We develop practical defenses to protect software against (zero-day) exploitation attacks. In particular, we investigate attack and defense techniques in the area of control-flow integrity, address space layout randomization, and data-flow integrity.
Security of Smart Contracts
Blockchain-based systems such as Ethereum execute computer programs, so-called smart contracts, on the blockchain. Smart contracts are capable of owning cryptocurrency and autonomously transfer them. As such, smart contracts became an appealing target of attacks. Existing defenses rely on warning developers about possible security issues before they publish their contracts on the blockchain by means of program analysis techniques such as symbolic execution. However, it is highly challenging to protect already published contracts as updating smart contracts involves a high effort due to the principle of code is law. We focus our research on developing new run-time mechanisms that protect already published smart contracts from being exploited.
Trusted Computing provides mechanisms to check the trustworthiness, state, and integrity of a computing platform. Our research group investigates especially remote attestation protocols. These allow a verifier to check the trustworthiness of a remote device based on a challenge-response protocol.
Hardware-assisted security plays a vital role as it increases the efficiency of software-based security solutions. Our research group conducts especially research in the area of trusted execution environments such as Intel Software Guard Extensions (SGX) and ARM TrustZone. We also investigate hardware-close attacks such as Rowhammer.