Community Projects Improving Technical Security Open Internet Standards Technology

An NDSS Newcomer's Perspective

[Editor’s Note: A limited number of student grants are available to help pay for travel, accommodations, and NDSS Symposium registration fees for full-time students attending the 24th annual Network and Distributed System Security (NDSS) Symposium. Watch the NDSS website at for information and deadlines as the process opens for NDSS 2018 in February of next year. The following post is a guest contribution from one 2017 grantee.]

My name is Muhammad Talha Paracha, and I am an undergraduate Software Engineering student from National University of Sciences and Technology, Pakistan. I recently attended the Network and Distributed System Security (NDSS) Symposium 2017, on a fully funded student travel grant sponsored by Internet Society. Since it was my first international travel experience and my first conference, I enjoyed each and every bit of the trip.

There were two reasons I wanted to attend the conference: my interest in the areas of web & usable security and my goal to pursue a career in applied research. Last summer, I implemented an encryption module for Drupal ( Pubkey Encrypt) as a part of the Google Summer of Code’16 program. Thus, I saw NDSS’17 as a place to interact with experts in the field and ask them for feedback on my project. On the other hand, the research culture here in Pakistan is non-existent, especially when it comes to the areas of security. So, I also wanted to get a taste of how it feels to be a part of a research community.

Indeed, meeting scholars from all around the world was the major highlight of my week. The first day of the conference, I was a bit uncertain about my communication skills. But the next two days, I made it a mission to talk to as many people as I can, and to try to initiate meaningful conversations instead of just small talk. As a result, I discussed grad school admissions and got some specific tips based on my profile with professors from CMU, Northeastern, Michigan etc. I engaged in discussions about life in industry with researchers from Microsoft, CISCO, RSA etc. And I identified some research groups I’d really love to work with in future.

I attended all the sessions and particularly enjoyed the one on web security, probably because I understood every talk in it. Though I will admit that in many other sessions, I found it easy to get lost. But that was expected given my limited knowledge in the areas of security. I think my takeaway from the sessions was internalizing the way research at a top-tier conference is presented.

Finally, I’ll add that visiting the States has been my dream for a very long time. Fortunately, everything in my trip went smoothly. I found everyone extremely pleasant to talk to, from the researchers at the symposium to the staff at recreational sites. The weather, the beaches, everything in the city seemed lovely. Maybe I was lucky to visit San Diego which, as per the locals, is the best city in California. Or maybe it’s just the “rosy retrospection” due to the short length of my trip. In any case, US has left a perfect impression on me.

Thank you, Internet Society, for giving me the opportunity to attend NDSS’17. Without the grant, it would’ve been impossible for me to attend the event. I now aspire to come to NDSS’18 next year, not just as an attendee but as an author. And thank you Julie Rowland and Karen O’Donoghue for your liaison and assistance.

[Photo Credit: Tom Hutton]
Building Trust Improving Technical Security Open Internet Standards Technology

Usable Security Highlighted at NDSS 2017

A number of seminal papers appeared towards the end of the 20th century calling for more attention to be paid to the human in the security loop. For example, Anne Adams and Angela Sasse’s “Users are not the Enemy” and Mark Ackerman and Lorrie Cranor’s “Privacy critics: UI components to safeguard users’ privacy.” The research field of Usable Security was thereby launched, and quickly garnered interest amongst academics and in industry. Almost two decades later this field has achieved independent status with a number of conferences and workshops being dedicated to this research field. USEC is a proud member of these bespoke conferences, rubbing shoulders with SOUPS, EuroUSEC and STAST. Other international conferences, such as CHI, HICSS and IEEE S&P, have strands dedicated to usable security, demonstrating a growing recognition of this field as a serious research endeavour.

Just before NDSS 2017 this year, we’ll hold the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This is the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This year we received an unprecedented 58 submissions, a gratifying confirmation of the growing number of researchers working in the field, all doing great research and wanting to share it with others. It also means that USEC, as a workshop, is firmly on the map, being deemed a worthy venue for publishing and presenting valuable research results.

