S2 - Attestation Protocols

S2 – Attestation Protocols

Download

Embedded and mobile systems are more and more used in security- and safety-critical applications. This generates an increasing need for enabling technologies to validate and verify the integrity of a system's software state against malicious code. This project will design and develop novel attestation schemes that allow to validate and verify the software integrity and trustworthiness of remote devices, cover runtime attacks, do not require complex and/or costly security hardware, are secure in stronger adversary models than existing approaches, and that do not solely rely on standard cryptographic techniques.

Researchers

Tigist Abera
System Security Lab

Research Interests:

  • Memory Corruption Detection
  • Runtime attacks and defenses
  • Static analysis

David Gens
System Security Lab

Research Interests:

  • Architectural defenses, isolation between kernel and userland
  • Run-time attacks, reverse engineering
  • Static analysis and formal verification

Ahmad Ibrahim
System Security Lab

Reham Mohamed
System Security Lab

Shaza Zeitouni
System Security Lab

Research Interests:

  • Hardware security
  • Physically Unclonable Functions Attestation
  • Secure privacy-preserving computation

Publications

Brasser, Ferdinand ; Frassetto, Tommaso ; Riedhammer, Korbinian ; Sadeghi, Ahmad-Reza ; Schneider, Thomas ; Weinert, Christian :
VoiceGuard: Secure and Private Speech Processing.
Interspeech 2018 International Speech Communication Association (ISCA)
[Conference or workshop item] , (2018)

Mitev, Richard :
Lyin’ Alexa - Skill-Based Man-in-the-Middle Attack on Virtual Assistants.
TU Darmstadt
[Masterarbeit] , (2018)

Carpent, Xavier ; Eldefrawy, Karim ; Rattanavipanon, Norrathep ; Sadeghi, Ahmad-Reza ; Tsudik, Gene :
Invited: Reconciling Remote Attestation and Safety-Critical Operation on Simple IoT Devices.
In: Design Automation Conference, 2018, June 24-29, San Francisco, USA. ACM
[Conference or workshop item] , (2018)

Dessouky, Ghada ; Abera, Tigist ; Ibrahim, Ahmad ; Sadeghi, Ahmad-Reza :
LiteHAX: Lightweight Hardware-Assisted Attestation of Program Execution.
In: 37th IEEE International Conference On Computer Aided Design 2018 (ICCAD’18), 2018.
[Conference or workshop item] , (2018)

Miettinen, Markus ; Nguyen, Thien Duc ; Asokan, N. ; Sadeghi, Ahmad-Reza :
Revisiting Context-Based Pairing in IoT.
In: 55th Design Automation Conference (DAC), 24.-29.06. 2018, San Francisco, CA, USA. Proceedings of the 55th Design Automation Conference (DAC) ACM
[Conference or workshop item] , (2018)

Jauernig, Patrick Thomas :
SMOV: Lighweight In-Process Memory Isolation.
TU Darmstadt
[Masterarbeit] , (2017)

Zeitouni, Shaza ; Dessouky, Ghada ; Arias, Orlando ; Sullivan, Dean ; Ibrahim, Ahmad ; Jin, Yier ; Sadeghi, Ahmad-Reza :
ATRIUM: Runtime Attestation Resilient Under Memory Attacks.
2017 International Conference On Computer Aided Design (ICCAD'17)
[Conference or workshop item] , (2017)

Arias, Orlando ; Gens, David ; Jin, Yier ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza ; Sullivan, Dean :
LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization.
20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017)
[Conference or workshop item] , (2017)

Fereidooni, Hossein ; Classen, Jiska ; Spink, Tom ; Patras, Paul ; Miettinen, Markus ; Sadeghi, Ahmad-Reza ; Hollick, Matthias ; Conti, Mauro :
Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit.
Proceedings of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
[Conference or workshop item] , (2017)

Fuhry, Benny ; Bahmani, Raad ; Brasser, Ferdinand ; Hahn, Florian ; Kerschbaum, Florian ; Sadeghi, Ahmad-Reza :
HardIDX: Practical and Secure Index with SGX.
Conference on Data and Applications Security and Privacy (DBSec)
[Conference or workshop item] , (2017)

