Research AgendaOur research focuses on software and systems security. Despite efforts and improvements in bug discovery techniques, some exploitable vulnerabilities will remain. We target techniques that both enable developers to discover and remove bugs and make programs resilient against the exploitation of unknown or unpatched vulnerabilities.
To discover bugs we propose (i) sanitization techniques that enforce a security property such as memory or type safety; given concrete program input, our sanitizers then flag any property violations and (ii) fuzzing techniques that leverage static and dynamic analysis to create program inputs to explore program areas that are not yet covered through existing test cases. To protect against exploitable vulnerabilities, we focus on control-flow integrity using specific language semantics, enforcing type integrity, and protecting selective data. Under this premise, we focus on compiler-based, runtime-based, and language-based protection mechanisms and security policies that increase the resilience of applications against attacks (in the presence of software vulnerabilities). All prototypes are released as open-source and we release talks on YouTube.
Key Topicssoftware security, system security, sanitization, software testing, fuzzing mitigation, fault isolation, compartmentalization.
Frequently Asked QuestionsInterested in joining HexHive? Read the advice for prospective students and send Mathias an email.
If you are an EPFL student and looking for a BSc, MSc, or PhD semester project, check out the project page.
Interested in Capture the Flag? Come play with the (EPFL) polygl0ts.
Meet the members of the HexHive
- Hui Peng (PhD thesis, spring '21, first job: Baidu Research)
- Priyam Biswas (PhD thesis, fall '20, first job: Intel Research)
- Yuseok Jeon (PhD thesis, summer '20, first job: assistant professor at Ulsan National Institute of Science and Technology)
- Naif Almakhdhub (PhD thesis, spring '20, co-advised with Saurabh Bagchi, first job: assistant professor at King Saud University)
- Abe Clements (PhD thesis, spring '19, co-advised with Saurabh Bagchi, first job: Sandia National Labs)
- Kyriakos Ispoglou (PhD thesis, spring '19, first job: Google Inc.)
- Nathan Burow (PhD thesis, fall'18, HexHive postdoc, first job: MIT LL Research)
- Terry Hsu (PhD thesis, spring '18, co-advised with Patrick Eugster, first job: Apple Inc.)
- Scott Carr (PhD thesis, spring '17, first job: Northrop Grumman -- Xetron)
- Ahmed Hussein (PhD thesis, fall '16, co-advised with Tony Hosking, first job: Huawei)
Past visiting researchers, students, research scientists, and post docs:
- Jelena Jankovic (EDIC project student, spring '20 to spring '21)
- Daniele Antonioli (post doc, spring '20 to summer '21, first job: assistant professor at EURECOM)
- Jean-Michel Crepel (research scientist, '20 to '21)
- Uroš Tešić (research scientist and PhD student, fall '19 to fall '20, first job: NVIDIA)
- Anil Kurmus (visiting researcher, fall '19)
- Alessandro Di Federico (visiting PhD student, fall '16)
A selection of undergraduate and graduate student projects
EPFL IC IINFCOM HEXHIVE
Bâtiment BC 160
|Office:||BC 160 (Mathias)|