Publications
Chosen filters:
Chosen filters:
A User-centric Approach to API Delegations Enforcing Privacy Policies on OAuth Delegations KU Leuven
OAuth is the most commonly used access delegation protocol. It enables the connection of different APIs to build increasingly sophisticated applications that enhance and amplify our abilities. Increasingly, OAuth is used in applications where a significant amount of personal data is exposed about users. Despite this privacy risk, in most OAuth flows that a user encounters, there is a lack of fine-grained control over the amount of data that is ...
AndrAS: Automated Attack Surface Extraction for Android Applications KU Leuven
The attack surface of an Android application captures the set of ways in which attackers can penetrate and compromise the application. Determining the attack surface serves multiple purposes, including assessing the security of the application, identifying weak points, and prioritizing mitigation efforts. In practice, determining the attack surface of an application is still a manual effort, and can be time-consuming and error-prone. This paper ...
CTAM: a tool for Continuous Threat Analysis and Management KU Leuven
Security and privacy threat modeling approaches are commonly applied to identify and address design-level security and privacy concerns in the early stages of software development. Identifying and mitigating these threats should remain a continuous concern during the development lifecycle, as single-shot analyses become quickly outdated with contemporary agile development practices. Despite expert recommendation, the support for continuously ...
On the adversarial robustness of full integer quantized TinyML models at the edge KU Leuven
The recent surge in deploying machine learning (ML) models at the edge has revolutionized various industries by enabling real-time decision-making on resource-constrained devices, such as TinyML models on microcontrollers. However, this trend brings forth a critical concern - the vulnerability of these models to adversarial examples. ML at the edge offers tremendous potential but demands heightened vigilance in the realm of cybersecurity. Our ...
TC4SE: A High-performance Trusted Channel Mechanism for Secure Enclave-based Trusted Execution Environments KU Leuven
We present TC4SE, a trusted channel mechanism suitable for secure enclave-based trusted execution environments, such as Intel SGX, that leverage on the existing security properties provided by the TEE remote attestation scheme and Transport Layer Security (TLS) protocol. Unlike previous works that integrate attestation into the TLS handshake, TC4SE separates these two processes and binds the trust to the authentication primitives used by the TLS ...
Client-centric Replication for the Decentralized Web KU Leuven
Distributed systems are currently evolving from a centralized client-server architecture to decentralized, web-based architectures. Decentralized systems use replication techniques that decentralize control, but have several challenges such as resilience, interactivity, and storage overhead. In this dissertation, we address client-centric replication for the web in three distinct environments characterized by varying trust and consistency ...