Abstract

"Privacy-Enhancing Technologies (PETs) are foundational for a future where data can be used without compromising privacy. While the community has largely focused on advancing the cryptographic foundations of PETs, real-world security of PETs is threatened by the very software systems designed to make them accessible, including PET-oriented compilers and frameworks.

The goal of my research is to ensure that the practical systems supporting PETs are dependable. In this talk, I will present my work on developing novel, automated techniques to systematically uncover critical vulnerabilities in the software systems of PETs. I will show two thrusts of my research: (1) automatically discovering severe logic bugs in domain-specific compilers for PETs, and (2) identifying and mitigating new, subtle security risks in PET-enhanced machine learning frameworks. The tools from this research have uncovered dozens of bugs (some with high security impact) in high-stakes PET systems and have been adopted by leading PET industry users. I will conclude by discussing my future research vision towards building provably dependable PET ecosystems."

About the speaker

Dongwei Xiao is currently a Postdoctoral Fellow at the Hong Kong University of Science and Technology, working with Prof. Shuai Wang. He earned his PhD degree from the same institution. During his PhD study, he conducted research as a visiting student at ETH Zürich with Prof. Zhendong Su. He has published papers at venues like NDSS, PLDI, and ICSE, and received an ACM SIGSOFT Distinguished Paper Award in 2023. He will join the University of Birmingham as an Assistant Professor in the Fall of 2026.