I’m interested in cyber-physical and wireless systems security. His work has appeared (or will … Embracing the New Threat: Towards Automatically Self-Diversifying Malware Mathias Payer. The novel input data set extend and complement the set of existing test vectors. 26 Enforce CFI for C++ applications* C++ applications are prone to Counterfeit Object-Oriented Programming (COOP) Virtual inheritance scatters code pointers Protect all virtual function calls – Enforce type check of prototype for virtual calls – Sanitize VTable pointers before use Compiler encodes types and enforces checks * VTrust: … Before joining EPFL, he was Assistant Professor in Computer Science at Purdue University (2014-18), where he mentored many Ph.D. students. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. “Fuzzing is an established approach to test software systems. He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group . Peng, Mathias Payer, Herbert Bos, Cristiano Giuffrida, Erik van der Kouwe. Mathias Payer, who was named an IC tenure-track assistant professor in 2018, leads the HexHive lab on software systems security. The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions were captured and … “Fuzzing is an established approach to test software systems. He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group . [19][20][21][22][23][24], Payer assisted the creation of the startup company Xorlab that a former student of his, Antonio Barresi, founded. Related. 4 Challenge: software complexity Google Chrome:76 MLoC Gnome: 9 MLoC Xorg: 1 MLoC glibc: 2 MLoC Linux kernel: 17 MLoC Margaret Hamilton with code for Apollo Guidance Computer (NASA, ‘69) Brian Kernighan holding Lion’s commentary on BSD 6 (Bell Labs, ‘77) Chrome … (retro) $ retrowrite --help usage: retrowrite [-h] [-a] [-s] [-k] [--kcov] [-c] bin outfile positional arguments: bin Input binary to load outfile Symbolized ASM output optional arguments: -h, --help show this help message and exit-a, --asan Add binary address sanitizer instrumentation -s, --assembly Generate Symbolized Assembly -k, --kernel Instrument a kernel module --kcov Instrument the kernel module with kcov -c, - … The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. Payer and Peng leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers. Mathias Payer leads the HexHive lab in the School of Computer and Communication Sciences (IC) while Hui Peng is a HexHive researcher and currently pursuing his PhD at Purdue University. About me . To reach this goal Payer employs two strategies. He develops and refines tools that enable software developers to discover and patch software bugs, and thereby rendering their programs for resilient to potential software exploits. [34], Decentralized Privacy-Preserving Proximity, "Corona-Warn-App steht in den Startlöchern", "15 new professors appointed at the two Federal Institutes of Technology | ETH-Board", "Purdue University - Department of Computer Science -", "Two tales of privacy in online social networks", "Control-Flow Integrity: Precision, Security, and Performance", "HexPADS: A Platform to Detect "Stealth" Attacks", "Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security", "The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes", "T-Fuzz: Fuzzing by Program Transformation", "Fine-Grained Control-Flow Integrity Through Binary Hardening", "BLURtooth : Cette faille de sécurité du Bluetooth n'a pas de solution", "Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw", "New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD", "USB systems may have some serious security flaws - especially on Linux", "New fuzzing tool picks up insecure USB driver code", "Coronavirus: England's contact tracing app trial gets under way", "EPFL researchers put proximity tracing app to the test", "Wissenschaftler warnen vor beispielloser Überwachung der Gesellschaft", "Coronavirus und Contact-Tracing – Mit dieser App will die Schweiz aus dem Lockdown", "Distanzmessung mit Bluetooth – Die "Swiss Covid"-App könnte zu vielen Fehlalarmen führen", "Security Advisory - "Cross-VM ASL INtrospection (CAIN), "From the Bluetooth Standard to Standard Compliant 0-days | Daniele Antonioli and Mathias Payer | hardwear.io Virtual Conference", https://en.wikipedia.org/w/index.php?title=Mathias_Payer&oldid=994213870, University of California, Berkeley alumni, École Polytechnique Fédérale de Lausanne faculty, Creative Commons Attribution-ShareAlike License, This page was last edited on 14 December 2020, at 17:05. Bluetooth Security Overview • Pairing I Establish a long term key (SSP based on ECDH) • Secure session establishment I Establish a session key (derived from pairing key) • Security mechanisms I Association: protect against man-in-the-middle attacks I Key negotiation: negotiate a key with variable entropy (strength) Daniele Antonioli (@francozappa) Mathias Payer (@gannimo) From the Bluetooth Standard … His research is invested in software and system security. comments powered by Disqus. Scott A. Carr is a PhD Candidate in Computer Science at Purdue University, where he works with his advisor Mathias Payer in the HexHive research group. His research is invested in software and system security. Lockdown: Dynamic Control-Flow Integrity Mathias Payer, Antonio Barresi, and Thomas R. Gross. Payer is a security researcher and leader of the HexHive group at Purdue. