June 20, 2025; San Francisco
5:00 PM – 5:15 PM | Social + Sorting Hat Game
- Mechanic: Guests self-identify interested breakout topic with sticker/badge:
- Opening town hall: what is the state of AI infra security? What are the key use cases of confidential compute in AI infra security?
5:15 PM – 6:00 PM | Compass Calibration
- Quintus Kilbourn | Why trustless TEEs? (15min) [slides]
- Dan Boneh (Roast Master): where does trustless TEE fit within applied cryptography research context?; highlight design challenges (15min)
- Daniel Genkin | Troubled Execution Environments: How Stuff Gets eXposed (15min)
- Andrew Miller (Roast Master): When SGX switched from client to server, Intel got rid of the merkle tree securing memory. Wat do?
6:00 PM – 6:15 PM | Attacks
- Demo: Jacob Lagerros – Side channel box (power leakage attacks) [video from other event]
- Demo: Luc Chartier — Covert channel box (malicious model, power leakage) (slides)
6:15 PM – 6:30 PM | Defense
- Demo: Jonathan Happel – Tamper mesh hardware defense
- Demo: Mehmet Sencan – Blowing up chips for fun and security
6:30 PM – 7:00 PM | Lightning Talks
- Andrew Miler | Agency Engineering - OAuth3 for the Agentic Web (Slides)
- John McMaster | FOSSF Secure Silicon (Slides)
7:00 PM – 8:30 PM | Breakouts
- Whiteboard 1: Architecting the ideal security machine from the silicon up
- Michael Gao + Sagar + John McMaster
- Whiteboard 2: Plugging the gaps all the way down
- Daniel Genkin + Cristina Garman
- Design jam: Agent Engineer - OAuth3
- Andrew Miller + Xinyuan Sun
8:30 PM – 9:00 PM | Showtime
- Breakout presentations