Android is a complex platform with diverse, concurrently running services. In the past, we focused on privileged components such as fuzzing the secure monitor with EL3XIR, targeting trusted applications, or even surveying the use of rollback counters in trusted applications.
As more and more components get secured and hardened, we …
read moreThe Summer Research Institute (SuRI) is a premier venue to discuss recent research results. Each year we invite the top faculty in a given topic to present their research in front of an interested crowd of students, faculty, researchers, fellows from EPFL, the Vaud area, Switzerland, and abroad.
This year …
read moreWhat a great time at the NDSS Symposium in San Diego. While it is always about meeting friends, catching up on projects, discussing new and exciting research and looking for potential collaborations, the HexHive lab also had the pleasure to present a total of four research papers at this conference …
read moreThe C++ language combines a massive potential for raw power with the massive risk of type and memory safety violations. The developer is inherently responsible for securing all executed code and to guarantee type safety and memory safety. We are particularly focused on type safety. In C++, developers can cast …
read moreJavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code, dynamically translating complex programs into efficient code. On the other end, the code may be controlled by an attacker that is trying to exploit bugs in …
read moreSanitizers serve as the primary bug detection Oracle during automated testing. They "crash" the program gracefully and tell the fuzzer when and where a bug was triggered. The most well-known sanitizer is ASan or AddressSanitizer which adds redzones around memory objects to detect whenever an access is out-of-bounds. MSan or …
read moreHypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each other, enabling strong isolation and security guarantees. In cloud environments, hypervisors separate non-trusting virtual machines and an attacker may try to compromise and gain access to …
read moreAre you tired of publishing SPAM? Join me on a journey to set up simple blocklists to auto-filter based on origin and sender for Postfix mail servers.
If you're in academia, you likely know publishing SPAM. For those that are not (or missed out on the pleasure so far), publishing …
read moreAnother year, another CCC. It's been a long road from Berlin to Leipzig and Hamburg. Each year, I repeat the ritual of going to the "Kongress", the most amazing hacker get together in the world. The Kongress is special, hackers of all denominations meet, engage, hack, and enjoy a few …
read morePage 1 / 9 »