Research Agenda

Our research focuses on software and systems security. Despite efforts and improvements in bug discovery techniques, some exploitable vulnerabilities will remain. We target techniques that both enable developers to discover and remove bugs and make programs resilient against the exploitation of unknown or unpatched vulnerabilities.

To discover bugs we propose (i) sanitization techniques that enforce a security property such as memory or type safety; given concrete program input, our sanitizers then flag any property violations and (ii) fuzzing techniques that leverage static and dynamic analysis to create program inputs to explore program areas that are not yet covered through existing test cases. To protect against exploitable vulnerabilities, we focus on control-flow integrity using specific language semantics, enforcing type integrity, and protecting selective data. Under this premise, we focus on compiler-based, runtime-based, and language-based protection mechanisms and security policies that increase the resilience of applications against attacks (in the presence of software vulnerabilities). All prototypes are released as open-source and we release talks on YouTube.

Key Topics

software security, system security, sanitization, software testing, fuzzing mitigation, fault isolation, compartmentalization.

Frequently Asked Questions

Interested in joining HexHive? Read the advice for prospective students and send Mathias an email.
If you are an EPFL student and looking for a BSc, MSc, or PhD semester project, check out the project page.
Interested in Capture the Flag? Come play with the (EPFL) polygl0ts.

Meet the members of the HexHive

Mathias Payer
Associate Professor

Manuel Egele
Visiting Faculty, EPFL

Marcel Busch
Post Doc, EPFL

Flavio Toffalini
Post Doc, EPFL

Derrick McKee
PhD Candidate, Purdue

Prashast Srivastava
PhD Candidate, Purdue

Bader AlBassam
PhD Student, Purdue

Adrian Herrera
PhD Student, ANU

Atri Bhattacharyya
PhD Candidate, EPFL

Ahmad Hazimeh
PhD Candidate, EPFL

Nicolas Badoux
PhD Candidate, EPFL

Zhiyuan Jiang
PhD Student, NUDT

Ergys Dona
PhD Student, EPFL

Lucio Romerio
PhD Student

Luca Di Bartolomeo
PhD student, EPFL

Florian Hofhammer
PhD Student, EPFL

Andrés Sanchez
PhD Student, EPFL

Tao Lyu
PhD student, EPFL

Zhiyao Feng
PhD Student, EPFL

Antony Vennard
Research Scientist, EPFL

Hossein Moghaddas
MSc Scholar, EPFL

Duo Xu
MSc Scholar, EPFL

Graduated students

Past visiting researchers, students, research scientists, and post docs:

  • Jelena Jankovic (EDIC project student, spring '20 to spring '21)
  • Daniele Antonioli (post doc, spring '20 to summer '21, first job: assistant professor at EURECOM)
  • Jean-Michel Crepel (research scientist, '20 to '21)
  • Uroš Tešić (research scientist and PhD student, fall '19 to fall '20, first job: NVIDIA)
  • Anil Kurmus (visiting researcher, fall '19)
  • Alessandro Di Federico (visiting PhD student, fall '16)

A selection of undergraduate and graduate student projects

  • Luca DiBartolomeo (MSc thesis, fall '20)
  • Matteo Rizzo (MSc thesis, fall '19)
  • Sushant Dinesh (PhD student/MSc thesis, graduated spring '19)
  • Ammar Askar (undergraduate term project, spring '16)


B√Ętiment BC 160
Station 14
CH-1015 Lausanne
Office:BC 160 (Mathias)
Lab:BC 159

Directions: You can reach the BC building by metro m1 (stop "EPFL") or bus 701 (stop "Parc scientifique").
There is (very) limited parking next to BC. The HexHive offices are on the first floor of BC in the east.