Day 2 in Copenhagen
Tuesday is off to an early start - with a keynote speech by Lorrie Faith Cranor on the role of researchers as information providers for policymakers, for example when it comes to formulating password requirements or developing security labels for applications in the Internet of Things. The auditorium was quite full, even if not everyne could make it out of bed in time. After the keynote, I meet PhD student Faezeh Nasrabadi. At first glance, I can see how nervous she is. It's her first time presenting at a conference and she says (more to herself than to me): "I just have to stay calm and speak slowly. There are a lot of important people there. Which tea calms you down?" She fiddles excitedly in the tea box and accepts my admittedly somewhat boring recommendation for chamomile tea. I try to encourage her: "You've been working on the paper for a long time, you know exactly what you're talking about. You'll manage. I'm always very nervous before presentations too. I can totally relate to that." Faezeh presents the CryptoBap platform she developed, which can be used to verify the weak secrecy and authentication for the machine code of cryptographic protocols. Admittedly, I understand very little about this. The room is very small and the air is stuffy, yet Faezeh has to speak loudly to get through. She speaks freely, is confident, maintains eye contact with the audience. Only because I know how excited she was do I hear a very slight tremor in her voice. We talk briefly afterwards, the trembling annoys her. I just find it endearing.
During the breaks, I enjoy chatting with our colleagues from the CASA Cluster of Excellence, which is based at the Horst Görtz Institute for IT Security (HGI) at Ruhr University in Bochum. They admit that our attendance at USENIX in August inspired them to come here to CCS with an information booth. Throughout the day, they have their hands full getting their beautifully designed comics, stickers and their mascot, the CASAfant, out to people. CASA is familiar to me not only because they are an important competitor in the field of cybersecurity research, but also because it was CISPA-Faculty Thorsten Holz's last stop before he moved to CISPA. The discussions with the Casa press team about how we can make cybersecurity understandable and accessible to even more people are very valuable to me. It's not an easy topic to communicate; many people don't want to look at it in depth because they tend to ignore the dangers in everyday life. But it's a really exciting field that is becoming more and more relevant every day.
I also meet Soheil in the foyer, where the noise level seems to increase steadily from hour to hour. He is a PhD student in the team of CISPA-Faculty Giancarlo Pellegrino, who is sad that Soheil will soon complete his PhD studies and then move on. Soheil is a striking PhD candidate. He produces one top paper after another and is one of the friendliest and most polite people I know. He is clearly enjoying his visit to CCS: "CCS has a wider variety of topics than USENIX, for example, which focuses mainly on system and web security," he tells me, explaining the differences.
Florian Hantke, who joins us, confirms this. "Many crypto people also present their work here, for example, because these topics are often excluded from other IT security conferences. So they either attend CCS or the special crypto conferences." When asked whether he also attends talks on encryption techniques, Florian laughs: "No, I don't understand enough about that. It's too mathematical for me. I'm not that strong in that area." And indeed, to me too, cryptographers seem to be a group of their own. One of the encryption experts at CISPA once raved to me about "the beauty of mathematics". As a literary scholar, I can only nod in friendly but disbelieving agreement.
Florian's topics are more tangible for me. He is researching web security in Ben Stock's team and will be presenting one of his papers here the next day. Apart from that, I see him chatting to people all the time. "I just like talking to people and I've written down a few names of researchers. I'm going to take a closer look at their work. The paper presentations in the tracks are more like a teaser. The poster sessions are really interesting. You can find out a lot more over a glass of wine. You can ask more specific questions. Sometimes I discover methods that I didn't know about and then ask myself whether I could use them in my own research. Such insights can be very useful," he explains.
The evening is a real highlight: The previously promised banquet to celebrate CCS anniversary, which includes the presentation of awards for the best papers. As we enter the Tivoli's largest auditorium, we are greeted by a dozen rows of tables, each seating around 80 people and beautifully arranged. During the award ceremony, we are served a three-course menu of the very finest quality. This is far beyond the standard of these conferences and a mammoth task for the service team, who master it with flying colors.
