The IAP CMU Workshop on the Future of AI and Security in the Cloud was conducted on Friday, November 8, 2024 at CMU.
Venue: Gates Hillman Room 6115, CMU, Pittsburgh, PA
Time: 8:30AM-3PM
This workshop was co-organized by Prof. Riccardo Paccagnella and the IAP, in collaboration with CyLab.
Venue: Gates Hillman Room 6115, CMU, Pittsburgh, PA
Time: 8:30AM-3PM
This workshop was co-organized by Prof. Riccardo Paccagnella and the IAP, in collaboration with CyLab.
4th year PhD student Clement Fung is congratulated for the Best Poster Award, “Detecting, Explaining and Managing Anomalies in Industrial Control Systems." Clement is advised by Prof. Lujo Bauer. Left to right: Prof Giulia Fanti (CMU), Jian Liu (Futurewei), Jimmy Wu (ByteDance), Andrew Schmidt (AMD), Clement Fung (CMU), Prof. Vyas Sekar (CMU), Prof. Riccardo Paccagnella (CMU).
Agenda: Videos of Presentations - Please see Testimonials regarding IAP Workshops below the Speaker Abstracts and Bios.
8:30-8:55 – Badge Pick-up – Coffee/Tea and Breakfast Food/Snacks
8:55-9:00 – Welcome – Prof. Riccardo Paccagnella, CMU
9:00-9:30 – Prof. Lujo Bauer, CMU, “From Pandas and Gibbons to Malware Detection: Attacking and Defending Real-world Uses of Machine Learning”
9:30-10:00 – Prof. Fei Fang, CMU, “Game Theory and Machine Learning for Addressing Societal Challenges: From Theory to Real-World Impact”
10:00-10:30 – Dr. Daniel Kroening, Amazon Web Services, “The Role of Compilers in Accelerating GenAI”
10:30-11:00 – Prof. Riccardo Paccagnella, CMU, “Timing Attacks on Constant-Time Code"
11:00-11:30 – Lightning Session for Student Posters
11:30-12:30 – Lunch and Poster Viewing
12:30-1:00 – Prof. Vyas Sekar, CMU, “Enabling Data-driven Innovation with Synthetic Data”
1:00-1:30 – Prof. Wenting Zheng, CMU and Opaque Systems, "Cryptographic Systems for Private and Secure Generative AI"
1:30-2:00 – Prof. Giulia Fanti, CMU, “Gen-T: Reducing the Triage Cost of Distributed Tracing Using Generative Models”
2:00-2:30 – Dr. Andrew Schmidt, AMD, “Leveraging Ryzen AI’s Neural Processing Units in the Heterogenous Computing Landscape”
2:30-3:00 – Best Poster Award and Reception
Speaker Abstracts and Bios (listed alphabetically by last name)
Prof. Lujo Bauer, CMU, “From Pandas and Gibbons to Malware Detection: Attacking and Defending Real-world Uses of Machine Learning”
Abstract: A multitude of research results has shown that slightly changing the inputs given to an ML algorithm can trick the algorithm into producing "wrong" outputs. Such research typically assumes that an attacker has complete control over the input but also wants to change the input as little as possible. In this talk I'll argue that practical threat models are different: attackers work under constraints and toward goals that most research typically doesn't consider. Using malware detection as a case study, I'll show that under more realistic constraints, defeating ML requires creating new attack methods. I'll also show that even assessing the risk of real-world uses of ML may require new definitions of robustness, which in turn enable better defenses but also more efficient attacks.
Bio: Lujo Bauer is a Professor of Electrical and Computer Engineering, and of Computer Science, at Carnegie Mellon University. His research spans many topics in computer security and privacy, from web tracking and information-flow control to formal methods and privacy risks of new technologies. His current research projects include finding and fixing flaws in practical uses of ML like face recognition and autonomous driving; building tools to help make smart homes better protect the security of both residents and bystanders; and measuring the harms caused by online tracking. Lujo served or serves as program (co-)chair of top security conferences like IEEE S&P (2015), NDSS (2014), USENIX Security (2025); as well as of SOUPS (2013, 2014), the top venue focusing on usable security and privacy.
Prof. Fei Fang, CMU, “Game Theory and Machine Learning for Addressing Societal Challenges: From Theory to Real-World Impact”
Abstract: Societal challenges involve complex decision-making by multiple self-interested agents. In our research, we delve into the development of game theory and machine learning-based methodologies and tools to tackle these challenges. In this talk, I will introduce our work with applications to cyber security, environmental conservation and food rescue. Moreover, I will cover our foundational research in inverse game theory, scalable game solving, and interpretable multi-agent reinforcement learning. These advancements are motivated by the real-world problems we have been working on and enable us to tackle more complex decision-making scenarios in the future.
