Abstract: (Program) verification is the process of proving that a program satisfies some properties by using mathematical techniques and formal reasoning, rather than relying on testing the program with inputs. Program verification is typically used to prove functional correctness properties (e.g., proving that a sorting algorithm does not crash and correctly sorts inputs), but it
Abstract: Modern smartphones are complex systems in which control over phone resources is exercised by phone manufacturers, operators, OS vendors, and users. These stakeholders have diverse and often competing interests. Barring some exceptions, users, including developers, entrust their security and privacy to OS vendors (Android and iOS) and need to accept the constraints they impose.
Abstract: SGX enclaves are trusted user-space memory regions that ensure isolation from the host, which is considered malicious. However, enclaves may suffer from vulnerabilities that allow adversaries to compromise their trustworthiness. Consequently, the SGX isolation may hinder defenders from recognizing an intrusion. Ideally, to identify compromised enclaves, the owner should have privileged access to the
Abstract: Deep learning models are often trained on distributed, webscale datasets crawled from the internet. We introduce two new dataset poisoning attacks that intentionally introduce malicious examples to degrade a model’s performance. Our attacks are immediately practical and could, today, poison 10 popular datasets. We will discuss how the attacks work; why (we think) these
Abstract: We present an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. The Swiss army, the Swiss government and the German chancellor are among its most prominent users. We discuss some of the attacks we found against the Threema protocols and we draw
Abstract: In recent years, secure collaborative machine learning paradigms have emerged as a viable option for sensitive applications. By eliminating the need to centralize data, these paradigms protect data sovereignty and reduce risks associated with large-scale data collection. However, they also expose the learning process to active attackers, amplifying robustness issues. In this talk, I’ll
Abstract: This work presents a security analysis of the InfiniBand architecture, a prevalent RDMA standard, and NVMe-over-Fabrics (NVMe-oF), a prominent protocol for industrial disaggregated storage that employs RDMA protocols to achieve low-latency and high-bandwidth access to remote solid-state devices. Our work, NeVerMore, discovers new vulnerabilities in RDMA protocols that unveils several attack vectors on RDMA-enabled applications
Abstract: I’ll present a set of attacks on the OpenPGP specification and implementations of it which result in full recovery of users’ private keys. The attacks exploit the lack of cryptographic binding between the different fields inside an encrypted private key packet, which include the key algorithm identifier, the cleartext public parameters, and the encrypted
Abstract: Deep neural networks’ ability to memorize parts of their training data is a privacy concern for models trained on user data. In this talk, I’ll describe recent work on using membership inference attacks to quantify this leakage in the worst-case, and to audit empirical defenses. Join us in CNB/F/110 (Lunch) + CAB G 52 (Seminar).
Abstract: The role of the human for security and privacy is highly relevant, e.g., when it comes to secure authentication, communication, or the detection of phishing e-mails. As such, the human is an important element in today’s security-critical systems. Yet, humans have often been considered a weak link as it is finally them who create