Ibrahim, Ahmad ; Sadeghi, Ahmad-Reza ; Zeitouni, Shaza :
SeED: Secure Non-Interactive Attestation for Embedded Devices.
10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017)
[Conference or workshop item] , (2017)

Asokan, N. ; Davi, Lucas ; Dessouky, Ghada ; Koeberl, Patrick ; Nyman, Thomas ; Paverd, Andrew ; Sadeghi, Ahmad-Reza ; Zeitouni, Shaza :
LO-FAT: Low-Overhead Control Flow ATtestation in Hardware.
In: 54th Design Automation Conference (DAC'17).
[Conference or workshop item] , (2017)

Dessouky, Ghada ; Zeitouni, Shaza ; Nyman, Thomas ; Paverd, Andrew ; Davi, Lucas ; Koeberl, Patrick ; Asokan, N. ; Sadeghi, Ahmad-Reza :
LO-FAT: Low-Overhead Control Flow ATtestation in Hardware.
54th Design Automation Conference (DAC'17)
[Conference or workshop item] , (2017)

Davi, Lucas ; Gens, David ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza :
PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables.
24th Annual Network & Distributed System Security Symposium (NDSS)
[Conference or workshop item] , (2017)

Dessouky, Ghada ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas ; Zeitouni, Shaza ; Zohner, Michael :
Pushing the Communication Barrier in Secure Computation using Lookup Tables.
24. Annual Network and Distributed System Security Symposium (NDSS'17) Internet Society
[Conference or workshop item] , (2017)

Rudd, Robert ; Skowyra, Richard ; Bigelow, David ; Dedhia, Veer ; Hobson, Thomas ; Crane, Stephen ; Liebchen, Christopher ; Larsen, Per ; Davi, Lucas ; Franz, Michael ; Sadeghi, Ahmad-Reza ; Okhravi, Hamed :
Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity.
24th Annual Network & Distributed System Security Symposium (NDSS)
[Conference or workshop item] , (2017)

Sullivan, Dean ; Arias, Orlando ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Jin, Yier :
Towards a Policy-Agnostic Control-Flow Integrity Implementation.
Black Hat Europe
[Conference or workshop item] , (2016)

Abera, Tigist ; Asokan, N. ; Davi, Lucas ; Ekberg, Jan-Erik ; Nyman, Thomas ; Paverd, Andrew ; Sadeghi, Ahmad-Reza ; Tsudik, Gene :
C-FLAT: Control-Flow Attestation for Embedded Systems Software.
23rd ACM Conference on Computer and Communications Security (CCS)
[Conference or workshop item] , (2016)

Deshotels, Luke ; Deaconescu, Razvan ; Chiroiu, Mihai ; Davi, Lucas ; Enck, William ; Sadeghi, Ahmad-Reza :
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles.
23rd ACM Conference on Computer and Communications Security (CCS)
[Conference or workshop item] , (2016)

Sadeghi, Ahmad-Reza ; Schunter, Matthias ; Ibrahim, Ahmad ; Conti, Mauro ; Neven, Gregory :
SANA: Secure and Scalable Aggregate Network Attestation.
23rd ACM Conference on Computer and Communications Security (CCS) 2016 CCS 2016
[Conference or workshop item] , (2016)

Ambrosin, Moreno ; Conti, Mauro ; Ibrahim, Ahmad ; Neven, Gregory ; Sadeghi, Ahmad-Reza ; Schunter, Matthias :
POSTER: Toward a Secure and Scalable Attestation.
ACM WiSEC 2016
[Conference or workshop item] , (2016)

Conti, Mauro ; Crane, Stephen ; Frassetto, Tommaso ; Homescu, Andrei ; Koppen, Georg ; Larsen, Per ; Liebchen, Christopher ; Perry, Mike ; Sadeghi, Ahmad-Reza :
Selfrando: Securing the Tor Browser against De-anonymization Exploits.
The annual Privacy Enhancing Technologies Symposium (PETS)
[Conference or workshop item] , (2016)

