3. September
4. September
5. September
6. September
7. September
8:40 Welcome
9:00 – 10:30 Srđan Čapkun
On Secure Positioning and Location-Based Security
Tim Güneysu

Hardware Side-channels

Andrei Sabelfeld

Web Security

Boris Köpf

Static Analysis of Timing Side-Channels

Ahmad-Reza Sadeghi

Hitchhiker’s Guide to IoT Security & Privacy.

10:30 – 11:00 Coffee Coffee Coffee Coffee Coffee
11:00 – 12:30 Bart Preneel

Blockchain and Bitcoin

Daniel Gruß

Microarchitectural Side-channels

Alexandra Dmitrienko

Pay or not to pay? Ransomware attacks and countermeasures

N. Asokan

Securing cloud-assisted services

Frank Piessens

Processor Support for Software Security

12:30 – 14:00 Lunch Lunch Lunch Lunch Lunch
14:00 – 15:30 Runtime Security Lab I Gilles Barthe
Verification of Side-channels
Matteo Maffei
Smart Contracts
Side-channel Lab I Runtime Security Lab II
15:30 – 16:00 Coffee Coffee Coffee Coffee
16:00 – 17:30 PhD Forum Bart Preneel
Keynote: Challenges for Security and Privacy (together with Industry track)
Social Event (Bus departs at 16:00)
Side-channel Lab II
Welcome Dinner

“Neue Technik” (19:00)

Dinner @ TU Graz together with Industry track (17:30)
Lab Night + Dinner (18:00)



Welcome by Stefan Mangard

Slides are available here.

Srđan Čapkun – On Secure Positioning and Location-Based Security

In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. Finally I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications. Further, I will review possible uses of positioning in security applications such as authentication and access control.

Slides are available here.

Bart Preneel – An Introduction to Blockchain and Bitcoin

This lecture explores the technological innovations created by cryptocurrencies such as Bitcoin. We discuss the principles of distributed currencies and discuss their strengths and weaknesses. We also explain how the blockchain mechanism interacts with the other features to create a complex ecosystem. We also touch on the issues of stability and incentive compatibility and we discuss which properties of blockchains are relevant for other use cases.

Slides are available here.

PhD Forum

The PhD forum is a unique opportunity for you to get connected and to find shared research interests with the teachers of the school and with the other students attending the school. How does it work? Each student is invited to briefly present his or her current research in a short 4 minute talk. Afterwards, we’ll have time for a few questions from the audience.

Slides are available here.

Tim Güneysu – Side-Channel Analysis and Efficient Countermeasures in Hardware

Side-channel analysis (SCA) is a powerful attack vector that is capable to extract the secrets from any unprotected cryptographic implementation. This talk highlights the technical background on SCA targeting hardware implementations and provides an overview on countermeasures and remedies with a specific focus on reconfigurable platforms.

Slides are available here.

Daniel Gruß – Software-based Microarchitectural Attacks

In this talk, we will discuss microarchitectural attacks which arise from various processor optimizations. Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual machines. Microarchitectural fault attacks exploit the physical imperfections of modern computer systems. Shrinking process technology introduces effects between isolated hardware elements that can be exploited by attackers to take control of the entire system. These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. We will investigate known and new side channels and show that microarchitectural attacks can be fully automated and run in JavaScript or other constrained environments. By the end of the talk we will have built arbitrary read and write primitives, which allow an attacker on an affected system without any software bugs to read arbitrary data through the Meltdown attack and to perform arbitrary modifications of data through the Rowhammer attack.

Slides are available here.

Gilles Barthe – Formal Verification of Side-channel Resistance

Side-channel attacks exploit physical information (e.g., timing or power) that can be observed from the execution of implementations, to retrieve key material and more generally secret information from cryptographic implementations. Successful forms of side-channel attacks include differential power analysis attacks, and cache-based timing attacks. Protecting against such attacks is therefore a major theoretical and practical concern, and has been the subject of a long line of research. In the talk, I shall review some existing models and countermeasures and show how formal verification methods can be used for ensuring that countermeasures are correctly implemented, focusing on masked implementations and constant-time implementations.

Slides are available here.

Bart Preneel – Keynote: Challenges for Security and Privacy

Slides are available here.

Andrei Sabelfeld – Securing IoT Apps

IoT apps empower users by connecting a variety of otherwise unconnected services. Unfortunately, the power of IoT apps can be abused by malicious makers, unnoticeably to users. We demonstrate that popular IoT app platforms are susceptible to several novel classes of attacks that violate user privacy, integrity, and availability. We present a large-scale empirical study to estimate the scale of possible threats. We suggest short- and medium-term countermeasures based on fine-grained access control and present long-term countermeasures based on tracking the flow of information in IoT apps. This is joint work with Iulia Bastys and Musard Balliu.

Slides are available here.

Alexandra Dmitrienko – Pay or not to pay? Ransomware attacks and countermeasures

The ransomware attacks are an emerging threat which imposed 5 billion USD loss in 2017 and is predicted to hit 11.5 billion in 2019. While initially focusing on end user platforms such as client PCs and smartphones, recently the ransomware made a leap to server-side databases and IoT devices and is now recognized as a key cyber threat for organizations. In this lecture, we will survey recent developments in this field and present original research work on anti-ransomware solutions.

