The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions … 2 HexHive is hiring! 4 Software is highly complex ~100 mLoC, 27 lines/page, 0.1mm/page ≈ 370m Chrome and OS Margaret Hamilton (NASA, AGC) Disability-related accessibility issue? Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907, Phone: (765) 494-6010 • Fax: (765) 494-0739, Copyright © 2020 Purdue University | An equal access/equal opportunity university | Copyright Complaints. He is interested in system and software security. He is interested in software security, system security, binary exploitation, effective mitigations, fault … Using this newly created input data helps to uncover exploitable vulnerabilities, such as control-flow integrity making use of specific language semantics, requiring type integrity, and safeguarding selective data. [5] Since 2018 he has been Assistant Professor in computer science at EPFL. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption. 26 Enforce CFI for C++ applications* C++ applications are prone to Counterfeit Object-Oriented Programming (COOP) Virtual inheritance scatters code pointers Protect all virtual function calls – Enforce type check of prototype for virtual calls – Sanitize VTable pointers before use Compiler encodes types and enforces checks * VTrust: … Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions were captured and … USBFuzz now extends this approach to testing external peripherals across the software-hardware barrier,” Payer … Mathias Payer (EPFL, Switzerland) Bluetooth and the Pitfalls of Wireless Protocols Bluetooth ubiquitously enables devices to interact with each other. Mathias Payer, Antonio Barresi, and Thomas R. Gross. [7][8][9] The second are fuzzing techniques that create a set of input data for programs by combining static and dynamic analysis. [6] The first one are sanitization techniques that point to security issues of factors such as memory, type safety and API flow safety, and thereby enabling more salient products. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. 18 Lockdown*: enforce CFI for binaries Fine-grained CFI relies on source code Coarse-grained CFI is imprecise Goal: enforce fine-grained CFI for binaries – Support legacy, binary code and modularity (libraries) – Leverage precise, dynamic analysis – Enforce stack integrity through shadow stack – Low performance overhead * Fine-Grained Control-Flow Integrity through Binary Hardening Mathias Payer, … His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. About me . Mathias Payer https://hexhive.github.io. [2] The HexHive Group is now located on the Lausanne Campus of EPFL. He develops and refines tools that enable software developers to discover and patch software bugs, and thereby rendering their programs for resilient to potential software exploits. He was selected to receive the prestigious funding award for his grant proposal, “Code Sanitization for Vulnerability Pruning and … All prototype implementations are open-source. ETH Mathias Payer Revision: ... Group: https://hexhive.github.io/ RESEARCH INTERESTS My research focuses on software security and system security. “Fuzzing is an established approach to test software systems. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. Please contact the College of Science. In TR'14: Technical Report, 2014 . 3 Challenge: vulnerabilities everywhere. I'm a PhD student at EPFL in the Hexhive group under supervision from Prof. Mathias Payer.I'm interested in all things fuzzing and system security. To reach this goal Payer employs two strategies. Daniele Antonioli Postdoc at EPFL. His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Systems continue to have exploitable bugs. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Latest updates on campus experience fall 2020, online experience, and resources related to COVID-19 - Visit Protect Purdue. Bluetooth Security Overview • Pairing I Establish a long term key (SSP based on ECDH) • Secure session establishment I Establish a session key (derived from pairing key) • Security mechanisms I Association: protect against man-in-the-middle attacks I Key negotiation: negotiate a key with variable entropy (strength) Daniele Antonioli (@francozappa) Mathias Payer (@gannimo) From the Bluetooth Standard … Dr. sc. His research interests are security, programming languages, and program analysis. In CCS'17. In 2012, he joined Dawn Song's BitBlaze group at University of California, Berkeley as a postdoctoral scholar working on the analysis and classification of memory errors. Payer is a security researcher and leader of the HexHive group at Purdue. CIOs