email search, differential privacy in the shuffle model, large-scale software monitoring (e.g., Google’s Prochlo), private federated learning/computation (Apple’s Private Cloud Compute), AWS Bedrock, AWS Data Clean Rooms, LLM privacy/private RAG (e.g., Amazon Kendra), Google’s Privacy Sandbox, Google’s FLEDGE, Titan Security Key, Asylo, and broader confidential computing efforts. In this talk, we discuss our recent hardware-enclave-based oblivious primitives that scale private computations to terabyte-sized inputs—far exceeding the previous state-of-the-art 100MB-4GB range. Our scalable oblivious primitives include high-throughput oblivious key-value store (used in Signal’s contact discovery, SOSP’21; USENIX’26), a low-latency approach (PVLDB’24), the most scalable oblivious sort and shuffle (SP’24), and the first scalable oblivious filter, group-by, join approaches (USENIX’25).
Speaker: David Brumley, Professor, Electrical and Computer Engineering, CMU
Speaker's Bio: Dr. David Brumley is Chief AI & Science Officer at Bugcrowd and a full professor at Carnegie Mellon University, where he has spent decades advancing the state of offensive security. He is the founder of picoCTF, the world’s largest cybersecurity competition, and advisor to PPP/MMM, one of the most successful competitive hacking teams globally, and a venture partner at Rain Capital.
His work spans automated vulnerability discovery, exploit generation, and large-scale offensive systems, including pioneering efforts such as Mayhem, the Cyber Grand Challenge–winning technology. His research and products have helped shape how organizations think about continuous, automated security at scale.
Title: The Evolution of Popping the Shell: From Craft to Computation
Abstract: For most of cybersecurity’s history, offensive capability was scarce. Popping a shell required elite skill, developed through years of experience. That scarcity shaped how we built defenses, tools, and organizations.
That era is ending, and this talk is its eulogy.
Large language models have changed this. What used to require elite skill is becoming tractable, even routine. Offensive security is no longer a craft. It is becoming an industry. This isn’t just better tooling. It is a structural change in how attacks are developed and executed, and it breaks many of the assumptions we still rely on.
In this keynote, I’ll trace the evolution from craft to computation, explain why this transition is durable rather than hype-driven, and outline what it means for modern organizations. The question is no longer how we build teams to secure systems, but how we build augmented teams that can operate at machine speed.
Speaker: Mustaque Ahamad, Regents’ Entrepreneur Professor and Interim Chair, School of Cybersecurity and Privacy, Georgia Institute of Technology
Speaker’s Bio: Dr. Mustaque Ahamad is a professor in the School of Computer Science. He has served on the faculty at the Georgia Institute of Technology since 1985. Dr. Ahamad was director of the Georgia Tech Information Security Center (GTISC) from 2004 to 2012. As director of GTISC, he helped develop several major research thrusts in areas that include security of converged communication networks, identity and access management, and security of healthcare information technology. Currently, he leads Georgia Tech’s educational programs in cyber security as associate director of its Institute for Information Security and Privacy. His research interests span distributed systems, computer security and dependable systems. Dr. Ahamad co-founded Pindrop Security and FraudScope and serves as chief scientist of these companies.
Title: Building Trusted Computing Platforms: Progress and Challenges
Abstract: Applications and services rely on a trusted computing base (TCB), or platform, to mediate access to sensitive data and other protected resources. Such a TCB relies on trust assumptions about the underlying hardware, which can be undermined by attacks on current architectures. At the same time, the complexity of the trusted software within the TCB makes it challenging to ensure that it is free of vulnerabilities. This talk will explore the progress that has been made in building trusted computing platforms and examine the challenges that remain.