Ibrahim, Ahmad ; Sadeghi, Ahmad-Reza ; Tsudik, Gene ; Zeitouni, Shaza :
DARPA: Device Attestation Resilient to Physical Attacks.
ACM WiSEC 2016
[Conference or workshop item] , (2016)

Sadeghi, Ahmad-Reza ; Dessouky, Ghada :
POSTER: Exploiting Dynamic Partial Reconfiguration for Improved Resistance Against Power Analysis Attacks on FPGAs.
ACM WiSec 2016
[Conference or workshop item] , (2016)

Abera, Tigist ; Asokan, N. ; Davi, Lucas ; Koushanfar, Farinaz ; Praverd, Andrew ; Tsudik, Gene ; Sadeghi, Ahmad-Reza :
Things, Trouble, Trust: On Building Trust in IoT Systems.
53rd Design Automation Conference (DAC)
[Conference or workshop item] , (2016)

Brasser, Ferdinand ; Ganapathy, Vinod ; Iftode, Liviu ; Kim, Daeyoung ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza :
Regulating ARM TrustZone Devices in Restricted Spaces.
14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)
[Conference or workshop item] , (2016)

Lettner, Julian ; Kollenda, Benjamin ; Homescu, Andrei ; Larsen, Per ; Schuster, Felix ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Holz, Thorsten ; Franz, Michael :
Subversive-C: Abusing and Protecting Dynamic Message Dispatch.
USENIX Annual Technical Conference (ATC)
[Conference or workshop item] , (2016)

Songhori, Ebrahim ; Zeitouni, Shaza ; Dessouky, Ghada ; Schneider, Thomas ; Sadeghi, Ahmad-Reza ; Koushanfar, Farinaz :
GarbledCPU: A MIPS Processor for Secure Computation in Hardware.
53. Annual Design Automation Conference (DAC'16) ACM
[Conference or workshop item] , (2016)

Sullivan, Dean ; Arias, Orlando ; Davi, Lucas ; Larsen, Per ; Sadeghi, Ahmad-Reza ; Jin, Yier :
Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity.
53rd Design Automation Conference (DAC)
[Conference or workshop item] , (2016)

McLaughlin, Stephen ; Konstantinou, Charalambos ; Wang, Xueyang ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Maniatakos, Michail ; Karri, Ramesh :
The Cybersecurity Landscape in Industrial Control Systems.
In: Proceedings of the IEEE, PP (99)
[Article] , (2016)

Braden, Kjell ; Crane, Stephen ; Davi, Lucas ; Franz, Michael ; Larsen, Per ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza :
Leakage-Resilient Layout Randomization for Mobile Devices.
23rd Annual Network & Distributed System Security Symposium (NDSS)
[Conference or workshop item] , (2016)

Brasser, Ferdinand ; Rasmussen, Kasper ; Sadeghi, Ahmad-Reza ; Tsudik, Gene :
Remote Attestation for Low-End Embedded Devices: the Prover's Perspective.
In: DAC '16 . ACM
[Conference or workshop item] , (2016)

Cam-Winget, Nancy ; Sadeghi, Ahmad-Reza ; Jin, Yier :
Can IoT be Secured: Emerging Challenges in Connecting the Unconnected.
53rd Design Automation Conference (DAC)
[Conference or workshop item] , (2016)

Davi, Lucas ; Sadeghi, Ahmad-Reza:
Building Secure Defenses Against Code-Reuse Attacks.
Springer International Publishing ISBN 978-3-319-25544-6
[Book] , (2015)

Larsen, Per ; Brunthaler, Stefan ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Franz, Michael:
Automated Software Diversity.
Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool
[Book] , (2015)

Asokan, N. ; Brasser, Ferdinand ; Ibrahim, Ahmad ; Sadeghi, Ahmad-Reza ; Schunter, Matthias ; Tsudik, Gene ; Wachsmann, Christian :
SEDA: Scalable Embedded Device Attestation.
22nd ACM Conference on Computer and Communications Security (CCS)
[Conference or workshop item] , (2015)

