Research Seminar Series
OCCoE’s Research Seminar Series is a semi-monthly virtual event showcasing innovative cybersecurity research taking place at each of our partnering institutions.
UPCOMING events
12/5/2025 - Dr. Zane Ma (OSU)
2/6/2026 - Dr. John Acken (PSU)
3/6/2026 - Dr. Karen Karavanic (PSU)
4/3/2026 - Dr. Praveen Kumar Guraja (OIT)
5/8/2026 - Dr. Ulku Yaylacicegi Clark (UNCW)
Dr. Zane Ma - December 5, 2025
Dr. Zane Ma - December 5, 2025
When you use the web, how do you know if you are connecting to your intended services (e.g., email, social media), and not adversarial imposters? The answer is the web public key infrastructure (PKI), which is an ecosystem of entities called certificate authorities (CAs) that verify the identity of web servers and vouch for them using digital certificates. Because of the web PKI's importance in securing web communications (i.e., TLS/HTTPS), the security community constantly scrutinizes CAs and certificates to ensure that they function properly and do not allow web server impersonation. However, nearly all security examination of the web PKI has analyzed CAs and certificates in a vacuum, while ignoring the real-world network environments that they are deployed in.
This talk will cover some recent research that takes a holistic view of the web PKI. We uncover and characterize new weaknesses in the web PKI that arise from the real-world, dynamic network environment that the web PKI is deployed in. We then show how these weaknesses can enable varying degrees of website impersonation, which violate the basic identity guarantees that the web PKI is meant to provide. Finally, I will share the brief story of how we worked with the web PKI industry community and used our research to successfully argue for the upcoming reduction of maximum certificate lifetimes from 398 days to 47 days.
Penetrating the PKI Blinders: Examining the web PKI through an internet-wide lens
Dr. Suyash Gupta - November 7, 2025
Dr. Suyash Gupta - November 7, 2025
In this talk, I will introduce our recent work, which we recently presented at SIGMOD 2025. We designed a new BFT consensus protocol, HotStuff-1, that improves the latency of HotStuff-2 by two network-hops while maintaining linear communication complexity against faults. Additionally, HotStuff-1 incorporates an incentive-compatible leader rotation regime that motivates leaders to commit consensus decisions promptly.
HotStuff-1 achieves a reduction by two network hops by sending clients early finality confirmations speculatively, after one phase of the protocol. Unlike previous speculation regimes, the early finality confirmation path of HotStuff-1 is fault-tolerant and the latency improvement does not rely on optimism. We also expose prefix speculation dilemma, an important safety consideration that occurs with leader replacement, and HotStuff-1 is the first protocol that resolves it with linear complexity.
HotStuff-1 embodies an additional mechanism, slotting, that thwarts real-world delays caused by rationally-incentivized leaders. Leaders may also be inclined to sabotage each other’s progress via tail-forking. The slotting mechanism allows leaders to dynamically drive as many decisions as possible allowed by network transmission delays before view timers expire, thus mitigating both threats.
HotStuff-1: Linear Consensus with One-Phase Speculation
Dr. Vincent Immler - October 3, 2025
Dr. Vincent Immler - October 3, 2025
From Pay-TV, to the smart grid, voting machines, AI governance, and many more -- there is a need for strong protections even if the adversary is in physical control of the device. In this talk, I will provide a brief review of the field of hardware security and how it pertains to today's challenges in AI governance. In particular, how to provide the strongest possible physical guarantees to prevent extraction of secrets from the hardware. This is part of one of our ongoing research projects for which I will introduce the concept of a Physical Unclonable Function as one of the building blocks that is destined to solve some of the presented challenges. Additional challenges will be presented that are thus far unsolved.
This talk will be complemented by a brief overview of other ongoing work in the PACIFIC Lab (Privacy, Applied Cryptography, Intelligence, and Forensics In Chips) which includes aspects such as efficient testing against a new type of fault-injection attack and better performing True Random Number Generators (TRNGs), both of which are a teaser of recently published papers.
Hardware Security and AI Governance
Dr. Primal Pappachan - June 6, 2025
Dr. Primal Pappachan - June 6, 2025
With modern data domains and more stringent privacy regulations, the need for robust data protection is more critical than ever in data management systems. In this talk, I will introduce the challenges of incorporating policy-awareness in data management systems through fine-grained access control (FGAC) policies. Particularly, I will present our ongoing research on efficiently enforcing FGAC policies at scale in databases at the time of answering queries under different workloads. Next, I will introduce an inference attack that exploits data dependencies to leak data that is protected by access control. To mitigate such attacks, I will present our approach for enhancing privacy by selectively hiding a minimal number of additional data cells to prevent inferences, while preserving data utility. Finally, I will provide a brief overview of other ongoing works in the DIPr Lab aimed at embedding privacy-consciousness and policy-awareness more deeply into various data management systems.
Towards Policy-Aware and Privacy-Conscious Data Management Systems
Dr. Houssam Abbas - May 2, 2025
Dr. Houssam Abbas - May 2, 2025
We present an opportunistic method to commandeer already-flying UAVs for herding malfunctioning UAVs to safety. Malfunctioning UAVs, which deviate from their path due to a planning or a communication failure, pose a safety risk, and it is important to develop methods for mitigating that risk in various circumstances. Here we focus on the case when the Defender (e.g. the airport authority or provider of service) cannot deploy its own UAVs, and taking down the malfunctioning UAV poses an unacceptable risk to people on the ground. In such a case, we propose that the Defender commandeer other flying UAVs to herd the malfunctioning UAV to safety by temporarily spoofing their state estimate. Leveraging Remote ID (a new FAA requirement for UAVs) and existing methods for spoofing effectively guiding malfunctioning UAVs away from restricted airspace or sensitive zones. Our results, validated through extensive simulations (studying multiple herder and target configurations) and small-scale real-world experiments, demonstrate the efficacy of our approach in mitigating UAV intrusion incidents and enhancing airspace security.
OUT-HERD: Opportunistic UAV Takeover for Herding Malfunctioning Drones
Dr. Chris Misa - April 4, 2025
Dr. Chris Misa - April 4, 2025
Increased reliance on Internet-connected services leads to two opposing problems. On the one hand, malicious adversaries can leverage an increasingly large number of avenues of attack to inflict harms on a large number of users. On the other hand, defensive security professionals must sift through an increasingly large volume of high-velocity network traffic (most of which is likely benign) in order to detect and mitigate malicious actions. Programmable switch hardware (such as Intel Tofino or Broadcom Trident 4 ASICs) are poised to tip the scales toward the defender's side by enabling high-efficiency real-time detection of malicious traffic. However, effectively achieving this goal requires addressing several key challenges that stem from limits in the hardware's model of computation as well as the complex structure of real-world network traffic.
This presentation will provide a window into the capabilities and limitations of programmable switch hardware, the potential of these capabilities to improve a defender's ability to quickly and efficiently detect malicious traffic, key research questions in this space tackled by our group at the UO, and several open questions for future consideration.