High-Tech Women in
Science and Technology

Hardware-assisted security architectures, such as Intel SGX, promise protection to security-sensitive applications from malicious software executed on the same platform, and even from the compromised operating system. Recent research, however, has demonstrated that Intel’s SGX is vulnerable to software-based side-channel attacks, which can lead to a full compromise of SGX-protected secrets. In this talk, we revisit the problem of side-channel attacks on Intel SGX and present a pill -- Dr.SGX tool, that provides protection against cache-based side-channel attacks and attacks that rely on observation of induced page faults. Dr.SGX breaks the link between the memory observations by the adversary and the actual data accesses by the victim through data randomization and strikes the balance between side-channel protection and performance through continuous runtime enclave re-randomization and the re-randomization rate configurable through an adjustable security parameter. The tool is compiler-based and does not require any code annotations – thus, applicable by non-expert developers.

Artificial Intelligence is about to change our society considerably. In domains like autonomous driving, medical diagnosis and predicting epidemics, AI may even make the difference between life and death. Therefore, ethical concerns arise and are tightly coupled with the growth of AI. Among those, privacy is an important aspect since lots of AI applications rely heavily on personal data. This talk will give an overview of privacy requirements and risks in the application of AI. Relevant Privacy Enhancing Technologies will be introduced from an industrial perspective. It will be shown how solving contradictory requirements of AI and privacy can lead to more trustworthy AI systems and which challenges remain.

Today, deep neural networks represent a common option when conducting the profiled side-channel analysis. Such techniques commonly do not require pre-processing, and yet, they can break targets that are even protected with countermeasures. Unfortunately, it is usually far from trivial to find neural network hyper-parameters that would result in such top-performing attacks. The hyper-parameter leading the training process is the number of epochs during which the training happens. If the training is too short, the network does not reach its full capacity, while if the training is too long, the network over fits, and consequently, is not able to generalize to unseen examples. Finding the right moment to stop the training process is particularly difficult for side-channel analysis as there are no clear connections between machine learning and side-channel metrics that govern the training and attack phases, respectively. In this work, we tackle the problem of determining the correct epoch to stop the training in deep learning-based side-channel analysis. First, we explore how information is propagated through the hidden layers of a neural network, which allows us to monitor how training is evolving. Second, we demonstrate that the amount of information transferred to the output layer can be measured and used as a reference metric to determine the epoch at which the network offers optimal generalization. To validate the proposed methodology, we provide extensive experimental results that confirm the effectiveness of our metric of choice for avoiding overfitting in the profiled side-channel analysis.
On a personal note, I will share the three most important lessons that helped me evolve as a person and in my career.

In this talk, I will focus on the security of CPS / IoT devices, which are increasingly being deployed for a multitude of functionalities. The spread of such devices will be even wider due to emerging technologies such as 5G, edge and cloud computing, etc.
Such devices are inherently insecure, with security being thought through in the aftermaths of mass deployments. Furthermore, the diverse range of such embedded devices, coupled with their energy constrained nature and the lack of cryptographic and security standards makes CPS / IoT vulnerabilities even more pronounced.
In this talk, I cover at a high level embedded cryptographic technologies and lightweight primitives and protocols applied to embedded CPS/IoT systems - discussing both classical and post quantum cryptographic schemes. I also explore use cases of applying machine learning to address security concerns in IoT devices.

In this talk, we will share our experiences of how we became data scientists. We both started with different ambitions in mind, and slowly moulded it in the direction of data science. We are currently working in the same team at Merck, supporting the healthcare business with data science. As the application of data science in this industry is still developing, we face many challenges (eg. stakeholder buy-in, data availability, infrastructure, trust etc.), but we also get the satisfaction of driving important long-term decisions within the company. Through our journey we have learnt that applying data science to the real world goes beyond building the best machine learning model. Our talk is an account of discovering the data scientists within ourselves.

