Workshop Programme

Following is the EuroSec 2017 programme. Follow @sharcs_project or @EuroSecWorkshop on Twitter to stay up to date with the workshop news.

Time Title
9:00-10:30 Session 1
  Welcome, introduction
  Keynote talk: Sancus 2.0: A Security Architecture for Low-Cost Networked Embedded Devices Frank Piessens, KU Leuven

Abstract: The Sancus security architecture for networked embedded devices was proposed in 2013 at the USENIX Security conference. It supports remote (even third-party) software installation on embedded devices while maintaining strong security guarantees. Its key characteristic is that it supports strong protection of software application modules against all other software on the platform including the operating system, not unlike what Intel SGX achieves for higher-end processors. Over the past four years, significant experience has been gained with applications of Sancus, and several extensions of the architecture have been investigated - both by the original designers as well as by independent researchers. This talk will describe Sancus 2.0, a new version of the architecture that incorporates new ideas and improvements informed by these four years of experience. We will explain the design of Sancus 2.0 (without relying on any prior knowledge of Sancus), and will discuss several application scenarios.

  Off-the-shelf Embedded Devices as Platforms for Security Research Lucian Cojocar, Kaveh Razavi, Herbert Bos
10:30-11:00 Break
11:00-12:40 Session 2
  Cache Attacks on Intel SGX Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, Tilo Müller
  RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches Stephan van Schaik, Kaveh Razavi, Ben Gras, Herbert Bos, Cristiano Giuffrida
  Breaking BLE Beacons For Fun but Mostly Profit Constantinos Kolias, Lucas Copi, Fengwei Zhang, Angelos Stavrou
  Internet Kill Switches Demystified Benjamin Rothenberger, Daniele Asoni, David Barrera, Adrian Perrig
12:40-14:00 Lunch
14:00-15:30 Session 3
  Keynote talk: Hardware-assisted Security: So Close yet So Far Ahmad-Reza Sadeghi, TU Darmstadt

Abstract: In the recent past we have been witnessing an increasing effort invested in hardware-assisted security, mostly to secure the insecure legacy software. Hardware security schemes are often treated as an afterthought: an extension of the system but not an inherent design metric for the whole system. This limits their adoption and benefit to real-world systems. Emerging applications, for instance in IoT area, increasingly involve large numbers of connected and heterogeneous device swarms and pose crucial challenges on the underlying security architectures. Over the past two decades we have seen hardware security solutions and trends from Trusted Platform Modules (TPM), ARM's TrustZone, and Physically Unclonable Functions (PUFs), to very recent advances such as Intel's SGX and CET. However, despite their advantages these solutions are rarely used by third party developers, make strong trust assumptions about manufacturers, are too expensive for small constrained devices, do not easily scale, or suffer from side-channels. In this talk we will discuss the real-world impact of hardware-assisted security solutions, their strengths and shortcomings as well as new research and development directions.

  Looking Back on Three Years of Flash-based Malware Christian Wressnegger, Konrad Rieck
15:30-16:00 Break
16:00-17:40 Session 4
  TrustJS: Trusted Client-side Execution of JavaScript David Goltzsche, Colin Wulf, Divya Muthukumaran, Konrad Rieck, Peter Pietzuch, Rüdiger Kapitza
  The Case of the Poisoned Event Handler: Weaknesses in the Node.js Event-Driven Architecture James Davis, Gregor Kildow, Dongyoon Lee
  Fast and Generic Metadata Management with Mid-Fat Pointers Taddeus Kroes, Koen Koning, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
  Protecting Suspended Devices from Memory Attacks Manuel Huber, Julian Horsch, Sascha Wessel