Events

Abstract: During the past two years, we have been hacking (and securing) industrial robots. They are complex cyber-physical systems, they are used in critical installations, and they entail almost every possible risk, from safety to economical damage.

In this talk we will review the main results from our research: a complete attacker and threat model for industrial robots; robot-specific cyberattacks that violate the […]

Abstract: Theoretical results in cryptography and distributed computing are always proved relative to some formal model that is intended to accurately capture the real world. We focus here on the effect of different network models on the feasibility of various tasks related to consensus. First, we highlight assumptions about the power of adaptive adversaries in distributed protocols, noting that while […]

Abstract: This talk gives an overview of two recently developed general classes of practical techniques for validating compilers – equivalence modulo input (EMI) testing, and skeletal program enumeration (SPE) – and a continuous, extensive effort in applying/adapting them to find and report thousands of bugs across a range of production and research compilers for C/C++ (GCC, Clang/LLVM, ICC, CompCert), Scala, Rust, […]

Abstract: In the talk, I will discuss two subjects of crucial importance for critical infrastructures: safety and security. Solutions provided by several ‘smart’ ideas: smart grids, smart cities, smart production, depend on exchange of data. Frequently, broadcasts of raw data is used, which is not secure at all. In the wrong hands data can reveal sensitive information and may also be […]

Title: Safety and Security of Infrastructures.

Abstract: In the talk, I will discuss two subjects of crucial importance for critical infrastructures: safety and security.  Solutions provided by several ‘smart’ ideas: smart grids, smart cities, smart production, depend on exchange of data. Frequently, broadcasts of raw data is used, which is not secure at all. In the wrong hands data can reveal […]

Abstract: This new laboratory will be able to reproduce water infrastructures such as district heating, water distribution and wastewater collection as well as their interconnection with the power grid. This modular laboratory will allow the users to configure different topologies and scenarios. Thus, it will make possible to test control strategies in a realistic environment before the real implementation. Therefore, the […]

Abstract: Security-critical infrastructures like the power grid have substations whose controllers are vulnerable to attacks, including zero-day attacks. Attacks against the control code of a power grid station can be catastrophic. Earlier detection of the attacks can prevent further damage. We propose a data-driven, deep learning architecture to detect anomalous behavior in a power-grid controller. The deep learning training is done on […]

Abstract: Runtime integrity assessments of software can be done using cyclic networks of monitors that periodically compute checksums of the code in memory. One problem is that these checkers are comparatively easy to spot: programs usually don’t read their own code. Oblivious hashing has been proposed as a more stealthy technique to perform state inspection for integrity assessments – but is restricted […]

Abstract: Accountability is the property of a system to help answer questions regarding why specific events have happened. With accountability infrastructures in place, identified reasons can be used to improve systems and to assign blame. Accountability rests on two pillars, monitoring and causality analyses. In this lecture, we focus on causality analyses and respective underlying models and show their wide applicability in […]

Internet of Things (IoT) is having an exponential growth in a multitude of applications. However, the security of IoT has been always neglected, leading to large-scale attacks on IoT devices. The heterogeneous nature of IoT devices exposes them to diverse attack vectors and attacks on critical infrastructure, causing alarm for all stakeholders involved. Recent large-scale attacks such as Mirai and IoT […]