Bio: Fei Fang is an Associate Professor at the Software and Societal Systems Department in the School of Computer Science at Carnegie Mellon University. Before joining CMU, she was a Postdoctoral Fellow at the Center for Research on Computation and Society (CRCS) at Harvard University, hosted by David Parkes and Barbara Grosz. She received her Ph.D. from the Department of Computer Science at the University of Southern California advised by Milind Tambe (now at Harvard).
Her research lies in the field of artificial intelligence and multi-agent systems, focusing on integrating machine learning with game theory. Her work has been motivated by and applied to security, sustainability, and mobility domains, contributing to the theme of AI for Social Good. She is the recipient of the Allen Newell Award for Research Excellence 2023, 2022 Sloan Research Fellowship, and IJCAI-21 Computers and Thought Award. She was named to IEEE Intelligent Systems’ “AI’s 10 to Watch” list for 2020. Her work has won the Best Paper Award at GameSec’23, Deployed Application Award at IAAI’23, Best Paper Honorable Mention at HCOMP’22, Best Paper Runner-Up at AAAI’21, Distinguished Paper at IJCAI-ECAI’18, Innovative Application Award at IAAI’16, the Outstanding Paper Award in Computational Sustainability Track at IJCAI’15. She received an NSF CAREER Award in 2021. Her dissertation is selected as the runner-up for IFAAMAS-16 Victor Lesser Distinguished Dissertation Award, and is selected to be the winner of the William F. Ballhaus, Jr. Prize for Excellence in Graduate Engineering Research as well as the Best Dissertation Award in Computer Science at the University of Southern California.
Prof. Giulia Fanti, CMU, “Gen-T: Reducing the Triage Cost of Distributed Tracing Using Generative Models”
Abstract: Distributed tracing (DT) is an important aspect of modern microservice operations. It allows operators to troubleshoot problems by modeling the sequence of services a specific request traverses in the system. Transmitting traces incurs significant costs, often forcing operators to use coarse-grained prefiltering or sampling techniques. This creates undesirable tradeoffs between cost and fidelity. We propose to circumvent these issues using recent advances in deep generative modeling. We envision the use of generative models to capture the semantic structure of collected traces in a lossy-yet-succinct way. Realizing this potential in practice is challenging. Naively extending ideas from the literature on deep generative models in time series generation or graph generation can result in poor cost-fidelity tradeoffs. In designing and implementing Gen-T, we tackle key algorithmic and systems challenges to make deep generative models practical for DT. We demonstrate practical integrations with industry standard frameworks (such as OpenTelemetry) and provide empirical evidence that Gen-T significantly outperforms conventional approaches in terms of cost-fidelity tradeoff. Our results reveal that Gen-T achieves a level of fidelity comparable to that of 1:15 sampling, which is more fine-grained than the default 1:20 sampling setting in the OpenTelemetry documentation, while maintaining a cost profile equivalent to that of 1:100 lossless-compressed sampling (i.e., a 7× volume reduction).
Bio: Giulia Fanti is an Associate Professor of Electrical and Computer Engineering at Carnegie Mellon University. Her research interests span the security, privacy, and efficiency of distributed systems. She is a two-time fellow of the World Economic Forum’s Global Future Council on Cybersecurity and a member of NIST’s Information Security and Privacy Advisory Board. Her work has been recognized with several awards, including best paper awards, a Sloan Fellowship, an Intel Rising Star Faculty Award, and an ACM SIGMETRICS Rising Star Award. She obtained her Ph.D. in EECS from U.C. Berkeley and her B.S. in ECE from Olin College of Engineering.
Dr. Daniel Kroening, AWS, “The Role of Compilers in Accelerating GenAI”
Abstract: Both training and inference in GenAI are compute intensive, and hence offer significant opportunities for delivering better performance and cost by advanced compiler optimizations. I’ll give a brief overview of AWS’s AI accelerator hardware powering AWS Trainium and Inferentia, and will explain how the technology behind the AWS Neuron Compiler for delivering AI workloads onto these platforms.
Bio: Daniel Kroening is a Senior Principal Applied Scientist at Amazon, where he works on the correctness of the Neuron Compiler for distributed training and inference. Prior to joining Amazon, he worked as a Professor of Computer Science at the University of Oxford and is the co-founder of Diffblue Ltd., a University spinout that develops AI that targets code and code-like artefacts. He has received the Semiconductor Research Corporation (SRC) Inventor Recognition Award, an IBM Faculty Award, a Microsoft Research SEIF Award, and the Wolfson Research Merit Award. He serves on the CAV steering committee and was co-chair of FLOC 2018, EiC of Springer FMSD, and is co-author of the textbooks on Decision Procedures and Model Checking.
