2025 talks - CE CLUB

Dr. Nadav Amit

Technion

On 2/4/2025 at 11:30

Meyer building 1061 and Zoom

When a File Means a File: Proper Huge Pages for Code

Abstract: Despite huge pages dramatically reducing CPU frontend stalls from address translation, their use for executable code remains limited due to operating system constraints and impracticality of rebuilding system binaries with special alignment. Current solutions that copy code into huge pages break essential system functionality – preventing memory sharing between processes, disrupting debugging tools, and interfering with memory management operations.

In this talk, I will present a practical userspace solution that achieves huge page performance benefits while preserving critical system services. Our approach transforms binaries to align code segments with huge page boundaries post-linkage while maintaining all internal references, and orchestrates page cache operations to ensure proper mapping. PostgreSQL evaluations demonstrate up to 7% performance improvement through a 94% reduction in iTLB misses, while maintaining memory sharing, debugging support, and proper memory management.

Dr. Daniel Amir

Technion

On 26/2/2025 at 11:30

Meyer building 1061 and Zoom

Oblivious Reconfigurable Datacenter Networks

As Moore’s Law slows down, packet switch capabilities are falling behind datacenter demands. This has made optical circuit switches increasingly attractive in datacenter networks. These switches have already seen significant commercial use in the form of hybrid networks, which combine both packet switches and circuit switches. Recent advances in optical circuit switching technology can now operate fast enough to potentially fully replace packet switches, when combined with novel network designs.

This talk presents my research into Oblivious Reconfigurable Networks (ORNs), a design paradigm capable of using the full capabilities of emerging fast circuit switches. I will describe Shale, an ORN that achieves a tunable tradeoff between throughput and latency which is Pareto optimal for ORNs. Along the way, I will also touch on the current state of the art in commercially-deployed hybrid networks. Finally, I will discuss our present research into Semi-Oblivious Reconfigurable Networks (SORNs), which extend ORNs with intuitions found in commercial hybrid networks to further improve the performance possible on fast circuit-switched networks.

Prof. Rafael Pass

Tel-Aviv University

On 19/2/2025 at 11:30

Meyer building 1061 and Zoom

On Cryptography and Kolmogorov Complexity

Whether secure Cryptography exists is one of the most important open problems in Computer Science: Cryptographic schemes today rely on unproven computational hardness assumption.

We will survey a recent thread of work (Liu-Pass,FOCS’20, Liu-Pass-STOC’21,.., Ball-Liu-Pass-Mazor, FOCS’23, Liu-Pass’EUROCRYPTO’24) showing *equivalences* between the existence of some of the most basic cryptographic primitives, and the hardness of various computational problems related to the notion of *time-bounded Kolmogorov Complexity* (dating back to the 1960s).

These results yield the first natural computational problems *characterizing* the feasibility of central primitives and protocols in Cryptography, as well as the first *unstructured* computational problems enabling public-key cryptography.

No prior knowledge of Cryptography or Kolmogorov complexity will be assumed.

Marwa Mouallem

Technion

On 12/2/2025 at 11:30
Meyer building 1061 and Zoom

Asynchronous Authentication

Abstract: A myriad of authentication mechanisms embody a continuous evolution from verbal passwords in ancient times to contemporary multi-factor authentication: Cryptocurrency wallets advanced from a single signing key to using a handful of well-kept credentials, and for online services, the infamous “security questions” were all but abandoned. Nevertheless, digital asset heists and numerous identity theft cases illustrate the urgent need to revisit the fundamentals of user authentication.

We abstract away credential details and formalize the general, common case of asynchronous authentication, with unbounded message propagation time. Given credentials’ fault probabilities (e.g., loss or leak), we seek mechanisms with maximal success probability. Such analysis was not possible before due to the large number of possible mechanisms. We show that every mechanism is dominated by some Boolean mechanism-defined by a monotonic Boolean function on presented credentials. We present an algorithm for finding approximately optimal mechanisms by leveraging the problem structure to reduce complexity by orders of magnitude.

The algorithm immediately revealed two surprising results: Accurately incorporating easily-lost credentials improves cryptocurrency wallet security by orders of magnitude. And novel usage of (easily-leaked) security questions improves authentication security for online services.

Oleg Kolosov

Technion

On 5/2/2025 at 11:30
Taub Building 8

Workloads, Storage, and Service Allocation in Edge Computing

Abstract. Edge computing extends cloud capabilities to the proximity of end-users, offering ultra-low latency, which is essential for real-time applications. Unlike traditional cloud systems that suffer from latency and reliability constraints due to distant datacenters, edge computing employs a distributed model, leveraging local edge datacenters to process and store data.

This talk explores key challenges in edge computing across three domains: workloads, storage, and service allocation. The first part focuses on the absence of comprehensive edge workload datasets. Current datasets do not accurately reflect the unique attributes of edge systems. To address this, we propose a workload composition methodology and introduce WoW-IO, an open-source trace generator. The second part examines aspects of edge storage. Edge datacenters are significantly smaller than their cloud counterparts and require dedicated solutions. We analyze the applicability of a promising mathematical model for edge storage systems and raise inherent gaps between theory and practice. The final part addresses the virtual network embedding problem (VNEP). In VNEP, given a set of requests for deploying virtualized applications, the edge provider has to deploy a maximum number of them to the underlying physical network, subject to capacity constraints. We propose novel solutions, including a proactive service allocation strategy for mobile users, a flexible algorithm for service allocation that is adaptable to the underlying physical topology, and an algorithm for scalable online service allocation.

Dr. Ben Nassi

Technion

On 29/1/2025 at 11:30
Zisapel Building 506

Securing Modern Systems is More Challenging Than Ever (and Requires New and Dedicated Guardrails).

Abstract. Over the past decade, an increasing number of systems and devices have gained Internet connectivity and been enhanced with sensing capabilities and AI. While these advancements have created a world of smarter, more automated, and highly connected devices, they have also introduced significant security and privacy challenges that cannot be effectively addressed with traditional countermeasures.

In the first part of this talk, we will explore the security and privacy concerns of cyber-physical systems. Specifically, we will examine new threats that have emerged with the deployment of technologies like drones and Teslas in real-world environments. Our discussion will highlight methods for detecting intrusive drone filming and securing Teslas against time-domain adversarial attacks.The second part of the talk focuses on the challenges posed by the coexistence of functional devices with limited computational power (that do not adhere to Moore’s law) alongside sensors with ever-increasing sampling rates. We will explore how threats such as cryptanalysis and speech eavesdropping—previously accessible only to well-resourced adversaries—can now be executed by ordinary attackers using readily available hardware like photodiodes and video cameras. These attacks leverage optical traces or video footage from a device’s power LED to extract sensitive information.

Finally, in the last part of the talk, we will address the emerging need to secure GenAI-powered applications against a new category of threats we call Promptware. This threat highlights the evolving landscape of vulnerabilities introduced by generative AI systems.