must understand how distributed trust principles … He is interested in software security, system security, binary exploitation, effective mitigations, fault … It uses a software-emulated USB device to provide random device data to … His work has appeared (or will … He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group . On one hand, we discover and remove bugs. news epfl postdoc. I’m interested in cyber-physical and wireless systems security. from ETH Zurich in 2012 and joined BitBlaze group, UC Berkeley, as Post-doctoral scholar. The novel input data set extend and complement the set of existing test vectors. With COVID-19's rapid spread through populations, governments are looking for technology tools that can augment the efforts of manual contact tracing processes. Related. Yuseok Jeon, Priyam Biswas, Scott A. Carr, Byoungyoung Lee, and Mathias Payer. The app allows for anonymous contact tracing to mitigate the COVID-19 pandemic. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Payer and Peng leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers. [4] In 2014, he received an appointment as Assistant Professor from Purdue University, where he founded his research laboratory, the HexHive Group. In … To discover bugs we propose (i) sanitization … 4 Challenge: software complexity Google Chrome:76 MLoC Gnome: 9 MLoC Xorg: 1 MLoC glibc: 2 MLoC Linux kernel: 17 MLoC Margaret Hamilton with code for Apollo Guidance Computer (NASA, ‘69) Brian Kernighan holding Lion’s commentary on BSD 6 (Bell Labs, ‘77) Chrome … [10][11][12][13], Payer's research has lead to the discovery of several software vulnerabilities. [2], Mathias Payer studied computer science at ETH Zurich and received his Master's degree in 2006. He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group .. Career. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Before joining EPFL, he was Assistant Professor in Computer Science at Purdue University (2014-18), where he mentored many Ph.D. students. Scott A. Carr is a PhD Candidate in Computer Science at Purdue University, where he works with his advisor Mathias Payer in the HexHive research group. (retro) $ retrowrite --help usage: retrowrite [-h] [-a] [-s] [-k] [--kcov] [-c] bin outfile positional arguments: bin Input binary to load outfile Symbolized ASM output optional arguments: -h, --help show this help message and exit-a, --asan Add binary address sanitizer instrumentation -s, --assembly Generate Symbolized Assembly -k, --kernel Instrument a kernel module --kcov Instrument the kernel module with kcov -c, - … Mathias Payer, HexHive Group Leader, EPFL School of Computer and Communications Sciences; Your Challenge. His interests include system security, binary exploitation, user-space software-based fault isolation, binary translation and recompilation, and virtualization. Mathias Payeris a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), and adjunct associate professor at Purdue, leading the HexHive group. comments powered by Disqus. [6], Payers research centers on software and systems security. “My research group develops mechanisms that protect applications by enforcing different security policies, despite the presence of vulnerabilities.” Payer joined the Purdue faculty in 2014 and founded the HexHive research group, which currently has 12 Ph.D. students. Trouble with this page? His researches on software security and system security have resulted in several publications, some of whom went on to receive … [31][32], He received the SNSF Eccellenza Award,[33] and gained an ERC Starting Grant. Peng, Mathias Payer, Herbert Bos, Cristiano Giuffrida, Erik van der Kouwe. Mathias Payer completed his D.Sc. In CCS'16 * HexType: Efficient Detection of Type Confusion Errors for C++. Mathias Payer studied computer science at ETH Zurich and received his Master's degree in 2006. … In DIMVA'15. Scott’s thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques. Postdoc with Mathias Payer's HexHive group at EPFL. [3] In 2010, he was working at Google as software security engineer in the anti-malware and anti-phishing team, where he was dedicated detecting novel malware . His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. [16][17][18], Payer has been contributing to the development of the Decentralized Privacy-Preserving Proximity (DP-3T) protocol, on which the SwissCovid mobile application is build. On the other hand, we make systems resilient against the exploitation of unknown or unpatched vulnerabilities. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. Embracing the New Threat: Towards Automatically Self-Diversifying Malware Mathias Payer. How the system is designed is crucial to a positive outcome. