The Security Engineering University Relationship Framework (SURF) is an initiative within the Firefox security engineering team to improve relations with privacy and security researchers. SURF includes a variety of possible relationships but is focused on building long-term relationships with researchers and organisations. The goal of SURF projects is to explore topics that are outside of Mozilla’s immediate product needs, influence Mozilla’s long-term product development and vision.
On November 12th the first SURF summit was held in London. SURF summits are an opportunity for researchers and Mozillians to get together and exchange ideas. This very first summit, organised by Thyla, was attended by a number of Mozillians, UK academics, and grad students.
Four Mozillians presented challenges they are currently facing, pitching possible research challenges.
- Steven Englehardt talked about the need for tracking protection
- Christoph Kerschbaumer talked about preventing data exfiltration from the browser
- I talked about securely implementing cryptography
- Thyla van der Merwe talked about Tor at scale
There were also two invited speakers. Lorenzo Cavallaro introduced us to TESSERACT, an attempt to elliminate experimental bias in malware classification systems. And Stefan Brunthaler talked about software diversity as possible solutions to spectre-like attacks (no slides online yet). In two rounds grad students also presented ongoing work on MPC, Primality Testing, Blockchains, and UnlimitID in lightning talks.