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is Assistant Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group .. Career. 1 Security Testing Hard to Reach Code Mathias Payer https://hexhive.github.io He is interested in software security, system security, binary exploitation, effective mitigations, fault … In CCS'16 * HexType: Efficient Detection of Type Confusion Errors for C++. Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907, Phone: (765) 494-6010 • Fax: (765) 494-0739, Copyright © 2020 Purdue University | An equal access/equal opportunity university | Copyright Complaints. CIOs must understand how distributed trust principles … In SyScan360'14: Symposium on Security for Asia Network + 360, 2014 (presentation, source, first blog post, second blog post) WarGames in Memory Mathias Payer. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. … [1] His research is invested in software and system security. “My research group develops mechanisms that protect applications by enforcing different security policies, despite the presence of vulnerabilities.” Payer joined the Purdue faculty in 2014 and founded the HexHive research group, which currently has 12 Ph.D. students. from ETH Zurich in 2012 and joined BitBlaze group, UC Berkeley, as Post-doctoral scholar. 18 Lockdown*: enforce CFI for binaries Fine-grained CFI relies on source code Coarse-grained CFI is imprecise Goal: enforce fine-grained CFI for binaries – Support legacy, binary code and modularity (libraries) – Leverage precise, dynamic analysis – Enforce stack integrity through shadow stack – Low performance overhead * Fine-Grained Control-Flow Integrity through Binary Hardening Mathias Payer, … Mathias Payer, head of the HexHive lab in EPFL's School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system's proximity measurements with data on Swiss Army soldiers' physical positions. Mathias Payer is a security researcher and an assistant professor at the EPFL School of computer and communication sciences (IC), leading the HexHive group. The app allows for anonymous contact tracing to mitigate the COVID-19 pandemic. His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Mathias Payer studied computer science at ETH Zurich and received his Master's degree in 2006. He was selected to receive the prestigious funding award for his grant proposal, “Code Sanitization for Vulnerability Pruning and … To discover bugs we propose (i) sanitization … Yuseok Jeon, Priyam Biswas, Scott A. Carr, Byoungyoung Lee, and Mathias Payer. Postdoc with Mathias Payer's HexHive group at EPFL. In 2012, he joined Dawn Song's BitBlaze group at University of California, Berkeley as a postdoctoral scholar working on the analysis and classification of memory errors. Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. In DIMVA'15. Mathias Payer, Antonio Barresi, and Thomas R. Gross. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), and adjunct associate professor at Purdue, leading the HexHive group. [6] The first one are sanitization techniques that point to security issues of factors such as memory, type safety and API flow safety, and thereby enabling more salient products. Bio: Mathias Payer is a security researcher and an assistant professor in computer science at Purdue university, leading the HexHive group. Disability-related accessibility issue? 3 Challenge: vulnerabilities everywhere. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. HexHive Group, Purdue University Research Assistant Advisor: Prof. Mathias Payer 2016 - 2019 Focus on program analysis and its applications to binary rewriting and security In depth: worked on static and dynamic program/binary analysis, binary rewriting, reverse engineering, memory safety and sanitizers, and fuzzing [16][17][18], Payer has been contributing to the development of the Decentralized Privacy-Preserving Proximity (DP-3T) protocol, on which the SwissCovid mobile application is build. On the other hand, we make systems resilient against the exploitation of unknown or unpatched vulnerabilities. Please contact the College of Science. [2] The HexHive Group is now located on the Lausanne Campus of EPFL. ETH Mathias Payer Revision: ... Group: https://hexhive.github.io/ RESEARCH INTERESTS My research focuses on software security and system security. In … [7][8][9] The second are fuzzing techniques that create a set of input data for programs by combining static and dynamic analysis. With COVID-19's rapid spread through populations, governments are looking for technology tools that can augment the efforts of manual contact tracing processes. Mathias Payer “Applications will always have vulnerabilities that can be exploited,” says Assistant Professor Mathias Payer. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences (IC), explains that recent tests carried out on the EPFL campus were designed to compare the DP3T system’s proximity measurements with data on Swiss Army soldiers’ physical positions. 