Cari amici, This is a quick re-announcement for a guest speaker we're hosting tomorrow (it was announced officially by the INF decanato, but some people -- me included! -- don't always read those): Yvo Desmedt, Thursday 14.12.2023 (tomorrow!), D1.14, 15:30 - 16:30 Title and abstract below. Join us in person or online at https://meet.jit.si/CQISeminarTalks Stay warm, Will Schober ---------------------------------------------------- SPEAKER: Yvo Desmedt TITLE: Are Clouds making our Research Irrelevant and Who is at Fault? ABSTRACT: Until recently, the user of a computer system was able to (at least to some degree) help decide security policies, such as which access and information flow control to use, which cryptographic algorithms to choose, how to secure databases in use, etc. Due to these choices, researchers were able to have an impact on what was deployed. In today's world, the Chief Information Officer (CIO) outsources online communication (replacing landlines), databases, e-mail, storage, voting, WWW, etc., to clouds. These do not use open source and do not disclose their design. So, the security is left to the designer and the user is completely left in the dark. Since most programmers never took a course in information security, we should assume the worst. In this presentation we justify several positions: (i) we make the claim that clouds have lowered our information security; (ii) we wonder whether CIOs compare competing clouds on their security properties and ask independent experts for their advice; (iii) one finds that self-acclaimed experts often lack basic knowledge; (iv) that research is becoming irrelevant. We also wonder who is at fault for these problems and how we can address them.