Silvio Micali
MIT

Traditional mechanism design achieves a desired property “at equilibrium”, and is thus vulnerable to equilibrium selection and player collusion. We advocate that mechanisms should be designed in a new way, so as to achieve their desiderata without these vulnerabilities. We exemplify our notions and techniques for guaranteeing revenue in UNRESTRICTED combinatorial auctions ?a problem about which very little is known, even assuming that all players are rational and independent. (Based on work with Paul Valiant, and on work with Jing Chen.)

Shafi Goldwasser
Weizmann Institute and MIT

In this talk we will discuss how one could possibly design cryptographic schemes and constructs which are provably secure against all(or at least a large subset of) families of
side channel attacks. We will mention two results on this topic:
The first result is joint work with Yael Tauman-Kalai and Guy Rothbblumon the construction of *one-time programs*. These are programs which:
(1) can be executed on a *single* input whose value can be specified at run time,
(2)  other than the result of the computation on this single input, nothing else about the program can be learned. Such programs have applications to temporary transfer of cryptographic ability, as well as  electronic cash or token schemes. It is impossible however to construct one-time programs using software alone. Thus, our solution employ a secure memory device. We prove that the existence of such a device enables the construction of a one-time program for any function f,  in a way which resists any `computational'  side-channel attacks - to be defined in the lecture.The second result we will mention is joint work with Adi Akavia And Vinod Vaikuntanathan in which we show how to construct a public-key encryption which retains semantic security even
in presence of `memory-leakage' side-channel attacks -- to be defined in the lecture.

Ofer Shezaf
Breach Security

Business Model as a Prerequisite for Web Hacking The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. The database classifies each reported attack by, among other criteria, the method used, the outcome of the attack and the industry and the country of the attacked organization. Based on the database Breach Labs, which sponsors WHID, issues a periodical report on trends in Web Application Security. In 2008 web hacking trends show a significant increase in web hacking level, however the increase is specific attack methods, most of which are well known for several years. The presentation analyzes the these new trends in web hacking focusing in on the linkage between technology and business drivers which led to the dramatic rise this year. Based on the analysis the presentation outlines a model for risk assessment for web applications.

Hugo Krawczyk
IBM Research

Recent cryptanalytical attacks have shaken our confidence in the
security of current hash functions and, more fundamentally, have cast
doubts on our ability to design strong collision resistant hash
functions (CRHF). This, in turn, questions the security of current and
future digital signature schemes that rely in an essential way on strong
CRHFs. To overcome this serious dependency on strong collision
resistance, we devise a new hashing scheme that allows the use of
conventional hash functions (such as the SHA family) with conventional
signature algorithms (such as RSA and DSA) and yet ensures the security
of digital signatures under a much weaker assumption on the hash
functions than full collision resistance. The only modification to
existing signature schemes is a simple randomized pre-processing of
messages to be signed.   As a result, we propose a simple change to
existing signature encoding schemes (e.g., PKCS #1) that may have
crucial implications on the security of signature schemes not only in
the presence of current attacks but also in the context of future,
unpredictable, cryptanalytical advances.