Compromise of boot process, access and control of a single sensor ormicro-controller by a hacker can lead to full control on entire electronic network. This situation is expanding rapidly posing serious security and privacy challenge to manufacturers as well as customers/operators,and requires immediate and tactfully strategic solution to avoid conceivable property and human losses and to counter the advantage made available to adversaries by the increasing complexity of software and hardware and the additional flexibility provided by mobile devices to interact with these systems. The talk will introduce the hardware security primitives to improve the resilience against boot attacks. Secure boot processes that counter the theft or compromise of secret information, e.g., keys for encryption. The talk will overview FPGA boot process, and discuss the state of the art secure boot processes.

At the Innovation Center at Merck, we strive to develop business beyond our current focus areas. Neuromorphic Systems, which aim to mimic the working principles of our brain to increase computing power and decrease power consumption, is one of these intriguing topics. Neuromorphic solutions address the problem of the massively growing carbon footprint of ICT with an alarming status of 10% of the global energy use. And, they will enable much more intelligent edge applications such as sensors in autonomous cars or natural signal processing in our mobile phones. Here, challenges in data privacy, communication bandwidth and processing latency are driving artificial intelligence from the cloud to the edge. Besides, I want to share my journey from acting according to the values of my parents to a more reflected set of values corresponding to my own, deep beliefs.

When embedded electronic systems need high performance or low power consumption, it is often unavoidable to move computationally intensive or power-hungry operations, such as cryptographic algorithms, from software to hardware. In this presentation, we highlight research challenges and directions in the field of cryptographic hardware design. In the first part, we address the effect of emerging technologies on the implementation and security properties of cryptographic hardware components. In the second part, we introduce the concept of cryptographic agility, i.e. the ability of cryptographic implementations to be updated depending on newly detected vulnerabilities, new standards, or the availability of more efficient implementations.

After you finished your master or PhD you might think you find your first job, work very hard, especially as a technical female you will be promoted and of course your employer is helping you step by step to climb the carrier ladder. And finally you will reach all the jobs and goals you are aiming for. This might be the case at the beginning of your carrier. But as soon as you are approaching more senior roles it becomes very different, because there is such strong competition and many really good candidates for such senior roles. During my talk I want to tell you a few stories how I made my carrier with 3 young kids at home, a more than full time working and travelling husband, no family close to my house in Munich and not much support from my employers. I will not recommend any of you to do it the same way, but I hope my stories will motivate you to strive for ambitious carrier goals. To be successful you should follow your passion, figure out in what you are much better at than anybody else, keep your own goals always as a “North Star” and stay persistent and focused on them. Do not think too much about carrier, promotion, more money, more status etc., but of course you need to take advantage of opportunities showing up, even if you have to move out of your comfort zone.

In the past decade, computer systems and chips have played a key role in the success of AI. Our vision in Google Brain's ML for Systems team is to use AI to transform the way systems and chips are designed. Many core problems in systems and hardware design are combinatorial optimization or decision making tasks with state and actions sizes that are orders of magnitude larger than common AI benchmarks in robotics and games. In this talk, I will go over some of our research on tackling such optimization problems. First, I talk about our work on deep reinforcement learning models that learn to do resource allocation, a combinatorial optimization problem that repeatedly appears in systems. Our method is end-to-end and abstracts away the complexity of the underlying optimization space; the RL agent learns the implicit tradeoffs between computation and communication of the underlying resources and optimizes the allocation using only the true reward function (e.g., the runtime of the generated allocation). I will then discuss some of our recent work on deep reinforcement learning methods for sequential decision making tasks with long horizons and large action spaces, built upon imitation learning and tree search in continuous action spaces. Finally, I discuss our work on deep models that learn to find solutions for the classic problem of balanced graph partitioning with minimum edge cuts. We define an unsupervised loss function and use neural graph representations to adaptively learn partitions based on the graph topology. Our method enables the first generalized partitioner, meaning we can train models that produce performant partitions at inference time on new unseen graphs.