Abstract: Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can reveal sensitive information about the users, such as, life style, political and religious inclinations, or even
Abstract: Intel Software Guard Extension (SGX) is an extension to the x86 instruction set that enables an application to isolate code and data in a container, called enclave. SGX hardware protects the enclave code and data against a malicious operating system, hypervisor, and even low-level firmwares. In particular, the hardware protects the confidentiality of enclave
Abstract: Eye tracking devices have recently become increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to individuals, analyzing person’s gaze is particularly attractive for effortless biometric authentication. We build upon the fact that some eye movements can
Abstract: Current security systems such as Tor make use of cryptographic approaches to achieve their properties — however, common cryptographic approaches do not provide any guarantees of the code that has executed. Thanks to the commodity Intel SGX execution environment, which offers a remotely verifiable isolated execution environment called enclave, we can achieve strong security
Abstract End-users often struggle with security systems that are too difficult to use and not designed to fulfil the users’ needs. In the current age, disruptive technologies are proliferating rapidly and a plethora of devices is interconnected and exchanges data. This always-online paradigm poses significant challenges to users as the underlying information-sharing models are difficult
Abstract When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can
Abstract Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. However, in many scenarios these methods mine and validate overly permissive rules. We define a novel measure, reliability, that improves upon other standard measures like accuracy and entropy in quantifying how overly permissive a rule is. We build upon subgroup
Abstract Security architectures such as Intel SGX need protection against rollback attacks, where the adversary violates the integrity of a protected application state by replaying old persistently stored data or by starting multiple instances of the same application. Successful rollback attacks would have serious consequences on applications such as financial services. In this paper, we
Abstract The Trusted Platform Module (TPM) is an international standard for a security chip that can be used for instance of the management of cryptographic keys and for remote attestation. The specification of the most recent TPM 2.0 interfaces for direct anonymous attestation unfortunately has a number of severe shortcomings. First of all, they do
Abstract: In recent years, encrypted databases have emerged as a promising direction that provides data confidentiality without sacrificing functionality: queries are executed on encrypted data. However, existing practical proposals rely on a set of weak encryption schemes that have been shown to leak sensitive data. In this talk, I will present a new system Arx,