When: Feb 4, 2025, 09:00 – 12:30
Where: VU Campus, NU building, room NU-6A25
Directions to NU building: https://vusec.net/directions
This mini workshop features a strong line-up of leading systems security researchers from around the world. The event is freely accessible to everyone on a first come, first serve basis.
Speakers
Workshop program (Feb 4 at VU, NU-6A25)
| 09:00 | Coffee and tea |
| 09:25 | Opening by Cristiano Giuffrida (AMSec) |
| 09:30 | Speaker: Mathias Payer Title: Advanced Android Archaeology: Battling Bloated Complexity Abstract: Android has become a ubiquitous platform for running mobile apps, granting different actors access to vast amounts of private data. The growing complexity of the Android ecosystem introduces significant security challenges. In this talk, we will explore multiple layers of Android security: examining the foundational virtualization layers, stress-testing trusted applications, and assessing the impact of recent user-space mitigations. Through the lens of system security, we uncover vulnerabilities even in the most trusted layers. Trusted applications are susceptible to type confusion, while regular apps may face risks such as heap corruption attacks. Join us on this journey to enhance mobile ecosystem security through fuzzing, improved standards, and safer defaults. Bio: Mathias Payer is an associate professor at EPFL, leading the HexHive group. His research centers on strengthening software and system security in the presence of vulnerabilities. His broader interests include fuzzing and sanitization to uncover and address flaws, developing effective mitigations to protect against the exploitation of unknown or unpatched bugs, and employing fault isolation to enforce privilege separation. Mathias joined EPFL in 2018 where he founded the Polygl0ts CTF team. Previously, he was an assistant professor at Purdue University, a PostDoc at UC Berkeley, and a PhD student at ETH Zurich. |
| 10:15 | Speaker: Lejla Batina Title: AI for hardware security: Friend or Foe Abstract: Side-channel analysis has changed the field of cryptography and security and it became the most common cause of real-world security applications failing today. In this talk we first make an overview of side-channel attacks on implementations of cryptography and countermeasures. We discuss the ways Machine learning and AI changed the side-channel analysis landscape and attackers’ capabilities in particular. We survey several examples of AI assisting physical attackers and discuss the impact of AI on the field of hardware security. We also describe the way side-channel analysis can assist the AI model stealing by reverse engineering commercial neural nets architectures. In the end, we identify some avenues for future research. Bio: Lejla Batina is a full professor in embedded systems security in Digital Security (DiS) group at Radboud University. She specializes in physical attacks and countermeasures and implementations of cryptography and has published over 170 refereed papers and book chapters in those areas. She got her PhD in 2005 from KU Leuven, Belgium and worked as a cryptographer for 3 years in industry at Pijnenburg Securealink (later SafeNet B.V.). She has served on the program committees of all top crypto and security conferences (USENIX Security, S&P, CCS, EUROCRYPT, CRYPTO). She was a program co-chair of ACNS 2024, ACM WiSec 2021 and CHES 2014 and a general co-chair of CHES2012, EUROCRYPT 2021 and RWC 2021. She received a VIDI grant (2014) and was the PI in several research projects with national and EU funding. She leads a group of 10+ researchers at Radboud University and 12 PhD students have so far graduated under her supervision. |
| 11:00 | Speaker: Yuval Yarom Title: On the computational complexity of cache attacks Abstract: Over the past two decades research has repeatedly demonstrated the risks that shared caches pose to information confidentiality. In a typical attack, the adversary first manipulates the cache to achieve a known state and then measures changes from the known state to detect victim’s activity leaking the information. Consequently, research on cache attacks typically concentrates on the known state of the cache. Adversarial works show how to achieve such known state and how to detect deviations from it, whereas defensive works propose ways for preventing the attacker from achieving a known state or from measuring deviations in the state. However, much less effort has been spent on understanding the nature of cache state and how it can be manipulated. In this talk we shift the focus to examining the attacker’s ability to manipulate unknown cache state. We use the cache state of memory locations to represent Boolean variables and demonstrate operations that allow arbitrary computation on these variables. We first design logical gates that operate directly on cache state, allowing a program to control whether memory locations are cached or not depending on whether other locations are cached. We then show that these gates are composable enough to allow arbitrary computation on cache state. Finally, we demonstrate the security implication of universal computation in the cache. Bio: Yuval Yarom is a Professor for Computer Security at Ruhr University Bochum. His research focuses on the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He is a recipient of a 2020 ARC Discovery Early Career Award and the 2020 CORE Chris Wallace Award for Outstanding Research, a 2020 Young Tall Poppy. Previously, he has been an Associate Professor at the University of Adelaide, the Vice President of Research in Memco Software, and a co-founder and Chief Technology Officer of Girafa.com. Yuval earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. |
| 11:45 | Speaker: Anders Fogh Title: Microarchitecture Vulnerabilities: Past, Present, and Future Abstract: In this talk, we will provide an overview of the past issues that we have seen in the area of microarchitectural attacks and defenses and contextualize them. With the industry perspective and the academic perspective, we will revisit the development before the discovery of Meltdown and Spectre. We will then discuss transient-execution attacks and mitigations from both perspectives. In the main part of the talk, we will discuss more recent developments in software-based attacks on processors. We will discuss logic issues like Reptar as well as new data inference sources. We will discuss exploitation techniques common to attacks on processors and how they evolved over time. Finally, we will discuss how the current issues could be mitigated in the future. In the third part of the talk, we focus more on future attacks and defenses. Particularly interesting is that users interact with an increasing amount and variety of computation hardware such as GPUs and NPUs. Analyzing these systems early in the process is crucial to avoid running into the same pitfalls again. Bio: Anders Fogh works as an offensive security research as an Intel fellow. He is a reowned expert on microarchitecture and memory security. Before joining Intel he worked as a principal security researcher where he worked on incident response and malware analysis. He spend 15 years of his career going from junior software developer to company founder and lead engineer. His work on security has been published in both industry and academic conferences such as Black Hat USA and ACM CCS. |
| 12:30 | Closing remarks |