Another year, another CCC. As every year, I went to Hamburg to appreciate all galactic life forms in their diverse multi-dimensional environment. My goal this year was the usual meet ups with friends I haven't seen in a long time, get inspired for new research directions, to catch some talks …
read moreOther articles
AISec and the exploration of the Chinese soul
Just a few weeks ago, Chao Zhang invited me to a workshop in AI security at Tsinghua University in Beijing. Chao and myself overlapped as post docs in Dawn Song's BitBlaze group at UC Berkeley and we're both deeply interested in low level systems security, binary analysis, fuzzing, and mitigation …
read moreDroidot: Vulnerable Native Libraries on Android
Android is a complex platform with diverse, concurrently running services. Looking at user-space the assumption is that each app is isolated from all others running on top of the rich Android runtime system. Unfortunately, the available system libraries are heavily limited and Android apps often ship diverse libraries. These libraries …
read moreNASS: Fuzzing Native Android System Services
Android is a complex platform with diverse, concurrently running services. In the past, we focused on privileged components such as fuzzing the secure monitor with EL3XIR, targeting trusted applications, or even surveying the use of rollback counters in trusted applications.
As more and more components get secured and hardened, we …
read moreSuRI'25 on Security, Systems, and Formal Methods
The Summer Research Institute (SuRI) is a premier venue to discuss recent research results. Each year we invite the top faculty in a given topic to present their research in front of an interested crowd of students, faculty, researchers, fellows from EPFL, the Vaud area, Switzerland, and abroad.
This year …
read moreNDSS25: Exploring San Diego
What a great time at the NDSS Symposium in San Diego. While it is always about meeting friends, catching up on projects, discussing new and exciting research and looking for potential collaborations, the HexHive lab also had the pleasure to present a total of four research papers at this conference …
read moreType++: A Type-Safe C++ Dialect
The C++ language combines a massive potential for raw power with the massive risk of type and memory safety violations. The developer is inherently responsible for securing all executed code and to guarantee type safety and memory safety. We are particularly focused on type safety. In C++, developers can cast …
read moreDumpling: dumping fine-grained execution state
JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code, dynamically translating complex programs into efficient code. On the other end, the code may be controlled by an attacker that is trying to exploit bugs in …
read moreQMSan: discovering uninitialized memory errors in binaries
Sanitizers serve as the primary bug detection Oracle during automated testing. They "crash" the program gracefully and tell the fuzzer when and where a bug was triggered. The most well-known sanitizer is ASan or AddressSanitizer which adds redzones around memory objects to detect whenever an access is out-of-bounds. MSan or …
read more