Slides are available here.

Matteo Maffei – Foundations and Tools for the Static Analysis of Smart Contracts

The recent growth of the blockchain technology market puts its main cryptocurrencies in the spotlight. Among them, Ethereum stands out due to its virtual machine (EVM) supporting smart contracts, i.e., distributed programs that control the flow of the digital currency Ether. Being written in a Turing complete language, Ethereum smart contracts allow for expressing a broad spectrum of financial applications. The price for this expressiveness, however, is a significant semantic complexity, which increases the risk of programming errors. Recent attacks exploiting bugs in smart contract implementations call for the design of formal verification techniques for smart contracts. This, however, requires rigorous semantic foundations, a formal characterization of the expected security properties, and dedicated abstraction techniques tailored to the specific EVM semantics.
This lecture will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools. We will then focus on EtherTrust, a framework for the static analysis of Ethereum smart contracts that we recently introduced, which includes the first complete small-step semantics of EVM bytecode, the first formal characterization of a large class of security properties for smart contracts, and the first static analysis for EVM bytecode that comes with a proof of soundness.

Slides are available here.

Boris Köpf – Static Analysis of Timing Side-channels

Today’s execution platforms employ a wide variety of techniques for minimizing the consumption of resources such as time, memory, and energy. While these techniques are indispensable for achieving competitive performance, they can pose a serious threat to security: By reducing the resource consumption on average (but not in the worst case), they introduce side channels that can be used for recovering private information about users, or even cryptographic keys. This talk will present rigorous approaches for detecting and quantifying timing-based side-channels, based on static analysis and information theory. We will discuss how these techniques can be used for principled reasoning about the trade-off between security and performance.

Slides are available here.

N. Asokan – Securing cloud-assisted services

All kinds of previously local services are being moved to a cloud setting. While this is justified by the scalability and efficiency benefits of cloud-based services, it also raises new security and privacy challenges. Solving them by naive application of standard security/privacy techniques can conflict with other functional requirements. In this talk, I will outline some cloud-assisted services and the apparent conflicts that arise while trying to secure these services. Taking the case of cloud-assisted malware scanning as an example scenario, I will discuss the privacy concerns that arise and how we can address them effectively. I will then discuss a more general setting of using cloud-hosted machine learning models in a privacy-preserving manner.

Slides are available here.

Ahmad-Reza Sadeghi – Hitchhiker’s Guide to the IoT Galaxy full of Security & Privacy Challenges (An Attempt)

The Internet of things (IoT) is rapidly emerging with the goal to connect the unconnected. Many new device manufacturers are entering the market of internet-connected appliances for smart homes and offices, ranging from motion sensors to virtual voice assistants. However, due to lack of security by design and flawed implementations we are facing significant security and privacy challenges specific to IoT, such as perilous IoT botnet attacks, and novel privacy threats caused by widespread installation of wireless sensors, actuators and smart home appliances even in the private setting of our homes. Unfortunately, standard security measures like properly encrypted communications do not protect against these threats. The massive scale of the IoT device population and enormous diversity of device hardware, operating systems, software frameworks and manufacturers makes it very difficult to establish standard IoT security and privacy-protecting solutions by simply applying and extending known solutions, neither for per-device security architectures nor for network security measures. In particular, existing intrusion detection techniques seem ineffective to detect compromised IoT devices.

In this lecture we will present some recent work (including ours) on addressing various security and privacy challenges in the growing IoT landscape, such as flexible management of devices security association (device pairing), attestation, and automated device identification and reliable detection of compromised devices.

Slides are available here.

Frank Piessens – Processor Support for Software Security

Software is one of the main weak links in the security of our ICT infrastructure. For many high-profile attacks, the exploitation of software vulnerabilities is a key ingredient of the attack. Good processor support for software security can help mitigate these issues, and both commercially available processors as well as research prototypes have been exploring a variety of hardware features, including features such as shielded execution, hardware assisted array bounds checking, memory and object capabilities, hardware assisted control flow enforcement, tagged memory and so forth. This lecture will discuss a principled approach to the design of such hardware support. We start from an analysis of the security objectives and attacker models that are relevant for software security, and derive from this analysis some possible security requirements for the underlying computing platform (the hardware and the system software). Then we discuss how specific processor features can contribute to satisfying these security requirements.

Slides are available here.

Side Channel Lab (Daniel Gruss)

The lab is an interactive session, where the participants do hands-on experiments and implement microarchitectural attacks and countermeasures on their notebooks. There will also be Chipwhisperer boards available to do experiment with hardware side-channel attacks, like power analysis and fault attacks. We will provide tutorial examples to get started and more advanced experiments including meltdown/spectre.

Slides are available here.

Runtime Security Lab (Michael Schwarz)

This lab is the second interactive session, where the participants do hands-on experiments. In this lab the focus is on runtime attacks and it starts with simple buffer overflows and then moves on up to advanced capture the flag (CTF) challenges for IoT devices.

Slides are available here.