News Feed March April 2024

September 17th, 2024

Publications accepted

  • Ron Steinfeld, Amin Sakzad, Muhammed F. Esgin, Veronika Kuchta, Mert Yassi, Raymond K. Zhao “Quasi-Optimally Succinct Designated-Verifier Zero-Knowledge Arguments from Lattices”  accepted on The 31th ACM Conference on Computer and Communications Security (ACM CCS 2024). strategic A*. We introduce the first candidate Lattice-based designated verifier ZK-SNARG protocol, named LUNA, with quasi-optimal proof length. LUNA achieves significant improvements in concrete proof sizes, reaching around 6 KB (compared to > 32 KB in prior work) for 128-bit security/privacy level. Our implementation and experimental performance evaluation show that, for typical instance sizes, our construction provides favourable performance for ZK-SNARG applications involving lightweight verifiers. It enables significantly (around 5×) shorter proof lengths while speeding up CRS generation and encryption time by 2.2−7.5× and speeding up decryption time by 4.3×, compared to a prior work in the ZK-SNARG context.
  • Zhibo Xu, Shangqi Lai, Xiaoning Liu, Sharif Abuadbba, Xingliang Yuan,  Xun Yi. OblivGNN: Oblivious Inference on Transductive and Inductive Graph Neural Network. Accepted by The 33rd USENIX Security Symposium (USENIX Security), 2024 (CORE A*, target venue). This paper leverages function secret sharing to implement a privacy-preserving machine learning (PPML) scheme for the graph neural network. The new design saves the runtime communication cost significantly (100x), which makes the new design suitable for PPML with large datasets.
  • Mary Ma, Shang Wang, Garrison Gao, Zhi Zhang, Huming Qiu, Jason Xue, Sharif Abuadbba, Anmin Fu, Nepal Surya, and Derek Abbott. “Watch Out! Simple Horizontal Class Backdoor Can Trivially Evade Defense”, accepted by ACM Conference on Computer and Communications Security (CCS 2024, target venue). This study introduces a new, simple, and general type of backdoor attack coined as the horizontal class backdoor that trivially breaches the class dependence characteristic of the vertical class backdoor that all existing backdoor types fall under, bringing a fresh perspective to the community. It trivially bypasses 11 state-of-the-art defences.
  • Zahra Mousavi, Chadni Islam, Kristen Moore, Sharif Abuadbba, Ali Babar, “An Investigation into Misuse of Java Security APIs by Large Language Models”, Accepted by The 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024, target venue). This paper is the first to systematically assess ChatGPT’s trustworthiness in code generation for security API use cases in Java. Our findings are concerning: around 70% of the code instances across 30 attempts per task contain security API misuse, with 20 distinct misuse types identified. Moreover, for roughly half of the tasks, this rate reaches 100%, indicating that there is an urgent need to address this problem before developers can rely on ChatGPT to securely implement security API code.
  • Nazatul H. Sultan, Shabnam Kasra Kermanshahi, Hong Yen Tran, Shangqi Lai, Vijay Varadharajan, Surya Nepal, Xun Yi, “Securely Sharing Outsourced IoT Data: A Secure Access and Privacy Preserving Keyword Search Scheme”, accepted in the Ad Hoc Networks, Elsevier (Q1 Rank). This paper proposes a novel keyword search scheme using computationally lightweight cryptographic primitives to empower the IoT data owners to securely share, store and manage encrypted data in the CSPs, providing better security and privacy. 
  • Nan Wang, Dongxi Liu, “FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup”, accepted by PETS 2024 (CORE A). The paper proposes a new zero-knowledge range proof by combining the techniques of Flashproof and SwiftRange with a transparent setup
  • Blake Haydon, Shangqi Lai, Xingliang Yuan, Sharif Abuadbba, and Carsten Rudolph. Towards Private Multi-Operator Network Slicing. In The 29th Australasian Conference on Information Security and Privacy (ACISP), 2024 [EP2024-1470]. This paper presents the first privacy-preserving scheme to implement network slicing (an important component of 5G/6G spectrum sharing) between multiple telecommunication operators. The proposed work allows two telecommunication operator to coordinate their spectrum usage for a better service quality without revealing the customer information of each telecommunication operator. 
  • Alan Colman, Quoc Bao Vo, Anton V. Uzunov, Saad Sajid Hashmi, Hoa Khanh Dam, and Mohan Baruwal Chhetri, “Microcompositions for Goal-Driven Self-Adaptation” accepted at the 48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024). This paper proposes an approach for modularising runtime goal models into “microcompositions” which are managed by agents that self-organise themselves into a distributed management overlay structure that can dynamically restructure in response to changes in goals, service provision and context. 
  • Azadeh Mokhberi, Yue Huang, Guillaume Humbert, Borke Obada-Obieh, Masoud Mehrabi Koushki, Konstantin Beznosov, “Trust, Privacy, and Safety Factors Associated with Decision Making in P2P Markets Based on Social Networks: A Case Study of Facebook Marketplace in the USA and Canada,” published at CHI 2024 (CORE A*). This paper discusses users’ considerations regarding trust, privacy, and safety when using Facebook Marketplace. 
  • Razaib Tariq, Minji Heo, Simon S. Woo, Shahroz Tariq, “Beyond the Screen: Evaluating Deepfake Detectors under Moiré Pattern Effects”, Workshop on Media Forensics (WMF 2024) at CVPR 2024. The work explore the impact of Moiré Pattern on the performance of deepfake detectors. 
  • Mingyu Guo, Diksha Goel, Guanhua Wang, Runqi Guo, Yuko Sakurai, Muhammad Ali Babar, “Mechanism design for public projects via three machine learning based approaches”, in Journal of Autonomous Agents and Multi-Agent Systems [Impact Factor: 2.5]. This paper presents several machine learning approaches to optimize mechanisms for non-excludable and excludable binary public project design problems.

