On the evening of September 17th, OWASP is being hosted at Twitter's offices in downtown Seattle.
Side Channel Attacks
Speakers: Andrew Sorensen, Jessica Nguyen, Chris Petrilli
Twitter will introduce side-channel attacks in the browser by exploring existing web security protections, limitations of this security control, and connect concepts with more well known side-channel issues.
Learn how Twitter handled one such issue (Silhouette), what the landscape of side-channels looks like going forward and what some of the potential mitigations might look like.
Andrew Sorensen is a security engineer at Twitter in the Application Security team. Prior to joining Twitter, Andrew previously worked at Leviathan Security Group.
Jessica Nguyen is a security engineer at Twitter, working within the Application Security team. Jessica previously worked on the AppSec team at the T-Mobile USA, Inc. headquarters prior to joining Twitter.
Chris Petrilli is a security engineer at Twitter in the Infrastructure Security team. In the security industry for over 20 years, Chris previously worked at Disney, Sprint, BBN, and multiple government organizations
Privacy-Preserving Classification of Personal Text Messages with Secure Multi-Party Computation
Classification of personal text messages has many useful applications in surveillance, e-commerce, and mental health care, to name a few. Giving applications access to personal texts can easily lead to (un)intentional privacy violations. We propose the first privacy-preserving solution for text classification that is provably secure. Our method, which is based on Secure Multiparty Computation (SMC), encompasses both feature extraction from texts, and subsequent classification with logistic regression and tree ensembles. We prove that when using our secure text classification method, the application does not learn anything about the text, and the author of the text does not learn anything about the text classification model used by the application beyond what is given by the classification result itself. We perform end-to-end experiments with an application for detecting hate speech against women and immigrants, demonstrating excellent runtime results without loss of accuracy.
Anderson C A Nascimento obtained his Ph.D. degree in 2004 from the University of Tokyo. He currently holds the endowed professorship in Information Systems and Information Security with the School of Engineering and Technology, University of Washington, Tacoma. Previously he was a professor at the University of Brasilia in Brazil and a research scientist with NTT Corp in Japan. Dr. Nascimento researches in cryptography and information security. He has edited four books, published over 80 papers in prestigious journals and conference proceedings. He was an editor for the IET Information Security Journal. He was the Technical Program Chair or General Chair of ISC 2016, ICITS 2016, SBSeg 2009, and SBSeg 2012. He was a panelist and reviewer for the National Science Foundation, the European Science Foundation, CAPES and CNPq. He enjoys writing in the third person.
Instructions for Arrival: Guests arrive and[masked]th Ave Seattle WA, 98101 and head through the 4th Ave entrance. A guard will be available there to direct guests up the escalators to a 3rd floor checking booth. After checking in, a guard will badge guests up to the 19th floor where the event will be held.
Twitter requires that attendees sign up using this link as well for badging/access