Person

Mathias Josef Payer

Related publications (49)

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy

Bluetooth is a pervasive wireless technology specified in an open standard. The standard defines Bluetooth Classic (BT) for high-throughput wireless services and Bluetooth Low Energy (BLE) very low-power ones. The standard also specifies security mechanism ...

ASSOC COMPUTING MACHINERY2022

Designing a Provenance Analysis for SGX Enclaves

Mathias Josef Payer, Flavio Toffalini

SGX enclaves are trusted user-space memory regions that ensure isolation from the host, which is considered malicious. However, enclaves may suffer from vulnerabilities that allow adversaries to compromise their trustworthiness. Consequently, the SGX isola ...

ASSOC COMPUTING MACHINERY2022

Fuzzing is the de-facto default technique to discover software flaws, randomly testing programs to discover crashing test cases. Yet, a particular scenario may only care about specific code regions (for, e.g., bug reproduction, patch or regression testing) ...

ASSOC COMPUTING MACHINERY2022

, ,

Browser APIs are essential to the modern web experience. Due to their large number and complexity, they vastly expand the attack surface of browsers. To detect vulnerabilities in these APIs, fuzzers generate test cases with a large amount of random API inv ...

New York2022

, , , , ,

Computer systems designers are building cache hierarchies with higher capacity to capture the ever-increasing working sets of modern workloads. Cache hierarchies with higher capacity improve system performance but shift the performance bottleneck to addres ...

2021

Evading Voltage-Based Intrusion Detection on Automotive CAN

Mathias Josef Payer, Duo Xu, Rohit Bhatia

The controller area network (CAN) is widely adopted in modern automobiles to enable communications among in-vehicle electronic control units (ECUs). Lacking mainstream network security capabilities due to resource constraints, the CAN is susceptible to the ...

INTERNET SOC2021

, ,

The Bluetooth standard is ubiquitously supported by computers, smartphones, and IoT devices. Due to its complexity, implementations require large codebases, which are prone to security vulnerabilities, such as the recently discovered BlueBorne and BadBluet ...

USENIX ASSOC2021

Enclosure: Language-Based Restriction of Untrusted Libraries

James Richard Larus, Mathias Josef Payer, Edouard Bugnion, Evangelos Marios Kogias, Adrien Ghosn

Programming languages and systems have failed to address the security implications of the increasingly frequent use of public libraries to construct modern software. Most languages provide tools and online repositories to publish, import, and use libraries ...

2021

Seed Selection for Successful Fuzzing

Mathias Josef Payer

Mutation-based greybox fuzzing-unquestionably the most widely-used fuzzing technique-relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process. When evaluating a fuzzer, common approaches for constructing this corpus inclu ...

ASSOC COMPUTING MACHINERY2021

Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code

Mathias Josef Payer

Android apps include third-party native libraries to increase performance and to reuse functionality. Native code is directly executed from apps through the Java Native Interface or the Android Native Development Kit. Android developers add precompiled nat ...

IEEE COMPUTER SOC2021

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.