Other articles


  1. Writing (successful) ERC grants in Europe

    In 2018, when I moved from Purdue University in the US to EPFL in Switzerland, I had the opportunity to apply for an ERC H2020 starting grant in computer science. ERC starting grants are similar to the NSF Career award and can be submitted up to 7 years after completing …

    read more
  2. Second factor on VPNs considered harmful

    Due to the risk of "cyber threats", many universities are switching to second factor authentication to log into their VPNs. Many companies moved to second factor for VPN authentication quite some time ago to protect their perimeter from external access. The idea is that users have to provide two factors …

    read more
  3. PhD at EPFL, in Europe

    Every December a lot of prospective students reach out to faculty regarding PhD programs. This is the time where we review the students and assess their skills and potential along many dimensions such as past research, research ideas, engineering capabilities, and systems experience. These discussions along with the submission of …

    read more
  4. Positive reviewing in software security

    Yesterday we concluded the NDSS20 PC meeting. In total, 12% of papers were accepted, 6% now have a short fuse major revision opportunity, in line with other top tier conferences. The PC chairs handled the meeting well, striving for positivity and feedback for the authors. Overall, this was a great …

    read more
  5. The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes

    Software contains bugs and some bugs are exploitable. Mitigations protect our systems in the presence of these vulnerabilities, often stopping the program when detecting a security violation. The alternative is to discover bugs during development and fixing them in the code. Despite massive efforts, finding and reproducing bugs is incredibly …

    read more
  6. SMoTherSpectre: transient execution attacks through port contention

    Side channel attacks such as Spectre or Meltdown allow data leakage from an unwilling process. Until now, transient execution side channel attacks primarily leveraged cache-based side channels to leak information. The very purpose of a cache, that of providing faster access to a subset of data, enables information leakage. While …

    read more

Page 1 / 8 »

links

social