Prof. Riccardo Paccagnella, CMU, “Timing Attacks on Constant-Time Code”
Abstract: The past two decades have seen the discovery of a slew of side-channel attacks where an adversary exploits hardware features to leak software's sensitive data. These attacks have shaken the foundations of computer security and caused a disruption in the software industry. In response, constant-time programming has emerged as the prevailing mitigation strategy. This approach involves writing code so that its execution does not create timing differences depending on secrets, a practice now common in security-critical software.
In this talk, I will introduce some of the first side-channel attacks that can leak secrets even from correctly implemented constant-time code. First, I will present Hertzbleed, which exploits CPU frequency scaling to turn power side-channels attacks into remote timing attacks. Second, I will present GPU.zip, which exploits software-transparent compression to expose visual data processed on GPUs. Third, I will present GoFetch, which exploits modern prefetchers to induce secret-dependent loads of non-architecturally accessed memory.
Bio: Riccardo Paccagnella is an assistant professor of computer science at Carnegie Mellon University. His research is in system and hardware security. His work has been recognized with several awards, including a MICRO Top Picks distinction, two Pwnie Awards for Best Cryptographic Attack, three Pwnie Nominations (for Most Innovative Research, Epic Achievement, and Most Under-Hyped Research), and a CSAW Best Paper Runner-up Award. In light of his research, the cryptographic community and several companies (including Cloudflare, Microsoft, Intel, Google, Apple, AMD, and Arm) have taken action that includes patching production-ready libraries, issuing security advisories, and creating new guidance for writing secure code. Riccardo earned his PhD from the University of Illinois at Urbana-Champaign, where he was awarded a David J. Kuck Outstanding PhD Thesis Award, a Siebel Scholars Award, and a Chirag Foundation Graduate Fellowship.
Dr. Andrew Schmidt, AMD, “Leveraging Ryzen AI’s Neural Processing Units in the Heterogenous Computing Landscape”
Abstract: As academic, research, and industry explore different computer architectures, such as Neural Processing Units (NPUs), we will describe the AMD Ryzen AI platform and AMD’s NPU. We present Riallto, an open-source exploration framework for first time users of the NPU developed by teams from the AMD Research and Advanced Development group and the AMD University Program. AMD Ryzen AI is the world’s first built-in AI engine on select x86 computers. This dedicated engine is built on the AMD XDNA spatial dataflow NPU architecture consisting of a tiled array of AI Engine processors and is designed to offer lower latency and better energy efficiency. Such processor arrays are also found in the Versal Adaptive SoC enabling rapid development and evaluation across heterogenous architectures. This integration optimizes efficiency by offloading specific AI processing tasks such as background blur, facial detection, and eye gaze correction, freeing up CPU and GPU cycles and enhancing system efficiency. With Ryzen AI-powered laptops or miniPCs, you can develop innovative applications and productivity solutions like Information search, summarization, transcription and so much more. Riallto lowers the barrier of entry and access to the AMD’s AI Engines (AIE) and includes a wealth of education material via Juypter Notebooks that makes understanding and using ML accelerators in an ever-increasing heterogenous environment. We are excited to share details of the hardware and software architecture with the community and see how the technology can be leveraged by their work.
Bio: Andrew Schmidt joined the AMD University Program in September 2023 and serves the North America region. Andrew leverages his expertise to drive innovation and collaboration within the academic community with the goal to remove barriers and reduce friction of students, researchers, and educators. Prior to joining AMD Andrew was a Senior Computer Scientist at USC's Information Sciences Institute leading projects focused on hardware assurance, hardware/software co-design, and heterogeneous distributed systems. Andrew's passion for technology education and research led him to join the AMD University Program where he works to promote the adoption of AMD technology in academic research and curriculum development. In today’s talk he will present an exploratory framework for Neural Processing Units and briefly demonstrate some of the open-source material available to the community.
Prof. Vyas Sekar, CMU, “Enabling Data-driven Innovation with Synthetic Data”
Abstract: Today in computer systems and security research, lack of access to realistic and diverse data from multiple deployments hampers innovation; e.g., products trained on data not representative of environment, there is no way to quantitatively assess products; machine learning workflows experiences data drift, and product audit/feedback is not quantitative. The result today is poor products, lack of transparency, lots of effort in debugging/reproduction/resolution, and impossibility to share insights across collaborators. In this talk, we will discuss our research outcomes on demonstrating the feasibility of using generative or synthetic data using Deep Generative Models (DGMs) to address these pain points for various tasks (e.g., telemetry, anomaly detection, model training). We have identified and addressed key fidelity, scalability, and privacy challenges and tradeoffs in existing approaches. By synthesizing domain-specific insights with recent advances in machine learning and privacy, we identify design choices to tackle these challenges. In this talk, we will present some of the key results from our work in applying these techniques to systems and security-relevant datasets and use cases.