Media Release / International and National recognition

https://www.csiro.au/en/news/All/Articles/2024/April/energy-transition-and-data-security#:~:text=Dr%20Marthie%20Grobler%20is%20a,can%20cause%20risks%20and%20hazards.

Networking / Conferences

  • Farina Riaz and Eromanga Adermann attended “Coogee24 Quantum at Sydney” in April.

    

  • Farina Riaz gave a talk as invited speaker on “Quantum Machine Learning” to the students at University of Merryland US. The lecture was given to first year undergraduate student.
  • Farina Riaz presented as International Speaker on “Quantum Machine Learning” at GIKI University, Pakistan
  • Gareth Parker attended a conference (‘Australasian Laboratory for Cyber Security Innovation’) run at University of Adelaide by it’s ‘CREST’ (Centre for Research on Engineering Technologies).  Gareth presented on ‘Trends in government cyber security research’ with attendance by a range of people, including the SA representatives from ASD and Home Affairs, plus State Government. 

  • Gareth Parker attended two sessions on the SA Govt-led cyber strategy: ‘Thriving Cyber Ecosystem in South Australia’ and ‘Cyber Safe Society’
  • Mohan Baruwal Chhetri participated in the International Quantum Engagement Workshop organised by DISR in Canberra on 9th April 2024
  • Sharif Abuadbba and Mohan Baruwal Chhetri attended Alan Turing UK CETaS Annual Showcase on the 23rd of April 2024. This event is invitation-only.  Centre for Emerging Technology and Security (CETaS) CETaS Annual Showcase offered attendees the unique opportunity to engage with CETaS’ innovative research and hear from leading figures from across the UK security and technology community.
  • Ruoxi Sun attended WWW24 in Singapore. During WWW ’24, we presented two papers (one full paper in research track and one short paper). The first paper, “Privacy-Preserving and Fairness-Aware Federated Learning for Critical Infrastructure Protection and Resilience” proposed Confined Gradient Descent (CGD) that enhances the privacy of federated learning by eliminating the sharing of global model parameters, allowing the proprietary confined models to adapt to the heterogeneity in federated learning, providing inherent benefits of fairness; while the second paper, “The Invisible Game on the Internet: A Case Study of Decoding Deceptive Patterns”, introduces a comprehensive approach involving the interactions between the Adversary, Watchdog (e.g., detection tools), and Challengers (e.g., users) to formalize and decode deceptive pattern threats. Based on this, we propose a quantitative risk assessment system.travelled internationally.

  • Nan Wu attended ACM The Web Conference 2024 (WWW 2024, Core A*) in Singapore and presented the paper, “Cardinality Counting in ‘Alcatraz’: A Privacy-aware Federated Learning Approach,” as the first author on May 16, 2024

 

Students

  • Mohan Baruwal Chhetri and Ronal Singh secured a iPhD Scholarship with UniSA and OPTUS on the topic of Human-AI Collaboration in Security Operations Centres.   
  • Nazatul Sultan, Raymond Zhao, and Dongxi Liu secured 2 iPhds scholarships with Monash University and Penten on the topic of post-quantum cryptography.
  • Sharif Abuadbba secured 2 iPhds Scholarships with UNSW and Nullify on the topic of LLM-generated code security.

 

Staff

  • Lihong Tang has left our group and moved back to the industry
  • we have welcomed an intern for SeCode project – Yuval Kansal

 

Good News

  • Mohan Baruwal Chhetri has joined the IEEE Transactions of Services Computing Review Board from April 2024
  • Bushra Sabir, Diksha Goel and Ruoxi Sun graduated with their PhD and attended their PhD ceremony