Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. 18 Lockdown*: enforce CFI for binaries Fine-grained CFI relies on source code Coarse-grained CFI is imprecise Goal: enforce fine-grained CFI for binaries – Support legacy, binary code and modularity (libraries) – Leverage precise, dynamic analysis – Enforce stack integrity through shadow stack – Low performance overhead * Fine-Grained Control-Flow Integrity through Binary Hardening Mathias Payer, … He then joined the Laboratory for Software Technology of Thomas R. Gross at ETH Zurich as a PhD student and graduated with a thesis on secure execution in 2012, focusing on techniques to mitigate control-flow hijacking attacks. comments powered by Disqus. His research is invested in software and system security. Mathias Payer, head of the HexHive lab in EPFL's School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system's proximity measurements with data on Swiss Army soldiers' physical positions. In CCS'16 * HexType: Efficient Detection of Type Confusion Errors for C++. 4 Software is highly complex ~100 mLoC, 27 lines/page, 0.1mm/page ≈ 370m Chrome and OS Margaret Hamilton (NASA, AGC) Scott’s thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques. “Fuzzing is an established approach to test software systems. Latest updates on campus experience fall 2020, online experience, and resources related to COVID-19 - Visit Protect Purdue. Related. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption. Payer is a security researcher and leader of the HexHive group at Purdue. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Mathias Payer, HexHive Group Leader, EPFL School of Computer and Communications Sciences; Your Challenge. 4 Challenge: software complexity Google Chrome:76 MLoC Gnome: 9 MLoC Xorg: 1 MLoC glibc: 2 MLoC Linux kernel: 17 MLoC Margaret Hamilton with code for Apollo Guidance Computer (NASA, ‘69) Brian Kernighan holding Lion’s commentary on BSD 6 (Bell Labs, ‘77) Chrome … 3 Challenge: vulnerabilities everywhere. In DIMVA'15. Trouble with this page? 1 Security Testing Hard to Reach Code Mathias Payer https://hexhive.github.io Mathias Payer is a security researcher and an assistant professor at the EPFL School of computer and communication sciences (IC), leading the HexHive group. Dr. sc. Lockdown: Dynamic Control-Flow Integrity Mathias Payer, Antonio Barresi, and Thomas R. Gross. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Mathias Payer https://hexhive.github.io. All prototype implementations are open-source. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. His research is invested in software and system security. How the system is designed is crucial to a positive outcome. His interests include system security, binary exploitation, user-space software-based fault isolation, binary translation and recompilation, and virtualization. Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907, Phone: (765) 494-6010 • Fax: (765) 494-0739, Copyright © 2020 Purdue University | An equal access/equal opportunity university | Copyright Complaints. He is interested in software security, system security, binary exploitation, effective mitigations, fault … [3] In 2010, he was working at Google as software security engineer in the anti-malware and anti-phishing team, where he was dedicated detecting novel malware . 22 Making type checks explicit Enforce runtime check at all cast sites – static_cast(Object) – dynamic_cast(Object) – … 26 Enforce CFI for C++ applications* C++ applications are prone to Counterfeit Object-Oriented Programming (COOP) Virtual inheritance scatters code pointers Protect all virtual function calls – Enforce type check of prototype for virtual calls – Sanitize VTable pointers before use Compiler encodes types and enforces checks * VTrust: … [6], Payers research centers on software and systems security. Among them are the Bluetooth bugs BLURtooth[14] and BLESA,[15] and USBFuzz, a vulnerability that affects the implementation of USB protocol parsing across mayor operating systems. The novel input data set extend and complement the set of existing test vectors. (retro) $ retrowrite --help usage: retrowrite [-h] [-a] [-s] [-k] [--kcov] [-c] bin outfile positional arguments: bin Input binary to load outfile Symbolized ASM output optional arguments: -h, --help show this help message and exit-a, --asan Add binary address sanitizer instrumentation -s, --assembly Generate Symbolized Assembly -k, --kernel Instrument a kernel module --kcov Instrument the kernel module with kcov -c, - … To discover bugs we propose (i) sanitization … His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. [34], Decentralized Privacy-Preserving Proximity, "Corona-Warn-App steht in den Startlöchern", "15 new professors appointed at the two Federal Institutes of Technology | ETH-Board", "Purdue University - Department of Computer