Cas is not as quick as we are to sit down and eat. He hands out certificates to the 17 researchers whose papers receive a Distinguished Paper Award and are thus once again recognized among the outstanding papers here. An Outstanding Contribution Award, an Outstanding Innovation Award and the respective Runner-ups will also be presented. A special honor will be bestowed on two papers that were published ten years ago. The researchers involved will receive a Test of Time Award. These awards recognize work that has had a lasting impact on research in a particular field by opening up new research directions, developing new technologies or making new discoveries that have contributed to a better understanding of security risks. We are thrilled when it is announced that Aurore Fass and Wouter Lueks, who are both Faculty at CISPA, receive Best Reviewer Awards. According to the jury, their paper reviews demonstrate particular commitment and high quality.
As I have just finished the main course and am already looking forward to dessert, a young man suddenly approaches our table. He hands out trading cards supposedly featuring CISPA- Faculty with names like Mark Blokcyfer or Rete Firewallson. I laugh, look him in the face and say: "You do realize that you're trying to sell these cards to the people who brought the originals?" That doesn't seem to bother him at all. To explain: CISPA-Faculty Ben Stock had come up with a special idea for this year's CCS. At the big conferences, CISPA regularly organizes its own networking events where up-and-coming researchers have the opportunity to exchange ideas with our senior scientists in a small group. This time, admission was to be granted to anyone who spoke to five of our Faculty in advance and collected a collector's card from another Faculty, peppered with fun facts about the person. The cards were a coveted commodity at CCS and encouraged imitators like the young man standing opposite me. Needless to say, I got into the collecting business and now have them all: from Sven Bugiel to Rete Firewallson.
After the banquet, the tables are cleared away and a huge dance party begins. We are invited to another event that evening and unfortunately miss this part of what is already a pretty perfect evening. On the way back to the hotel, however, we have an exciting conversation with CISPA-Faculty Ali Abbasi, who has been at CISPA for around a year and with whom I haven't had much contact before. He tells me about his great passion: satellites. The fact that many of them are now in low Earth orbit means that they are also within reach of attackers. "For a long time, it was assumed that satellites were unreachable and therefore secure. But LEO satellites have numerous connectivity functions." You can hear his enthusiasm in every word he says. His next goal: "I want to launch a cybersecurity satellite into space. The talks are already underway." Throughout the conversation, I ask myself whether I have any idea why so many satellites are actually put into orbit, but I don't want to interrupt him to ask this trivial question. In case anyone else is wondering, satellites provide us with data for weather forecasts, navigation and air traffic, broadcast our television programs and are used for military reconnaissance. Increasingly, they are also being used to set up broadband Internet.
"I want to launch a cybersecurity satellite into space. The talks are already underway."
Back in the foyer of the Tivoli, the aftermath of the party is still visible. The last beer is being shared between the last guests when Cas sees us and approaches us, beaming with joy. "We've just had a monster party here. It's never been like this before. Hundreds of people were dancing and having fun. Simply fantastic." At that moment, all the pressure and the burden of organizing seems to have fallen away from him. Whenever I meet him the next day, he strolls through the foyer, highly relaxed, with his arms crossed behind his back, chatting here and there and just seems content. I ask him if he still enjoys the exchange after these long days. His answer: "Yes, you know. Somehow I'm reaping here what we've sown over the past few months. And I can make a difference. Whenever I talk to PhD students and tell them that one day they will do the job I have taken on here as PC Chair, they look at me in disbelief. But it's true. Many of them will eventually help shape these conferences as professors and senior scientists. When I then admit that this also makes me nervous, I see how they are first amazed and then relieved. It's nice to have this exchange."
On days 3 and 4, Sven Bugiel and Ben Stock show us how previously ownerless papers get to reviewers. Sahar Abdelnabi wins a prize for revealing how insecure chatbots like ChatGPT are, and we look forward to going home after the conference hustle and bustle.