Unlike the situation in the 20th century, we no longer have to convince anyone of the importance of the human in the security loop. Hardly a day goes by that the newspapers do not carry a report about a successful hack, and many of these are facilitated by the humans who own and use the computers that have been hacked, either deliberately or inadvertently. Much of the research in this area works to help users to understand security and privacy concepts, to help them to gain the skills to repel the efforts of myriad hackers and to provide end users with tools to bolster their personal and organisational security more effectively.

The papers we accepted for USEC 2017 fall into three rough groups. The first is authentication. Any conference of this kind receives a number of authentication-related papers. This is not unusual since this is the point where end-users and security are guaranteed to meet. This is the space that causes both security professionals and end-users a great deal of pain. The second group of papers addresses perceptions – contemplating how people perceive security and privacy aspects of systems. The final group addresses new topics in the research area – perhaps we can refer to these as stretch papers.

We’re looking forward to an excellent workshop, with much to discuss, think about and explore in future research. Above all, this is a great opportunity to make new friends, catch up with old ones and enjoy the wonderful San Diego weather.

The USEC workshop depends on the highly-valued contributions of our sterling Programme Committee, who do the reviewing without remuneration. We extend our heartfelt thanks to them. We also thank our Steering Committee: Angela Sasse, Jean Camp, Jim Blythe, Matthew Smith and Andrew Adams, for their guidance and assistance.

Building Trust Improving Technical Security Open Internet Standards Privacy Technology

NDSS 2017 is Coming into Focus

The Network and Distributed System Security Symposium (NDSS 2017) is just around the corner (26 February – 1 March), and details of the program are quickly coming into focus. The full slate of activities includes two keynotes, two workshops, and a full program of excellent peer-reviewed academic research papers.

The Monday keynote speaker, J. Alex Halderman, is a Professor of Computer Science and Engineering at the University of Michigan and Director of Michigan’s Center for Computer Security and Society. In his keynote, “Recount 2016: A Security Audit of the Presidential Election”, he will be talking about electronic voting and his recent experience with recounts from the 2016 presidential election. He will explain how the recounts took place, what was learned, and what needs to change in the future. He will highlight the risks and opportunities associated with computerized voting.

The Wednesday keynote will feature Trent Adams, the Director of Information Security for PayPal, leading the Ecosystem Security team. In his keynote, “Securing the Ecosystem – Collaborating Inside and Out”, he will be talking about all the various approaches that PayPal takes to ensure the security of their systems and the information that those systems contain. He will highlight external collaborations with various organizations to help define standards and best operating procedures for security. This keynote will highlight PayPal’s Ecosystem Security approach including some success stories and next steps.

The main program of NDSS 2017 contains 68 high quality peer-reviewed research papers organized into 15 sessions spread over three days. A poster session will feature roughly 20 posters highlighting new and emerging work in its early stages.

Finally, NDSS 2017 will feature two workshops on the Sunday before the main symposium begins. The first workshop, Useable Security (USEC), is another in a series of Usable Security workshops held in conjunction with NDSS. This year’s USEC Mini-Conference will feature two keynotes, 11 peer-reviewed papers, and a panel discussion.

The second workshop, DNS Privacy, will bring together a mixture of research from a number of sources for a focused working session on the topic. The final programme is still under development, but this workshop promises to be an interactive working session involving a number of key researches, developers, and implementers in this space.

All in all, I am excited by the development of the program, and I hope to see many of you in San Diego in a few weeks! You can also follow along via our social media channels – Twitter, Facebook, and LinkedIn, or search/post using #NDSS17.

Building Trust Domain Name System Security Extensions (DNSSEC) Human Rights Improving Technical Security Open Internet Standards Technology

NDSS 2017 Deadlines Approaching

NDSS 2017 is almost here! The Network and Distributed System Security Symposium (NDSS) symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. NDSS 2017 takes place February 26 through March 1, 2017, at Catamaran Resort Hotel & Spa in San Diego, California.

Here are some upcoming deadlines you should know about:

The List of Accepted Papers is online now, with a full schedule coming soon. There are also two workshops happening, one on DNS Privacy and the other on Useable Security. 

NDSS brings together leaders in cybersecurity — university researchers and educators, chief technology and privacy officers, security analysts and system administrators, and operations and security managers – to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed system security technology. In order to have the greatest impact, peer reviewed papers are freely available and reproducible (for noncommercial purposes).

I hope you will be able to join us in San Diego next month for what promises to be an exciting and educational event!