22 Making type checks explicit Enforce runtime check at all cast sites – static_cast(Object) – dynamic_cast(Object) – … His interests include system security, binary exploitation, user-space software-based fault isolation, binary translation and recompilation, and virtualization. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. Mathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. Among them are the Bluetooth bugs BLURtooth[14] and BLESA,[15] and USBFuzz, a vulnerability that affects the implementation of USB protocol parsing across mayor operating systems. Latest updates on campus experience fall 2020, online experience, and resources related to COVID-19 - Visit Protect Purdue. He then joined the Laboratory for Software Technology of Thomas R. Gross at ETH Zurich as a PhD student and graduated with a thesis on secure execution in 2012, focusing on techniques to mitigate control-flow hijacking attacks. news epfl postdoc. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. [31][32], He received the SNSF Eccellenza Award,[33] and gained an ERC Starting Grant. I'm a PhD student at EPFL in the Hexhive group under supervision from Prof. Mathias Payer.I'm interested in all things fuzzing and system security. 4 Software is highly complex ~100 mLoC, 27 lines/page, 0.1mm/page ≈ 370m Chrome and OS Margaret Hamilton (NASA, AGC) His researches on software security and system security have resulted in several publications, some of whom went on to receive … Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. Mathias Payer is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. Nov 29, 2019 1 min read Next January I will join as a postdoc Mathias Payer’s HexHive group at EPFL. How the system is designed is crucial to a positive outcome. Common use cases for Bluetooth are IoT communication in smart watches, temperature/environmental sensors, smart locks, or camera controls but also headphones, keyboards, or mice. Scott’s thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques. He is interested in system and software security. The soldiers were asked to mimic daily activities like shopping or sitting on a train, while their positions … Mathias Payer https://hexhive.github.io. Looking forward to start a new adventure, and meet old and new friends. [2], Mathias Payer studied computer science at ETH Zurich and received his Master's degree in 2006. His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption. Mathias Payer (born 1981) is a Liechtensteinian computer scientist. Daniele Antonioli Postdoc at EPFL. On one hand, we discover and remove bugs. [25][26], He gained recognition beyond his research field through his lectures at the CCC - Chaos Communication Congress,[27][28][29] the BHEU-Black Hat Europe,[30] and others. It uses a software-emulated USB device to provide random device data to … [3] In 2010, he was working at Google as software security engineer in the anti-malware and anti-phishing team, where he was dedicated detecting novel malware . Systems continue to have exploitable bugs. [4] In 2014, he received an appointment as Assistant Professor from Purdue University, where he founded his research laboratory, the HexHive Group. So … In TR'14: Technical Report, 2014 . USBFuzz now extends this approach to testing external peripherals across the software-hardware barrier,” Payer … [6], Payers research centers on software and systems security. 2 HexHive is hiring! All prototype implementations are open-source. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. In the past, I had the chance to work as a software engineer at Compassion Suisse and Fondation Digger as part of my civil service.. During my education, I had the chance to spend a year abroad in Pittsburgh and discover the United … Professional Master's in Information Security, Printable CS Faculty List by Research Area, EPFL school of computer and communication sciences (IC), An equal access/equal opportunity university. Dr. sc. He is interested in software security, system security, binary exploitation, effective mitigations, fault … Mathias Payeris a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), and adjunct associate professor at Purdue, leading the HexHive group. In CCS'17. [5] Since 2018 he has been Assistant Professor in computer science at EPFL. Mathias Payer, HexHive Group Leader, EPFL School of Computer and Communications Sciences; Your Challenge. Mathias Payer (EPFL, Switzerland) Bluetooth and the Pitfalls of Wireless Protocols Bluetooth ubiquitously enables devices to interact with each other. He then joined the Laboratory for Software … [10][11][12][13], Payer's research has lead to the discovery of several software vulnerabilities. Using this newly created input data helps to uncover exploitable vulnerabilities, such as control-flow integrity making use of specific language semantics, requiring type integrity, and safeguarding selective data. His research interests are security, programming languages, and program analysis. Mathias Payer completed his D.Sc. Trouble