School of Computer and Communication Sciences

Summer Research Institute 2019

13.06.19 - 14.06.19


The Summer Research Institute (SuRI) is an annual event that takes place at the School of Computer and Communication Sciences of the École polytechnique fédérale de Lausanne, Switzerland. The workshop brings together renowned researchers and experts from academia and industry. It features a number of research talks by speakers from all around the world and is conducive to informal discussions and social activities.

The event is open to everyone and attendance is free of charge.

In case you plan to attend SuRI 2019, please register to facilitate the event's organization.

Program (Overview)


08:30 – 09:00 Welcome coffee
11:00 – 11:30 Coffee break
12:30 – 13:30 Lunch
13:30 – 14:30 Student Lightning Talks
15:30 – 16:00 Coffee break
17:00 – 18:00 Student Poster Session
18:00 – 22:00 Joint BBQ on the BC rooftop terrace


08:30 – 09:00 Welcome coffee
11:00 – 11:30 Coffee break
12:30 – 13:30 Lunch
15:30 – 16:00 Coffee break

Program (Detailed)


09:00 – 10:00   Effective Security for the Post-compliance Era – Angela Sasse
In the security industry, it has become a meme that ‘people are the problem’, because they don't comply with policies and make ‘bad decisions’. Security experts have tried to change this by running security awareness programmes, and trying to identify some factors within humans that makes them ‘better security citizens.’ This talk will present insights from the 2019 ENISA report on security behaviour change. In a nutshell, past and current attempts to change security behaviour by awareness or selection is ineffective because the behaviour is driven by impossible demands and conflicts with productivity goals. Since productivity is paramount in all but a number of organisations, we describe the current state of affairs by paraphrasing management scientist Peter Drucker's dictum that ‘Culture Eats Strategy for Breakfast’ as ‘Productivity eats security for breakfast, lunch and dinner’.‘Based on the ENISA report and other recent studies reseach, I will outline new thinking and skills that security sprecialists need to develop security solutions that survive first contact with the real world.
10:00 – 11:00   A User-Centric Approach to Securing the HTTPS Ecosystem – Katharina Krombholz
HTTPS is one of the most important protocols used to secure communication and is, fortunately, becoming more pervasive. However, especially the long tail of websites is still not sufficiently secured. HTTPS involves different types of users, e.g., end users who are faced with trust indicators and warnings or administrators who are required to deal with cryptographic fundamentals and complex decisions concerning compatibility. In this talk, I present recent users-centric research that explains why different types of users still struggle with making informed security decisions. Based on empirical studies with administrators and end users, I discuss multidimensional reasons for vulnerabilities in the HTTPS ecosystem and how a more human-centric approach to the design of cryptographic protocols could mitigate them.
11:30 – 12:30   The Emergence and Implementation of Electronic Identity (E-ID) Systems – Sinisa Matetic
The main aim for any electronic identity (E-ID) system is to enable internet users to identify themselves securely and correctly. The ever-growing global digitalization shows that more and more people are opting and execution various transactions on the internet which require full identification. Thus, the E-ID needs to, without doubt, provide the necessary means for exact identification of a particular user. Requirements for E-ID systems vary depending on the country and jurisdiction, and in Switzerland, the core component of issuing the electronic identity is to perform official checking and confirmation of a person’s existence along with their identifying features such as name, sex, birthday, etc. On the other hand, to support a broad expansion and secure usage of E-ID, the underlying system needs to be carefully designed and implemented. Today, numerous technologies are emerging as potential candidates that can serve as the basis for such a system, however, sometimes implementing the best possible solution may not be compliant with a lot of regulations.
14:30 – 15:30   ACM's New Effort in Computer Science and Law – Joan Feigenbaum
The Association for Computing Machinery (ACM) has launched a new effort in the nascent field of Computer Science and Law. In order to stimulate interest in the area and to articulate a broad and compelling agenda, ACM will hold an inaugural Symposium on Computer Science and Law at New York Law School in the Tribeca neighborhood of New York City on October 28 - 29, 2019. This talk will address challenges and opportunities in research, education, and institutional structure that are presented by ACM's efforts in this area.
16:00 – 17:00   Censored: Distraction and Diversion Inside China's Great Firewall? – Margaret Roberts
Authoritarian governments around the world are developing increasingly sophisticated technologies for controlling information. In the digital age, many see these efforts as futile, as they are easily thwarted by savvy Internet users who quickly find ways to evade and circumvent them. Censored demonstrates that even censorship that is easy to circumvent is enormously effective. Censorship acts like a tax on information, requiring those seeking information to spend more time and money if they want access. By creating small inconveniences that are easy to explain away, censorship powerfully influences the spread of information and in turn what people know about politics. Through analysis of Chinese social media data, online experiments, nationally representative surveys, and leaks for China’s Propaganda Department, I find that when Internet users observe censorship they are willing to compensate for it, but when people are less aware of and inconvenienced by censorship, they are very affected by it. I challenge the conventional wisdom that online censorship is undermined when it is incomplete and shows instead how censorship’s porous nature is used to strategically divide the public and target influencers.