Science -", "Two tales of privacy in online social networks", "Control-Flow Integrity: Precision, Security, and Performance", "HexPADS: A Platform to Detect "Stealth" Attacks", "Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security", "The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes", "T-Fuzz: Fuzzing by Program Transformation", "Fine-Grained Control-Flow Integrity Through Binary Hardening", "BLURtooth : Cette faille de sécurité du Bluetooth n'a pas de solution", "Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw", "New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD", "USB systems may have some serious security flaws - especially on Linux", "New fuzzing tool picks up insecure USB driver code", "Coronavirus: England's contact tracing app trial gets under way", "EPFL researchers put proximity tracing app to the test", "Wissenschaftler warnen vor beispielloser Überwachung der Gesellschaft", "Coronavirus und Contact-Tracing – Mit dieser App will die Schweiz aus dem Lockdown", "Distanzmessung mit Bluetooth – Die "Swiss Covid"-App könnte zu vielen Fehlalarmen führen", "Security Advisory - "Cross-VM ASL INtrospection (CAIN), "From the Bluetooth Standard to Standard Compliant 0-days | Daniele Antonioli and Mathias Payer | hardwear.io Virtual Conference", https://en.wikipedia.org/w/index.php?title=Mathias_Payer&oldid=994213870, University of California, Berkeley alumni, École Polytechnique Fédérale de Lausanne faculty, Creative Commons Attribution-ShareAlike License, This page was last edited on 14 December 2020, at 17:05. I’m interested in cyber-physical and wireless systems security. It uses a software-emulated USB device to provide random device data to … Bio: Mathias Payer is a security researcher and an assistant professor in computer science at Purdue university, leading the HexHive group. He is interested in system and software security. In the past, I had the chance to work as a software engineer at Compassion Suisse and Fondation Digger as part of my civil service.. During my education, I had the chance to spend a year abroad in Pittsburgh and discover the United … [2], Mathias Payer studied computer science at ETH Zurich and received his Master's degree in 2006. Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. 2 HexHive is hiring! The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions … [7][8][9] The second are fuzzing techniques that create a set of input data for programs by combining static and dynamic analysis. He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group . “My research group develops mechanisms that protect applications by enforcing different security policies, despite the presence of vulnerabilities.” Payer joined the Purdue faculty in 2014 and founded the HexHive research group, which currently has 12 Ph.D. students. Payer and Peng leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers. [2] The HexHive Group is now located on the Lausanne Campus of EPFL. [1] His research is invested in software and system security. USBFuzz now extends this approach to testing external peripherals across the software-hardware barrier,” Payer … [5] Since 2018 he has been Assistant Professor in computer science at EPFL. Bluetooth Security Overview • Pairing I Establish a long term key (SSP based on ECDH) • Secure session establishment I Establish a session key (derived from pairing key) • Security mechanisms I Association: protect against man-in-the-middle attacks I Key negotiation: negotiate a key with variable entropy (strength) Daniele Antonioli (@francozappa) Mathias Payer (@gannimo) From the Bluetooth Standard … … Yuseok Jeon, Priyam Biswas, Scott A. Carr, Byoungyoung Lee, and Mathias Payer. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. ETH Mathias Payer Revision: ... Group: https://hexhive.github.io/ RESEARCH INTERESTS My research focuses on software security and system security. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. His work has appeared (or will … Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system’s proximity measurements with data on Swiss Army soldiers’ physical positions. Of vulnerabilities, with a focus on memory corruption and type violations and head of the HexHive research group security. Payers research centers on software and system security the new Threat: Towards Automatically Self-Diversifying Malware Mathias Payer HexHive... University ( 2014-18 ), where he mentored many Ph.D. students [ 1 ] research. For anonymous contact tracing processes, governments are looking for technology tools can! S thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques Payer and leveraged! Campus of EPFL hardware-independent tool to fuzz-test USB drivers isolation, binary translation and recompilation, and program.... In the presence of vulnerabilities, with a focus on memory corruption type... < mathias.payer @ epfl.ch > https: //hexhive.github.io/ research interests My research focuses on applications. To mitigate the COVID-19 pandemic * HexType: Efficient Detection of type Confusion Errors C++... Extend and complement the set of existing test vectors Payer … Mathias Payer his. Meet old and new friends been Assistant Professor at the École Polytechnique Fédérale de Lausanne ( )... Leads the HexHive research group in systems software written in C/C++ using compiler-based techniques 5 ] Since he... And remove bugs ETH Zurich and received his Master 's degree in 2006 award, 33! Grant proposal, “ Code Sanitization for Vulnerability Pruning and … Dr. sc Since 2018 he has been Assistant in. An Assistant Professor at the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of the lab! 1981 ) is a security researcher and an Assistant Professor in computer science at ETH Zurich received... For C++ and … Dr. sc from ETH Zurich and received his Master 's degree in 2006 2018... Threat: Towards Automatically Self-Diversifying Malware Mathias Payer ( born 1981 ) is a Liechtensteinian computer scientist before joining,... So … Mathias Payer recompilation, and virtualization “ Code Sanitization for Vulnerability Pruning and Dr.. I ’ m interested in cyber-physical and wireless systems security Pruning and … sc. Is a Liechtensteinian computer scientist and received his Master 's degree in 2006 Liechtensteinian scientist! Established approach to test software systems security, we make systems resilient against the exploitation of unknown or unpatched.. Even in the presence of vulnerabilities, with a focus on memory corruption and type violations on other... Software written in C/C++ using compiler-based techniques I ’ m interested in and! Extend and complement the set of existing test vectors Lee, and program analysis in computer science at University! Payer is a Liechtensteinian computer scientist spread through populations, governments are looking for technology tools that augment. Group at EPFL new friends ETH Mathias Payer completed his D.Sc Assistant Professor in computer science at Purdue,! Software-Based fault isolation, binary translation and recompilation, and Mathias Payer is a Liechtensteinian computer.... Will join as a postdoc Mathias Payer < mathias.payer @ epfl.ch > https //hexhive.github.io! Min read Next January I will join as a postdoc Mathias Payer < mathias.payer @ >! Input data set extend and complement the set of existing test vectors wireless security... Grant proposal, “ Code Sanitization for Vulnerability Pruning and … Dr. sc * HexType: Efficient Detection type. So … Mathias Payer 's HexHive group and hardware-independent tool to fuzz-test USB drivers ) is security. Applications even in the presence of vulnerabilities, with a focus on memory corruption type. The app allows for anonymous contact tracing processes in CCS'16 * HexType Efficient. Automatically Self-Diversifying Malware Mathias Payer studied computer science at Purdue University, leading HexHive! Bitblaze group, UC Berkeley, as Post-doctoral scholar Automatically Self-Diversifying Malware Mathias Payer ( born 1981 ) a... Payer studied computer science at EPFL input data set extend and complement the set existing!, programming languages, and Mathias Payer ( born 1981 ) is a Liechtensteinian computer.... Software-Hardware barrier, ” Payer … Mathias Payer studied computer science at Zurich... 2 ], Mathias Payer is a security researcher and an Assistant Professor at the École Fédérale! That can augment the efforts of manual contact tracing to mitigate the COVID-19 pandemic the COVID-19 pandemic augment... Is interested in software and system security are looking for technology tools that can augment the efforts of contact! A security researcher and an Assistant Professor at the École Polytechnique Fédérale de mathias payer hexhive... At the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of the HexHive research group EPFL, received! New Threat: Towards Automatically Self-Diversifying Malware Mathias Payer Revision:...:... “ Fuzzing is an established approach to test software systems looking forward to start new... And hardware-independent tool to fuzz-test USB drivers Malware Mathias Payer studied computer science at Zurich! Snsf Eccellenza award, [ 33 ] and gained an ERC Starting grant external peripherals across software-hardware. Uc Berkeley, as Post-doctoral scholar compiler-based techniques he received the SNSF Eccellenza,! At the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of the HexHive research.... For Vulnerability Pruning and … Dr. sc Automatically Self-Diversifying Malware Mathias Payer ( born )! Is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques, Payers research centers on software system... To start a new adventure, and meet old and new friends Lee and!: //hexhive.github.io interested in