Data is a critical resource and as such it is very often the
target of cyber-attacks with a variety of goals, including data theft and ransom requests. Today database
systems provide several effective security controls and defenses, such as database encryption, fine-grained
content and context-based access control, role-based access control, and logging capabilities for security
relevant events. In addition, database systems support a variety of authentication techniques, such as
multi-factor authentication. However, there is a major weak point in data security: the applications. Once
data is transmitted from a database to applications, the data is exposed to many risks if applications have
vulnerabilities. Unfortunately, applications and more in general software systems are still often insecure,
despite the fact the “problem of software security” had been known to the industry and research communities
for decades. In the case of database applications, for example, SQL injection vulnerabilities – known since
more than 20 years, are still common; for example just in 2022, 1162 vulnerabilities with the type “SQL
injections” were accepted as a common CVE (common vulnerability exposure). In this talk, I first briefly
argue why the software security problem is more complex than ever. I then focus on the problem of SQL
injection and other vulnerabilities, often occurring in database applications, and present an initial
approach to automatically detect these vulnerabilities and “repair” them. I also cover the case of a more
sophisticated attacker, able to tamper the application code. I then move to discuss the problem of software
supply-chain attacks and research directions.
Biography:
Elisa Bertino is Samuel Conte professor of Computer Science at
Purdue University. Prior to joining Purdue, she was a professor and department head at the Department of
Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM
Research Laboratory in San Jose (now Almaden) and at Rutgers University. She has held visiting professor
positions at the Singapore National University and the Singapore Management University. Her recent research
focuses on security and privacy of cellular networks and IoT systems, and on edge analytics for security.
Elisa Bertino is a Fellow member of IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society
Technical Achievement Award for “For outstanding contributions to database systems and database security and
advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and
innovative research contributions to secure distributed systems”, the 2019-2020 ACM Athena Lecturer Award,
and the 2021 IEEE 2021 Innovation in Societal Infrastructure Award. She is currently serving as ACM
vice-president.
Keynote 2:
Trust in the Untrusted World
Divyakant Agrawal
Professor of Computer Science
University of California at Santa Barbara, USA
Abstract:
We live in interesting times in that our digital lives have
become increasingly interdependent and interconnected. Such interconnections rely on a vast network of
multiple actors whose trustworthiness is not always guaranteed. Over the past three decades, rapid advances
in computing and communication technologies have enabled billions of users with access to information and
connectivity at their fingertips. Unfortunately, this rapid digitization of our personal lives is also now
vulnerable to invasion of privacy. In particular, now we have to worry about the malicious intent of
individual actors in the network as well as large and powerful organizations such as service providers and
nation states. In the backdrop of this reality of the untrusted world, we raise the following research
questions: (i) Can we design a scalable infrastructure for voice communication that will hide the knowledge
of who is communicating with whom? (ii) Can we design a scalable system for oblivious search for documents
from public repositories? (iii) Can we develop scalable solutions for private query processings over public
databases? These are some of the iconic problems that must be solved before we can embark on building
trusted platforms and services over untrusted infrastructures. In this talk, we present a detailed overview
of a system for voice communication that hides communication metadata over fully untrusted infrastructures
and scales to tens of thousands of users. We also note that solutions to the above problems rely on an
intermediary service provider. We conclude this talk with an open question on the efficacy of a
decentralized paradigm for cryptocurrency in the broader context of our digital lives that can potentially
eliminate the need for an intermediary in provisioning trusted services and platforms.
Biography:
Divy Agrawal is a Distinguished Professor of Computer Science at
the University of
California at Santa Barbara. He received BE(Hons) from BITS Pilani in Electrical Engineering and then
received MS and PhD degrees in Computer Science from State University of New York at Stony Brook. Since
1987, he has been on the faculty of computer science at the University of California at Santa Barbara. His
research expertise is in the areas of databases, distributed systems, cloud computing, and big data
infrastructures and analysis. Over the course of his career, he has published more than 400 research
articles and has mentored approximately 50 PhD students. He serves as Editor-in-Chief of the Springer
journal on Distributed and Parallel Databases and has either served or is serving on several Editorial
Boards including ACM Transactions on Databases, IEEE Transactions on Data and Knowledge Engineering, ACM
Transaction on Spatial Algorithms and Systems, ACM Books, and the VLDB Journal. He served as a Trustee on
the VLDB Endowment and is currently serving as the Chair of ACM Special Interest Group on Management of Data
(ACM SIGMOD). He received a Gold Medal from BITS Pilani. Professor Agrawal is the recipient of the UCSB
Academic Senate Award for Outstanding Graduate Mentoring. He is a Fellow of the ACM, the IEEE, and the
AAAS.
Keynote 3:
What Makes Database Systems Fast? An Ablation Study
Thomas Neumann
Professor of Computer Science
Technical University of Munich, Germany
Abstract:
Database systems are very complex pieces of software, which
makes
comparisons notoriously difficult. One system being faster than another
for one particular workload can have a multitude of reasons, which makes
absolute performance numbers hard to interpret. In this talk we
therefore study the affect of implementation techniques while staying
within one execution engine, our research system Umbra. We discuss a
number of techniques we have used to speed up query processing, and try
to quantify their impact by explicitly disabling them. Which gives an
overview over how impactful individual techniques are and what has to be
implemented to get a fast database system.
Biography:
Thomas Neumann is a full professor in the Department of Computer
Science at the Technical University of Munich. After his PhD in Computer Science at the University of
Mannheim in 2005, he was Senior Researcher at the Max-Planck Institute for Informatics in Saarbrücken until
2010. His research interests are in the areas of database systems, query processing, and query optimization.
In 2020, he received the Gottfried Wilhelm Leibniz Prize.