Mini Bio: Vyas Sekar is the Tan Family Professor of Electrical and Computer Engineering in the ECE Department at CMU. He is also co-founder and Chief Technologist at Rockfish Data, and the Chief Scientist at Conviva. His research is broadly at the intersection of networks, systems, and security. His work has been recognized with the SIGCOMM Rising Star Award, NSA Science of Security prize, the Intel Outstanding Researcher Award, the SIGCOMM Test of Time Award, and multiple best paper awards.
Prof. Wenting Zheng, CMU and Opaque Systems, "Cryptographic Systems for Private and Secure Generative AI"
Abstract: The recent revolution in generative AI has enabled a wide range of applications, but also introduced emerging privacy and security challenges. Generative AI systems have been criticized for compromising data privacy and enabling the spread of misinformation. In this talk, I will discuss some ideas around building cryptographic systems that enable private and secure AI. In the first part of the talk, I will present Bolt (IEEE S&P 2024), a new system for privacy-preserving two-party inference for large language models (LLMs) using secure multiparty computation (MPC). With our system, a user can safely outsource prediction to a third party without revealing their sensitive data and or learning about the third party’s proprietary model parameters. In the second part, I will discuss LLM watermarking designs, which are a recently proposed method for detecting AI-generated content. I will present some fundamental design tradeoffs as well as guidelines for deploying such watermarking in practice.
Bio: Wenting Zheng is currently an assistant professor in the computer science department at Carnegie Mellon University. She is also a co-founder of Opaque Systems, a company based on her research in confidential analytics and machine learning. Her research interests are at the intersection of computer systems and cryptography. Recently, she has worked on building practical privacy-preserving systems using cryptography, and building systems for making cryptography more accessible. She is a recipient of the NSF CAREER Award, various faculty research awards from Google, Amazon, Cisco, Samsung, a Distinguished Paper Award at IEEE Euro S&P, IBM PhD Fellowship, and a Berkeley Fellowship. She obtained her Ph.D. in EECS from UC Berkeley.
Testimonials from Previous Workshops
Professor David Patterson, the Pardee Professor of Computer Science, UC Berkeley, “I saw strong participation at the Cloud Workshop, with some high energy and enthusiasm; and I was delighted to see industry engineers bring and describe actual hardware, representing some of the newest innovations in the data center.”
Professor Christos Kozyrakis, Professor of Electrical Engineering & Computer Science, Stanford University, “As a starting point, I think of these IAP workshops as ‘Hot Chips meets ISCA’, i.e., an intersection of industry’s newest solutions in hardware (Hot Chips) with academic research in computer architecture (ISCA); but more so, these workshops additionally cover new subsystems and applications, and in a smaller venue where it is easy to discuss ideas and cross-cutting approaches with colleagues.”
Professor Hakim Weatherspoon, Professor of Computer Science, Cornell University, “I have participated in three IAP Workshops since the first one at Cornell in 2013 and it is great to see that the IAP premise was a success now as it was then, bringing together industry and academia in a focused workshop and an all-day exchange of ideas. It was a fantastic experience and I look forward to the next IAP Workshop.”
Professor Ken Birman, the N. Rama Rao Professor of Computer Science, Cornell University, “I actually thought it was a fantastic workshop, an unquestionable success, starting from the dinner the night before, through the workshop itself, to the post-event reception for the student Best Poster Awards.”
Dr. Carole-Jean Wu, Research Scientist, AI Infrastructure, Facebook Research, and Professor of CSE, Arizona State University, “The IAP Cloud Computing workshop provides a great channel for valuable interactions between faculty/students and the industry participants. I truly enjoyed the venue learning about research problems and solutions that are of great interest to Facebook, as well as the new enabling technologies from the industry representatives. The smaller venue and the poster session fostered an interactive environment for in-depth discussions on the proposed research and approaches and sparked new collaborative opportunities. Thank you for organizing this wonderful event! It was very well run.”
Nathan Pemberton, PhD student, UC Berkeley (currently Applied Scientist at AWS), "IAP workshops provide a valuable chance to explore emerging research topics with a focused group of participants, and without all the time/effort of a full-scale conference. Instead of rushing from talk to talk, you can slow down and dive deep into a few topics with experts in the field."
Dr. Pankaj Mehra, VP Product Planning, Samsung (currently Professor at Ohio State University and Founder at Elephance Memory), "Terrifically organized Workshops that give all parties -- students, faculty, industry -- valuable insights to take back"
Professor Vishal Shrivastav, Purdue University, “Attending the IAP workshops as a PhD student at Cornell was a great experience and very rewarding. I really enjoyed the many amazing talks from both the industry and academia. My personal conversations with several industry leaders at the workshop will definitely guide some of my future research."
