Abstract: Attacks such as Spectre and Meltdown use a combination of speculative execution and shared microarchitectural state to leak information across security domains. Defeating them without massive performance overheads requires careful co-design of software and hardware. In this talk I will present a principled approach to this problem, based on hardware-software contracts for secure speculation,
Abstract: Decentralized Finance (DeFi) allows smart contracts to offer trustworthy and decentralized financial services. However, the trustworthiness of these systems depends on whether the human-readable specification and intent was correctly implemented. While these services handle billions of dollars, the security is still lacking. In this presentation we will examine the current state and why past
Abstract: Our society is increasingly reliant upon a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), embedded, and so-called “smart”, devices. They often perform safety-critical functions in numerous settings, e.g., home, office, medical, automotive and industrial. Some devices are small, cheap and specialized sensors and/or actuators. They tend to have meager resources, run simple software,
Abstract: In this talk I’ll present the Frontal attack, a new timing side-channel attack on Intel CPU processors. Our attack exploits timing differences that arise from how the CPU frontend fetches and processes instructions while being interrupted. In particular, we observe that in modern Intel CPUs, some instructions’ execution times will depend on which operations
Abstract: The goal of secure multi-party computation (MPC) is to allow a set of parties to perform an arbitrary computation task, where the security guarantees depend on the set of parties that are corrupted. The more parties are corrupted, the less is guaranteed, and typically the guarantees are completely lost when the number of corrupted
Abstract: With the growing processing power of computing systems and the increased availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas. This development has influenced computer security, inspiring many learning-based security systems, such as for malware detection, vulnerability discovery, and binary code analysis. Despite great potential, machine learning
Abstract: Widely used cryptographic protocols like TLS 1.3 (Transport Layer Security) have seen increased adoption recently on the basis of their claims of provable security. These claims refer to the results of rigorous academic proofs in a formal key-exchange model; however, the actual claims and guarantees rarely reach developers or implementors of TLS, let alone
Abstract: TEMPEST attacks are a well-known threat that consists of spying on an electronic device through its unintended physical emissions. Physical emissions are also used by side-channel attacks to break cryptographic implementations. However, while TEMPEST attacks have been demonstrated at large distances (e.g., several meters), side-channel attacks generally work only in the proximity of the target
Abstract: This presentation covers the “FragAttacks” research. This research includes three new design flaws in the 802.11 standard that underpins Wi-Fi. One design flaw is in the frame aggregation functionality, and another two are in the frame fragmentation functionality. These design flaws enable an adversary to forge encrypted frames in various ways, which in turn
Abstract: The talk will cover: – What makes customers trust digital services – How do you engage communities into building strong security – Are vulnerabilities the end of a company’s reputation Join the Zoom meeting at 12:30 on Thursday, May 27th: https://ethz.zoom.us/j/65841148696