Category Archives: Uncategorized

Fifth AMSec Workshop: Security and AI

How do we unite cybersecurity and artificial intelligence?

October 12, 2023
Science Park 125, 1098 XG, Amsterdam
Seminar room: Turing Room
From 13.30 – 16:30 + drinks afterward

Please register here

With contributions from amongst others:

Marten van Dijk is professor of Secure and Intelligent Computing at VU University and Group Lead Computer Security at CWI. As a computer security researcher, he investigates and develops new techniques targeting solutions of foundational security problems. He focuses on the intersection of security and machine learning and how machine learning can provide reliable and robust intelligence.

Stjepan Picek, associate professor in the Digital Security (DiS) group at Radboud University, studies the intersection of cybersecurity and artificial intelligence. Combining those fields, he specializes in implementation attacks (side-channel analysis, fault injection) and security of machine learning.

Walco Sibbel, major account manager at Palo Alto Networks, is involved in the latest developments of the industry regarding cybersecurity and AI and can connect industry demand with the latest technical developments.

The theme of the workshop:

How do we unite cybersecurity and artificial intelligence?

Kaitai Lang joined the Cybersecurity group at Delft University of Technology in 2020. Before joining TU Delft, he was an Assistant Professor in Secure Systems at the University of Surrey, UK, and an academic member of the Surrey Centre for Cyber Security. He received his PhD degree in computer science from Department of Computer Science at City University of Hong Kong. With over 11 years experiences on cybersecurity R&D, his main focus is on the design and implementation of cryptographic protocols to security.

Joep Gommers, founder & CEO at EclecticIQ (threat intelligence, hunting and response)

Paul Timmers Research Associate Oxford University & Ex European Commission

AI and Cybersecurity

How do AI and cybersecurity relate to each other? And what grant vision do we have for the application of AI on cybersecurity and the cybersecurity of AI? In this workshop we will explore the topic ‘AI and cybersecurity’ from a hardware, software and policy perspective. The workshop involves inspiring key notes and an interactive panel discussion. There will be a lively discussion and interaction with the audience with key representatives from both industry, academia and government.


13.30: Opening

13:35 – Public brainstorm: you are going to engage in a public brainstorm where we will try to find a common definition of AI & Cybersecurity. What do you think is the essence of security by design?

13.45 – Keynote 1: Marten van Dijk.

Marten van Dijk. IEEE Fellow, professor of Secure and Intelligent Computing at VU University and Group Lead Computer Security at CWI.

14.15 – Q&A

14:25 – Break

14:45 – Panel: You will have the opportunity to observe an interactive panel discussion discussing the role of government, industry and academia regarding cybersecurity and artificial intelligence from different perspectives . With amongst others Stjepan Picek (Radboud University) , Walco Sibbel (Palo Alto Networks), Kaitai Lang (TU-Delft), and Paul Timmers (Oxford University).

15:45 – Keynote 2: Joep Gommers.

Joep Gommers. Founder & CEO at EclecticIQ (threat intelligence, hunting and response)


16.15 – Q&A and synthesis.

16:30 – Closing remarks and drinks!

Fourth AMSEC Symposium: Security by Design

How do we unite the many different perspectives on security by design?

Please register here

February 16, 2023 

Van der Boechorststraat 7, 1081 BT Amsterdam

Seminar room: MF-A415   

From 13.30 – 16:30 + drinks afterwards

With contributions from Bart Jacobs and Bart Preneel

Bart Jacobs, professor of Security, Privacy and Identity at Radboud University Nijmegen, tirelessly delves into matters that you sometimes would rather not hear, but need to know. He showed vulnerabilities in the public transport chip card, bank cards, voting computers, ‘smart’ meters and car keys, and in countless databases with private data. He also develops secure alternatives, such as the IRMA app that allows you to log in in a privacy-friendly manner.

Bart Preneel, professor at the Catholic University of Leuven, is a Belgian cryptographer and cryptanalyst. He co-invented the Miyaguchi-Preneel compression function, a robust structure used in hash functionsl. He is also one of the authors of the RIPEMD hash function and co-inventor of the MUGI and Trivium stream ciphers. Preneel contributed to the cryptanalysis of several cryptographic algorithms, including RC4 and SecurID.

Dr. Cristina Del-Real, assistant professor in Cyber Crisis at the Institute of Security and Global Affairs (ISGA) at Leiden University, is an expert on the multitude of definitions of security by design  Previously she worked as a postdoctoral researcher in cybersecurity governance at ISGA. She is part of the NWO-funded project ‘Cyber Security by Integrated Design’ (C-SIDe),:

Dr. Erik Poll, associate professor in the Digital Security (DiS) group Institute for Computing and Information Sciences Radboud University Nijmegen, is an expert on software security. He leads the security by design work package at the INTERSECT project. 

