-
Notifications
You must be signed in to change notification settings - Fork 72
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fb08121
commit 03f7aca
Showing
2 changed files
with
38 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| title: SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs | ||
| presenter: Stefanos Chaliasos, Imperial College London | ||
| date: 2024-05-10 | ||
| time: 17:30 | ||
| category: seminars | ||
|
|
||
| Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice. In contrast, this paper focuses on assessing end-to-end security properties of real-life SNARK implementations. We start by building foundations with a system model and by establishing threat models and defining adversarial roles for systems that use SNARKs. Our study encompasses an extensive analysis of 141 actual vulnerabilities in SNARK implementations, providing a detailed taxonomy to aid developers and security researchers in understanding the security threats in systems employing SNARKs. Finally, we evaluate existing defense mechanisms and offer recommendations for enhancing the security of SNARK-based systems, paving the way for more robust and reliable implementations in the future. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| title: Security in a World of Software Supply-Chain Vulnerabilities | ||
| presenter: Nikos Vasilakis, Brown University | ||
| date: 2024-05-20 | ||
| time: 13:00 | ||
| category: seminars | ||
|
|
||
| Modern software incorporates thousands of third-party components. Bugs | ||
| or security vulnerabilities in these components can seriously | ||
| compromise the integrity of incorporating applications. Because of | ||
| their widespread use, and the difficulty of vetting the enormous | ||
| number of integrated components for vulnerabilities, they comprise a | ||
| compelling target for attackers, who purposefully insert | ||
| vulnerabilities into widely used components with the goal of | ||
| compromising the integrity of entire software ecosystems. I will | ||
| present a series of systems that leverage component boundaries to | ||
| offer automated solutions to vulnerabilities that appear in the | ||
| software component supply chain. These solutions leverage system- and | ||
| language-level containment techniques to prevent different classes of | ||
| attacks from affecting these applications and the broader system in | ||
| which they execute. Combined, they provide a holistic and in-depth | ||
| transformation-based approach to securing entire software ecosystems. | ||
|
|
||
| #### Biography | ||
| Nikos Vasilakis is an Assistant Professor of Computer Science at Brown | ||
| University. His research encompasses systems, programming languages, | ||
| and security — and has been recognized by several distinguished paper | ||
| awards. His current focus is on automatically transforming systems to add | ||
| new capabilities such as parallelism, distribution, and security — against | ||
| a variety of threat models. Nikos is also the chair of the Technical Steering | ||
| Committee behind PaSh, a shell-script optimization system hosted by the | ||
| Linux Foundation. More: https://nikos.vasilak.is |