Professor Ana Klimovic, ETH Zurich, “I attended three IAP workshops as a PhD student at Stanford, and I am consistently impressed by the quality of the talks and the breadth of the topics covered. These workshops bring top-tier industry and academia together to discuss cutting-edge research challenges. It is a great opportunity to exchange ideas and get inspiration for new research opportunities."
Dr. Richard New, VP Research, Western Digital, “IAP workshops provide a great opportunity to meet with professors and students working at the cutting edge of their fields. It was a pleasure to attend the event – lots of very interesting presentations and posters.”
8:30-8:55 – Badge Pick-up – Coffee/Tea and Breakfast Food/Snacks
8:55-9:00 – Welcome – Prof. Riccardo Paccagnella, CMU
9:00-9:30 – Prof. Lujo Bauer, CMU, “From Pandas and Gibbons to Malware Detection: Attacking and Defending Real-world Uses of Machine Learning”
9:30-10:00 – Prof. Fei Fang, CMU, “Game Theory and Machine Learning for Addressing Societal Challenges: From Theory to Real-World Impact”
10:00-10:30 – Dr. Daniel Kroening, Amazon Web Services, “The Role of Compilers in Accelerating GenAI”
10:30-11:00 – Prof. Riccardo Paccagnella, CMU, “Timing Attacks on Constant-Time Code"
11:00-11:30 – Lightning Session for Student Posters
11:30-12:30 – Lunch and Poster Viewing
12:30-1:00 – Prof. Vyas Sekar, CMU, “Enabling Data-driven Innovation with Synthetic Data”
1:00-1:30 – Prof. Wenting Zheng, CMU and Opaque Systems, "Cryptographic Systems for Private and Secure Generative AI"
1:30-2:00 – Prof. Giulia Fanti, CMU, “Gen-T: Reducing the Triage Cost of Distributed Tracing Using Generative Models”
2:00-2:30 – Dr. Andrew Schmidt, AMD, “Leveraging Ryzen AI’s Neural Processing Units in the Heterogenous Computing Landscape”
2:30-3:00 – Best Poster Award and Reception
Speaker Abstracts and Bios (listed alphabetically by last name)
Prof. Lujo Bauer, CMU, “From Pandas and Gibbons to Malware Detection: Attacking and Defending Real-world Uses of Machine Learning”
Abstract: A multitude of research results has shown that slightly changing the inputs given to an ML algorithm can trick the algorithm into producing "wrong" outputs. Such research typically assumes that an attacker has complete control over the input but also wants to change the input as little as possible. In this talk I'll argue that practical threat models are different: attackers work under constraints and toward goals that most research typically doesn't consider. Using malware detection as a case study, I'll show that under more realistic constraints, defeating ML requires creating new attack methods. I'll also show that even assessing the risk of real-world uses of ML may require new definitions of robustness, which in turn enable better defenses but also more efficient attacks.
Bio: Lujo Bauer is a Professor of Electrical and Computer Engineering, and of Computer Science, at Carnegie Mellon University. His research spans many topics in computer security and privacy, from web tracking and information-flow control to formal methods and privacy risks of new technologies. His current research projects include finding and fixing flaws in practical uses of ML like face recognition and autonomous driving; building tools to help make smart homes better protect the security of both residents and bystanders; and measuring the harms caused by online tracking. Lujo served or serves as program (co-)chair of top security conferences like IEEE S&P (2015), NDSS (2014), USENIX Security (2025); as well as of SOUPS (2013, 2014), the top venue focusing on usable security and privacy.
Prof. Fei Fang, CMU, “Game Theory and Machine Learning for Addressing Societal Challenges: From Theory to Real-World Impact”
Abstract: Societal challenges involve complex decision-making by multiple self-interested agents. In our research, we delve into the development of game theory and machine learning-based methodologies and tools to tackle these challenges. In this talk, I will introduce our work with applications to cyber security, environmental conservation and food rescue. Moreover, I will cover our foundational research in inverse game theory, scalable game solving, and interpretable multi-agent reinforcement learning. These advancements are motivated by the real-world problems we have been working on and enable us to tackle more complex decision-making scenarios in the future.
Bio: Fei Fang is an Associate Professor at the Software and Societal Systems Department in the School of Computer Science at Carnegie Mellon University. Before joining CMU, she was a Postdoctoral Fellow at the Center for Research on Computation and Society (CRCS) at Harvard University, hosted by David Parkes and Barbara Grosz. She received her Ph.D. from the Department of Computer Science at the University of Southern California advised by Milind Tambe (now at Harvard).
