Cyber Security & Privacy
Cyber Security & Privacy
Cyber security and privacy is essential for our connected daily lives. Members of the theme work on different research challenges in this space, including software and hardware security, AI security, access control, and human factors. We aim to precisely understand the guarantees of different security technologies to inform and develop effective and efficient countermeasures against attacks.
Research Highlights
Sensor Security
Carlton Shepherd
Modern mobile devices are packed with sensors, and we increasingly trust their readings for security mechanisms (e.g., proximity checks, device pairing, behavioural authentication). But sensors are messy security primitives: they leak information, reflect environment and hardware quirks, and are often correlated with each other. In our work, we raise fundamental concerns about how much mobile sensors can be relied upon: these seemingly rich sources can be highly predictable in the worst case, and combining them simultaneously does not robustly fix that problem. The practical message is clear: sensor-based security needs more rigorous evaluation approaches, not intuition.
Confidential Computing
David Oswald
Confidential computing is a promising technology to secure workloads running in public clouds. Supported by all major CPU vendors, confidential computing is being adopted to secure major AI deployments, for example Meta’s AI features behind WhatsApp (https://ai.meta.com/static-resource/private-processing-technical-whitepaper). Current technologies, such as Intel SGX/TDX and AMD SEV-SNP, place trust in the system’s RAM memory to behave correctly. If RAM is maliciously manipulated by an adversary, the security guarantees are undermined. Our projects “BadRAM” (https://badram.eu/) and “Battering RAM” (https://batteringram.eu/), published at top-tier security venues, showcase the practical threat of such attacks and led to security advisories/patches by AMD and Intel.