09:00 – 10:00   Less Insecure (But Still Useful) Secure Hardware – James Mickens
Trusted hardware attempts to provide software with silicon-guaranteed security, for some definition of “security.” Unfortunately, modern trusted hardware is either too simple to provide rich notions of security (see TPM chips), or is so complex that the secure hardware itself is vulnerable to microarchitectural exploits (see SGX and TrustZone). In this talk, I will give an overview of these tragedies, and then propose a series of increasingly outlandish approaches for designing hardware that provides non-trivial security properties without exposing a large hardware-level threat surface. Depending on the audience's reaction, I will then be elected the mayor of Lausanne, or I will be chased into the ocean and forced to swim back to America.
10:00 – 11:00   Advanced Cryptography on The Way To Practice – Mariana Raykova
In this talk I will overview latest developments in several areas of advanced cryptography which constructs tools that enable protection of private data while computing on it. I will focus on the efficiency perspective covering existing implementations and systems using these tools. I will talk about examples in the areas of secure multiparty computation, differential privacy and zero knowledge proofs.
11:30 – 12:30   Trusting Machine Learning: Privacy, Robustness, and Interpretability Challenges – Reza Shokri

Machine learning algorithms have shown an unprecedented predictive power for many complex learning tasks. As they are increasingly being deployed in large scale critical applications for processing various types of data, new questions related to their trustworthiness would arise. Can machine learning algorithms be trusted to have access to individuals’ sensitive data? Can they be robust against noisy or adversarially perturbed data? Can we reliably interpret their learning process, and explain their predictions? In this talk, I will go over the challenges of building trustworthy machine learning algorithms in centralized and distributed (federated) settings, and will discuss the inter-relation between privacy, robustness, and interpretability.

Reza shokri is an Assistant Professor of Computer Science at the National University of Singapore (NUS), where he holds the NUS Presidential Young Professorship. His research is on adversarial and privacy-preserving computation, notably for machine learning algorithms. He is an active member of the security and privacy community, and has served as a PC member of IEEE S&P, ACM CCS, Usenix Security, NDSS, and PETS. He received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies in 2018, for his work on analyzing the privacy risks of machine learning models, and was a runner-up in 2012, for his work on quantifying location privacy. He obtained his PhD from EPFL. More information: https://www.comp.nus.edu.sg/~reza/

13:30 – 14:30   Back to the Future: How Lessons from Analog Publishing Can Help Fight Disinformation Online – Susan McGregor
In the past two decades, the rise of digital publishing has transformed the way that both individuals and entire nations gather, consume and respond to news. While the promise of introducing new voices and points of view into the public discourse has been partly fulfilled, however, the ease and accessibility of digital publishing has done more than remove journalists as the “gatekeepers” of mass media and communication. In recent years, the saturation of the online space with both disinformation and misinformation has highlighted how crucial legal and technical assurances - long taken for granted as default features of analog journalistic publishing - are missing from the existing information landscape. In this talk, I will outline how current digital publishing technologies undermine essential mechanisms for ensuring authenticity, integrity and accountability in news production and dissemination, and will outline some potential strategies for restoring the most fundamental of these features to the online space.
14:30 – 15:30   Knowing Without Seeing: Privacy Preserving Data Analysis and Data Protection Law – Michael Veale
Cryptosystems for privacy-preserving data analysis are often motivated by a desire to analyse data that is held by a range of actors that wish to keep it private either because their own privacy is at stake, or they are legally or ethically obliged to do so on behalf of others. The premise for much encrypted data analysis is that there are a range of functions which would take components from two or more of these datasets as input, and produce an output that would broadly not be seen as private. But, how far does this help actors mitigate or even escape obligations, particularly those under European data protection law? In this talk, I will analyse techniques and applications of secure multiparty computation, homomorphic encryption and zero-knowledge proofs in the context of the GDPR, considering in particular the ways these technologies can be purposed to make coercive systems for users, rather than just protective ones. In many cases, these technologies sit uneasily with the framework as we see it today: they do not fall out the scope of the law, but arguably, neither are users sufficiently protected against developers of cryptosystems seeking to force users to perform potentially manipulative protocols.
16:00 – 17:00   Scalable Privacy-Preserving Computing with High Numerical Precision – Dimitar Jetchev
In this talk, I will present and discuss recent novel techniques for scalable privacy-preserving computing with high numerical precision. Apart from well-known applications to engineering and scientific problems (such as satellite collision detection), high-precision computing on large datasets is becoming relevant to machine and statistical learning systems designed to detect rare events (such as fraud transactions in FinTech, predictive maintenance in manufacturing, or rare diseases in healthcare). I will describe an approach based on Fourier transforms that allows to evaluate efficiently various non-linear functions in the setting of secure multi-party computations (SMPC). Finally, I will present a novel practical and scalable data-independent approach to compiling privacy-preserving programs that is applicable to both SMPC systems and fully-homomorphic encryption (FHE) systems.


If you're flying in, Genève-Cointrin is the nearest international airport. By train, it takes ~45 minutes to reach Lausanne. Zürich Airport is about ~2.5 hours away by train. To get information on train schedules, please see the Swiss Rail website.

To reach the SuRI venue from the EPFL M1 metro station, please check the map below.


EPFL's Summer Research Institute has a long and successful history. For more information on past editions of the event refer to the links below.

2018 - 2017 - 2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2009
2008 - 2007 - 2006 - 2005 - 2004 - 2003 - 2002 - 2001 - 2000