Her research lies in the field of artificial intelligence and multi-agent systems, focusing on integrating machine learning with game theory. Her work has been motivated by and applied to security, sustainability, and mobility domains, contributing to the theme of AI for Social Good. She is the recipient of the Allen Newell Award for Research Excellence 2023, 2022 Sloan Research Fellowship, and IJCAI-21 Computers and Thought Award. She was named to IEEE Intelligent Systems’ “AI’s 10 to Watch” list for 2020. Her work has won the Best Paper Award at GameSec’23, Deployed Application Award at IAAI’23, Best Paper Honorable Mention at HCOMP’22, Best Paper Runner-Up at AAAI’21, Distinguished Paper at IJCAI-ECAI’18, Innovative Application Award at IAAI’16, the Outstanding Paper Award in Computational Sustainability Track at IJCAI’15. She received an NSF CAREER Award in 2021. Her dissertation is selected as the runner-up for IFAAMAS-16 Victor Lesser Distinguished Dissertation Award, and is selected to be the winner of the William F. Ballhaus, Jr. Prize for Excellence in Graduate Engineering Research as well as the Best Dissertation Award in Computer Science at the University of Southern California.
Prof. Giulia Fanti, CMU, “Gen-T: Reducing the Triage Cost of Distributed Tracing Using Generative Models”
Abstract: Distributed tracing (DT) is an important aspect of modern microservice operations. It allows operators to troubleshoot problems by modeling the sequence of services a specific request traverses in the system. Transmitting traces incurs significant costs, often forcing operators to use coarse-grained prefiltering or sampling techniques. This creates undesirable tradeoffs between cost and fidelity. We propose to circumvent these issues using recent advances in deep generative modeling. We envision the use of generative models to capture the semantic structure of collected traces in a lossy-yet-succinct way. Realizing this potential in practice is challenging. Naively extending ideas from the literature on deep generative models in time series generation or graph generation can result in poor cost-fidelity tradeoffs. In designing and implementing Gen-T, we tackle key algorithmic and systems challenges to make deep generative models practical for DT. We demonstrate practical integrations with industry standard frameworks (such as OpenTelemetry) and provide empirical evidence that Gen-T significantly outperforms conventional approaches in terms of cost-fidelity tradeoff. Our results reveal that Gen-T achieves a level of fidelity comparable to that of 1:15 sampling, which is more fine-grained than the default 1:20 sampling setting in the OpenTelemetry documentation, while maintaining a cost profile equivalent to that of 1:100 lossless-compressed sampling (i.e., a 7× volume reduction).
Bio: Giulia Fanti is an Associate Professor of Electrical and Computer Engineering at Carnegie Mellon University. Her research interests span the security, privacy, and efficiency of distributed systems. She is a two-time fellow of the World Economic Forum’s Global Future Council on Cybersecurity and a member of NIST’s Information Security and Privacy Advisory Board. Her work has been recognized with several awards, including best paper awards, a Sloan Fellowship, an Intel Rising Star Faculty Award, and an ACM SIGMETRICS Rising Star Award. She obtained her Ph.D. in EECS from U.C. Berkeley and her B.S. in ECE from Olin College of Engineering.
Dr. Daniel Kroening, AWS, “The Role of Compilers in Accelerating GenAI”
Abstract: Both training and inference in GenAI are compute intensive, and hence offer significant opportunities for delivering better performance and cost by advanced compiler optimizations. I’ll give a brief overview of AWS’s AI accelerator hardware powering AWS Trainium and Inferentia, and will explain how the technology behind the AWS Neuron Compiler for delivering AI workloads onto these platforms.
Bio: Daniel Kroening is a Senior Principal Applied Scientist at Amazon, where he works on the correctness of the Neuron Compiler for distributed training and inference. Prior to joining Amazon, he worked as a Professor of Computer Science at the University of Oxford and is the co-founder of Diffblue Ltd., a University spinout that develops AI that targets code and code-like artefacts. He has received the Semiconductor Research Corporation (SRC) Inventor Recognition Award, an IBM Faculty Award, a Microsoft Research SEIF Award, and the Wolfson Research Merit Award. He serves on the CAV steering committee and was co-chair of FLOC 2018, EiC of Springer FMSD, and is co-author of the textbooks on Decision Procedures and Model Checking.
Prof. Riccardo Paccagnella, CMU, “Timing Attacks on Constant-Time Code”
Abstract: The past two decades have seen the discovery of a slew of side-channel attacks where an adversary exploits hardware features to leak software's sensitive data. These attacks have shaken the foundations of computer security and caused a disruption in the software industry. In response, constant-time programming has emerged as the prevailing mitigation strategy. This approach involves writing code so that its execution does not create timing differences depending on secrets, a practice now common in security-critical software.