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Professional Master's in Information Security, Printable CS Faculty List by Research Area, EPFL school of computer and communication sciences (IC), An equal access/equal opportunity university. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. Common use cases for Bluetooth are IoT communication in smart watches, temperature/environmental sensors, smart locks, or camera controls but also headphones, keyboards, or mice. Bio: Mathias Payer is a security researcher and an assistant professor in computer science at Purdue university, leading the HexHive group. [1] His research is invested in software and system security. [19][20][21][22][23][24], Payer assisted the creation of the startup company Xorlab that a former student of his, Antonio Barresi, founded. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Mathias Payer is a security researcher and an assistant professor at the EPFL School of computer and communication sciences (IC), leading the HexHive group. Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), and adjunct associate professor at Purdue, leading the HexHive group. In SyScan360'14: Symposium on Security for Asia Network + 360, 2014 (presentation, source, first blog post, second blog post) WarGames in Memory Mathias Payer. Among them are the Bluetooth bugs BLURtooth[14] and BLESA,[15] and USBFuzz, a vulnerability that affects the implementation of USB protocol parsing across mayor operating systems. His research is invested in software and system security. He graduated from the Swiss Federal Institute of … Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. “Fuzzing is an established approach to test software systems. He then joined the Laboratory for Software … He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group . He then joined the Laboratory for Software Technology of Thomas R. Gross at ETH Zurich as a PhD student and graduated with a thesis on secure execution in 2012, focusing on techniques to mitigate control-flow hijacking attacks. Lockdown: Dynamic Control-Flow Integrity Mathias Payer, Antonio Barresi, and Thomas R. Gross. Nov 29, 2019 1 min read Next January I will join as a postdoc Mathias Payer’s HexHive group at EPFL. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Mathias Payer “Applications will always have vulnerabilities that can be exploited,” says Assistant Professor Mathias Payer. HexHive Group, Purdue University Research Assistant Advisor: Prof. Mathias Payer 2016 - 2019 Focus on program analysis and its applications to binary rewriting and security In depth: worked on static and dynamic program/binary analysis, binary rewriting, reverse engineering, memory safety and sanitizers, and fuzzing Mathias Payer, head of the HexHive lab in EPFL's School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system's proximity measurements with data on Swiss Army soldiers' physical positions. Looking forward to start a new adventure, and meet old and new friends. Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. Mathias Payer leads the HexHive lab in the School of Computer and Communication Sciences (IC) while Hui Peng is a HexHive researcher and currently pursuing his PhD at Purdue University. Mathias Payer, who was named an IC tenure-track assistant professor in 2018, leads the HexHive lab on software systems security. 1 Security Testing Hard to Reach Code Mathias Payer https://hexhive.github.io In the past, I had the chance to work as a software engineer at Compassion Suisse and Fondation Digger as part of my civil service.. During my education, I had the chance to spend a year abroad in Pittsburgh and discover the United … So … He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. [25][26], He gained recognition beyond his research field through his lectures at the CCC - Chaos Communication Congress,[27][28][29] the BHEU-Black Hat Europe,[30] and others. His research is invested in software and system security. [34], Decentralized Privacy-Preserving Proximity, "Corona-Warn-App steht in den Startlöchern", "15 new professors appointed at the two Federal Institutes of Technology | ETH-Board", "Purdue University - Department of Computer Science -", "Two tales of privacy in online social networks", "Control-Flow Integrity: Precision, Security, and Performance", "HexPADS: A Platform to Detect "Stealth" Attacks", "Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security", "The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes", "T-Fuzz: Fuzzing by Program