The 2021 European Joint Conferences on Theory and Practical Software (ETAPS) were held in March this year under the general chairship of SnT’s Prof. Peter Ryan. ETAPS is an umbrella event covering four smaller sub-conferences, focusing on programming, software engineering, computation structures, and systems analysis respectively. Bringing these four conferences together into one event offers researchers a unique opportunity to attend talks across subjects and engage with colleagues across disciplines. We spoke to Prof. Ryan about the conference and his research.
Congratulations on wrapping up the ETAPS 2021 Conference! How was it this year?
Good! It was a very successful conference – the quality of the talks was excellent and we had well over 600 participants, a significant increase on previous years. In 2020, the conference was completely cancelled because of the then-new COVID crisis. This year we hosted many of the 2020 talks, keynotes and awards. That – combined with the ease of remote participation – increased our attendance.
You held the conference completely remotely this year?
Yes, we did. We used a combination of streaming services like Zoom and a social website called Gathertown to organise a fully digital conference. Personally, I really prefer getting to see people and mix in person, but in the future, I do hope we keep some elements of the virtual conference. Having recordings of the talks, for example, is very useful. But it is hard to virtually replicate the kind of natural collaboration that emerges around the coffee stations and lunch tables at traditional conferences. The community is often the most valuable part of any of these conferences, so I am looking forward to having that available to us again next year.
Is that what originally drew you to the ETAPS conference – the community?
Well, to be perfectly honest, no! I came to ETAPS through a little bit of a round-about route. You see, the conference’s theme – the theory and practice of software – is peripheral to my own personal research interests, cryptography and security. My home community is based more around the computer security conference ESORICS, which I most recently chaired in 2019. I originally came to ETAPS with my very specific perspective, looking just at software security, when I gave a tutorial about the design and analysis of verifiable voting systems at ETAPS 2016 in Eindhoven. I think the tutorial must have left a good impression because when the ETAPS team decided that Luxembourg would be a good location to hold the 2021 conference, they reached out to see if I was willing to chair it. I was delighted that they thought of me. Security may not be at the heart of every question my colleagues at the ETAPS conference examine, but it is a vital part of any good software system and conversely, the tools and techniques that are being developed by people in the ETAPS community are highly relevant to information security.
What’s the biggest difference between software research and computer security research?
The biggest, most important difference is the presence of an adversary. In computer security, you need to consider what a malicious, motivated human might try to do to get around your security measures. In general software engineering, the end-user may well be unskilled – but they aren’t malicious and errors typically occur at random. That’s a really important distinction. While both disciplines are human centred, security is more human centred. Actually, doing computer-security research can be a lot like playing chess. You need to take into account that your opponent is also planning a few steps ahead and that they also have a strategy. I think that’s actually what drew me to security research in the first place. I was an avid chess player as a child and to this day I really enjoy dynamic, adversarial puzzles like chess and Go. Computer security research is just another arena for this special type of mind sport.
Does that mean that in your work today, you find yourself spending less time and energy thinking about your tools – the cryptography, the engineering, the maths – than about that human adversary?
Yes, and that trend is only increasing. Nowadays, I am thinking not only about the adversaries but also about the honest human end users of the systems I develop. In the past, when cryptography was first used, only very special information needed to be protected, and everyone who used it was very highly motivated. End users accepted working with complicated systems as long as they were effective. But with the internet and digital technologies, the amount and types of information that is now vulnerable to attack has massively expanded. We’re asking regular consumers to be good stewards of their own digital information, but there’s a limit to the mental space people have available to them; as the amount they need to protect grows, many people struggle to maintain the discipline needed to stay secure. Security, if anything, gets in people’s way, and it gets in the way of the tasks they want to do. We need to convince them that security measures – for which the upside isn’t obvious because the best-case scenario with security is that nothing bad happens – are worth it. So when I design a secure system now, I think not only about the adversary but also about the end-user. The challenge is to beat that adversary, without alienating the person I’m ultimately trying to protect.
Do you have an example you can share from your work about navigating that balance?
Secure voting is a really good example of this. I got into secure voting because the human element is really crucial – more so than in most other areas. When designing a secure voting system, we need to prepare for an adversary by ensuring the outcome of the election is not only correct, but demonstrably correct. We have to deal with an especially powerful adversary who may interact with the users (voters), giving them instructions and demanding that they reveal secrets such as credentials, for example. Beyond that, we also need to ensure voters can easily use our system. We needed to design something that embodies the democracy it enables. A voting system that is so secure it becomes byzantine, to the point of being unusable, isn’t democratic anymore. Neither is a system that isn’t private, which opens up the possibility of vote buying or coercion. I’ve developed a number of secure voting systems over the years, and it is exactly this complex human element that keeps drawing me back to them. It is the ultimate game of chess.