The principle of data minimization is foundational to privacy and security, yet putting it into practice remains a significant challenge. This talk develops language-based data minimization and demonstrates how to enforce it in practice across modern data-driven systems. We explore how the semantics of user-defined automation logic can be analyzed to derive minimal data-access requirements. We leverage program dependency analysis and deferred computation to enforce data-access minimization in some cases even in adversarial environments, without requiring trust in the execution platform. Our approach spans both static and dynamic enforcement techniques and accommodates features such as queries and nondeterminism. We showcase its effectiveness for Trigger-Action Platforms (TAPs) through the development and empirical evaluation of tools such as minTAP and LazyTAP.

Bio: Andrei Sabelfeld is Professor at Chalmers University of Technology, Visiting Professor at KTH Royal Institute of Technology, and, previously, Researcher at Cornell University in Ithaca, NY, USA. Andrei’s research spans from foundations to applications in a range of topics including software security, web security, IoT security, security foundations, and applied cryptography. He is a recipient of a number of prestigious prizes and awards from ERC, KAW, SSF, VR, WASP, Chalmers, Amazon, Google, Meta (Facebook), and OpenAI.

Secure multiparty computation (MPC) allows mutually distrusting parties to jointly compute a public function of their private inputs, while hiding the inputs from each other. MPC protocols have been an object of study since the 1980s, and recent years have seen interest in deployment. While a formal security analysis is the standard for new MPC protocols, it is currently unclear how these security guarantees exactly translate into implementations. In this talk I will discuss some sources of gaps between theory and practice of MPC security, and what we can learn about analyzing the security of practical MPC protocols.

Bio: Sabine Oechsner is an Assistant Professor in Cryptography at the Vrije Universiteit Amsterdam. Her research focuses on provable security for cryptographic protocols, as well as formal methods for cryptography. Sabine received her PhD in Computer Science from Aarhus University, Denmark.