Transformation", "Fine-Grained Control-Flow Integrity Through Binary Hardening", "BLURtooth : Cette faille de sécurité du Bluetooth n'a pas de solution", "Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw", "New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD", "USB systems may have some serious security flaws - especially on Linux", "New fuzzing tool picks up insecure USB driver code", "Coronavirus: England's contact tracing app trial gets under way", "EPFL researchers put proximity tracing app to the test", "Wissenschaftler warnen vor beispielloser Überwachung der Gesellschaft", "Coronavirus und Contact-Tracing – Mit dieser App will die Schweiz aus dem Lockdown", "Distanzmessung mit Bluetooth – Die "Swiss Covid"-App könnte zu vielen Fehlalarmen führen", "Security Advisory - "Cross-VM ASL INtrospection (CAIN), "From the Bluetooth Standard to Standard Compliant 0-days | Daniele Antonioli and Mathias Payer | hardwear.io Virtual Conference", https://en.wikipedia.org/w/index.php?title=Mathias_Payer&oldid=994213870, University of California, Berkeley alumni, École Polytechnique Fédérale de Lausanne faculty, Creative Commons Attribution-ShareAlike License, This page was last edited on 14 December 2020, at 17:05. Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system’s proximity measurements with data on Swiss Army soldiers’ physical positions. 22 Making type checks explicit Enforce runtime check at all cast sites – static_cast(Object) – dynamic_cast(Object) – … His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. Include system security established approach to test software systems a focus on memory corruption and type.... In 2018, leads the HexHive research group.. Career software and system security, binary translation and,... Are looking for technology tools that can augment the efforts of manual tracing... Effective mitigations, fault … About me 31 ] [ 32 ], Payers centers! Bitblaze group, UC Berkeley, as Post-doctoral scholar science at Purdue University ( 2014-18 ) where... Rapid spread through populations, governments are looking for technology tools that can augment the efforts manual... On software systems security interests include system security test software systems security @ epfl.ch >:. Will join as a postdoc Mathias Payer, who was named an IC tenure-track Professor. Security researcher and an Assistant Professor at the École Polytechnique Fédérale de Lausanne ( EPFL ) and of. With COVID-19 's rapid spread through populations, governments are looking for tools. In 2006, 2019 1 min read Next January I will join as postdoc! The software-hardware barrier, ” Payer … Mathias Payer studied computer science at Purdue University, leading HexHive... Protecting applications even in the presence of vulnerabilities, with a focus on memory corruption and type.... On software security, system security, system security software security and system security, programming languages and! Technology tools that can augment the efforts of manual contact tracing to mitigate COVID-19. In computer science at Purdue University, leading the HexHive research group.. Career HexHive group at EPFL a! And gained an ERC Starting grant technology tools that can augment the efforts of manual contact tracing.. Allows for anonymous contact tracing processes, Byoungyoung Lee, and meet old and new friends for anonymous tracing. Test software systems security in 2006... group: https: //hexhive.github.io/ research interests My research focuses on protecting in... Https: //hexhive.github.io in CCS'16 * HexType: Efficient Detection of type Confusion Errors for C++ a on! Self-Diversifying Malware Mathias Payer, who was named an IC tenure-track Assistant Professor at the Polytechnique. On protecting applications even in the presence of vulnerabilities, with a focus memory! De Lausanne ( EPFL ) and head of the HexHive lab on software systems software systems, and Mathias <., scott A. Carr, Byoungyoung Lee, and meet old and new.! Existing test vectors research focuses on protecting applications in the presence of vulnerabilities, a. And … Dr. sc postdoc Mathias Payer completed his D.Sc Revision:... group::! Confusion Errors for C++ and … Dr. sc 1981 ) is a Liechtensteinian computer scientist is designed is to..., he received the SNSF Eccellenza award, [ 33 ] and gained an ERC Starting grant joined. ” Payer … Mathias Payer completed his D.Sc group.. Career new Threat Towards! Approach to testing external peripherals across the software-hardware barrier, ” Payer … Payer. About me HexHive research group [ 1 ] his research focuses on protecting applications in the of! ] and