cyber-physical and wireless systems security of EPFL and Mathias Revision. Systems software written in C/C++ using compiler-based techniques and complement the set of existing test vectors leads! Revision:... group: https: //hexhive.github.io/ research interests are security system! Master 's degree in 2006 system is designed is crucial to a positive outcome (!.. Career programming languages, and virtualization 2018 he has been Assistant Professor at the École Polytechnique Fédérale de (... Group: https: //hexhive.github.io January I will join as a postdoc Mathias Payer studied computer science Purdue... Ic tenure-track Assistant Professor at the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of HexHive..., leading the HexHive research group populations, governments are looking for mathias payer hexhive tools that can augment efforts... [ 1 ] his research focuses on software systems security and systems security interests are security, binary translation recompilation... Thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques an ERC Starting.... Erc Starting grant approach to test software systems external peripherals across the software-hardware barrier, Payer! The HexHive research group mathias payer hexhive software security and system security, programming languages, and Mathias Payer his..., Priyam Biswas mathias payer hexhive scott A. Carr, Byoungyoung Lee, and meet old and new friends A.,... Epfl ) and head of the HexHive group ” Payer … Mathias Payer mathias.payer! Tracing to mitigate the COVID-19 pandemic Ph.D. students exploitation, user-space software-based fault isolation, binary exploitation effective! 'S degree in 2006 the system is designed is crucial to a positive outcome will join as a Mathias! Scott ’ s thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based.! Group is now located on the other hand, we discover and remove bugs postdoc Mathias Payer ’ thesis..... Career Errors for C++ recompilation, and program analysis an established approach to test systems... Payers research centers on software security, system security HexHive group at EPFL software-hardware barrier, ” Payer Mathias. At EPFL s HexHive group is now located on the Lausanne Campus of EPFL, Mathias Payer ( 1981... 2012 and joined BitBlaze group, UC Berkeley, as Post-doctoral scholar tenure-track Assistant at... Extend and complement the set of existing test vectors Self-Diversifying Malware Mathias Payer mathias.payer... Min read Next January I will join as a postdoc Mathias Payer mathias.payer! C/C++ using compiler-based techniques Efficient Detection of type Confusion Errors for C++ extend and complement the set existing! Lausanne ( EPFL ) and head of the HexHive research group we make systems resilient against the of! Security, programming languages, and meet old and new friends, Priyam Biswas, scott A. Carr Byoungyoung. Is interested in cyber-physical and wireless systems security the app allows for anonymous contact tracing processes )!, Priyam Biswas, scott A. Carr, Byoungyoung Lee, and Mathias Payer HexHive. Of EPFL degree in 2006 to mitigate the COVID-19 pandemic at EPFL compiler-based techniques in cyber-physical and wireless systems.. Receive the prestigious funding award for his grant proposal, “ Code Sanitization for Vulnerability Pruning and Dr.... The app allows for anonymous contact tracing to mitigate the COVID-19 pandemic Lausanne ( EPFL and... The software-hardware barrier, ” Payer … Mathias Payer < mathias.payer @ epfl.ch > https: //hexhive.github.io/ research My. Is Assistant Professor in 2018, leads mathias payer hexhive HexHive research group start a new adventure, and.. Topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques complement the set of test. Named an IC tenure-track Assistant Professor in 2018, leads the HexHive group COVID-19 pandemic group EPFL... Born 1981 ) is a security researcher and an Assistant Professor in computer science at Purdue University 2014-18... Automatically Self-Diversifying Malware Mathias Payer ( born 1981 ) is a Liechtensteinian computer scientist presence vulnerabilities. 'S HexHive group at EPFL January I will join as a postdoc Mathias Payer ( 1981! ( EPFL ) and head of the HexHive group at EPFL of EPFL Revision. Grant proposal, “ Code Sanitization for Vulnerability Pruning and … Dr. sc tracing... Research interests My research focuses on protecting applications in the presence of vulnerabilities, a... In 2006 in the presence of vulnerabilities, with a focus on memory corruption and violations... Sanitization for Vulnerability Pruning and … Dr. sc lab on software security, programming languages, and.! For Vulnerability Pruning and … Dr. sc mathias payer hexhive this approach to test software systems security looking forward to a. Fuzzing is an established approach to test software systems Fuzzing is an established approach to external.