Date: 09/02/2015
Lecture Topic: Bitcoin: A Peer-to-Peer Electronic Cash System
Abstract: This talk will survey some open security questions about Bitcoin and Bitcoin-like cryptocurrencies, highlighting the challenges in applying academic research on next-generation cryptocurrencies to the real world and some opportunities where academic research might provide significant value to the future of cryptocurrencies.
Bio: Joseph Bonneau is a Technology Fellow at the Electronic Frontier Foundation and Postdoctoral Researcher at Stanford University. In addition to researching Bitcoin and related cryptocurrencies he has worked on passwords and web authentication, secure messaging tools and HTTPS for secure web browsing. He received a PhD from the University of Cambridge under the supervision of Ross Anderson and an BS/MS from Stanford under the supervision of Dan Boneh. Last year he was as a Postdoctoral Fellow at CITP, Princeton and he has previously worked at Google, Yahoo, and Cryptography Research Inc.



Date: 09/09/2015
Lecture Topic: Ethereum and Smart Contracts
Abstract: Ethereum (which recently celebrated its “Frontier” beta release) is an ambitious generalization of Bitcoin, enabling users to write general purpose programs to interact with digital currency.
This talk will introduce the basic smart contract programming model, using Ethereum as a concrete example (although the ideas are generally applicable to other systems too.) We’ll analyze several smart contract applications and coding examples, especially paying attention to security pitfalls and techniques to avoid them.
Familiarity with Bitcoin is assumed (especially from the prior lecture by Joe Bonneau).
Bio: Andrew Miller is a PhD student at the University of Maryland, currently visiting UC Berkeley. https://cs.umd.edu/~amiller/



Date: 09/16/2015
Guest Speaker: Brian Hoffman (OpenBazaar)
Brian's background in Computer Science from James Madison University has led him to head several successful startup projects during his career. He has also been an integral piece of many Identity Management Infrastructure Implementations for the likes of DuPont, the US Air Force and Booz Allen. Equipped with his MBA from The Carey Business School at Johns Hopkins in 2012, Brian looks to fully apply his cumulative knowledge into his newest, and what is sure to be his most successful startup, OpenBazaar.
Brian forked the open source code from the 2014 Toronto Hackathon award winning, "proof of concept", DarkMarket, a decentralized Bitcoin marketplace.
OpenBazaar recently received 1 million dollars in funding from Union Square Ventures, Andreessen Horowitz, and angel investor William Mougayar. They are looking to develop the OpenBazaar protocol and client, and build the first business on top of the OpenBazaar network.



Date: 09/16/2015
Lecture Topic: Augur: An Unstoppable Online Forecasting Engine
Abstract: A presentation on the importance of prediction markets (PM) and why they must be decentralized. Lecture will discuss the history of prediction markets and why Ethereum's Serpent contracts are the optimal means with which to implement this software.
Bio: Jeremy attended both Bard College and the University of Michigan, where he developed a multidisciplinary study in political strategy. While at Michigan, he founded the College Cryptocurrency Network , an international educational nonprofit, and began to work with several blockchain-related startups. He served as organizations first executive director, and remains chairman of the board of directors. Before entering his senior year, he left school to found Augur , the world's first peer-to-peer prediction market platform, where he oversees business and operations. Gardner also serves on the advisory board of several companies, and has a small portfolio of angel investments in the San Francisco Bay Area, where he is located in his “Crypto Castle.



Date: 09/30/2015
Lecture Topic: Principled and Practical Web Application Security
Abstract: Large-scale private user data theft has become a common occurrence on the web. A huge factor in these privacy breaches we hear so much about is that developers specify and enforce data security policies by strewing checks throughout their application code. Overlooking even a single check can lead to vulnerabilities.
In this talk, I will describe a new approach to protecting sensitive data even when application code is buggy or malicious. The key ideas behind my approach are to separate the security and privacy concerns of an application from its functionality, and to use language-level information flow control (IFC) to enforce policies throughout the code. The main challenge of this approach is at once to design practical systems that can be easily adopted by average developers, and simultaneously to leverage formal semantics that rule out large classes of design error. The talk will cover a server-side web framework (Hails), a language-level IFC system (LIO), and a browser security architecture (COWL), which, together, provide end-to-end security against the privacy leaks that plague today's web applications.
Bio: Deian Stefan is starting as an Assistant Professor at UC San Diego in Fall 2016. His research interests intersect systems, programming languages, and security. As part of his PhD work at Stanford, Deian focused on web application security; he built practical systems with formal underpinnings that enable average developers to build secure web applications. Deian is a recipient of a NDSEG Fellowship and a Mozilla Research Grant for his work on web security. He is a co-founder and the Chief Scientist of GitStar, a company that provides security-as-a-service to web developers. He is a member of the W3C Web Application Security Group, where he serves as editor of the COWL spec. He received his BE and ME in Electrical Engineering from Cooper Union.


