Navigation auf uzh.ch

Suche

Department of Informatics Security and Privacy of Information, Networks, and Systems

Publications

2025

[S&P’25] PEARTS: Provable Execution in Real-Time Embedded Systems

  • Authors: Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
  • In: IEEE Symposium on Security and Privacy (Oakland) 2025
  • Download: paper 

[S&P’25] SoK: Integrity, Attestation, and Auditing of Program Execution

  • Authors: Mahmoud Ammar, Adam Caulfield, and Ivan De Oliveira Nunes
  • In: IEEE Symposium on Security and Privacy (Oakland) 2025
  • Download: paper

[TIFS’25] SLAPP: Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution

  • Authors: Norrathep Rattanavipanon and Ivan De Oliveira Nunes
  • In: IEEE Transactions on Information Forensics and Security (TIFS) 2025 (to appear)
  • Download: available soon

[DAC’25] RAP-Track: Efficient Control Flow Attestation via Parallel Tracking in Commodity MCUs

  • Authors: Antonio Joia Neto, Adam Caulfield, and Ivan De Oliveira Nunes
  • In: IEEE/ACM Design Automation Conference (DAC) 2025 (to appear)
  • Download: available soon

 

2024

[ACSAC’24] TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems

  • Authors: Adam Caulfield, Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
  • In: 40th Annual Computer Security Applications Conference
  • Download: paper

[ACSAC’24] SpecCFA: Enhancing Control Flow Attestation and Auditing via Application-Aware Sub-Path Speculation

  • Authors: Adam Caulfield, Liam Tyler, and Ivan De Oliveira Nunes
  • In: 40th Annual Computer Security Applications Conference
  • Download: paper

[ACM EMSoft’24 and IEEE TCAD] Untrusted Code Compartmentalization for Bare Metal Embedded Devices

  • Authors: Liam Tyler and Ivan De Oliveira Nunes
  • In: ACM SIGBED International Conference on Embedded Software (EMSOFT) and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD)
  • Download: paper

[IEEE ComMag’24] Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices

  • Authors: Ivan De Oliveira Nunes, Norrathep Rattanavipanon, Sashidhar Jakkamsetti, and Gene Tsudik
  • In: IEEE Communications Magazine 2024
  • Download: paper

 

2023

[USENIX SEC’23] ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation

  • Authors: Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
  • In: USENIX Security Symposium 2023
  • Download: paper

[RTAS’23] ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations

  • Authors: Antonio Joia Neto and Ivan De Oliveira Nunes
  • In: IEEE Real-Time and Embedded Technology and Applications Symposium 2023
  • Download: paper

[ICCAD’23] DiCA: A Hardware-Software Co-Design for Differential Check-Pointing in Intermittently Powered Devices

  • Authors: Antonio Joia Neto, Adam Caulfield, Christabelle Alvares and Ivan De Oliveira Nunes
  • In: IEEE/ACM International Conference on Computer-Aided Design
  • Download: paper

[ICCAD’23] PARseL: Towards a Verified Root-of-Trust over seL4

  • Authors: Ivan De Oliveira Nunes, Seoyeon Hwang, Sashidhar Jakkamsetti, Norrathep Rattanavipanon and Gene Tsudik
  • In: IEEE/ACM International Conference on Computer-Aided Design
  • Download: paper

[ESORICS’23] Oblivious Extractors and Improved Security in Biometric-based Authentication Systems

  • Authors: Ivan De Oliveira Nunes, Peter Rindal and Maliheh Shirvanian
  • In: 28th European Symposium on Research in Computer Security
  • Download: paper

 

2022

[ICCAD’22] CASU: Compromise Avoidance via Secure Updates for Low-end Embedded Systems

  • Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Youngil Kim, and Gene Tsudik
  • In: IEEE/ACM International Conference on Computer-Aided Design 2022
  • Download: paper

[S&P’22] Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA

  • Authors: Ivan De Oliveira Nunes, Seoyeon Hwang, Sashidhar Jakkamsetti, and Gene Tsudik
  • In: IEEE Symposium on Security and Privacy 2022
  • Download: paper

[DAC’22] ASAP: Reconciling Asynchronous Real-Time Operations and Proofs of Execution in Simple Embedded Systems

  • Authors: Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
  • In: DAC 2022
  • Download: paper

[USENIX SEC’22] GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)

  • Authors: Esmerald Aliaj, Ivan De Oliveira Nunes, and Gene Tsudik
  • In: USENIX Security Symposium 2022
  • Download: paper

2021

[CCS’21] On the TOCTOU Problem in Remote Attestation

  • Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, and Gene Tsudik
  • In: ACM CCS 2021
  • Download: paper

[DAC’21] DIALED: Data Integrity Attestation for Low-end Embedded Devices

  • Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik
  • In: DAC 2021
  • Download: paper

[WiSec’21] Delegated Attestation: Scalable Remote Attestation of Commodity CPS by Blending Proofs of Execution with Software Attestation

  • Authors: Mahmoud Ammar, Bruno Crispo, Ivan De Oliveira Nunes, and Gene Tsudik
  • In: ACM WiSec 2021
  • Download: paper

[IPSN’21] On the Root of Trust Identification Problem

  • Authors: Ivan De Oliveira Nunes, Xuhua Ding, and Gene Tsudik
  • In: ACM IPSN 2021
  • Download: paper

[DATE’21] Tiny-CFA: Minimalistic Control-Flow Attestation Using Verified Proofs of Execution

  • Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik
  • In: DATE 2021
  • Download: paper