Category Archives: Events

2018-04-03 - 2018-04-06
Campus E9 1

CISPA Spring School 2018: System Security

Save the date:
April 3, 2018 – April 6, 2018

Our Spring School on System Security comprises 4 research areas:
– Attacking Android Apps
– Grammar-based Testing & Fuzzing
– Finding Web Security Flaws
– Crafting Software Exploits

For further information and enquiries, please contact spring-school(aeht)

September 13, 2017 2:30 pm
Emiliano De Cristofaro University College London (UCL)
E9 1 Lecture Hall

The Genomics Revolution: The Good, The Bad, and The Ugly


Advances in DNA sequencing and genomic research have paved the way to a
variety of revolutionary applications and made genetic testing
increasingly available to the masses. The increasing understanding of
the human genome’s relation to diseases, disorders, and response to
treatments brings promise of improvements in preventive and personalized
healthcare. This very same progress, however, also prompts worrisome
privacy concerns, as the genome is a treasure trove of highly personal
and sensitive information. Besides carrying information about ethnic
heritage, genetic conditions, and predisposition to diseases, access to
an individual’s genome also entails access to that of their present and
future relatives. The leakage of such information can open the door to a
variety of abuses and threats not yet fully understood. In this talk, we
overview biomedical advances in genomics and discuss associated privacy,
ethical, and security challenges. We also begin to address
privacy-preserving genomic tests by discussing a set of techniques for
secure genome analysis and sharing. We explore a few alternatives to
securely store genomic data and allow authorized parties to run tests in
such a way that only the required minimum amount of information is
disclosed, discussing the state of the art as well as open problems.

Speaker’s Bio

GEmiliano De Cristofaro is an Associate Professor at University College
London (UCL).  Prior to joining UCL in 2013, he was a research scientist
at Xerox PARC. In 2011, he received a PhD in Networked Systems from the
University of California, Irvine, advised (mostly while running on the
beach), by Gene Tsudik. His research interests include privacy
technologies, applied cryptography, and systems security. He will serve as
program co-chair of the security and privacy track at WWW 2018, and
has served as program co-chair of the Privacy Enhancing Technologies Symposium
(PETS) in 2013 and 2014, and of the Workshop on Genome Privacy and
Security (GenoPri 2015). His homepage is available at

September 13, 2017 3:30 pm
Gianluca Stringhini University College London
E9 1 Lecture Hall

Hackers, Swindlers, and Trolls: Understanding and Measuring Abuse on Online Services


Online services are abused by a multitude of malicious parties, from cybercriminals using them to monetize botnets and malware, to scammers looking to defraud innocent users, to trolls spreading hate speech and bullying. Despite the threats that they pose to the safety of Internet users, we still lack a satisfactory knowledge of how different types of malicious users operate. In this talk I will provide an overview of our recent work in the area. I will first illustrate the findings that we made when deploying honeypot accounts on Gmail and deliberately giving access to them to cybercriminals. I will then talk about the problem of scams happening on online dating sites, focusing on why blocking malicious activity on these platforms is a particularly challenging task. Finally, I will talk about our measurement study of 4chan, the “dark underbelly of the Internet,” in which we characterized “raid” behavior, a phenomenon that sees online trolls gather and deliberately attacking an entity on a third party service, such as a Youtube video or a Twitter account.

Speaker’s Bio

Gianluca Stringhini is an Assistant Professor in the Department of Computer Science and Security and Crime Science at University College London. He obtained his PhD from UCSB in 2014, where he worked under the supervision of Christopher Kruegel and Giovanni Vigna. Gianluca works in the area of data-driven security, analyzing large datasets to better understand complex cybercriminal operations and developing mitigation techniques to fight them. He was awarded a Google Faculty Research Award in 2015, a Symantec Research Labs Fellowship in 2012, and multiple Best Paper Awards. He published in top security conferences such as CCS, NDSS, and USENIX Security, as well as top measurement and web conferences such as IMC, WWW, and ICWSM.

July 25, 2017 11:00
Nils Ole Tippenhauer Singapore University of Technology and Design (SUTD)
E9 1 Lecture Hall

Physical-Layer Security Aspects of ICS and IoT


Physical processes that are sensed and actuated play an important role in the general Internet of Things (IoT), and in particular in Industrial Control Systems (ICS). From a security perspective, the physical layer allows for novel interactions of the (local) attacker with the system, and manipulating the physical process itself could be the target of the attacker. In addition, physical processes could also be leveraged for attack detection, and laws of physics constrain even strong attackers. As result, research in that area needs to be interdisciplinary and connect traditional engineering domains such as wireless communications, systems engineering, and information security. In this talk, a number of physical-layer security aspects relating to wireless communications, IoT, and ICS are discussed. In particular, focus will be on attacks and detection mechanisms for ICS, and time-of-arrival-based localization used in GPS and distance bounding.

Speaker’s Bio

He is an Assistant Professor at the Information Systems Technology and Design Pillar, at the Singapore University of Technology and Design (SUTD). He earned his Dr. Sc. in Computer Science from ETH Zurich (Switzerland) in 2012. At ETH, he was part of the System Security group led by Prof. Srdjan Capkun. Before coming to ETH, he received a degree in Computer Engineering (Dipl. Ing.) from the Hamburg University of Technology (Germany) in 2007. His Masters’ thesis on side-channel attack-resistant embedded crypto was supervised by Prof. Dieter Gollmann (TUHH), and Dr. Heike Neumann (NXP). The thesis won the K-H Ditze award for TUHH’s best Masters’ thesis in 2007. He was also awarded a DAAD scholarship to study for one year at the University of Waterloo, Ontario, Canada between 2004-2005.

July 17, 2017 16:15
Dr. Veselin Raychev ETH Zurich
E9 1 0.01

Machine Learning for Programming


In this talk I will discuss a new generation of software tools based on probabilistic models learned from large codebases of code a.k.a “Big Code”. By leveraging the massive effort already spent by thousands of programmers, these tools make useful predictions about new, unseen programs, thus helping to solve important and difficult software tasks. As an example, I will illustrate our systems for statistical code completion, deobfuscation and defect prediction. Two of these systems ( and are freely available and already have thousands of users. In the talk, I will present some of the core machine learning and program analysis techniques behind these learning tools.

Speaker’s Bio

Veselin Raychev obtained his PhD from ETH Zürich in 2016 on the topic of “Learning from Large Codebases”. Before this, he worked as a software engineer at Google on the public transportation routing algorithm of Google Maps as well as several other projects. Currently he is a co-founder and CTO of DeepCode GmbH – a company developing “Big Code” programming tools.