The C++ language combines a massive potential for raw power with the massive
risk of type and memory safety violations. The developer is inherently
responsible for securing all executed code and to guarantee type safety and
memory safety. We are particularly focused on type safety. In C++, developers
can cast …
JavaScript engines face a dilemma: on one end, they need to be extremely
efficient as they are processing millions of lines of JavaScript code,
dynamically translating complex programs into efficient code. On the other end,
the code may be controlled by an attacker that is trying to exploit bugs in …
Sanitizers serve as the primary bug detection Oracle during automated testing.
They "crash" the program gracefully and tell the fuzzer when and where a bug was
triggered. The most well-known sanitizer is ASan or AddressSanitizer which adds
redzones around memory objects to detect whenever an access is out-of-bounds.
MSan or …
Hypervisors power not just the cloud but are becoming a commodity in mobile
phones and desktops as well. They separate virtual machines from each
other, enabling strong isolation and security guarantees. In cloud environments,
hypervisors separate non-trusting virtual machines and an attacker may try to
compromise and gain access to …
2024 was an active year for the HexHive research group, marked by tireless
efforts to enhance the security of various complex systems. A key trend
throughout the year was the continued evolution of fuzzing research. Notably, we
observed a gradual shift away from general-purpose fuzzing as a primary research
focus …
Niklaus Wirth, known for his work on programming languages and systems, died on January 1st, 2024 (ETH Zurich).
Wirth was known for his work on programming languages and systems with a keen focus on simplicity and functionality for which he was awarded the 1984 Turing Award.
His most well-known language …
In 2018, when I moved from Purdue University in the US to EPFL in Switzerland, I
had the opportunity to apply for an ERC H2020 starting grant in computer
science. ERC starting grants are similar to the NSF Career award and can be
submitted up to 7 years after completing …
Every December a lot of prospective students reach out to faculty
regarding PhD programs. This is the time where we review the students
and assess their skills and potential along many dimensions such as past
research, research ideas, engineering capabilities, and systems
experience. These discussions along with the submission of …