2023 Security and Trustworthy Computing Research Summary – 14 Papers Accepted at Top International Conferences

At the end of 2023, Ant Group and its research partners presented fourteen papers on security and trustworthy computing that were accepted at leading international conferences, including USENIX Security, ACM CCS, USENIX ATC, and others. The work spans privacy‑preserving computation, data security, network security, AI security, and system security, and many of the results have already been deployed in Ant Group products or released as open‑source projects.

Paper 1 – Squirrel: A Scalable Secure Two‑Party Computation Framework for Training Gradient Boosting Decision Tree (USENIX Security 2023). Authors: Lu Wenjie, Huang Zhichong, Zhang Qizhi, Wang Yuchen, Hong Cheng. The paper proposes a two‑party MPC framework that accelerates GBDT training by more than 30× compared with the previous best system, while offering stronger security guarantees. https://eprint.iacr.org/2023/527

Paper 2 – KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations (USENIX Security 2023). Authors: Yin Tingting, Gao Zicong, Xiao Zhenghang, Ma Zheyu, Zheng Min, Zhang Chao. The authors design a fuzzer that replaces PAC‑based mitigations through static instrumentation, enabling efficient discovery of kernel vulnerabilities on Apple Silicon devices. https://www.usenix.org/system/files/usenixsecurity23-yin.pdf

Paper 3 – SecretFlow‑SPU: A Performant and User‑Friendly Framework for Privacy‑Preserving Machine Learning (USENIX ATC 2023). Authors: Ma Junming et al. The work introduces SPU, a compiler‑runtime system that lets existing ML programs run under MPC with minimal code changes and superior performance under three‑party semi‑honest protocols. https://www.usenix.org/conference/atc23/presentation/ma

Paper 4 – OOM‑Guard: Towards Improving The Ergonomics of Rust OOM Handling via A Reservation‑based Approach (ESEC/FSE 2023). Authors: Chen Chengjun, Zhang Zhichong, Tian Hongliang, Yan Shoumeng, Xu Hui. The authors propose a reservation‑based mechanism that moves most allocation‑failure handling to a single reservation check, dramatically simplifying OOM management in Rust. https://dl.acm.org/doi/10.1145/3611643.3616303

Paper 5 – Efficient 3PC for Binary Circuits with Application to Maliciously‑Secure DNN Inference (USENIX Security 2023). Authors: Li Yun, Duan Yufei, Huang Zhichong, Hong Cheng, Zhang Chao, Song Yifan. The paper presents a new three‑party protocol for Boolean circuits that outperforms prior BGIN and FLNW schemes in both computation and communication costs, demonstrated on maliciously‑secure DNN inference. https://eprint.iacr.org/2023/909

Paper 6 – Privacy‑Preserving End‑to‑End Spoken Language Understanding (IJCAI 2023). Authors: Wang Yinggui, Huang Wei. The authors introduce a multi‑task SLU model that isolates privacy‑sensitive information in dedicated latent dimensions, achieving higher accuracy than existing SOTA methods while protecting user speech privacy. https://www.ijcai.org/proceedings/2023/0580.pdf

Paper 7 – SHELTER: Extending Arm CCA with Isolation in User Space (USENIX Security 2023). Authors: Zhang Yiming et al. The work extends Arm’s Confidential Computing Architecture (CCA) to provide user‑space memory isolation without trusting the host OS or hypervisor. https://www.usenix.org/system/files/usenixsecurity23-zhang-yiming.pdf

Paper 8 – Counterfactual‑based Saliency Map: Towards Visual Contrastive Explanations for Neural Networks (ICCV 2023). Authors: Wang Xue, Wang Zhibo, Ong Haiqin, Guo Hengchang, Zhang Zhifei, Jin Lu, Wei Tao, Ren Kui. The authors propose a contrastive explanation method that generates paired positive/negative saliency maps via counterfactual perturbations, satisfying effectiveness, sparsity, and distribution‑closeness. https://openaccess.thecvf.com/content/ICCV2023/papers/Wang_Counterfactual-based_Saliency_Map_Towards_Visual_Contrastive_Explanations_for_Neural_Networks_ICCV_2023_paper.pdf

Paper 9 – Devil in Disguise: Breaching Graph Neural Networks Privacy through Infiltration (ACM CCS 2023). Authors: Meng Lingshuo, Bai Yijie, Chen Yanjiao, Hu Yutong, Xu Wenyuan, Ong Haiqin. The authors present Infiltrator, a black‑box attack that creates malicious nodes to infiltrate a graph and infer victim node labels, edges, and attributes without any prior knowledge of the victims. https://dl.acm.org/doi/10.1145/3576915.3623173

Paper 10 – Black‑box Dataset Ownership Verification via Backdoor Watermarking (IEEE TIFS 2023). Authors: Li Yiming, Zhu Mingyan, Yang Xue, Jiang Yong, Wei Tao, Xia Shuta. The paper proposes a black‑box method that embeds a backdoor watermark into a dataset; ownership is later verified by querying the trained model for the watermark trigger. https://arxiv.org/abs/2209.06015

These works collectively demonstrate Ant Group’s commitment to advancing security‑critical technologies and fostering collaboration between industry and academia.