→ More contributors will be added soon!

Theme of the workshop:

How do we unite the many different perspectives on security by design? 

How do we define security by design? And what grant vision do we have? What is its practical feasibility? In this workshop we will explore the topic ‘security by design’ from a hardware, software and policy perspective. The workshop involves inspiring key notes and an interactive panel discussion. There will be a lively discussion and interaction with the audience with key representatives from both industry, academia and government. 

Provisional program:

13:30 – Public brainstorm: you are going to engage in a public brainstorm where we will try to find a common definition of security by design. What do you think is the essence of security by design? 

13.45 – Keynote 1: Bart Jacobs

14.15 – Q&A

14:25 – Break

14:45 – Panel: Cristina del Real, Erik Pol, Jasper Nagtegaal
You will have the opportunity to observe an Interactive panel discussion discussing the role of government, industry and academia regarding security by design from different perspectives (“hardware & infrastructure”; “software & application” and “economics & policy”).

15:45 – Keynote 2: Bart Preneel

16.15 – Q&A and brainstorm: There is an opportunity for a Q&A and there will be a second public brainstorm on the definition of security by design. We will investigate together in what way the input of the public differs what this us? The insights gained in this workshop will be used by policy makers, academics and the industry to further align the efforts to make secure hard & software by design. 

16:30 – Wrap up and drinks!

Third AMSEc workshop: Systems Security

Date: Friday 25th of October 2019

Time: 9:45 – 13:15

Location: VU Campus, main building, room HG-06A32

This mini workshop features a strong line-up of leading system security researchers from around the world. The event is freely accessible to everyone on a first come, first serve basis.


  • U. Michael Franz (UC Irvine)
This image has an empty alt attribute; its file name is 3ec2dcd0.jpg
  • Mathias Payer (EPFL)
Purdue University - Department of Computer Science ...
  • Stijn Volckaert (KU Leuven)
Afbeeldingsresultaat voor Stijn Volckaert leuven
  • Lucas Davi (U. Duisburg)
Afbeeldingsresultaat voor lucas davi
  • Stefan Brunthaler ( U. der Bundeswehr)
Afbeeldingsresultaat voor stefan brunthaler
  • Robert Buhren (TU Berlin)
Robert Buhren

Preliminary program

9:45 – 10:15

Speaker: Lucas Davi

Title: Risky Contracts: Breaking and Fixing Smart Contracts


Smart contracts are computer programs that execute on the blockchain, receive and send transactions, and maintain a balance of cryptocurrency. In the recent past, we have witnessed a variety of attacks against smart contracts with cryptocurrency loses up to 50 million US Dollars. These attacks were possible due to errors in the smart contract logic. To tackle such attacks, a large number of mitigation technologies have been proposed. In this talk, we provide an overview of static and dynamic analysis techniques to tackle smart contract errors.


10:15 – 10:45

Speaker: Mathias Payer

Title: Fuzzing Low-level Code


In an eternal war in memory, state corruption plagues systems since the dawn of computing. Despite the rise of strong mitigations such as stack cookies, ASLR, DEP, or most recently Control-Flow Integrity, exploits are still prevalent as none of these defenses offers complete protection. This situation calls for program testing techniques that discover reachable vulnerabilities before the attacker. Finding and fixing bugs is the only way to protect against all exploitation. 

We develop fuzzing techniques that follow an adversarial approach, focusing on the exposed attack surface and exploring potentially reachable vulnerabilities. In this talk we will discuss two aspects of fuzzing hard to reach code: (i) learning what code is exposed to attacker-controlled input and (ii) testing drivers that interact with exposed peripherals.

First, we assess the threat surface by characterizing the potential computational power that a vulnerability gives. In a multi-step process we follow the flow of information an synthesize potential attacker payloads to learn how exposed certain code sequences are. Second, by

providing a custom-tailored emulation environment we create mock Trojan devices that allow fuzzing the peripheral/driver interface. In these projects we develop new techniques to test different kinds of hard to reach code and exposed large amounts of vulnerabilities.


10:45 – 11:15

Speaker: Stijn Volckaert

Title: Making Multi-Variant Execution Practical in the Real World


Multi-Variant Execution Environments (MVEEs) have shown great promise as a mechanism to defend against exploitation of software vulnerabilities. Their core idea is to run multiple versions (or diversified variants) of the same program in tandem on top of a small and efficient hypervisor that distributes program inputs, compares outputs, and terminates the variants when their outputs diverge. With properly constructed variants, one can guarantee that any exploitation attempt will trigger a divergence and, hence, termination before the exploit succeeds.