Date: 10/7/2015
Lecture Topic: VC3: Trustworthy Data Analytics in the Cloud
Guest Speaker: Manuel Costa
Abstract: We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised. VC3 relies on SGX processors to isolate memory regions on individual computers, and to deploy new protocols that secure distributed MapReduce computations. VC3 optionally enforces region self-integrity invariants for all MapReduce code running within isolated regions, to prevent attacks due to unsafe memory reads and writes.
Bio: Manuel Costa is a Principal researcher at Microsoft Research Cambridge. Manuel's work spans operating systems, networking, security, and programming languages. Manuel's designs and code are used daily in millions of computers.


Date: 11/4/2015
Lecture Topic: Programming by Examples (and its applications in Data Wrangling)
Guest Speaker: Sumit Gulwani
Abstract: 99% of computer end users do not know programming, and struggle with repetitive tasks. Programming by Examples (PBE) can revolutionize this landscape by enabling users to synthesize intended programs from example based specifications.
A key technical challenge in PBE is to search for programs that are consistent with the examples provided by the user. Our efficient search methodology is based on two key ideas: (i) Restriction of the search space to an appropriate domain-specific language that offers balanced expressivity and readability. (ii) A divide-and-conquer based deductive search paradigm that inductively reduces the problem of synthesizing a program of a certain kind that satisfies a given specification into sub-problems that refer to sub-programs or sub-specifications.
Another challenge in PBE is to resolve the ambiguity in the example based specification. We will discuss two complementary approaches: (a) machine learning based ranking techniques that can pick an intended program from among those that satisfy the specification, and (b) active-learning based user interaction models.
The above concepts will be illustrated using FlashFill, FlashExtract, and FlashRelate---PBE technologies for data manipulation domains. These technologies, which have been released inside various Microsoft products, are useful for data scientists who spend 80% of their time wrangling with data. The Microsoft PROSE SDK allows easy construction of such technologies.
Bio: Sumit Gulwani is a Research manager and Principal researcher at Microsoft (in Redmond, USA), and an affiliate faculty in the Computer Science Department at UW. He has expertise in formal methods and automated program analysis and synthesis techniques. His recent research interests are in the cross-disciplinary areas of automating end-user programming and building intelligent tutoring systems. His programming-by-example work led to the Flash Fill feature of Microsoft Excel 2013 that is used by hundreds of millions of people. He was awarded the ACM SIGPLAN Robin Milner Young Researcher Award in 2014. He obtained his PhD in Computer Science from UC-Berkeley in 2005, and was awarded the ACM SIGPLAN Outstanding Doctoral Dissertation Award. He obtained his BTech in Computer Science and Engineering from IIT Kanpur, and was awarded the President's Gold Medal.



Date: 11/18/2015
Lecture Topic: Fraud and Anomaly Analysis: a perspective from the field
Abstract: This talk touches on the scale and scope of fraud and anomaly analysis and the types of fraud that a Peer-to-Peer lending company is concerned about. It shed light on some economics and value chain of the fraud underworld, and speaks to the importance of rigor in financial product design. Specifically, it will focus on classes of online loan application fraud, as well as some tools and techniques for limiting their damages.
Bio: Dr. Jike Chong is the chief data scientist of YiRenDai, an online P2P lending company in China, with $1.5B loans originated. Prior to YiRenDai, Dr. Chong established and headed the data science division at Simply Hired, a leading job search engine in Silicon Valley, with over 30 million unique visitors each month, serving job seekers in 24 countries. While at Simply Hired, Dr. Chong was invited to the White House multiple times to advise the U.S. Department of Labor and the White House Office of Science and Technology Policy on the design of big data related products for reducing unemployment. From 2011 to 2012, Dr. Chong led quantitative risk analytics at Silver Lake Kraftwerk, responsible for applying big data techniques to risk analysis of venture investment projects in the Kraftwerk fund. .
Since 2010, Dr. Chong has been an adjunct professor and PhD advisor at Electrical and Computer Engineering at Carnegie Mellon University, where he established the CUDA Research Center and CUDA Teaching Center and has served as a co-director of these centers since their inception. Dr. Chong received his bachelor’s and master’s degrees in electrical and computer engineering from Carnegie Mellon University and a Ph.D. from University of California, Berkeley under Professor Kurt Keutzer. He holds 8 US patents (5 granted, 3 pending).



Date: 12/02/2015
Lecture Topic: Machine learning models for detecting fraud on the Internet
Abstract: This talk will explore some of the joys and pitfalls of building machine learning models for detecting fraud on the Internet, with a particular focus on feature engineering and evaluation techniques. It will discuss the process that Sift Science uses to develop features for its realtime fraud detection service, covering some of the specific modeling problems that are unique to this kind of data.
Bio: Doug Beeferman is a software engineer at Sift Science, formerly at Google and Lycos. His focus throughout his career has been applications that analyze logs of user activity such as search and web logs. He is also interested in text and speech processing.