Conti, Mauro ; Crane, Stephen ; Davi, Lucas ; Franz, Michael ; Larsen, Per ; Liebchen, Christopher ; Negro, Marco ; Qunaibit, Mohaned ; Sadeghi, Ahmad-Reza :
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks.
22nd ACM Conference on Computer and Communications Security (CCS)
[Conference or workshop item] , (2015)

Crane, Stephen ; Volckaert, Stijn ; Schuster, Felix ; Liebchen, Christopher ; Larsen, Per ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Holz, Thorsten ; Sutter, Bjorn De ; Franz, Michael :
It's a TRAP: Table Randomization and Protection against Function Reuse Attacks.
22nd ACM Conference on Computer and Communications Security (CCS)
[Conference or workshop item] , (2015)

Demmler, Daniel ; Dessouky, Ghada ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas ; Zeitouni, Shaza :
Automated Synthesis of Optimized Circuits for Secure Computation.
22. ACM Conference on Computer and Communications Security (CCS'15) ACM
[Conference or workshop item] , (2015)

Asokan, N. ; Brasser, Ferdinand ; Ibrahim, Ahmad ; Sadeghi, Ahmad-Reza ; Schunter, Matthias ; Tsudik, Gene ; Wachsmann, Christian :
SEDA - Technical Report.

[Report] , (2015)

Crane, Stephen ; Liebchen, Christopher ; Homescu, Andrei ; Davi, Lucas ; Larsen, Per ; Sadeghi, Ahmad-Reza ; Brunthaler, Stefan ; Franz, Michael :
Return to Where? You Can't Exploit What You Can't Find.
Blackhat USA
[Conference or workshop item] , (2015)

Arias, Orlando ; Davi, Lucas ; Hanreich, Matthias ; Jin, Yier ; Koeberl, Patrick ; Paul, Debayan ; Sadeghi, Ahmad-Reza ; Sullivan, Dean :
HAFIX: Hardware-Assisted Flow Integrity Extension.
52nd Design Automation Conference (DAC)
[Conference or workshop item] , (2015)

Brasser, Ferdinand ; Koeberl, Patrick ; Mahjoub, Brahim El ; Sadeghi, Ahmad-Reza ; Wachsmann, Christian :
TyTAN: Tiny Trust Anchor for Tiny Devices.
52nd Design Automation Conference (DAC) 2015
[Conference or workshop item] , (2015)

Songhori, Ebrahim ; Sadeghi, Ahmad-Reza ; Koushanfar, Farinaz :
Compacting Privacy-Preserving k-Nearest Neighbor Search using Logic Synthesis.
52nd Design Automation Conference (DAC)
[Conference or workshop item] , (2015)

Crane, Stephen ; Liebchen, Christopher ; Homescu, Andrei ; Davi, Lucas ; Larsen, Per ; Sadeghi, Ahmad-Reza ; Brunthaler, Stefan ; Franz, Michael :
Readactor: Practical Code Randomization Resilient to Memory Disclosure.
36th IEEE Symposium on Security and Privacy (Oakland)
[Conference or workshop item] , (2015)

Schuster, Felix ; Tendyck, Thomas ; Liebchen, Christopher ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Holz, Thorsten :
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications.
36th IEEE Symposium on Security and Privacy (Oakland)
[Conference or workshop item] , (2015)

Davi, Lucas ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza ; Snow, Kevin ; Monrose, Fabian :
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming.
22nd Annual Network & Distributed System Security Symposium (NDSS)
[Conference or workshop item] , (2015)

Wachsmann, Christian ; Sadeghi, Ahmad-Reza:
Physically Unclonable Functions (PUFs): Applications, Models, and Future Directions.
Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool Publishers ISBN 9781627055093
[Book] , (2014)

Kong, Joonho ; Koushanfar, Farinaz ; Pendyala, Praveen ; Sadeghi, Ahmad-Reza ; Wachsmann, Christian :
PUFatt: Embedded Platform Attestation Based on Novel Processor-Based PUFs.
Design Automation Conference (DAC) 2014 ACM Press
[Conference or workshop item] , (2014)

go to TU-biblio search on ULB website