Unfortunately, MVEEs have seen virtually no adoption outside of military settings. In this talk, I will give an overview of the biggest hurdles that stand in the way of greater adoption. I will also discuss some preliminary research towards overcoming these hurdles and suggest future research directions.


11:15 – 11:45



11:45 – 12:15

Speaker: Stefan Brunthaler

Title: MAD: Memory Allocation Diversity


We present MAD, short for memory allocation diversity, a method to diversify memory management routines, which hitherto were highly predictable and deterministic. The need for such diversification arises from memory massaging techniques used, for example, in known RowHammer attacks.  By coercing or enumerating physical page frames, adversaries create vulnerable configurations required for row hammering.

MAD builds on the principles underlying software diversity and, therefore, offers similar benefits: simplicity, efficiency, portability, and versatility. Simplicity is evidenced by an implementation that

requires less than a thousand lines of code. Efficiency is indicated by a low performance impact on a variety of benchmarks, including SPEC CPU 2017, where we report an impact by a factor of 1.006x. Portability is supported by MAD’s independence of any specific hardware feature, architecture, or knowledge. Put differently, MAD is a software-only defense that is completely hardware-agnostic. Versatility is provided by the fact that MAD requires no OS internals and, therefore, can be used to diversify memory allocation in all kinds of system software, such as browsers and databases. 

In addition, MAD offers comprehensive security. Specifically, MAD follows a two-pronged strategy to mitigate memory massaging techniques. First, MAD thwarts enumeration of physical pages by using two novel diversification techniques. Second, MAD uses a randomized monitoring and detection technique to prevent brute-force exhaustive memory massaging techniques.


12:15 – 12:45

Speaker: Michael Franz

Title: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary


The OS kernel is an attractive target for remote attackers. If compromised, the kernel gives adversaries full system access, including the ability to install rootkits, extract sensitive information, and perform other malicious actions, all while evading detection. Most of the kernel’s attack surface is situated along the system call boundary. Ongoing kernel protection efforts have focused primarily on securing this boundary; several capable analysis and fuzzing frameworks have been developed for this purpose.

However, there are additional paths to kernel compromise that do not involve system calls, as demonstrated by several recent exploits. For example, by compromising the firmware of a peripheral device such as a Wi-Fi chipset and subsequently sending malicious inputs from the Wi-Fi chipset to the Wi-Fi driver, adversaries have been able to gain control over the kernel without invoking a single system call. Unfortunately, there are currently no practical probing and fuzzing frameworks that can help developers find and fix such vulnerabilities occurring along the hardware-OS boundary.

We present PeriScope, a Linux kernel based probing framework that enables fine-grained analysis of device-driver interactions. PeriScope hooks into the kernel’s page fault handling mechanism to either passively monitor and log traffic between device drivers and their corresponding hardware, or mutate the data stream on-the-fly using a fuzzing component, PeriFuzz, thus mimicking an active adversarial attack. PeriFuzz accurately models the capabilities of an attacker on peripheral devices, to expose different classes of bugs including, but not limited to, memory corruption bugs and double-fetch bugs. To demonstrate the risk that peripheral devices pose, as well as the value of our framework, we have evaluated PeriFuzz on the Wi-Fi drivers of two popular chipset vendors, where we discovered 15 unique vulnerabilities, 9 of which were previously unknown.


12:45 – 13:15

Speaker: Robert Buhren

Title: Insecure Until Proven Updated: Analyzing AMD SEV’s Remote Attestation


Customers of cloud services have to trust the cloud providers, as they control the building blocks that form the cloud. This includes the hypervisor enabling the sharing of a single hardware platform among multiple tenants. AMD Secure Encrypted Virtualization (SEV) claims a new level of protection in cloud scenarios. AMD SEV encrypts the main memory of virtual machines with VM-specific keys, thereby denying the higher-privileged hypervisor access to a guest’s memory. To enable the cloud customer to verify the correct deployment of his virtual machine, SEV additionally introduces a remote attestation protocol.This paper analyzes the firmware components that implement the SEV remote attestation protocol on the current AMD Epyc Naples CPU series. We demonstrate that it is possible to extract critical CPU-specific keys that are fundamental for the security of the remote attestation protocol.Building on the extracted keys, we propose attacks that allow a malicious cloud provider a complete circumvention of the SEV protection mechanisms. Although the underlying firmware issues were already fixed by AMD, we show that the current series of AMD Epyc CPUs, i.e., the Naples series, does not prevent the installation of previous firmware versions. We show that the severity of our proposed attacks is very high as no purely software-based mitigations are possible. This effectively renders the SEV technology on current AMD Epyc CPUs useless when confronted with an untrusted cloud provider. To overcome these issues, we also propose robust changes to the SEV design that allow future generations of the SEV technology to mitigate the proposed attacks.