Research Agenda

Our research focuses on software and systems security. Despite efforts and improvements in bug discovery techniques, some exploitable vulnerabilities will remain. We target techniques that both enable developers to discover and remove bugs and make programs resilient against the exploitation of unknown or unpatched vulnerabilities.

To discover bugs we propose (i) sanitization techniques that enforce a security property such as memory or type safety; given concrete program input, our sanitizers then flag any property violations and (ii) fuzzing techniques that leverage static and dynamic analysis to create program inputs to explore program areas that are not yet covered through existing test cases. To protect against exploitable vulnerabilities, we focus on control-flow integrity using specific language semantics, enforcing type integrity, and protecting selective data. Under this premise, we focus on compiler-based, runtime-based, and language-based protection mechanisms and security policies that increase the resilience of applications against attacks (in the presence of software vulnerabilities). All prototypes are released as open-source.

Key Topics

software security, system security, sanitization, software testing, fuzzing mitigation, fault isolation, compartmentalization.

Frequently Asked Questions

Interested in joining HexHive? Read the advice for prospective students and send Mathias an email.
If you are an EPFL student and looking for a BSc, MSc, or PhD semester project, check out the project page.
Interested in Capture the Flag? Come play with the (EPFL) polygl0ts.

Contact

Address:  EPFL IC IINFCOM HEXHIVE   
B√Ętiment BC 160
Station 14
CH-1015 Lausanne
Office:BC 160 (Mathias)
Lab:BC 159


Directions: You can reach the BC building by metro m1 (stop "EPFL") or bus 701 (stop "Parc scientifique").
There is (very) limited parking next to BC. The HexHive offices are on the first floor of BC in the east.

Meet the members of the HexHive


Mathias Payer
Assistant Professor
         

Daniele Antonioli
Post Doc, EPFL
 

Hui Peng
PhD Candidate, Purdue
         

Priyam Biswas
PhD Candidate, Purdue
         

Yuseok Jeon
PhD Candidate, Purdue
         

Derrick McKee
PhD Student, Purdue
         

Prashast Srivastava
PhD Student, Purdue
         

Bader AlBassam
PhD Student, Purdue
         

Naif Almakhdhub
PhD Candidate, Purdue

Adrian Herrara
PhD Student, ANU
       

Atri Bhattacharyya
PhD Candidate, EPFL
       

Ahmad Hazimeh
PhD Candidate, EPFL
   

Uroš Tešić
PhD Student, EPFL
 

Nicolas Badoux
PhD Student, EPFL
       

Andrés Sanchez
MSc Scholar, EPFL
 

Matteo Rizzo
MSc Project, EPFL
     

Anil Kurmus
Visiting Researcher, IBM
   

Graduated PhD students:

  • Abe Clements (PhD thesis, spring '19, co-advised with Saurabh Bagchi, first job: Sandia National Labs)
  • Kyriakos Ispoglou (PhD thesis, spring '19, first job: Google Inc.)
  • Nathan Burow (PhD thesis, fall'18, HexHive postdoc, first job: MIT LL Research)
  • Terry Hsu (PhD thesis, spring '18, co-advised with Patrick Eugster, first job: Apple Inc.)
  • Scott Carr (PhD thesis, spring '17, first job: Northrop Grumman -- Xetron)
  • Ahmed Hussein (PhD thesis, fall '16, co-advised with Tony Hosking, first job: Huawei)

Past visiting researchers, students, and post docs:

  • Nathan Burow (post doc, fall '18)
  • Alessandro Di Federico (visiting PhD student, fall '16)

A selection of undergraduate and graduate student projects

  • Matteo Rizzo (MSc thesis, fall '19)
  • Nicolas Badoux (MSc thesis, spring '19)
  • Sushant Dinesh (PhD student/MSc thesis, graduated spring '19)
  • Daniele Midi (PhD fall '16, advisor: Elisa Bertino)
  • Ammar Askar (undergraduate term project, spring '16)