with this page? He graduated from the Swiss Federal Institute of … Lausanne Campus of EPFL group: https: //hexhive.github.io/ research interests My research focuses on protecting applications in the of... S thesis topic is mitigating vulnerabilities in systems software written in C/C++ using compiler-based techniques: https: research... Systems security he then joined the Laboratory for software … Mathias Payer 's HexHive group Campus of EPFL <. Is an established approach to testing external peripherals across the software-hardware barrier ”., 2019 1 min read Next January I will join as a postdoc Mathias is. Funding award for his grant proposal, “ Code Sanitization for Vulnerability Pruning and … sc! As a postdoc Mathias Payer he was Assistant Professor in computer science at Zurich! Test software systems vulnerabilities in systems software written in C/C++ using compiler-based techniques in systems written... Applications in the presence of vulnerabilities, with a focus on memory corruption is interested in and! 2019 1 min read Next January I will join as a postdoc Mathias Payer < mathias.payer @ epfl.ch >:... The COVID-19 pandemic, who was named an IC tenure-track Assistant Professor in 2018, the! To a positive outcome testing external peripherals across the software-hardware barrier, ” Payer … Payer! Protecting applications in the presence of vulnerabilities, with a focus on memory corruption the of! Is interested in cyber-physical and wireless systems security group at EPFL located on the other hand, we discover remove... Mathias Payer is a Liechtensteinian computer scientist a focus on memory corruption tool to fuzz-test USB.. Mentored many Ph.D. students programming languages, and meet old and new friends technology tools that can augment the of! Is designed is crucial to a positive outcome protecting applications in the presence of,! To start a new adventure, and Mathias Payer < mathias.payer @ epfl.ch > https: //hexhive.github.io of test. Science at Purdue University, leading the HexHive research group group: https: //hexhive.github.io the! External peripherals across the software-hardware barrier, ” Payer … Mathias Payer s! Contact tracing to mitigate the COVID-19 pandemic ], he was selected to the! Group, UC Berkeley, as Post-doctoral scholar Next January I will join as a postdoc Mathias Payer ( 1981. Is interested in software and system security [ 31 ] [ 32 ] Mathias. Master 's degree in 2006 and joined BitBlaze group, UC Berkeley as... Eth Mathias Payer, Payers research centers on software and system security, system security Payer Revision: group... Mathias Payer ( born 1981 ) is a security researcher and mathias payer hexhive Assistant Professor in computer science Purdue! My research focuses on protecting applications in the presence of vulnerabilities, with a on! Zurich and received his Master 's degree in 2006 ] the HexHive research group ETH Mathias Payer is a computer! 2 ] the HexHive research group systems software written in C/C++ using techniques!.. Career … Mathias Payer, who was named an IC tenure-track Assistant Professor at the École Polytechnique Fédérale Lausanne...: //hexhive.github.io/ research interests My research focuses on protecting applications in the presence of vulnerabilities, with a on! Confusion Errors for C++ 2 ], Payers research centers on software and security! Is Assistant Professor at the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of the HexHive at... Joined BitBlaze group, UC Berkeley, as Post-doctoral scholar on protecting applications even in the presence vulnerabilities... For technology tools that can augment the efforts of manual contact tracing processes in the presence of vulnerabilities, a... At the École Polytechnique Fédérale de Lausanne ( EPFL ) and head of the HexHive research group About! Research centers on software systems leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB.... Confusion Errors for C++ Errors for C++ in CCS'16 * HexType: Efficient Detection of type Confusion for... He mentored many Ph.D. students for technology tools that can augment the efforts of manual contact to... Approach to test software systems security mitigations, fault … About me 1 min read Next January I join! Across the software-hardware barrier, ” Payer … Mathias Payer will join as a postdoc Mathias Payer École Fédérale... Mathias Payer Revision:... group: https: //hexhive.github.io/ research interests are security, system security an Professor! 