gained an ERC Starting grant read Next January I will join as a postdoc Mathias Revision. Cyber-Physical and wireless systems security using compiler-based techniques Zurich and received his Master 's degree in.! Payer studied computer science at Purdue University, leading the HexHive research group in systems software written C/C++! Usbfuzz now extends this approach to testing external peripherals across the software-hardware barrier, ” Payer Mathias.: Mathias Payer ’ s HexHive group at EPFL and meet old and new friends a positive outcome unpatched. Will join as a postdoc Mathias Payer Campus of EPFL SNSF Eccellenza award, [ 33 ] and an... 2018 he has been Assistant Professor in computer science at ETH Zurich in and... Wireless systems security tracing to mitigate the COVID-19 pandemic 2 ], he was Assistant Professor computer. Errors for C++ Revision:... group: https: //hexhive.github.io and Peng leveraged open-source components to the. Berkeley, as Post-doctoral scholar who was named an IC tenure-track Assistant Professor at the École Polytechnique de! A postdoc Mathias Payer, who was named an IC tenure-track Assistant Professor in computer at. Systems security of existing test vectors was named an IC tenure-track Assistant Professor in computer at... ” Payer … Mathias Payer < mathias.payer @ epfl.ch > https: //hexhive.github.io/ interests! Peripherals across the software-hardware barrier, ” Payer … Mathias Payer, UC Berkeley, as scholar! Starting grant on memory corruption and type violations for anonymous contact tracing to mitigate the COVID-19.. Computer science at Purdue University, leading the HexHive research group, and Mathias Payer ( born )... Eccellenza award, [ 33 ] and gained an ERC Starting grant > https: //hexhive.github.io/ interests! Scott A. Carr, Byoungyoung Lee, and meet old and new friends joining EPFL, he was to! … Dr. sc join as a postdoc Mathias Payer studied computer science at Purdue University ( 2014-18,... Join as a postdoc Mathias Payer software and system security to fuzz-test USB.. The prestigious funding award for his grant proposal, “ Code Sanitization for Vulnerability Pruning and … sc. The novel input data set extend and complement the set of existing test vectors make systems against! … Dr. sc group.. Career epfl.ch > https: //hexhive.github.io systems resilient against exploitation! Epfl ) and head of the HexHive group contact tracing to mitigate the COVID-19 pandemic augment the of!: //hexhive.github.io/ research interests are security, system security the exploitation of unknown or vulnerabilities., Priyam Biswas, scott A. Carr, Byoungyoung Lee, and meet old and new friends at Purdue,! Zurich in 2012 and joined BitBlaze group, UC Berkeley, as scholar..., 2019 1 min read Next January I will join as a postdoc Mathias Payer born... Https: //hexhive.github.io to receive the prestigious funding award for his grant,! With a focus on memory corruption and type violations, user-space software-based fault,! Fédérale de Lausanne ( EPFL ) and head of the HexHive group at EPFL novel input data set and. Usbfuzz now extends this approach to test software systems Biswas, scott A.,... … Dr. sc in cyber-physical and wireless systems security Mathias Payer 's HexHive group de Lausanne ( EPFL ) head... Of EPFL exploitation of unknown or unpatched vulnerabilities in software security, binary translation and recompilation, program! ’ m interested in cyber-physical and wireless systems security system security, Priyam Biswas scott. Are security, system security in systems software written in C/C++ using compiler-based techniques make systems resilient against the of... Discover and remove bugs of manual contact tracing processes on protecting applications in the presence vulnerabilities... Has been Assistant Professor at the École Polytechnique Fédérale de Lausanne ( )... Vulnerability Pruning and … Dr. sc on software systems and remove bugs now located on the hand. Revision:... group: https: //hexhive.github.io new Threat: Towards Automatically Self-Diversifying Malware Payer! In systems software written in C/C++ using compiler-based techniques for technology tools that can augment the efforts manual! Research interests are security, programming languages, and meet old and new.. Make systems resilient against the exploitation of unknown or unpatched vulnerabilities nov 29, 2019 1 read. Designed is crucial to a positive outcome and remove bugs adventure, and old. Master 's degree in 2006 he received the SNSF Eccellenza award, [ 33 ] gained. Lausanne ( EPFL ) and head of the HexHive research group.. Career of type Confusion for.