In this talk, I will introduce some of the first side-channel attacks that can leak secrets even from correctly implemented constant-time code. First, I will present Hertzbleed, which exploits CPU frequency scaling to turn power side-channels attacks into remote timing attacks. Second, I will present GPU.zip, which exploits software-transparent compression to expose visual data processed on GPUs. Third, I will present GoFetch, which exploits modern prefetchers to induce secret-dependent loads of non-architecturally accessed memory.
Bio: Riccardo Paccagnella is an assistant professor of computer science at Carnegie Mellon University. His research is in system and hardware security. His work has been recognized with several awards, including a MICRO Top Picks distinction, two Pwnie Awards for Best Cryptographic Attack, three Pwnie Nominations (for Most Innovative Research, Epic Achievement, and Most Under-Hyped Research), and a CSAW Best Paper Runner-up Award. In light of his research, the cryptographic community and several companies (including Cloudflare, Microsoft, Intel, Google, Apple, AMD, and Arm) have taken action that includes patching production-ready libraries, issuing security advisories, and creating new guidance for writing secure code. Riccardo earned his PhD from the University of Illinois at Urbana-Champaign, where he was awarded a David J. Kuck Outstanding PhD Thesis Award, a Siebel Scholars Award, and a Chirag Foundation Graduate Fellowship.
Dr. Andrew Schmidt, AMD, “Leveraging Ryzen AI’s Neural Processing Units in the Heterogenous Computing Landscape”
Abstract: As academic, research, and industry explore different computer architectures, such as Neural Processing Units (NPUs), we will describe the AMD Ryzen AI platform and AMD’s NPU. We present Riallto, an open-source exploration framework for first time users of the NPU developed by teams from the AMD Research and Advanced Development group and the AMD University Program. AMD Ryzen AI is the world’s first built-in AI engine on select x86 computers. This dedicated engine is built on the AMD XDNA spatial dataflow NPU architecture consisting of a tiled array of AI Engine processors and is designed to offer lower latency and better energy efficiency. Such processor arrays are also found in the Versal Adaptive SoC enabling rapid development and evaluation across heterogenous architectures. This integration optimizes efficiency by offloading specific AI processing tasks such as background blur, facial detection, and eye gaze correction, freeing up CPU and GPU cycles and enhancing system efficiency. With Ryzen AI-powered laptops or miniPCs, you can develop innovative applications and productivity solutions like Information search, summarization, transcription and so much more. Riallto lowers the barrier of entry and access to the AMD’s AI Engines (AIE) and includes a wealth of education material via Juypter Notebooks that makes understanding and using ML accelerators in an ever-increasing heterogenous environment. We are excited to share details of the hardware and software architecture with the community and see how the technology can be leveraged by their work.
Bio: Andrew Schmidt joined the AMD University Program in September 2023 and serves the North America region. Andrew leverages his expertise to drive innovation and collaboration within the academic community with the goal to remove barriers and reduce friction of students, researchers, and educators. Prior to joining AMD Andrew was a Senior Computer Scientist at USC's Information Sciences Institute leading projects focused on hardware assurance, hardware/software co-design, and heterogeneous distributed systems. Andrew's passion for technology education and research led him to join the AMD University Program where he works to promote the adoption of AMD technology in academic research and curriculum development. In today’s talk he will present an exploratory framework for Neural Processing Units and briefly demonstrate some of the open-source material available to the community.
Prof. Vyas Sekar, CMU, “Enabling Data-driven Innovation with Synthetic Data”
Abstract: Today in computer systems and security research, lack of access to realistic and diverse data from multiple deployments hampers innovation; e.g., products trained on data not representative of environment, there is no way to quantitatively assess products; machine learning workflows experiences data drift, and product audit/feedback is not quantitative. The result today is poor products, lack of transparency, lots of effort in debugging/reproduction/resolution, and impossibility to share insights across collaborators. In this talk, we will discuss our research outcomes on demonstrating the feasibility of using generative or synthetic data using Deep Generative Models (DGMs) to address these pain points for various tasks (e.g., telemetry, anomaly detection, model training). We have identified and addressed key fidelity, scalability, and privacy challenges and tradeoffs in existing approaches. By synthesizing domain-specific insights with recent advances in machine learning and privacy, we identify design choices to tackle these challenges. In this talk, we will present some of the key results from our work in applying these techniques to systems and security-relevant datasets and use cases.
Mini Bio: Vyas Sekar is the Tan Family Professor of Electrical and Computer Engineering in the ECE Department at CMU. He is also co-founder and Chief Technologist at Rockfish Data, and the Chief Scientist at Conviva. His research is broadly at the intersection of networks, systems, and security. His work has been recognized with the SIGCOMM Rising Star Award, NSA Science of Security prize, the Intel Outstanding Researcher Award, the SIGCOMM Test of Time Award, and multiple best paper awards.
