Abstract: The Arm Advanced eXtensible Interface (AXI) protocols are widely used in bus implementations that connect processors, accelerators, memories, and other IP cores. Any bugs in these implementations can pose a security risk to the correctness of the connected IPs. Malicious or third-party IPs can use such implementation bugs to bypass security mechanisms employed at
Abstract: Shufflecake (ACM CCS 2023, DEF CON Demo Labs 2023) is a toolfor Linux that allows to create multiple hidden volumes on a storagedevice in such a way that it is very difficult, even under forensicinspection, to prove the existence of such volumes. This is useful forpeople whose freedom of expression is threatened through coercion
Abstract: Preventing abusive activities caused by adversaries accessing online services at a rate exceeding that expected by websites has become an ever-increasing problem. CAPTCHAs and SMS authentication are widely used to provide a solution by implementing rate limiting, although they are becoming less effective, and some are considered privacy-invasive. In light of this, many studies
Abstract: Hack-A-Sat was a 4-years long aerospace-inspired cybersecurity competition organized by the US department of Air and Space force. After three simulated editions, this year’s competition finals took place on a real satellite in orbit – called Moonlighter – and the Italian team mhackeroni won it. This talk overviews the Hack-A-Sat competition, what types
Abstract: Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot securely use accelerators such as GPUs and FPGAs. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design, an upcoming TEE feature in Armv9-A, to address this gap. We observe that
Abstract: Count-Min Sketch (CMS) and HeavyKeeper (HK) are two realizations of a compact frequency estimator (CFE). These are a class of probabilistic data structures that maintain a compact summary of (typically) high-volume streaming data, and provide approximately correct estimates of the number of times any particular element has appeared. CFEs are often the base structure
Abstract: With the recent hype around the Metaverse and NFTs, Web3 is getting more and more popular. The goal of Web3 is to decentralize the web via decentralized applications. Wallets play a crucial role as they act as an interface between these applications and the user. Wallets such as MetaMask are being used by millions
Abstract: Chain-key Bitcoin (ckBTC) is a Bitcoin “layer 2” built on top of the Internet Computer blockchain (IC). It enables both individuals as well as IC smart contracts to transact the deposited Bitcoin cheaply and with a much higher throughput compared to the Bitcoin network. Crucially, ckBTC has no additional trust assumptions other than those
Abstract: Since the introduction of Intel SGX nearly a decade ago, the Confidential Computing industry has been growing significantly. In this talk, we’ll look at how secure architectures are being deployed and used today: what underlying primitives are available from hardware vendors, what infrastructure providers are making available, and how to write software using all
Abstract: Mozilla curates a set of root certificate authorities to validate hostnames for TLS in the Firefox browser. Many other software projects, such as Tor Browser and ca-certificates simply follow Mozilla’s list; other entities, such as Apple and Microsoft, make their own decisions for inclusion with considerations for Mozilla’s decisions and the associated public discussion. In March 2023, Mozilla