Publicaties
A User-centric Approach to API Delegations Enforcing Privacy Policies on OAuth Delegations KU Leuven
OAuth is the most commonly used access delegation protocol. It enables the connection of different APIs to build increasingly sophisticated applications that enhance and amplify our abilities. Increasingly, OAuth is used in applications where a significant amount of personal data is exposed about users. Despite this privacy risk, in most OAuth flows that a user encounters, there is a lack of fine-grained control over the amount of data that is ...
AndrAS: Automated Attack Surface Extraction for Android Applications KU Leuven
The attack surface of an Android application captures the set of ways in which attackers can penetrate and compromise the application. Determining the attack surface serves multiple purposes, including assessing the security of the application, identifying weak points, and prioritizing mitigation efforts. In practice, determining the attack surface of an application is still a manual effort, and can be time-consuming and error-prone. This paper ...
CTAM: a tool for Continuous Threat Analysis and Management KU Leuven
Security and privacy threat modeling approaches are commonly applied to identify and address design-level security and privacy concerns in the early stages of software development. Identifying and mitigating these threats should remain a continuous concern during the development lifecycle, as single-shot analyses become quickly outdated with contemporary agile development practices. Despite expert recommendation, the support for continuously ...
On the adversarial robustness of full integer quantized TinyML models at the edge KU Leuven
The recent surge in deploying machine learning (ML) models at the edge has revolutionized various industries by enabling real-time decision-making on resource-constrained devices, such as TinyML models on microcontrollers. However, this trend brings forth a critical concern - the vulnerability of these models to adversarial examples. ML at the edge offers tremendous potential but demands heightened vigilance in the realm of cybersecurity. Our ...
TC4SE: A High-performance Trusted Channel Mechanism for Secure Enclave-based Trusted Execution Environments KU Leuven
We present TC4SE, a trusted channel mechanism suitable for secure enclave-based trusted execution environments, such as Intel SGX, that leverage on the existing security properties provided by the TEE remote attestation scheme and Transport Layer Security (TLS) protocol. Unlike previous works that integrate attestation into the TLS handshake, TC4SE separates these two processes and binds the trust to the authentication primitives used by the TLS ...
Mitigating undesired interactions between liveness detection components in biometric authentication KU Leuven
Beware the Doppelgänger: Attacks against Adaptive Thresholds in Facial Recognition Systems KU Leuven
Biometric recognition systems typically use a fixed threshold to differentiate between legitimate users and imposters. Yet, this method can be problematic due to differences in individual user performance, whereas some users are more easily recognizable than others. Furthermore, fixed thresholds require extensive tuning on a large test set a priori to determine an optimal threshold value. Adaptive thresholds address these shortcomings by ...