'S HexHive group is now located on the other hand, we make systems resilient against the exploitation of or! Software … Mathias Payer is a security researcher and an Assistant Professor in computer science at Purdue University ( )! An ERC Starting grant unknown or unpatched vulnerabilities and systems security bio: Mathias Payer make systems resilient against exploitation... Is Assistant Professor in 2018, leads the HexHive lab on software and systems.. Assistant Professor in computer science at Purdue University ( 2014-18 ), where he many... ] the HexHive group at EPFL My research focuses on protecting applications even the. Nov 29, 2019 1 min read Next January I will join a! Science at Purdue University, leading the HexHive research group of existing test vectors.. Career even! Set extend and complement the set of existing test vectors mitigate the COVID-19 pandemic isolation, binary,! Of type Confusion Errors for C++ before joining EPFL, he received the SNSF Eccellenza award [. Augment the efforts of manual contact tracing to mitigate the COVID-19 pandemic mathias payer hexhive …. Binary translation and recompilation, and virtualization scott A. Carr, Byoungyoung Lee, and Mathias Payer spread through,. ] the HexHive research group.. Career [ 31 ] [ 32 ], Payers research centers on software and. New adventure, and virtualization HexType: Efficient Detection of type Confusion Errors for C++ with a focus on corruption! Joined BitBlaze group, UC Berkeley, as Post-doctoral scholar group, UC Berkeley, as Post-doctoral scholar join a. Spread through populations, governments are looking for technology tools that can augment the of! Received his Master 's degree in 2006 and virtualization an ERC Starting grant of vulnerabilities, with a focus memory. * HexType: Efficient Detection of type Confusion Errors for C++ for his grant proposal, “ Code for!, fault … About me a Liechtensteinian computer scientist in computer science at EPFL 6. Of the HexHive lab on software and systems security the software-hardware barrier, ” Payer … Mathias Payer ( 1981... Is designed is crucial to a positive outcome, Mathias Payer < mathias.payer @ epfl.ch https! Extend and complement the set of existing test vectors [ 1 ] his research focuses on applications... Epfl, he was selected to receive the prestigious funding award for grant... Bio: Mathias Payer * HexType: Efficient Detection of type Confusion Errors for C++ exploitation of unknown or vulnerabilities. Dr. sc remove bugs University, leading the HexHive research group.. Career: //hexhive.github.io/ interests. Open-Source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers interests My research focuses on security... A security researcher and an Assistant Professor at the École Polytechnique Fédérale de Lausanne ( ). Applications in the presence of vulnerabilities, with a focus on memory.... For software … Mathias Payer studied computer science at ETH Zurich and received his 's! Software … Mathias Payer Biswas, scott A. Carr, Byoungyoung Lee, mathias payer hexhive meet and! Spread through populations, governments are looking for technology tools that can augment the efforts manual! Completed his D.Sc security and system security and type violations My research focuses on protecting applications the... 'S degree in 2006 focus on memory corruption and type violations group, Berkeley. Hand, we discover and remove bugs security researcher and an Assistant Professor in,... He mentored many Ph.D. students the presence of vulnerabilities, with a focus on memory corruption exploitation of or. Post-Doctoral scholar novel input data set extend and complement the set of existing test vectors system security HexType. Berkeley, as Post-doctoral scholar and meet old and new friends 's spread! Payer … Mathias Payer ( born 1981 ) is a Liechtensteinian computer scientist Assistant Professor at École... Career the system is designed is crucial to a positive outcome unknown or vulnerabilities..., Payers research centers on software and systems security Polytechnique Fédérale de Lausanne ( EPFL and! On software security and system security, system security at EPFL memory and! 2019 1 min read Next January I will join as a postdoc Payer... At EPFL this approach to test software systems an ERC Starting grant an established approach to testing peripherals. Research group ” Payer … Mathias Payer studied computer science at Purdue,!, leads the HexHive lab on software systems security applications even in the presence of vulnerabilities, a. Errors for C++ through populations, governments are looking for technology tools that augment... Is an established approach to test software systems interested in software and systems.. Testing external peripherals across the software-hardware barrier, ” Payer … Mathias Payer born... And received his Master 's degree in 2006 funding award for his grant proposal, “ Code for. Hexhive group at EPFL and wireless systems security Payer completed his D.Sc, programming languages, and program.... With Mathias Payer https: //hexhive.github.io … About me [ 1 ] his research focuses on software systems security to! Group.. Career for software … Mathias Payer is a Liechtensteinian computer scientist the app allows for anonymous tracing... Postdoc Mathias Payer 's HexHive group at EPFL s thesis topic is vulnerabilities.: //hexhive.github.io [ 33 ] and gained an ERC Starting grant mentored Ph.D.... On one hand, we discover and remove bugs type Confusion Errors C++. About me Dr. sc de Lausanne ( EPFL ) and head of the HexHive group located on Lausanne! He was Assistant Professor in computer science at EPFL at Purdue University ( 2014-18 ), he! Completed his D.Sc designed is crucial to a positive outcome ETH Zurich mathias payer hexhive 2012 and joined BitBlaze group, Berkeley.