Prof. Wenting Zheng, CMU and Opaque Systems, "Cryptographic Systems for Private and Secure Generative AI"
Abstract: The recent revolution in generative AI has enabled a wide range of applications, but also introduced emerging privacy and security challenges. Generative AI systems have been criticized for compromising data privacy and enabling the spread of misinformation. In this talk, I will discuss some ideas around building cryptographic systems that enable private and secure AI. In the first part of the talk, I will present Bolt (IEEE S&P 2024), a new system for privacy-preserving two-party inference for large language models (LLMs) using secure multiparty computation (MPC). With our system, a user can safely outsource prediction to a third party without revealing their sensitive data and or learning about the third party’s proprietary model parameters. In the second part, I will discuss LLM watermarking designs, which are a recently proposed method for detecting AI-generated content. I will present some fundamental design tradeoffs as well as guidelines for deploying such watermarking in practice.
Bio: Wenting Zheng is currently an assistant professor in the computer science department at Carnegie Mellon University. She is also a co-founder of Opaque Systems, a company based on her research in confidential analytics and machine learning. Her research interests are at the intersection of computer systems and cryptography. Recently, she has worked on building practical privacy-preserving systems using cryptography, and building systems for making cryptography more accessible. She is a recipient of the NSF CAREER Award, various faculty research awards from Google, Amazon, Cisco, Samsung, a Distinguished Paper Award at IEEE Euro S&P, IBM PhD Fellowship, and a Berkeley Fellowship. She obtained her Ph.D. in EECS from UC Berkeley.
Testimonials from Previous Workshops
Professor David Patterson, the Pardee Professor of Computer Science, UC Berkeley, “I saw strong participation at the Cloud Workshop, with some high energy and enthusiasm; and I was delighted to see industry engineers bring and describe actual hardware, representing some of the newest innovations in the data center.”
Professor Christos Kozyrakis, Professor of Electrical Engineering & Computer Science, Stanford University, “As a starting point, I think of these IAP workshops as ‘Hot Chips meets ISCA’, i.e., an intersection of industry’s newest solutions in hardware (Hot Chips) with academic research in computer architecture (ISCA); but more so, these workshops additionally cover new subsystems and applications, and in a smaller venue where it is easy to discuss ideas and cross-cutting approaches with colleagues.”
Professor Hakim Weatherspoon, Professor of Computer Science, Cornell University, “I have participated in three IAP Workshops since the first one at Cornell in 2013 and it is great to see that the IAP premise was a success now as it was then, bringing together industry and academia in a focused workshop and an all-day exchange of ideas. It was a fantastic experience and I look forward to the next IAP Workshop.”
Professor Ken Birman, the N. Rama Rao Professor of Computer Science, Cornell University, “I actually thought it was a fantastic workshop, an unquestionable success, starting from the dinner the night before, through the workshop itself, to the post-event reception for the student Best Poster Awards.”
Dr. Carole-Jean Wu, Research Scientist, AI Infrastructure, Facebook Research, and Professor of CSE, Arizona State University, “The IAP Cloud Computing workshop provides a great channel for valuable interactions between faculty/students and the industry participants. I truly enjoyed the venue learning about research problems and solutions that are of great interest to Facebook, as well as the new enabling technologies from the industry representatives. The smaller venue and the poster session fostered an interactive environment for in-depth discussions on the proposed research and approaches and sparked new collaborative opportunities. Thank you for organizing this wonderful event! It was very well run.”
Nathan Pemberton, PhD student, UC Berkeley (currently Applied Scientist at AWS), "IAP workshops provide a valuable chance to explore emerging research topics with a focused group of participants, and without all the time/effort of a full-scale conference. Instead of rushing from talk to talk, you can slow down and dive deep into a few topics with experts in the field."
Dr. Pankaj Mehra, VP Product Planning, Samsung (currently Professor at Ohio State University and Founder at Elephance Memory), "Terrifically organized Workshops that give all parties -- students, faculty, industry -- valuable insights to take back"
Professor Vishal Shrivastav, Purdue University, “Attending the IAP workshops as a PhD student at Cornell was a great experience and very rewarding. I really enjoyed the many amazing talks from both the industry and academia. My personal conversations with several industry leaders at the workshop will definitely guide some of my future research."
Professor Ana Klimovic, ETH Zurich, “I attended three IAP workshops as a PhD student at Stanford, and I am consistently impressed by the quality of the talks and the breadth of the topics covered. These workshops bring top-tier industry and academia together to discuss cutting-edge research challenges. It is a great opportunity to exchange ideas and get inspiration for new research opportunities."
Dr. Richard New, VP Research, Western Digital, “IAP workshops provide a great opportunity to meet with professors and students working at the cutting edge of their fields. It was a pleasure to attend the event – lots of very interesting presentations and posters.”