IEEE Cybersecurity Development Conference

September 30-October 2, 2018 | Cambridge, MA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy


Professor Dawn Song

Posted on: September 27th, 2018 by Yousef Iskander

Professor Dawn Song

August 8, 2018

How did you first get started in security?
I did my undergraduate degree in physics and then entered security when I switched from physics to computer science. There were a few main reasons why I decided to do security. It was still pretty early and the field was smaller than it is now but I felt that it was a very important problem that will increase in importance. I liked the fact that security is a great combination of theory and practice. There are deep theoretical foundations but at the same time, we are solving very practical problems that can have a huge impact in practice. I also like the interdisciplinary nature of security. It is one of the only fields where you can’t talk about on it on its own. It’s always security of something such as security of operating systems or security of networks. It even goes beyond computer science and intersects with economics, social sciences, psychology, and many, many other different domains. In almost any domain, you need to think about security issues, which makes it broad ranging and very exciting.

Given your work at the intersection of machine learning and security, what is a problem in this area that often gets overlooked?
It goes both ways in that there are important questions in how artificial intelligence (AI) and machine learning can help security and also how security can help AI and machine learning. We are at such an early stage and don’t know how to ensure security properties. Going forward, we will have AI and machine learning to help us make increasingly important decisions that range from financial to governance to home robots to manufacturing to self-driving cars and so on. Some of the work I’ve done with my collaborators in the recent past demonstrated that these deep learning systems are very easily fooled by attackers and this is something that the whole community still has very little experience with.

As one of the few professors teaching a course in blockchain, what do you find most compelling about this area of research?
I’ve been teaching classes in blockchain and also am now doing a startup called Oasis Labs. At Oasis Labs, we are building a privacy-first cloud computing platform on the blockchain that has a very unique set of properties and capabilities that provide strong privacy protections, scales for real world applications with decentralized trust so that you don’t need to rely on any central party. This is one reason why doing work both in research and building real world blockchain platform that can be deployed is really fascinating. It’s at the very forefront of technology and even human endeavors in certain domains. There are new computing technologies and platforms that the whole community has been developing that were not able to be enabled before. It’s not just a purely technological innovation. It’s a system that can potentially have transformative power in changing how business models work or how certain domains are structured. For example, removing intermediaries and decentralizing trust can address many issues where we have a monopoly in providing certain information. Blockchain is an exciting new area that people are talking about in similar ways to the early times of the internet. Certainly, there are parallels.

What are ways that academia can better communicate ideas to industry and vice versa?
In academia, we have a certain way of looking at things and certain aesthetics in what we think is elegant or important. The breakthrough ideas and key innovations are important but in industry, people care more about practical problems that can be solved such as how to create value or how to reduce costs. When researchers and academics talk to industry, they are wanting to essentially change their mindsets but need to think about important problems in industry that can help people and build things that people actually want to use. In academia, often times we also focus on the early stage of the ideas and it can take a really long time from the key foundational ideas to when something actually gets deployed. In one of my security classes, I actually ask my students this same question and why that is the case.

To summarize in a few points, it takes time for people in industry to understand and appreciate ideas from academia and to see how these ideas can be done in a form that is actually easily deployed and used. These are the important aspects that academics communicating with industry need to emphasize and keep in mind.